Mac Security: This Week In FUD &A#JD1Tg!d8!' 3229

Mac Security: This Week In FUD

I have been staying on the side lines regarding this issue, but I think it is time to put this FUD to rest:

**** The Apple MacBook remains UN-HACKED ****

MacFixIt have a nice summary of what has been going on:

But for those without MacFixIt accounts, here is my own quick summary:

Black Hat refers to cracking, or criminal hacking. Read about it at:

Recently there was a 'Black Hat' conference. Technically it was a 'Grey Hat' conference because the many participants openly revealed their cracks. One of those cracks was of a MacBook, meaning that someone was able to break into through the MacBook's security. Exactly how this was done has been in contention. But all the facts are now in and it turns out that this is what occurred:

1) Non-Apple Wi-Fi drivers were physically installed onto the MacBook using conventional means, meaning that the person had an account on the machine. Obviously this has NOTHING to do with Mac security. This is a deliberate act by an approved user of the machine.

2) A non-Apple, USB-based Wi-Fi card was connected to the MacBook. Please note that Apple's built in AirPort hardware and software were not at all used.

3) A Dell laptop used a wireless connection to the MacBook to break in.

Obviously this points out one of the reasons we buy Macintosh: All the hardware and software are designed to work together as perfectly and flawlessly as possible. This simply does not happen in the Windows PC world where chaos reigns. As far as I am concerned, what was proven was that if you infect a MacBook with PC quality technology then it too is just as insecure as any PC.

There was bullsh*t that this same crack can be done using Apple AirPort. The perpetrators were given time to provide proof, but none was forthcoming. Obviously they had lied. What is pathetic is that they said Apple pressured them not to demonstrate the crack with AirPort. One person even said he had witnessed the crack using AirPort performed by another person.

There is FUD, then there is *LYING SCUM FUD*. As far as I am concerned, that is what we have here.

Low and behold the LYING SCUM have admitted their crime:

Here is what the weasels posted on their website:

And do any Apple users care? Of course not! We have AirPort, stupid!

For thrills, here is where you can find a video of the bogus crack job:

And here is what Apple had to say about this stupidity. Below is a quote from Apple spokesperson Lynn Fox speaking to InformationWeek:

"Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is. To the contrary, the SecureWorks demonstration used a third party USB 802.11 device not the 802.11 hardware in the Mac a device which uses a different chip and different software drivers than those on the Mac. To date, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship."

Conclusion: As ever, it is good to be security conscious and have your arsenal of tools at the ready. No computer is perfect, and that includes the Mac. But you can still tell everyone that Macs still have NO malware in the wild. And you can tell them that you can't crack into a MacBook. This isn't bragging. It is fact. It's part of the pleasure of 'forward migration' away from the Windows PC to the progressive platform.

-- Fortune Magazine, 11-29-05: What's your computer setup today? Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease of use, and I want my computer to be a tool, not a challenge. Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded the movement to modernize computer software engineering in 1975