View this article at: http://dev.macnn.com/articles/07/08/03/macbook.hack.wins.award
Friday, Aug 03, 2007 10:15am

MacBook Wi-Fi "hack" wins "...

The controversial MacBook Wi-Fi vulnerabilities demonstrated at last year's Black Hat conference have won an award for the most overhyped bug. Security researcher David Maynor claimed to have discovered vulnerabilities that could compromise MacBooks via wireless networking, but the acclaimed security flaws affected only older versions of Mac OS X as well as third-party wireless driver software that never shipped with a MacBook from Apple. "In the end, the only public information about Maynor's Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor's findings," said judges of the first ever "Pwnie" awards. Maynor and Jon "Johnny Cache" held the demonstration one year ago yesterday in response to a "Mac user base aura of smugness on security."

Maynor installed software that never shipped with Apple's notebook and compromised that software's security to gain unfettered access to the MacBook in question as part of his demonstration that Mac OS X and Mac users in particular are not immune to security threats. The researcher was criticized by industry peers for using a modified system to perform a public demonstration, though other security professionals did remind users that no one is safe from persistent, skilled attackers. The researcher's flaw did work on previous versions of Mac OS X, but Apple quickly noted that all Apple owners who kept their systems up to date were immune to the security threat demoed by Maynor. In related news, ZDNet reports that the OpenBSD team won the award for the most spectacular "mishandling" of a critical security vulnerability after refusing to acknowledge the bug as such. The team released a "reliability fix" before Core Security developed proof-of-concept code to demonstrate remote code execution just one week later.