Home page logo
/

dailydave logo Dailydave mailing list archives

Re: This guy cracks me up. (MindsX)
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Tue, 5 Sep 2006 00:31:10 -0500

John,

Your arrogance and complete naivete in all things security has finally 
gotten to me. Replies are inline:

On Monday 04 September 2006 17:41, John Gruber wrote:
If so, do you have an exploit against the built-in AirPort card
and driver that even vaguely resembles the video demonstration you
showed at the Black Hat conference?

If he had one, he can't share it, since it is owned by Secureworks, not by 
Johnny. I saw their Black Hat presentation, I know both of them 
personally, and I would stake my reputation that neither one of them is 
blowing smoke when they say they have a working exploit. More than 
likely, you will never see this exploit, but the bug details will be 
posted by Secureworks once the patch is released by Apple. Secureworks 
sells IDS services, sharing exploit code goes against their own 
disclosure policy (just like sharing bug details before a patch does).

Are you therefore saying that Lynn Fox's statement that you'd
shown them "no evidence" was an outright lie?

Who cares? The only entities with real information about the Apple driver 
bug are Johnny, David, Secureworks, and Apple. This is how it will stay 
until the patch is released. Johnny published the technical details to 
reproduce the bugs he personally found. If this doesn't display some 
level of "evidence", no amount of bloggery and "challenges" will.

    2) Responding to mac bloggers isn't my idea of a good time.
    Nothing I could say would ever convince them.

You could easily convince me by showing me, or someone I trust, a
stock MacBook getting hijacked or otherwise attacked.

Lets try a different scenario.

You could easily convince me that you aren't a moron by flying to Austin 
(TX) and taking a standard IQ test in front of me. If you don't show up 
by next week, I will have proved that you indeed are a moron, and will 
post to my blog to make it seem credible. If you do show up and score 100 
or higher, I will pay for your airfare, otherwise you walk home. 

Sound fair?

This isn't even a personal attack against them; it's that they
lack the technical skills required to understand this problem.

Letting aside for now the idea that I couldn't possibly understand
the details of "this problem", I fail to see why that would
prevent you from answering a few basic questions about your
findings. 

The details certainly matter, but what matters more are 
the basic implications.

The implications are obvious if you understand the details. If you don't 
understand what remote code execution at ring-0 means, its not Johnny's 
job to educate you (nor mine). It also not Johnny's job to feed you with 
quotes to post on your blog.

My frustration is that neither you nor Maynor have answered the
simple yes/no question of whether you've found an exploit against
the stock MacBook AirPort card and driver.

Welcome to the world of vulnerability disclosure, disclosure policies, and 
corporate politics. Johnny posted enough details to back his claim about 
the Centrino driver issues (a flaw that probably affects more systems 
than Apple has actually shipped). The Apple driver bugs will have to wait 
for public patch release. If you don't like it, tell Apple to fix their 
code faster.

So this attack crashes the machine?

Code execution at ring-0, do you understand it?

Even if you've been threatened, legally, by Apple, and thus feel
you can't or shouldn't reveal any technical details regarding what
you have found, why not at least state specifically the nature of
the legal threat(s) against you?

Gee, if a large company made legal threats against you, and one of the 
terms of out-of-court settlement was to not comment on it publicly, what 
would you do? Rise to the challenge of some self-righteous blogger and be 
sued into oblivion? I don't know whether this is the case, but use some 
common sense please.

-HD
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault