Apple responds to George Ou

Apple’s Lynn Fox – victim of a vicious smear campaign* orchestrated by SecureWorks and George Ou – provides some valuable answers to Ou’s questions.

Most notably, Fox says the only information they got from SecureWorks was not related to Apple products.

Hmm, what’s the Macalope full of again, George?

Ou had previously claimed on several occasions that the supposed flaws in OS X were the same as those in FreeBSD because “it’s all the same code.”

Fox smacks that down:

The only vulnerability mentioned by David Maynor was FreeBSD vulnerability CVE-2006-0226. This does not affect Apple products.

The code flaws we addressed with the Wi-Fi security updates we released on September 21 are not based on the same code as the FreeBSD flaw.

Also, this should put to rest Ou’s repeated insinuations that Apple’s failure to respond to his email must mean that SecureWorks was right all along.

This is not the last we’ll hear of this since Maynor and Ellch will be providing “the complete story” (note the Macalope’s use of sarcastic quotes) this weekend and Ou will certainly look for whatever wiggle room there is in Fox’s response, most likely accusing her of “choosing her words carefully” (as if she should do anything else).

But forgive the Macalope if he takes a moment to bask in the schadenfreude.

UPDATE: Ou has already posted this comment:

Please don’t assume anything yet. Like I said, this is getting very interesting. What Apple says now can be refuted with evidence. Just hold off on any judgements for now.

The author of Brian Krebs Watch responds thusly:

And again to my friends at SecureWorks who are reading this: if you’re going to do a demo, just annouce it. Don’t leak it out this way. You are not making any friends. Good PR is about narrative, about telling a story — not about making the most noise.


* The Macalope doesn’t really think Fox is the victim of a smear campaign. He’s just pointing out how silly Ou sounds when he says Maynor and Ellch are Apple’s victims.

  • […] Perhaps in response to a plethora of insane mac bloggers and friends, Johnny Cache, known for both pointing out the “Mac user base aura of smugness on security” and his desire to “stab one of those [Mac] users in the eye with a lit cigarette or something” on the Dailydav list: anyone qualified to sit and discuss the look and feel of changes of probably has no idea what ring0 code execution means. […]

  • George Ou does look a bit silly now huh!

    Although I suppose it’s better than looking silly *and* deceitful which how Maynor and Ellch look.

  • The thing of it is, all Ou, and the other two have to do is say “Oh yes we did send it to them”. How can Apple prove they didn’t? They can’t, not really. Aside from not being able to prove a negative, the volume of data required to come close would border on Ludicrous Size.

    MOuE can claim *anything* and place any denials by Apple in the “vast consipiracy” that they’ve already alluded to. Pretty handy when you think about it.

  • dino:

    ^However, that’s refutable as well. Why would Apple, a pretty damn big company, lie about a simple security problem? They would be taking way too big of a risk on their PR front instead of just coming out and saying they had an issue (or not saying anything at all, and just releasing an update without giving much of an explanation). I guess we’ll have to wait until Maynor and Ellch give their ‘explanation’…

  • The guys were playing sneaky to begin with. Instead of using a PC, they used a mac just to get a visceral reaction. I thought it was clear that they used 3rd party drivers, but apparently that message didn’t sink in to most people reading/hearing the news, so maybe not. At any rate, they wanted a reaction and they got it. Boo hoo. They need to just do stuff open and honestly and stuff like this won’t happen.

  • V-Train:

    The hypocrisy that is Ou never ends. While he says not to assume anything, from the beginning he has assumed Apple is lying and hiding the “truth.”

    He certainly didn’t hold off on making judgments.

  • Well of COURSE not. Before this started, who had heard of Georgie POurgie?



    Now, he’s all “Intarweb Famous”.

    This has been a bonanza for him. You know he’ll be sorry to see it end.

  • Gary Patterson:

    I don’t think it’s a bonanza for Ou. He’s now completely dependant upon other people for his journalistic integrity. If Maynor and Ellch don’t deliver, he’s proved to be a joke in the industry, the willing dupe of others. If they do, he’s vindicated and everything’s okay.

    That’s the position of a biased commentator. Someone presenting facts has no stake either way. Ou took a side, and now his reputation is on the line but nothing he can do or say can influence the outcome.

    He’s no journalist, that’s for sure.


    Up until recently, I have always liked Geoge Ou’s security posts which can be found in various places. This Apple /SecureWorks thing is becoming more of a soap opera than necessary. Is he dating one of those guys or what? why is he inserting himself into this drama? It certainly isn’t to improve his respectibility or reputation. I fear that may be forever gone.

    Here’s all that matters as far as I am concerned:

    some WiFi drivers from Apple and/or other third party vendors had some flaws which could have been exploited and those have been fixed.

    excellent. can we all get back to our lives now? I’ll update my drivers and George and the SecureWorks guys can go on a long romantic gataway and talk about how much smarter than Apple they really are and massage the chip on each other’s shoulders.

Leave a Comment