Comments on: Huh-huh! I said “phuc”! http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/ Apple news and analysis from everyone's favorite mythical Mac user Wed, 07 Jan 2009 05:24:43 +0000 http://wordpress.org/?v=2.7 hourly 1 By: fudo http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1265 fudo Tue, 14 Nov 2006 02:17:09 +0000 http://www.macalope.com/?p=95#comment-1265 Unfortunately for Geoffrey, the "threat of legal action by Apple" is, just like the original "exploit", so much vapor. No convincing evidence that it exists anywhere outside of Maynor and Ellch's imaginations. And no, the fact that now, months later, Ellch has come up with a completely unrelated flaw proves, once again, nothing. And as for "See what happens when companies get involved?" conveniently ignores the fact that security researchers who provide evidence of real exploits to Apple are routinely credited by Apple when patches are released. Unfortunately for Geoffrey, the “threat of legal action by Apple” is, just like the original “exploit”, so much vapor. No convincing evidence that it exists anywhere outside of Maynor and Ellch’s imaginations. And no, the fact that now, months later, Ellch has come up with a completely unrelated flaw proves, once again, nothing.

And as for “See what happens when companies get involved?” conveniently ignores the fact that security researchers who provide evidence of real exploits to Apple are routinely credited by Apple when patches are released.

]]> By: geoffrey http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1255 geoffrey Sun, 12 Nov 2006 21:09:01 +0000 http://www.macalope.com/?p=95#comment-1255 Happy? The month of kernel bugs has delivered a broadcom chip flaw from Ellch. http://www.eweek.com/article2/0,1895,2056023,00.asp Besides paying to defend yourself, if your employer has a lucrative contract with Apple or Intel, and they threaten to kill the contract, that is a threatening action as well. Happy? The month of kernel bugs has delivered a broadcom chip flaw from Ellch.

http://www.eweek.com/article2/0,1895,2056023,00.asp

Besides paying to defend yourself, if your employer has a lucrative contract with Apple or Intel, and they threaten to kill the contract, that is a threatening action as well.

]]> By: geoffrey http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1254 geoffrey Sun, 12 Nov 2006 21:01:38 +0000 http://www.macalope.com/?p=95#comment-1254 Ned, even if you win a lawsuit, it costs money to defend yourself. ;) Ned, even if you win a lawsuit, it costs money to defend yourself. ;)

]]> By: Ned Harwick http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1252 Ned Harwick Sun, 12 Nov 2006 18:38:13 +0000 http://www.macalope.com/?p=95#comment-1252 What is with this vogue of citing technopunditbabble to sidestep simple comments? “Grab a copy of the Metasploit 3 framework and look through the wifi payloads,” or, dare I mention, “Code execution at ring-0.” Sigh... I’m too dumb to understand, so I better got buy a nice, safe Dellpaqway PC. Oh, btw, Geophrey: you can’t suffer “legal action” for disclosure unless (a) you signed a NDA, or (2) you are lying. (seriously, there just aren’t any Apple-logo’d Black Helicopters...) What is with this vogue of citing technopunditbabble to sidestep simple comments? “Grab a copy of the Metasploit 3 framework and look through the wifi payloads,” or, dare I mention, “Code execution at ring-0.” Sigh… I’m too dumb to understand, so I better got buy a nice, safe Dellpaqway PC. Oh, btw, Geophrey: you can’t suffer “legal action” for disclosure unless (a) you signed a NDA, or (2) you are lying. (seriously, there just aren’t any Apple-logo’d Black Helicopters…)

]]> By: geoffrey http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1251 geoffrey Sun, 12 Nov 2006 16:22:19 +0000 http://www.macalope.com/?p=95#comment-1251 From what I understand,Maynor and Ellch have been told they will encounter legal action from Apple if they disclose more than they have already. If you do, as a respected voice in the Mac community, wish to verify the problem for yourself, come to the next AHA gathering. I'm sure HD will be happy to run a demo. Some of the specifics of the exploit are still in a sort of legal purgatory, so everyone seems uncomfortable discussing them. See what happens when companies get involved? This is a great argument for Open Source systems. The BSDs and Linux distros would just fix the problem and move on, not threaten researchers in hopes of delaying an embarrassing public disclosure. From what I understand,Maynor and Ellch have been told they will encounter legal action from Apple if they disclose more than they have already. If you do, as a respected voice in the Mac community, wish to verify the problem for yourself, come to the next AHA gathering. I’m sure HD will be happy to run a demo. Some of the specifics of the exploit are still in a sort of legal purgatory, so everyone seems uncomfortable discussing them. See what happens when companies get involved? This is a great argument for Open Source systems. The BSDs and Linux distros would just fix the problem and move on, not threaten researchers in hopes of delaying an embarrassing public disclosure.

]]> By: Macalope http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1250 Macalope Sun, 12 Nov 2006 15:36:59 +0000 http://www.macalope.com/?p=95#comment-1250 If you read the post, the Macalope doesn't have a problem believing the Metasploit exploit. He released it, so those more knowledgeable than the Macalope can verify his claim (exactly what Maynor and Ellch didn't do). But HD said it was unrelated to Maynor's exploit. As for finding closure, it wasn't the Macalope who rekindled this by putting a dirty-sounding word in the file name. If you read the post, the Macalope doesn’t have a problem believing the Metasploit exploit. He released it, so those more knowledgeable than the Macalope can verify his claim (exactly what Maynor and Ellch didn’t do). But HD said it was unrelated to Maynor’s exploit.

As for finding closure, it wasn’t the Macalope who rekindled this by putting a dirty-sounding word in the file name.

]]> By: geoffrey http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1246 geoffrey Sun, 12 Nov 2006 06:16:34 +0000 http://www.macalope.com/?p=95#comment-1246 That's correct. *You* don't know me. So, my word isn't worth much to you. Providing my "bona fides" to you is worthless. Grab a copy of the Metasploit 3 framework and look through the wifi payloads. Or, if you're willing to travel to Austin, grab a flight down here for the 20th. Anyone is welcome to attend the AHA gatherings, and you can speak to HD personally about your problems with him. All the info you need to know about the AHA meeting for this month can be found here: http://wiki.austinhackers.org/2006-11-20-0x0003 Hope you find yourself some closure. That’s correct. *You* don’t know me. So, my word isn’t worth much to you. Providing my “bona fides” to you is worthless. Grab a copy of the Metasploit 3 framework and look through the wifi payloads. Or, if you’re willing to travel to Austin, grab a flight down here for the 20th. Anyone is welcome to attend the AHA gatherings, and you can speak to HD personally about your problems with him. All the info you need to know about the AHA meeting for this month can be found here: http://wiki.austinhackers.org/2006-11-20-0×0003 Hope you find yourself some closure.

]]> By: Macalope http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1245 Macalope Sun, 12 Nov 2006 04:50:43 +0000 http://www.macalope.com/?p=95#comment-1245 Well, that's great for <i>you</i>, but we don't know you. There are so many people these guys could have shown the exploit to - Glenn Fleishman, Jim Thompson, John Gruber, <i>Sam Leffler</i> for chrissake - but who did they show it to? Brian Krebs, HD Moore, you - whoever you are - and George fricking Ou (by appearances anyway). Well, that’s great for you, but we don’t know you.

There are so many people these guys could have shown the exploit to - Glenn Fleishman, Jim Thompson, John Gruber, Sam Leffler for chrissake - but who did they show it to?

Brian Krebs, HD Moore, you - whoever you are - and George fricking Ou (by appearances anyway).

]]> By: geoffrey http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1244 geoffrey Sun, 12 Nov 2006 04:01:04 +0000 http://www.macalope.com/?p=95#comment-1244 Actually, HD's giggly manner about phonetic curses aside, I can confirm that the exploits he discusses (his and Johnny Cache's) are, indeed, real. You don't have to believe him, but HD is an extremely intelligent guy. He gets more done (pun intended) in an hour of coding than most of us do in a week. Trust him, or not, it's up to you. I, on the other hand, have witnessed, firsthand, the Apple wifi exploits. Actually, HD’s giggly manner about phonetic curses aside, I can confirm that the exploits he discusses (his and Johnny Cache’s) are, indeed, real. You don’t have to believe him, but HD is an extremely intelligent guy. He gets more done (pun intended) in an hour of coding than most of us do in a week. Trust him, or not, it’s up to you. I, on the other hand, have witnessed, firsthand, the Apple wifi exploits.

]]> By: Ryan Russell http://www.macalope.com/2006/11/07/huh-huh-i-said-phuc/comment-page-1/#comment-1200 Ryan Russell Fri, 10 Nov 2006 04:01:51 +0000 http://www.macalope.com/?p=95#comment-1200 "Put up or shut up! Put up or shut up! What? Ok, fine then. quit gloating. asshole." “Put up or shut up! Put up or shut up!

What?

Ok, fine then. quit gloating.

asshole.”

]]>