The Macalope

Daring Fireball deconstructs Kieran McCarthy’s short piece on the wireless controversy, which sets a new standard for how wrong per inch someone can be.

George Ou’s friend David Burke parses the crap out of Lynn Fox’s response.

The thrust of his “great analysis” is that Fox is saying that all Maynor told Apple about was the FreeBSD vulnerability, so why did they repeatedly ask for information on something that doesn’t affect Macs?

Frankly, there are so many ways to deflate Burke’s analysis that it’s hardly worth addressing, but the Macalope will just point out an alternate theory by way of an analogy with the names changed to protect the innocent.

Let’s say the Macalope just bought a 2006 Audi. And someone comes along and says “Hey, you should get a security system because those Audis are really easy to break into.”

And the Macalope is all like “What? What the hell are you talking about? The Macalope just got this car. Get out of here you crazy person. Stop being so crazy.”

But the person – let’s call him “Mavid Daynor” – is insistent, saying he read it in Consumer Reports and he could totally break into the car himself. So, the Macalope says, “OK, send the Macalope some of those articles.” But Daynor’s kind of pissy about it and says “Hey, I’m not just going to give you my Consumer Reports articles for free.”

Now the Macalope is kind of like, well, what the heck are you calling for if you’re just going to try to diss the Macalope’s car and not provide him any information? But he doesn’t say that out loud, just with his inside voice. He tries a couple of more times to get Daynor to send him the Consumer Reports articles but Daynor doesn’t reply.

All of a sudden, this other guy – let’s call him Krian Brebs – after talking to Daynor, publishes this post on his blog that says “Breaking into the Macalope’s car in 60 seconds or less.”

Now the Macalope’s really pissed. So he’s going to find out what these clowns think they’re talking about. He orders the back issues of Consumer Reports and it turns out there was a flaw in the 2005 Volkswagen where you could stick a coat hanger down the window and pop the door open really easily.

Just to be sure, the Macalope takes his car to the dealer and says “Hey, is this thing really easy to break into?” As the dealer’s looking it over, the Macalope sends out a press release saying despite the vague warnings of Mavid Daynor, there’s not evidence that the Macalope’s car is easy to break into.

All of a sudden this other guy – let’s call him… oh, hell, let’s just call him George Ou – who the Macalope doesn’t even know, starts going on in public about how the Macalope has defamed Mavid Daynor and demands he respond to certain questions.

The dealer comes back and says the car can’t be opened with a coat hanger through the window, but he added a security system just to fix some other issues.

So the Macalope sends an email to George Ou stating:

The only vulnerability Daynor mentioned was the Volkswagen one. Despite repeated requests for Consumer Reports back issues, he didn’t supply any.

The Macalope’s not saying this is how it went down. It’s just possible.

But in all likelihood, Apple has its own subscription to Consumer Reports.

Oh, wait, that was an analogy.

UPDATE: A more point-by-point take down of Burke’s “great analysis” is here.

Glenn Fleishman (who the Macalope has the utmost respect for):

[George Ou will] be at Toorcon and offer coverage of that event.

George Ou:

[Exploiting a MacBook Pro right out of the shipping carton is] precisely what I intend to do.

[UPDATE: Upon slow-motion review, it appears George was saying that recording the exploit of an out-of-the-box MacBook Pro was what he intended to do.]

Sounds like Ou will be actively participating in SecureWorks’ demonstration, not covering it.

Apple’s Lynn Fox – victim of a vicious smear campaign* orchestrated by SecureWorks and George Ou – provides some valuable answers to Ou’s questions.

Most notably, Fox says the only information they got from SecureWorks was not related to Apple products.

Hmm, what’s the Macalope full of again, George?

Ou had previously claimed on several occasions that the supposed flaws in OS X were the same as those in FreeBSD because “it’s all the same code.”

Fox smacks that down:

The only vulnerability mentioned by David Maynor was FreeBSD vulnerability CVE-2006-0226. This does not affect Apple products.

…

The code flaws we addressed with the Wi-Fi security updates we released on September 21 are not based on the same code as the FreeBSD flaw.

Also, this should put to rest Ou’s repeated insinuations that Apple’s failure to respond to his email must mean that SecureWorks was right all along.

This is not the last we’ll hear of this since Maynor and Ellch will be providing “the complete story” (note the Macalope’s use of sarcastic quotes) this weekend and Ou will certainly look for whatever wiggle room there is in Fox’s response, most likely accusing her of “choosing her words carefully” (as if she should do anything else).

But forgive the Macalope if he takes a moment to bask in the schadenfreude.

UPDATE: Ou has already posted this comment:

Please don’t assume anything yet. Like I said, this is getting very interesting. What Apple says now can be refuted with evidence. Just hold off on any judgements for now.

The author of Brian Krebs Watch responds thusly:

And again to my friends at SecureWorks who are reading this: if you’re going to do a demo, just annouce it. Don’t leak it out this way. You are not making any friends. Good PR is about narrative, about telling a story — not about making the most noise.

Indeed.

* The Macalope doesn’t really think Fox is the victim of a smear campaign. He’s just pointing out how silly Ou sounds when he says Maynor and Ellch are Apple’s victims.