Huh-huh! I said "phuc"!

HD Moore, author of the recent Zero-day exploit of Apple’s 802.11b drivers, is just so totally teh awesome funny!

According to him!

Here’s Moore congratulating himself on having the basic mental capacity of your average sixth-grader in coming up with “daringphucball.rb”.

“Normally I wouldn’t sink to this level but, damn it, it’s funny,” Moore said of his taunt to Daring Fireball.

Uh, yeah, it’s hysterical that Maynor and Ellch still haven’t provided public evidence of their claim and you’ve managed to create a completely different exploit and then forced a curse word into the name of a popular Mac blog.

Well, not really “laugh out loud” funny.

Wait, what’s supposed to be funny about that again?

Oh. That’s right. You said “phuc.”



Despite the fact that Moore is being such a dick about it, you’ll notice there hasn’t been the same level of uproar about his exploit. Mostly because it’s on three-year-old systems, but also because he made a claim and he proved it. Contrast that to the precedent set by his good buddies, David Maynor and Jon “Johnny Cache!” Ellch.

These guys still don’t seem to get this, but it’s their arrogance that has chapped the Mac community’s ass, not the existence of any bugs.

OS X has bugs.

Everyone in the Mac community except Artie MacStrawman knows that. We actually like it when they’re found and patched. We’re kind of kooky that way.

What we don’t like is the big swinging dicks of hacking riding into town wildly waving lit cigarettes at everyone and shooting their mouths off to reporters with claims they then won’t back up because, oh, they forgot, they’re actually supposed to be selling that information but really it’s because Apple would sue them or, no, they’d love to explain it to everyone but they’ve got their period this week so you’ll have to wait a couple to twenty days.

You can read Moore’s pissy missive to John Gruber from several months ago here to see the genesis of this one-sided feud.

Your arrogance and complete naivete in all things security has finally gotten to me.

You could easily convince me that you aren’t a moron by flying to Austin (TX) and taking a standard IQ test in front of me. If you don’t show up by next week, I will have proved that you indeed are a moron, and will post to my blog to make it seem credible. If you do show up and score 100 or higher, I will pay for your airfare, otherwise you walk home.

The implications are obvious if you understand the details. If you don’t understand what remote code execution at ring-0 means, its not Johnny’s job to educate you (nor mine).

Then read the post by Gruber he’s responding to in which Gruber does nothing but ask questions and explain his frustration.

That arrogant bastard! How dare he question his betters?!

Moore makes a point of saying what great guys Maynor and Ellch are and how we should all just trust them that they’re right in this. Evidently, being a security professional is never having to explain yourself. Accusations – OK. Proof – optional. Gotcha.

You lowly users should just take the word of those in the l33t hacking community and if you don’t know what code execution at ring-0 is, well, why do you even have a computer? Gawd! You’re so stoopid!

“I picked up USB Wi-Fi adapters from six different vendors yesterday. It should be a busy week,” Moore said.

Moore’s week will probably go something like this:

  • Monday: Vigorously pat self on the back for inserting an obscenity into a website name.
  • Tuesday: Ice arm strained from vigorous self-congratulation.
  • Wednesday: Call David Maynor and Jon “Johnny Cache!” Ellch and talk about how hysterically funny it was to have put an obscenity into a website name.
  • Thursday: Spend entire day surfing for references to personal awesomeness in having put an obscenity into a website name.
  • Friday: Start to look for bugs in USB Wi-Fi adapters.

That’s a full week right there!

Mac users, if you’ve enjoyed Moore’s condescending attitude and charming schoolboy fascination with curse words, don’t worry! The “Month of Kernel Bugs” is supposed to cover all desktop operating systems, but you can bet that these guys will be paying special attention to OS X. And, of course, they’re going to find some.

Feel free to ignore the lame end-zone dancing when they do.