The Never Ending Story
My recent personal opinion on this whole issue hasn’t really altered much if any at all. My personal opinion was, as I posted in regard to Toorcon, which you might have read;
“its time for Maynor and SecureWorks to spill and let it all out. It is their big chance and if they fail to deliver that’s their problem. It would take a massive new twist on the whole controversy to recapture my imagination on this.”
Well there we go eh. I do not know if SecureWorks and Apple, working together in conjunction with CERT, and then SecureWorks suddenly putting the nix on Maynors presentation at Toorcon qualifies as a massive new twist, but it has to be close; but then again this has dragged on so long I do not know if it can really hold my attention much longer anyway.
The thing is in law, you do not get very far if you let your personal opinions get in the way of observing troubling facts and considering possibilities those facts may present. I have to laugh a little at many online posts as they only look at the situation from a narrow focus that precludes any chance that a stock Macbook exploit could be a possibility. The way I approach such a situation is quite different.
Of course anyone who is a decent reader and has even minimal deductive reasoning abilities can see right off; the possibility that the story told by Krebs in his blog for the Washington Post could have any number of problems with it. There are some very simple conclusions one could come up with that would explain why there never was a stock Macbook exploit. Krebs might have misunderstood exactly what Maynor told and or demonstrated to him in regard to the stock Macbook and he just keeps insisting he is right. Krebs might be some kind of journalistic suicide daredevil who simply made it up to draw attention to himself, of course that’s a little hard to believe. Maynor might have misspoke in some way not realizing that he said something that would naturally be taken the wrong way, or Maynor might have been a fraud and purposely deceived Krebs for any number of reasons.
This type of simple and off the cuff observation can be made by anyone with even half a brain. And this is pretty much where the state of analysis began and ended for the some of the pro-Apple crowd who stop at nothing to ignore any other possability then a stock Macbook exploit is a hoax. The problem is; with each of these quick and simple explainations or any similar type of possibility that imples negligence or fraud to explain away a possible Macbook exploit, one would expect certain other events to follow, or subsequent information to come out that would begin a gradual tilt towards pointing out that at least one of the afore mentioned events happened. I actually entered this debate awhile after the original Black Hat event took place and I realized on reading of this whole controversy that if any of the above simple explanations were what had actually occurred, that some subsequent event or events should have also occurred, which they had not, and that is a problem of a type that raises a red flag on a strictly simple analysis of any situation.
For example, if Krebs just plain and simply misunderstood what Maynor had shown and told him, or he was lying about it; he was in the process of making things very embarrassing for Maynor and SecureWorks and it would almost be sheer insanity to allow Krebs to keep insisting he got it right if Maynor and SecureWorks knew he got it wrong. SecureWorks would have surly insisted Maynor set Krebs straight, particularly as Krebs was insisting that he was trying to get more out of Maynor and SecureWorks yet they were not responding to him. Common sense tells you that SecureWorks is not going to let some reporter from the Post mess them over and then get them in deep water with Apple and the IT public if Krebs is misinformed or is lying himself about what Maynor told him. When I got into this whole mess it was quite clear that Maynor and SecureWorks were not saying Krebs had it wrong for any reason. In fact the silence from SecureWorks regarding Krebs publicly reported claims were deafening. This raises a massive red flag on all the afore mentioned simplistic explanations that would exclude the possibility of the stock Mac exploit existing.
Further, once a story like this breaks, depending on the specifics of the interested parties and facts of the case one can expect any number of different possible responses from the interested parties. In this case that includes Apple. Considering, that I am informed that Apple is apparently claiming that there are no reported viruses for OSX, although Sophos begs to differ, Apple would reasonably have some concern that there are unsubstantiated reports of an exploit on their airport card. One would expect some kind of public demand by Apple that they be given the appropriate evidence so they could retain their spotless record. Failing the production of such evidence one would expect them to make it plain which exploits they were asking for evidence about and to make it plain that no evidence for the apparent exploits had been forthcoming.
One of the most unusual aspects of this whole event was Apples rather restrictive public statements about “not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit”. It was peculiar for at least two important reasons. First because their public statement really didn’t identify in any significant way which particular exploit they were claiming ‘no code or exploit demonstrated’ was in relation too. This of course left some of the public to wonder if it was the demonstrated third party hardware exploit shown at Black Hat or the stock vulnerability Krebs claimed Maynor told him about or both. That lack of clarity in such an important public statement also raises red flags if one is hoping to rely on the above simplistic explanations.
Secondly the original press release given as a whole was read by some that there had in fact been no contact about anything Maynor had talked about in regard to Apple computers, and we know for an ABSOLUTE EMPERICAL FACT that this is precisely what a significant part of the public understood the statement to mean. We know this because John Gruber went to great lengths on his blog at DaringFireball interpreting Lynn Fox’s statement to mean exactly that, and we know from endless postings on Zdnet and elsewhere around the net that large numbers of the public agreed that this is what it meant. Yet we now know that whatever it might have meant it did not mean there had been no contact between SecureWorks and Apple. In fact we know there was some contact of significance involving at least some delivery of information by SecureWorks to Apple from subsequent statements from Apple PR reps. This reality also raises more red flags on the simplistic explanations of what might have happened at Black Hat.
For anyone at this juncture, who was more interested in what might actually be going on as opposed to affirming the validity of their own personal interests, such a person would expect any number of things might happen if the simplistic explanations were valid. For one thing George Ou was making strongly worded arguments on Zdnet, along with a few other bloggers and websites, that Apple was not being forthcoming enough and that Maynor was a reliable security expert who was likely telling the truth. Large numbers of people were arguing and posting around the net and the whole issue was creating a significant buzz in the IT world. It is at this point that one can see the possibility of reputations of weaker parties completely ruined if it even turned out they were just mistaken or let an error in reporting go on for too long. It is a critical moment, not to be underestimated by anyone who has never had to live through such an experience, and as such it is very typical for people who find themselves in such a position to begin finding a way to back out of the maelstrom at this point if they are unsure of their position. Yet, with Maynor being the obviously weaker party, one would have to assume he has nerves of steel to let something he knew was a falsehood, or was the result of a significant misunderstanding to simply continue on indefinitely. Further, one has just got to suspect that SecureWorks would be asking Maynor piles of questions long before things got this far, and if they had any hint of subterfuge on Maynors part it would seem ludicrous for them to let any fraudulent situation continue. This also keeps the red flags flying.
The story is almost endless in many respects. I personally found a response particularly interesting from someone who calls themselves mvora, to one of my posts on George Ou’s Zdnet blog in relation to Lynn Fox’s answers about the information SecureWorks gave them;
“But that's not exactly what Fox said
She didn't say they only had contact about the FreeBSD issue. She said that's the only (actual) vulnerability that was mentioned. Without any proof, I dont think she would refer to Secureworks' alleged hack as a vulnerability. So considering what Ou asked, the only actual vulnerability Secureworks disclosed to Apple was the FreeBSD one.”
So, even the proponents of Apple find that tough questions are coming up with some tough realities. Even mvora notes that Apples rep Lynn Fox may parse answers to fair questions in such a way that allows her to avoid stating all the information SecureWorks might have given Apple. I have got to believe that even mvora didn’t realize he/she had just shown once again how Apple might have told the truth without establishing the reality of the situation. I mean, if you choose to ignore these red flags that is fine if you fully realize that is what you are doing. Despite the fact there is clear evidence that explanations beyond those of personal self interest might exist, if you honestly believe that you have enough evidence then fine. Conversation over. But if you really want the truth, even if it ends up being something not particularly conducive to supporting your personal opinions then you continue to ask the hard questions so long as there are red flags draped over the easy answers.
Now we find out that Apple has released a patch on the same hardware that Krebs reported Maynor claimed had a vulnerability, SecureWorks and Apple are “working together” in “conjunction” with CERT and SecureWorks apparently has restrained Maynor from doing his Toorcon presentation which he claimed would be detailed and answer questions from those who wanted to ask. It’s like this story never ends. I am now at the point where I am saying fine, whatever SecureWorks and Apple want the public to know and to believe is fine by me because in the end all this is just a little mysterious curiosity. One of those interesting debates one might dive into from time to time. In some respects I worry that that is just the attitude that the major players in this were hoping the public would take, but seriously, this just isn’t important enough to spend ones life solving.
I have even chatted with a number of friends about this and surprisingly enough not even a one had the slightest clue such a debate was going on, even though there was always some minor limited interest in how it might play out. The one person I did talk to about this who owns a Macbook asked me “so is there an exploit?” I told him that I have no clue. And I also told him at any rate it probably wasn’t anything he was going to have to ever get very concerned about one way or the other, as these things seldom are.
He said “don’t worry, one way or the other I’m not concerned in the least.”
I think that about says it all. The world really doesn’t care.
My recent personal opinion on this whole issue hasn’t really altered much if any at all. My personal opinion was, as I posted in regard to Toorcon, which you might have read;
“its time for Maynor and SecureWorks to spill and let it all out. It is their big chance and if they fail to deliver that’s their problem. It would take a massive new twist on the whole controversy to recapture my imagination on this.”
Well there we go eh. I do not know if SecureWorks and Apple, working together in conjunction with CERT, and then SecureWorks suddenly putting the nix on Maynors presentation at Toorcon qualifies as a massive new twist, but it has to be close; but then again this has dragged on so long I do not know if it can really hold my attention much longer anyway.
The thing is in law, you do not get very far if you let your personal opinions get in the way of observing troubling facts and considering possibilities those facts may present. I have to laugh a little at many online posts as they only look at the situation from a narrow focus that precludes any chance that a stock Macbook exploit could be a possibility. The way I approach such a situation is quite different.
Of course anyone who is a decent reader and has even minimal deductive reasoning abilities can see right off; the possibility that the story told by Krebs in his blog for the Washington Post could have any number of problems with it. There are some very simple conclusions one could come up with that would explain why there never was a stock Macbook exploit. Krebs might have misunderstood exactly what Maynor told and or demonstrated to him in regard to the stock Macbook and he just keeps insisting he is right. Krebs might be some kind of journalistic suicide daredevil who simply made it up to draw attention to himself, of course that’s a little hard to believe. Maynor might have misspoke in some way not realizing that he said something that would naturally be taken the wrong way, or Maynor might have been a fraud and purposely deceived Krebs for any number of reasons.
This type of simple and off the cuff observation can be made by anyone with even half a brain. And this is pretty much where the state of analysis began and ended for the some of the pro-Apple crowd who stop at nothing to ignore any other possability then a stock Macbook exploit is a hoax. The problem is; with each of these quick and simple explainations or any similar type of possibility that imples negligence or fraud to explain away a possible Macbook exploit, one would expect certain other events to follow, or subsequent information to come out that would begin a gradual tilt towards pointing out that at least one of the afore mentioned events happened. I actually entered this debate awhile after the original Black Hat event took place and I realized on reading of this whole controversy that if any of the above simple explanations were what had actually occurred, that some subsequent event or events should have also occurred, which they had not, and that is a problem of a type that raises a red flag on a strictly simple analysis of any situation.
For example, if Krebs just plain and simply misunderstood what Maynor had shown and told him, or he was lying about it; he was in the process of making things very embarrassing for Maynor and SecureWorks and it would almost be sheer insanity to allow Krebs to keep insisting he got it right if Maynor and SecureWorks knew he got it wrong. SecureWorks would have surly insisted Maynor set Krebs straight, particularly as Krebs was insisting that he was trying to get more out of Maynor and SecureWorks yet they were not responding to him. Common sense tells you that SecureWorks is not going to let some reporter from the Post mess them over and then get them in deep water with Apple and the IT public if Krebs is misinformed or is lying himself about what Maynor told him. When I got into this whole mess it was quite clear that Maynor and SecureWorks were not saying Krebs had it wrong for any reason. In fact the silence from SecureWorks regarding Krebs publicly reported claims were deafening. This raises a massive red flag on all the afore mentioned simplistic explanations that would exclude the possibility of the stock Mac exploit existing.
Further, once a story like this breaks, depending on the specifics of the interested parties and facts of the case one can expect any number of different possible responses from the interested parties. In this case that includes Apple. Considering, that I am informed that Apple is apparently claiming that there are no reported viruses for OSX, although Sophos begs to differ, Apple would reasonably have some concern that there are unsubstantiated reports of an exploit on their airport card. One would expect some kind of public demand by Apple that they be given the appropriate evidence so they could retain their spotless record. Failing the production of such evidence one would expect them to make it plain which exploits they were asking for evidence about and to make it plain that no evidence for the apparent exploits had been forthcoming.
One of the most unusual aspects of this whole event was Apples rather restrictive public statements about “not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit”. It was peculiar for at least two important reasons. First because their public statement really didn’t identify in any significant way which particular exploit they were claiming ‘no code or exploit demonstrated’ was in relation too. This of course left some of the public to wonder if it was the demonstrated third party hardware exploit shown at Black Hat or the stock vulnerability Krebs claimed Maynor told him about or both. That lack of clarity in such an important public statement also raises red flags if one is hoping to rely on the above simplistic explanations.
Secondly the original press release given as a whole was read by some that there had in fact been no contact about anything Maynor had talked about in regard to Apple computers, and we know for an ABSOLUTE EMPERICAL FACT that this is precisely what a significant part of the public understood the statement to mean. We know this because John Gruber went to great lengths on his blog at DaringFireball interpreting Lynn Fox’s statement to mean exactly that, and we know from endless postings on Zdnet and elsewhere around the net that large numbers of the public agreed that this is what it meant. Yet we now know that whatever it might have meant it did not mean there had been no contact between SecureWorks and Apple. In fact we know there was some contact of significance involving at least some delivery of information by SecureWorks to Apple from subsequent statements from Apple PR reps. This reality also raises more red flags on the simplistic explanations of what might have happened at Black Hat.
For anyone at this juncture, who was more interested in what might actually be going on as opposed to affirming the validity of their own personal interests, such a person would expect any number of things might happen if the simplistic explanations were valid. For one thing George Ou was making strongly worded arguments on Zdnet, along with a few other bloggers and websites, that Apple was not being forthcoming enough and that Maynor was a reliable security expert who was likely telling the truth. Large numbers of people were arguing and posting around the net and the whole issue was creating a significant buzz in the IT world. It is at this point that one can see the possibility of reputations of weaker parties completely ruined if it even turned out they were just mistaken or let an error in reporting go on for too long. It is a critical moment, not to be underestimated by anyone who has never had to live through such an experience, and as such it is very typical for people who find themselves in such a position to begin finding a way to back out of the maelstrom at this point if they are unsure of their position. Yet, with Maynor being the obviously weaker party, one would have to assume he has nerves of steel to let something he knew was a falsehood, or was the result of a significant misunderstanding to simply continue on indefinitely. Further, one has just got to suspect that SecureWorks would be asking Maynor piles of questions long before things got this far, and if they had any hint of subterfuge on Maynors part it would seem ludicrous for them to let any fraudulent situation continue. This also keeps the red flags flying.
The story is almost endless in many respects. I personally found a response particularly interesting from someone who calls themselves mvora, to one of my posts on George Ou’s Zdnet blog in relation to Lynn Fox’s answers about the information SecureWorks gave them;
“But that's not exactly what Fox said
She didn't say they only had contact about the FreeBSD issue. She said that's the only (actual) vulnerability that was mentioned. Without any proof, I dont think she would refer to Secureworks' alleged hack as a vulnerability. So considering what Ou asked, the only actual vulnerability Secureworks disclosed to Apple was the FreeBSD one.”
So, even the proponents of Apple find that tough questions are coming up with some tough realities. Even mvora notes that Apples rep Lynn Fox may parse answers to fair questions in such a way that allows her to avoid stating all the information SecureWorks might have given Apple. I have got to believe that even mvora didn’t realize he/she had just shown once again how Apple might have told the truth without establishing the reality of the situation. I mean, if you choose to ignore these red flags that is fine if you fully realize that is what you are doing. Despite the fact there is clear evidence that explanations beyond those of personal self interest might exist, if you honestly believe that you have enough evidence then fine. Conversation over. But if you really want the truth, even if it ends up being something not particularly conducive to supporting your personal opinions then you continue to ask the hard questions so long as there are red flags draped over the easy answers.
Now we find out that Apple has released a patch on the same hardware that Krebs reported Maynor claimed had a vulnerability, SecureWorks and Apple are “working together” in “conjunction” with CERT and SecureWorks apparently has restrained Maynor from doing his Toorcon presentation which he claimed would be detailed and answer questions from those who wanted to ask. It’s like this story never ends. I am now at the point where I am saying fine, whatever SecureWorks and Apple want the public to know and to believe is fine by me because in the end all this is just a little mysterious curiosity. One of those interesting debates one might dive into from time to time. In some respects I worry that that is just the attitude that the major players in this were hoping the public would take, but seriously, this just isn’t important enough to spend ones life solving.
I have even chatted with a number of friends about this and surprisingly enough not even a one had the slightest clue such a debate was going on, even though there was always some minor limited interest in how it might play out. The one person I did talk to about this who owns a Macbook asked me “so is there an exploit?” I told him that I have no clue. And I also told him at any rate it probably wasn’t anything he was going to have to ever get very concerned about one way or the other, as these things seldom are.
He said “don’t worry, one way or the other I’m not concerned in the least.”
I think that about says it all. The world really doesn’t care.
posted by David Burke | 3:09 AM
2 Comments:
A little follow up
To gw Mahoney;
I mention the wording of Apples original press release simply because it is an irrefutable fact that many people including John Guber concluded that statement meant that Apple had claimed there was zero contact from SecureWorks and we now also know for an irrefutable fact that their was contact from SecureWorks to Apple.
Further, I have not said or implied that Apple has some how been inconsistent; at least surly not in any important way that I can think of. Please try not to attribute words or ideas to me that I have not said myself.
To rmac;
First off, I did not say “all pro-Apple” people I said some, and I meant some. I expect there are quite a number of pro-Apple people who approach this reasonably.
Next, if you take the time to look at the Sophos website, I provided the link in the blog, Sophos takes great pains to carefully define the difference between a Trojan and a virus according to industry standards then goes on further to explain; despite what some may of may not like:
“Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.”
I know, to accept the fact that OSX does have a virus in the wild is an extraordinarily painful thing for some to accept. Just live with it. It’s not a big deal.
And also, while it may not take a month to make a patch; that is purely irrelevant as Apple already has explained the patch was created after an internal audit inspired by contact with SecureWorks. Nobody is claiming work on the patch started the day after the Krebs blog came out.
To gw Mahoney:
There is no question at all if you read through Gruber’s post on DaringFireball that he thought Fox’s official statements meant there had been “NO CONTACT” read the following from Gruber;
“For example, from Apple’s statement on Friday, we know that if Maynor and Ellch have identified an exploit against a stock MacBook, that they have not yet contacted Apple (or Atheros) with details about the vulnerability”
If that isn’t enough, he proves beyond a doubt that this is what he thought when he says;
“if they have contacted Apple, the statement issued by Apple’s Lynn Fox is flat-out false and Apple has committed an enormous, almost incomprehensibly foolish mistake, because such a mendacious lie will prove far worse for Apple than divulging a Wi-Fi exploit”
If that is not plain enough he really seals it up with this;
“I thus see no way out of this where Maynor and Ellch escape with their reputations intact, other than if they have in fact discovered a vulnerability against the stock MacBook card and driver, that they have disclosed their findings privately to Apple, and that the statement issued Friday by Apple’s Lynn Fox is in fact scurrilously false.”
I understand how in hindsight many can see that Apple was not lying, I in fact made a protracted statement that Gruber got it wrong, Lynn Fox did not say there was not contact so neither Maynor/SecureWorks or Lynn Fox had to be lying, Gruber just plain overstated the situation. Many Zdnet readers fell for this wording by Lynn Fox as well, tic swayback for one (who’s opinion I rather respect) as he kept saying he could not believe Apple would lie, and when I repeatedly pointed out that the words Lynn Fox used were not a lie, he then said it would still be “weasely” for Apple to use such language because it suggested ‘no contact’. Now of course he has forgotten all about that opinion he had back then, as Apple has admitted contact.
Post a Comment
<< Home