Text Size

MacBook Wi-Fi "hack" wins "Pwnie" award

updated 10:15 am EDT, Fri August 3, 2007

MacBook "hack" wins award

The controversial MacBook Wi-Fi vulnerabilities demonstrated at last year's Black Hat conference have won an award for the most overhyped bug. Security researcher David Maynor claimed to have discovered vulnerabilities that could compromise MacBooks via wireless networking, but the acclaimed security flaws affected only older versions of Mac OS X as well as third-party wireless driver software that never shipped with a MacBook from Apple. "In the end, the only public information about Maynor's Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor's findings," said judges of the first ever "Pwnie" awards. Maynor and Jon "Johnny Cache" held the demonstration one year ago yesterday in response to a "Mac user base aura of smugness on security."

Maynor installed software that never shipped with Apple's notebook and compromised that software's security to gain unfettered access to the MacBook in question as part of his demonstration that Mac OS X and Mac users in particular are not immune to security threats. The researcher was criticized by industry peers for using a modified system to perform a public demonstration, though other security professionals did remind users that no one is safe from persistent, skilled attackers.

The researcher's flaw did work on previous versions of Mac OS X, but Apple quickly noted that all Apple owners who kept their systems up to date were immune to the security threat demoed by Maynor.

In related news, ZDNet reports that the OpenBSD team won the award for the most spectacular "mishandling" of a critical security vulnerability after refusing to acknowledge the bug as such. The team released a "reliability fix" before Core Security developed proof-of-concept code to demonstrate remote code execution just one week later.

 
Previous Comments

Evil Pay Off

08/03, 11:30am reply

He is awarded a pwnie. As he leaves the building a giggling Steve Ballmer stops in front of him and slides a big wad of money in his coat pocket and continues giggling as he walks off.

Vista was probably hacked 2 to 3 times while I was typing this this.

frisby

Fresh-Faced Recruit

Joined: Oct 2006

0

ballmer would say

08/03, 11:56am reply

...'no one hacks the mac because no one uses it!'

climacs

Fresh-Faced Recruit

Joined: Sep 2001

0

Congrats Maynor

08/03, 12:48pm reply

You definitely earned it! Here's hoping you get a "lit cigarette in the eye"

MacnTX

Fresh-Faced Recruit

Joined: Apr 2004

0

Who takes this seriously?

08/03, 01:37pm reply

So he ads so software on the laptop that deals with ports and probably opens them up regardless of what you have them set at in SysPerfs. If you change the firewall settings, of COURSE you're going to have holes in the defenses. The firewall on the Mac is a no-brainer, so it's not an issue for most people.

This isn't even newsworthy other than the fact that they actually gave him an award for something he didn't really earn.

Why again do we care?

danviento

Fresh-Faced Recruit

Joined: Dec 2005

0

Pwnie award

08/04, 12:30pm reply

May they continue to award it to him every year.

Neil Anderson

Fresh-Faced Recruit

Joined: Jul 2007

0

Popular News