MacBook Wi-Fi "hack" wins "Pwnie" award
updated 10:15 am EDT, Fri August 3, 2007
MacBook "hack" wins award
The controversial MacBook Wi-Fi vulnerabilities demonstrated at last year's Black Hat conference have won an award for the most overhyped bug. Security researcher David Maynor claimed to have discovered vulnerabilities that could compromise MacBooks via wireless networking, but the acclaimed security flaws affected only older versions of Mac OS X as well as third-party wireless driver software that never shipped with a MacBook from Apple. "In the end, the only public information about Maynor's Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor's findings," said judges of the first ever "Pwnie" awards. Maynor and Jon "Johnny Cache" held the demonstration one year ago yesterday in response to a "Mac user base aura of smugness on security."
Maynor installed software that never shipped with Apple's notebook and compromised that software's security to gain unfettered access to the MacBook in question as part of his demonstration that Mac OS X and Mac users in particular are not immune to security threats. The researcher was criticized by industry peers for using a modified system to perform a public demonstration, though other security professionals did remind users that no one is safe from persistent, skilled attackers.
The researcher's flaw did work on previous versions of Mac OS X, but Apple quickly noted that all Apple owners who kept their systems up to date were immune to the security threat demoed by Maynor.
In related news, ZDNet reports that the OpenBSD team won the award for the most spectacular "mishandling" of a critical security vulnerability after refusing to acknowledge the bug as such. The team released a "reliability fix" before Core Security developed proof-of-concept code to demonstrate remote code execution just one week later.






Fresh-Faced Recruit
Joined: Oct 2006
Evil Pay Off
He is awarded a pwnie. As he leaves the building a giggling Steve Ballmer stops in front of him and slides a big wad of money in his coat pocket and continues giggling as he walks off.
Vista was probably hacked 2 to 3 times while I was typing this this.