Case in the hat (or the month of Apple-bugs)
The myth of Apple’s special “invulnerability” compared to Windows has been maintained for many years, although security experts warned that a disproportionately large number of claims to Windows protection were primarily caused by its much wider prevalence. But for a long time these were only theoretical assumptions. But in practice, it turned out that when all sorts of bugs, worms, viruses and other computer ailments intensively bred in the Windows environment, relatively few fans of the Apple platform had a false sense of security. Which recently, as it can be already stated, it has become rather quickly dispelled, especially after the recent MoAB online campaign (Month of Apple Bugs, "Apple Bug Month"). As if by agreement, the hackers began publishing such a breach of vulnerabilities in Mac OS that in the first three months of 2007, Apple, which was completely unaccustomed to such abuses, had to quickly release patches to patch as many as 62 holes.
It all happened somehow suddenly suddenly and at first did not find a rational explanation. However, soon one of the well-known bloggers George W (George Ou, blogs.zdnet.com/Ou), dealing with computer security issues himself, regularly writing about this in the press and having many acquaintances in the hacker environment, clarified the situation. According to his information, which he received, what is called, first-hand, the action of MoAB was actually provoked by Apple itself. More specifically, stupid and ugly, to put it mildly, initiatives of the PR division of the company.
The roots of this story go back to last year’s Black Hat hacker conference in Las Vegas, where one of the most notable events was the demonstration of new vulnerabilities in WiFi channels. This work on the forum was presented, as is customary, by the authors David Manor and John "Johnny Cash" Elch. And for the most vivid illustration of the universal nature of the threat they identified, they chose not a Windows machine, as usual, but a MacBook computer (see CT # 650). The fact that hackers chose the Mac platform was extremely disliked by Apple, and it immediately began to take vigorous steps to discredit both the report and the researchers who made it. Subsequent publications — first in blogs, then in computer media — presented the story as if the report of Manor and Elch on Black Hat was based on “distorting” the real security situation of Apple computers (for the demonstration used an unnamed third-party WiFi card) and the speakers, by means of their falsification, tried to deceive the public deliberately (for they themselves acknowledged the fact of using the “non-native” fee).
')
One can understand the damage to the professional and universal reputation of Mainor and Elch caused such publications. Naturally, they tried to fend off unfair accusations, pointing out that at the very beginning of their report they honestly noted the use of a third-party WiFi card. And it was done so at the insistence of Apple, which, like Microsoft, the hackers notified in advance of their discovery, because the vulnerability is characteristic of virtually all WiFi drivers, both native to Mac or Windows platforms, and developed on the side. But it all sounded, it must be admitted, somehow dull, since the noise from a large corporation is always heard louder than the voices of two separate people. And the firm SecureWorks, where David Manor worked at that time, did not want to stand up to protect the honor of her employee, because in business matters she directly depends on Apple.
However, now Manor has already left SecureWorks, does not consider it necessary to block anyone, and therefore gave George W. blank a blank card to publish all the documents about this unsightly story that the journalist has had long ago. The essence of the documents (e-mail letters, mainly) is that the head of the Apple PR division, Lynn Fox (Lynn Fox), from the very beginning, in August 2006, tried to energetically press Maynor to publish what she wrote on her own behalf. Recognizing the “distortion” in the Mac OS X security report. When Mayor refused to do this, Fox clicked — with great success — on his SecureWorks employer, and on Apple’s website (in a secluded blog section), Apple ", However, in more moderate compromise wording. This text is immediately and obviously on a tip from Fox found two "independent" bloggers from the army of super-loving Apple users, who launched the news of "falsification" on the Web. When George W, who was already well acquainted with the real state of affairs, tried to clarify the picture in the comments to these blogs, his comments were immediately removed, and the news of unscrupulous hackers seeking cheap fame went for a walk through the media.
About a month after these events, Apple, publicly continuing to deny vulnerabilities in the Mac OS X platform, quietly patched the “nonexistent” hole in its drivers. Maynor and Elch who revealed this weakness did not receive any thanks from Apple, except for those mud tubs that they were doused in the press. In any decent society, as is known, it is customary to punish such indecent behavior. For educational purposes, one might say, for the guilty and for the edification of others. And if readers of publicly available media could create a false impression about Apple’s righteousness seeking justice, then in a hacker underground, and the work of Meynor-Elch, and the real security situation of Mac OS X is much more adequate. The now-famous “Apple-month of the bugs” became the immediate consequence of which.
Well, whether Apple’s PR service can adequately perceive the meaning of the MoAB promotion will be shown by life.
by Kiwi bird computer
It all happened somehow suddenly suddenly and at first did not find a rational explanation. However, soon one of the well-known bloggers George W (George Ou, blogs.zdnet.com/Ou), dealing with computer security issues himself, regularly writing about this in the press and having many acquaintances in the hacker environment, clarified the situation. According to his information, which he received, what is called, first-hand, the action of MoAB was actually provoked by Apple itself. More specifically, stupid and ugly, to put it mildly, initiatives of the PR division of the company.
The roots of this story go back to last year’s Black Hat hacker conference in Las Vegas, where one of the most notable events was the demonstration of new vulnerabilities in WiFi channels. This work on the forum was presented, as is customary, by the authors David Manor and John "Johnny Cash" Elch. And for the most vivid illustration of the universal nature of the threat they identified, they chose not a Windows machine, as usual, but a MacBook computer (see CT # 650). The fact that hackers chose the Mac platform was extremely disliked by Apple, and it immediately began to take vigorous steps to discredit both the report and the researchers who made it. Subsequent publications — first in blogs, then in computer media — presented the story as if the report of Manor and Elch on Black Hat was based on “distorting” the real security situation of Apple computers (for the demonstration used an unnamed third-party WiFi card) and the speakers, by means of their falsification, tried to deceive the public deliberately (for they themselves acknowledged the fact of using the “non-native” fee).
')
One can understand the damage to the professional and universal reputation of Mainor and Elch caused such publications. Naturally, they tried to fend off unfair accusations, pointing out that at the very beginning of their report they honestly noted the use of a third-party WiFi card. And it was done so at the insistence of Apple, which, like Microsoft, the hackers notified in advance of their discovery, because the vulnerability is characteristic of virtually all WiFi drivers, both native to Mac or Windows platforms, and developed on the side. But it all sounded, it must be admitted, somehow dull, since the noise from a large corporation is always heard louder than the voices of two separate people. And the firm SecureWorks, where David Manor worked at that time, did not want to stand up to protect the honor of her employee, because in business matters she directly depends on Apple.
However, now Manor has already left SecureWorks, does not consider it necessary to block anyone, and therefore gave George W. blank a blank card to publish all the documents about this unsightly story that the journalist has had long ago. The essence of the documents (e-mail letters, mainly) is that the head of the Apple PR division, Lynn Fox (Lynn Fox), from the very beginning, in August 2006, tried to energetically press Maynor to publish what she wrote on her own behalf. Recognizing the “distortion” in the Mac OS X security report. When Mayor refused to do this, Fox clicked — with great success — on his SecureWorks employer, and on Apple’s website (in a secluded blog section), Apple ", However, in more moderate compromise wording. This text is immediately and obviously on a tip from Fox found two "independent" bloggers from the army of super-loving Apple users, who launched the news of "falsification" on the Web. When George W, who was already well acquainted with the real state of affairs, tried to clarify the picture in the comments to these blogs, his comments were immediately removed, and the news of unscrupulous hackers seeking cheap fame went for a walk through the media.
About a month after these events, Apple, publicly continuing to deny vulnerabilities in the Mac OS X platform, quietly patched the “nonexistent” hole in its drivers. Maynor and Elch who revealed this weakness did not receive any thanks from Apple, except for those mud tubs that they were doused in the press. In any decent society, as is known, it is customary to punish such indecent behavior. For educational purposes, one might say, for the guilty and for the edification of others. And if readers of publicly available media could create a false impression about Apple’s righteousness seeking justice, then in a hacker underground, and the work of Meynor-Elch, and the real security situation of Mac OS X is much more adequate. The now-famous “Apple-month of the bugs” became the immediate consequence of which.
Well, whether Apple’s PR service can adequately perceive the meaning of the MoAB promotion will be shown by life.
by Kiwi bird computer
Source: https://habr.com/ru/post/6611/
All Articles