Let the parsing begin!

George Ou’s friend David Burke parses the crap out of Lynn Fox’s response.

The thrust of his “great analysis” is that Fox is saying that all Maynor told Apple about was the FreeBSD vulnerability, so why did they repeatedly ask for information on something that doesn’t affect Macs?

Frankly, there are so many ways to deflate Burke’s analysis that it’s hardly worth addressing, but the Macalope will just point out an alternate theory by way of an analogy with the names changed to protect the innocent.

Let’s say the Macalope just bought a 2006 Audi. And someone comes along and says “Hey, you should get a security system because those Audis are really easy to break into.”

And the Macalope is all like “What? What the hell are you talking about? The Macalope just got this car. Get out of here you crazy person. Stop being so crazy.”

But the person – let’s call him “Mavid Daynor” – is insistent, saying he read it in Consumer Reports and he could totally break into the car himself. So, the Macalope says, “OK, send the Macalope some of those articles.” But Daynor’s kind of pissy about it and says “Hey, I’m not just going to give you my Consumer Reports articles for free.”

Now the Macalope is kind of like, well, what the heck are you calling for if you’re just going to try to diss the Macalope’s car and not provide him any information? But he doesn’t say that out loud, just with his inside voice. He tries a couple of more times to get Daynor to send him the Consumer Reports articles but Daynor doesn’t reply.

All of a sudden, this other guy – let’s call him Krian Brebs – after talking to Daynor, publishes this post on his blog that says “Breaking into the Macalope’s car in 60 seconds or less.”

Now the Macalope’s really pissed. So he’s going to find out what these clowns think they’re talking about. He orders the back issues of Consumer Reports and it turns out there was a flaw in the 2005 Volkswagen where you could stick a coat hanger down the window and pop the door open really easily.

Just to be sure, the Macalope takes his car to the dealer and says “Hey, is this thing really easy to break into?” As the dealer’s looking it over, the Macalope sends out a press release saying despite the vague warnings of Mavid Daynor, there’s not evidence that the Macalope’s car is easy to break into.

All of a sudden this other guy – let’s call him… oh, hell, let’s just call him George Ou – who the Macalope doesn’t even know, starts going on in public about how the Macalope has defamed Mavid Daynor and demands he respond to certain questions.

The dealer comes back and says the car can’t be opened with a coat hanger through the window, but he added a security system just to fix some other issues.

So the Macalope sends an email to George Ou stating:

The only vulnerability Daynor mentioned was the Volkswagen one. Despite repeated requests for Consumer Reports back issues, he didn’t supply any.

The Macalope’s not saying this is how it went down. It’s just possible.

But in all likelihood, Apple has its own subscription to Consumer Reports.

Oh, wait, that was an analogy.

UPDATE: A more point-by-point take down of Burke’s “great analysis” is here.

Comments
  • matt:

    I sure would like to stick a lit cigarette in the eye of an Audi owner. That’ll burn the smug right out of them.

  • Steve:

    “This is an ’81 Honda! How dare you!!!”

  • Funny you mention Audis….didn’t they get slammed by a false “60 minutes” report years ago, did not respond, and suffered a huge drop in sales ….

  • LKM:

    Geez, this whole thing is just… It’s just insane. For the love of… I mean… It’s just… How in the world can you be so stupid? And by “you,” I mean George Ou, of course. And that weirdo guy with the “legal profession” who tends to intersperse his sentences with the word “George.”

    I mean… WTF? Seriously? WTF?

  • Oh, good, so it’s not just the Macalope who noticed that.

  • Wait. I think I’ve figured it out. In the analogy, the Audi is a metaphor for life. Right? Right? Crap.

    My genuine reaction to Burke’s response was quite literally almost exactly like LKM’s comment. Complete and utter bafflement.

  • I think the other 90% want us to be just as miserable as they are so in order to start down that path they have to make things up. Now they are backpedaling and looking over their shoulder when asked to provide ample evidence. Because Apple is not going to shovel an exploit under the carpet and ignore it.

  • Alex:

    Am I the only one thinking this Brian Burke guy and George Ou are one and the same? Judging by the incessant self-celebrating tone and the repeated “George” interspersing (as noted), and how Ou ends every article which host his “friend” by complimenting him for his brilliancy… I’d say it’s a classic example of dual personality…

  • Ben:

    When I first read Burke’s analysis, I thought “He’s pinning a lot of this on a strict technical interpretation of the word ‘only’ in Lynn’s statement.” If you instead parse Lynn’s statements as ordinary language, rather than as the language of a written legal contract, you get a rather different picture.

    And if I had some random presenter at Black Hat say they could break into my house in 60 seconds or less, I’d sure as hell do my own freakin’ security audit, especially if said presenters weren’t forthcoming in a timely and comprehansive way regarding exactly WTF they say they found. And especially if there were a lot of people lining up behind the presenters saying things like “I’ve seen them break in, and it’s real.” You know, like maybe be cautious and not act like my security and software was perfectly bug-free?

  • Joel:

    Hey! Brian could be “Griffin” and George could be “Sabine.”

  • Mike:

    Am I the only one who thinks that George Ou does not really expect to be ultimately vindicated but keeps publishing this drivel because it draws web traffic (from both sides of the debate)? It’s basically the John Dvorak, or macosrumors.com, business plan.

  • Obvious:

    Despite all this language parsing, there is still no evidence that the original researches found a way to break a stock Mac with builtin wireless.

    You’d think that by now, with all the assertions and denials flying around, that the simplest way to resolve this question is to just demonstrate it.

    Stop talking about it. Just show it.

    I, for one, am really hoping that’s what the SecureWorks people are planning to do at their next presentation: show the break on an unpatched Mac. And if they don’t, I’m really hoping that someone holds their feet to the fire to demonstrate the break. They should also demonstrate whether Apple’s patch fixes the break they said they found, because then they’d be able to say “See, it WAS the bug we found after all.”

    In fact, I firmly believe that George Ou should be the one to hold their feet to the fire and demand that they publiclly demonstrate the break he says he saw demonstrated in private. It’s certainly in his interest to be vindicated, and it would certainly be in the researchers’ interest, because Apple has already come out with the only patch they appear to be issuing,

    More and more, this whole thing is reminding me of Fleischmann and Pons and Cold Fusion.

  • DDA:

    Obvious wrote:

    “I, for one, am really hoping that’s what the SecureWorks people are planning to do at their next presentation: show the break on an unpatched Mac.”

    If you check this entry (http://www.macalope.com/?p=37), you’ll see that (using the normal parsing of the English language) that is precisely what George is going to do. If said attempt fails, I sure hope the Macalope (and others) hold George’s feet (or whatever) to the fire.

    It’s pretty clear to me that SecureWorks told George stuff and then hung him out to dry (hence his “few = 9 days” bit) by not publicly confirming any of the dropped hints in his column. Now everyone’s credibility is on the line at ToorCon; by this time Monday, it should be clear where Occam’s Razor cut. 🙂

  • Stephen:

    Give it up. The term is “fisk,” not “parse.” The etymology may annoy you, but it way beyond the point of no return.

Leave a Comment