The War Rages On!

I actually say “the war rages on” with more then a touch of sarcasm in my voice. I am of course talking about the claimed Apple wireless exploit. The truth is, while I see it as a fairly interesting mystery; does the exploit exist or not, as I have mentioned in the past I find the real story lies within the reactions of many of the pro-Apple public. And while the reactions of such people hardly qualify as a war, one might think by the reactions of some that war had been declared against them.

I have recently began to consider, in a more detailed way, why is it that so many pro-Apple people have taken such exception to reported claims of such a vulnerability on their beloved computer hardware. Many people immediately point to Maynors statement in his explanation for choosing an Apple laptop for the public ‘third party’ wireless card demonstration. Maynor apparently said that the recent commercials depicting the ‘Apple Guy’ talking down to the ‘Windows Guy’ made him want to put a lit cigarette in either the ‘characters’ eye, or an Apple users eye in general, depending on which version of Maynors statement you believe. That statement, many of the pro-Apple people claim has driven them to be outraged and to go after Maynor and SecureWorks with a vengeance.

Now, I am quite prepared to agree that the SecureWorks side of this whole equation have certainly not produced anything near the kind of evidence I would need to see before I would say I believe that claims of a stock Apple notebook are valid. And that makes perfect sense to me, that anyone who cares about the issue for any reason would point out that Maynors reported claims have never been proven or established as valid in any public forum so they should not be relied on as accurate unless that changes. But, to say that this somehow translates into guaranteeing Maynor is a vicious liar who is simply out to besmirch Apples reputation in a vain attempt to aggrandize his own reputation does not logically follow from the facts or events.

Both Maynor and his sidekick Ellch use Apple computers and one would hardly expect, whatever words were literally used, that they had an interest in putting a lit cigarette into their own eye, so the implication of what Maynor actually meant should be clear. Maynor’s statement was not offered up as some kind of answer to a tough question where possible evasiveness or misleading intentions would come into play; it was just a simple off the cuff comment of the kind often given in casual conversation, not to be taken too literally, but to be taken with a grain of salt. Certainly sane people should never take that kind of comment as a good reason to vilify anyone and refuse to accept that lack of proof doesn’t translate into evidence of a lie. As such it doesn’t rationally explain what has made many pro-Apple users so angry to the suggestion that such an exploit might exist.

When one really dips into this peculiar kind of response from many of the pro-Apple crowd a definite and disturbing pattern emerges. I recently got into a bit of back and forth banter online at Zdnet with a few people responding to one of George Ou’s blogs where I had explained that I had become aware of reports of Apple viruses in the past, I even hunted down the sources of these reports and posted links, and they were quite reliable, being from major newspapers and IT security websites and such. But of course, those who are of that particular “pro-Apple” mindset that says Apple can do no wrong simply chose to refute the claim of an OSX virus deciding instead that a designation of trojan was much better. They then of course took me to task for relying on sources that didn’t agree with them. And I mean seriously chewed me out, really bad.

I finally decided to try something. Because the ‘Apple Heads’ in question were obviously so ready to take this OSX virus issue right to the mat, no holds barred kind of thing. I became very curious as to how long they would endure attacks directed back at them about this virus issue, that were just as ludicrous as their own attacks on me. Now of course, they do not take their attacks to be ludicrous at all, and of course they would take mine to be ludicrous, but I kind of had some learned friends collaborate with me on the composition of my posts to ensure I didn’t venture beyond the same kind of nonsense they were writing. So what ever they think, I am quite comfortable in the knowledge that they were every bit as ridiculous as I was in the exchange. And it appears that no matter how far I pushed it, even well beyond the point where a sane person would have just said “forget it, who cares” they just wouldn’t let it go. I got the felling I could have strung them along for weeks simply by spewing the same kind of contradictory nonsense at them that they were spewing at me. One of these bizarre individuals even said they had a PHD. Perhaps they do, but obviously no self esteem.

Even after I let the ‘cat out of the bag’ so to speak and finally brought the debacle to an end admitting I really didn’t care about the virus/Trojan question and it was all just a little experiment, they kept on going, trying to get that one last dig in. Why? Because someone pointed out that there were some reliable sources around the internet that say OSX has had at least one virus in the wild? Really? Does that make sense, that what we are supposed to believe is an otherwise rational person, with a PHD…is willing to go on endlessly to assert that Apple does not have viruses but does have trojans?? This truly is ridiculous. And tell me; this is so important you feel free to get foolish about it because……?

What is going on with some of these Apple users? I even gave them hints that going on and on about just made them look worse, and I even hinted they could shut me down by admitting that it was all a question of definition; but they wanted none of that, they wanted to be right. How is it that a computer has so captured the mind and soul of some people to the point where they are willing to make fools of themselves over the thing? Just one more question this whole controversy has spawned I guess.

The Never Ending Story


My recent personal opinion on this whole issue hasn’t really altered much if any at all. My personal opinion was, as I posted in regard to Toorcon, which you might have read;

“its time for Maynor and SecureWorks to spill and let it all out. It is their big chance and if they fail to deliver that’s their problem. It would take a massive new twist on the whole controversy to recapture my imagination on this.”

Well there we go eh. I do not know if SecureWorks and Apple, working together in conjunction with CERT, and then SecureWorks suddenly putting the nix on Maynors presentation at Toorcon qualifies as a massive new twist, but it has to be close; but then again this has dragged on so long I do not know if it can really hold my attention much longer anyway.

The thing is in law, you do not get very far if you let your personal opinions get in the way of observing troubling facts and considering possibilities those facts may present. I have to laugh a little at many online posts as they only look at the situation from a narrow focus that precludes any chance that a stock Macbook exploit could be a possibility. The way I approach such a situation is quite different.

Of course anyone who is a decent reader and has even minimal deductive reasoning abilities can see right off; the possibility that the story told by Krebs in his blog for the Washington Post could have any number of problems with it. There are some very simple conclusions one could come up with that would explain why there never was a stock Macbook exploit. Krebs might have misunderstood exactly what Maynor told and or demonstrated to him in regard to the stock Macbook and he just keeps insisting he is right. Krebs might be some kind of journalistic suicide daredevil who simply made it up to draw attention to himself, of course that’s a little hard to believe. Maynor might have misspoke in some way not realizing that he said something that would naturally be taken the wrong way, or Maynor might have been a fraud and purposely deceived Krebs for any number of reasons.

This type of simple and off the cuff observation can be made by anyone with even half a brain. And this is pretty much where the state of analysis began and ended for the some of the pro-Apple crowd who stop at nothing to ignore any other possability then a stock Macbook exploit is a hoax. The problem is; with each of these quick and simple explainations or any similar type of possibility that imples negligence or fraud to explain away a possible Macbook exploit, one would expect certain other events to follow, or subsequent information to come out that would begin a gradual tilt towards pointing out that at least one of the afore mentioned events happened. I actually entered this debate awhile after the original Black Hat event took place and I realized on reading of this whole controversy that if any of the above simple explanations were what had actually occurred, that some subsequent event or events should have also occurred, which they had not, and that is a problem of a type that raises a red flag on a strictly simple analysis of any situation.

For example, if Krebs just plain and simply misunderstood what Maynor had shown and told him, or he was lying about it; he was in the process of making things very embarrassing for Maynor and SecureWorks and it would almost be sheer insanity to allow Krebs to keep insisting he got it right if Maynor and SecureWorks knew he got it wrong. SecureWorks would have surly insisted Maynor set Krebs straight, particularly as Krebs was insisting that he was trying to get more out of Maynor and SecureWorks yet they were not responding to him. Common sense tells you that SecureWorks is not going to let some reporter from the Post mess them over and then get them in deep water with Apple and the IT public if Krebs is misinformed or is lying himself about what Maynor told him. When I got into this whole mess it was quite clear that Maynor and SecureWorks were not saying Krebs had it wrong for any reason. In fact the silence from SecureWorks regarding Krebs publicly reported claims were deafening. This raises a massive red flag on all the afore mentioned simplistic explanations that would exclude the possibility of the stock Mac exploit existing.

Further, once a story like this breaks, depending on the specifics of the interested parties and facts of the case one can expect any number of different possible responses from the interested parties. In this case that includes Apple. Considering, that I am informed that Apple is apparently claiming that there are no reported viruses for OSX, although Sophos begs to differ, Apple would reasonably have some concern that there are unsubstantiated reports of an exploit on their airport card. One would expect some kind of public demand by Apple that they be given the appropriate evidence so they could retain their spotless record. Failing the production of such evidence one would expect them to make it plain which exploits they were asking for evidence about and to make it plain that no evidence for the apparent exploits had been forthcoming.

One of the most unusual aspects of this whole event was Apples rather restrictive public statements about “not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit”. It was peculiar for at least two important reasons. First because their public statement really didn’t identify in any significant way which particular exploit they were claiming ‘no code or exploit demonstrated’ was in relation too. This of course left some of the public to wonder if it was the demonstrated third party hardware exploit shown at Black Hat or the stock vulnerability Krebs claimed Maynor told him about or both. That lack of clarity in such an important public statement also raises red flags if one is hoping to rely on the above simplistic explanations.

Secondly the original press release given as a whole was read by some that there had in fact been no contact about anything Maynor had talked about in regard to Apple computers, and we know for an ABSOLUTE EMPERICAL FACT that this is precisely what a significant part of the public understood the statement to mean. We know this because John Gruber went to great lengths on his blog at DaringFireball interpreting Lynn Fox’s statement to mean exactly that, and we know from endless postings on Zdnet and elsewhere around the net that large numbers of the public agreed that this is what it meant. Yet we now know that whatever it might have meant it did not mean there had been no contact between SecureWorks and Apple. In fact we know there was some contact of significance involving at least some delivery of information by SecureWorks to Apple from subsequent statements from Apple PR reps. This reality also raises more red flags on the simplistic explanations of what might have happened at Black Hat.

For anyone at this juncture, who was more interested in what might actually be going on as opposed to affirming the validity of their own personal interests, such a person would expect any number of things might happen if the simplistic explanations were valid. For one thing George Ou was making strongly worded arguments on Zdnet, along with a few other bloggers and websites, that Apple was not being forthcoming enough and that Maynor was a reliable security expert who was likely telling the truth. Large numbers of people were arguing and posting around the net and the whole issue was creating a significant buzz in the IT world. It is at this point that one can see the possibility of reputations of weaker parties completely ruined if it even turned out they were just mistaken or let an error in reporting go on for too long. It is a critical moment, not to be underestimated by anyone who has never had to live through such an experience, and as such it is very typical for people who find themselves in such a position to begin finding a way to back out of the maelstrom at this point if they are unsure of their position. Yet, with Maynor being the obviously weaker party, one would have to assume he has nerves of steel to let something he knew was a falsehood, or was the result of a significant misunderstanding to simply continue on indefinitely. Further, one has just got to suspect that SecureWorks would be asking Maynor piles of questions long before things got this far, and if they had any hint of subterfuge on Maynors part it would seem ludicrous for them to let any fraudulent situation continue. This also keeps the red flags flying.

The story is almost endless in many respects. I personally found a response particularly interesting from someone who calls themselves mvora, to one of my posts on George Ou’s Zdnet blog in relation to Lynn Fox’s answers about the information SecureWorks gave them;
“But that's not exactly what Fox said
She didn't say they only had contact about the FreeBSD issue. She said that's the only (actual) vulnerability that was mentioned. Without any proof, I dont think she would refer to Secureworks' alleged hack as a vulnerability. So considering what Ou asked, the only actual vulnerability Secureworks disclosed to Apple was the FreeBSD one.”

So, even the proponents of Apple find that tough questions are coming up with some tough realities. Even mvora notes that Apples rep Lynn Fox may parse answers to fair questions in such a way that allows her to avoid stating all the information SecureWorks might have given Apple. I have got to believe that even mvora didn’t realize he/she had just shown once again how Apple might have told the truth without establishing the reality of the situation. I mean, if you choose to ignore these red flags that is fine if you fully realize that is what you are doing. Despite the fact there is clear evidence that explanations beyond those of personal self interest might exist, if you honestly believe that you have enough evidence then fine. Conversation over. But if you really want the truth, even if it ends up being something not particularly conducive to supporting your personal opinions then you continue to ask the hard questions so long as there are red flags draped over the easy answers.

Now we find out that Apple has released a patch on the same hardware that Krebs reported Maynor claimed had a vulnerability, SecureWorks and Apple are “working together” in “conjunction” with CERT and SecureWorks apparently has restrained Maynor from doing his Toorcon presentation which he claimed would be detailed and answer questions from those who wanted to ask. It’s like this story never ends. I am now at the point where I am saying fine, whatever SecureWorks and Apple want the public to know and to believe is fine by me because in the end all this is just a little mysterious curiosity. One of those interesting debates one might dive into from time to time. In some respects I worry that that is just the attitude that the major players in this were hoping the public would take, but seriously, this just isn’t important enough to spend ones life solving.

I have even chatted with a number of friends about this and surprisingly enough not even a one had the slightest clue such a debate was going on, even though there was always some minor limited interest in how it might play out. The one person I did talk to about this who owns a Macbook asked me “so is there an exploit?” I told him that I have no clue. And I also told him at any rate it probably wasn’t anything he was going to have to ever get very concerned about one way or the other, as these things seldom are.

He said “don’t worry, one way or the other I’m not concerned in the least.”

I think that about says it all. The world really doesn’t care.