mailing list archives
Re: This guy cracks me up. (MindsX)
From: H D Moore <hdm-daily-dave () digitaloffense net>
Date: Tue, 5 Sep 2006 00:31:10 -0500
Your arrogance and complete naivete in all things security has finally
gotten to me. Replies are inline:
On Monday 04 September 2006 17:41, John Gruber wrote:
If so, do you have an exploit against the built-in AirPort card
and driver that even vaguely resembles the video demonstration you
showed at the Black Hat conference?
If he had one, he can't share it, since it is owned by Secureworks, not by
Johnny. I saw their Black Hat presentation, I know both of them
personally, and I would stake my reputation that neither one of them is
blowing smoke when they say they have a working exploit. More than
likely, you will never see this exploit, but the bug details will be
posted by Secureworks once the patch is released by Apple. Secureworks
sells IDS services, sharing exploit code goes against their own
disclosure policy (just like sharing bug details before a patch does).
Are you therefore saying that Lynn Fox's statement that you'd
shown them "no evidence" was an outright lie?
Who cares? The only entities with real information about the Apple driver
bug are Johnny, David, Secureworks, and Apple. This is how it will stay
until the patch is released. Johnny published the technical details to
reproduce the bugs he personally found. If this doesn't display some
level of "evidence", no amount of bloggery and "challenges" will.
2) Responding to mac bloggers isn't my idea of a good time.
Nothing I could say would ever convince them.
You could easily convince me by showing me, or someone I trust, a
stock MacBook getting hijacked or otherwise attacked.
Lets try a different scenario.
You could easily convince me that you aren't a moron by flying to Austin
(TX) and taking a standard IQ test in front of me. If you don't show up
by next week, I will have proved that you indeed are a moron, and will
post to my blog to make it seem credible. If you do show up and score 100
or higher, I will pay for your airfare, otherwise you walk home.
This isn't even a personal attack against them; it's that they
lack the technical skills required to understand this problem.
Letting aside for now the idea that I couldn't possibly understand
the details of "this problem", I fail to see why that would
prevent you from answering a few basic questions about your
The details certainly matter, but what matters more are
the basic implications.
The implications are obvious if you understand the details. If you don't
understand what remote code execution at ring-0 means, its not Johnny's
job to educate you (nor mine). It also not Johnny's job to feed you with
quotes to post on your blog.
My frustration is that neither you nor Maynor have answered the
simple yes/no question of whether you've found an exploit against
the stock MacBook AirPort card and driver.
Welcome to the world of vulnerability disclosure, disclosure policies, and
corporate politics. Johnny posted enough details to back his claim about
the Centrino driver issues (a flaw that probably affects more systems
than Apple has actually shipped). The Apple driver bugs will have to wait
for public patch release. If you don't like it, tell Apple to fix their
So this attack crashes the machine?
Code execution at ring-0, do you understand it?
Even if you've been threatened, legally, by Apple, and thus feel
you can't or shouldn't reveal any technical details regarding what
you have found, why not at least state specifically the nature of
the legal threat(s) against you?
Gee, if a large company made legal threats against you, and one of the
terms of out-of-court settlement was to not comment on it publicly, what
would you do? Rise to the challenge of some self-righteous blogger and be
sued into oblivion? I don't know whether this is the case, but use some
common sense please.
Dailydave mailing list
Dailydave () lists immunitysec com