On Sat, 05 Aug 2006 10:52:56 -0700, Jeff Liebermann
<jeffl@comix.santa-cruz.ca.us> wrote in
<uql9d21celm279qmmin5op36s5mul4933p@4ax.com>:

>John Navas <spamfilter0@navasgroup.com> hath wroth:
>
>>I suspect there's more going on here than meets the eye. A big problem
>>in security is getting vendors to pay proper attention. My guess is
>>that these guys got fed up with the lack of concern, and decided to
>>build a fire under them with this public presentation. If so (or
>>something like that), my own opinion is, "Bravo!"
>
>I might agree with your analysis if they had previously even hinted
>that there was a problem in one of the security mailing lists.

There's nothing sacred about security mailing lists, which are actually
controversial. I personally think it's sufficient and reasonable to
contact companies directly, as they apparently did.

>Whether
>the motivation was getting the attention of the vendors or simple
>publicity, they are certainly guilty of grandstanding.

I personally think the public is at least as well-served by the
publicity.

>> During the course of our interview, it came out that Apple had leaned
>> on Maynor and Ellch pretty hard not to make this an issue about the
>> Mac drivers -- mainly because Apple had not fixed the problem yet.
>
>How could Apple lean on them unless Apple was considering hiring them
>to get involved in repairing their security problem (or image)?

Pressure can of course be applied in other ways. Apple is known to be
quite litigious, for example.

>> To all of the commenters who complained about why this demo was not
>> shown live, I refer you back to the text of the blog post, which
>> pointed out the dangers inherent in showing this type of exploit live
>> to a room overflowing with curious hackers who would like nothing
>> more than to capture a copy of the exploit wirelessly and experiment
>> with it.
>
>Naw. Stealing the disks and cdroms is easier.

But not as much fun.

>>Probably because the MacBookPro has Airport functionality built into it.
>
>They could have just as easily used an Airport or Airport Express.

Not necessarily. The MacBook is much easier to program.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>