September 29th, 2006

Clampdown at Toorcon imminent for Apple Wi-Fi flaw

Posted by George Ou @ 2:41 pm

Categories: Mobile/Wireless, Networking, News, Security

Tags:

In a possible repeat of what happened at last year's Black Hat convention with Mike Lynn and Cisco , I've just received word from Elizabeth Clarke who is the VP of Corporate Communications at SecureWorks that David Maynor will not be presenting at Toorcon.  Even as late as yesterday when I talked with Maynor on IM, Maynor was going to reveal all on Saturday.  Maynor had indicated in the past that SecureWorks wasn't keen on his presentation and he had told them that he was going anyways.  I tried to contact Clarke and Maynor for immediate comments without success but one would have to assume that SecureWorks has issued explicit instruction to David Maynor not to give the public presentation.

Maynor along with his friend Jon "Jonny Cache" Ellch is giving a technical lecture at Toorcon Seminars today and were planning to unload everything about the Apple Wi-Fi controversy tomorrow.  When I heard this announcement from SecureWorks PR, I was just getting ready to leave for the airport for Toorcon.  I still intend to go because we may see injunctions fly tomorrow.

In place of the presentation tomorrow, SecureWorks released this statement.

SecureWorks statement:
SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues. We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC , that it is appropriate.

The statement seems to be an attempt to cool things down but it's about a month too late as far as I'm concerned.  I had known since last month that CERT had been notified of the full details of this vulnerability by SecureWorks and CERT could play the role of a neutral arbitrator on this whole mess.  However, this thing has become far too heated and it's difficult for Apple to agree to give SecureWorks any credit when they've backed themselves in to a corner with the statements they have made.  Apple's Lynn Fox has raised this to a boiling level by strongly refusing to give any credit to SecureWorks, Maynor or Ellch.  But in her strong denial, Fox essentially implied that David Maynor didn't even know the difference between FreeBSD and OS X and supplied Apple with things like crash dumps and driver disassemblies that had nothing to do with Apple Products.  As David Burke points out, Apple continued to request more information from someone they're implying is an idiot and even started an internal audit on account of what they're calling irrelevant information.