George Ou speaks again, this time drawing on the help of a friend who is a “legal professional” to respond to John Gruber’s “super long analyis” (shorter Ou: “Damn, this journamalism am hard!”).
Notice that Ou doesn’t say that his friend, David Burke, is a lawyer, just a “legal professional.” He doesn’t actually say at all who Mr. Burke is or what he does. But my money’s on this David Burke, who has a recurring role as a D.A. on Boston Legal.
That’s just the kind of of top-notch legal advice you want when refuting a blog post!
So, let’s get down on it! Burke copies whole heaves of text from Daring Fireball to set the ground work for his massive take-down!
Sorry for the following extended quotes, but this is the evidence he uses to support his concern, search the link if you would like to double check…
Uh, no, dude, that’s OK. I’m sure you’ve got mad copy/paste skillz. I’m sure you beat the hell out of that V key.
“Copy. PASTE! Copy. PASTE! Copy. MOTHERFUCKING PASTE! Oh, man, I’m on fi-ya!”
Fox’s statement simply says; Maynor and Ellch have not demonstrated such a vulnerability to Apple.
…
Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.
…
So his main concern is garbage. See why you need trained people to examine the evidence?
Ah! You mean like someone who plays a D.A. on TV?
There’s just one problem with Mr. Burke’s stunning legal analysis.
“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,” Apple Director of Mac PR, Lynn Fox, told Macworld.
[Emphasis mine.]
This is the graph that Maynor’s defenders kind sorta wish wasn’t there and, if you repeat it, will probably make them stick their fingers in their ears and go “LA-LA-LA-LA-LA-LA! I AM NOT LIS-TEN-ING!”
They much prefer to focus on the “sharing of code” quote, as Ou does here:
Fox never stated SecureWorks never contacted them, they only said that no code was shared.
The first part of that sentence is true. The second is not because of the use of the word “only.” She said that SecureWorks provided no evidence.
Ou says “You can’t have their code, bitch!”
You’re not entitled to a researcher’s code which they spent time developing. Giving them the actual malformed packet that triggers the exploit and a pointer to the location of the flawed code is standard practice.
But for SecureWorks to have done this would have been to provide evidence, in which case Fox was mistaken or lying. But Ou’s not arguing that Fox is mistaken or lying. He’s arguing that she used PR gobbledy-gook to try to trick the world into thinking SecureWorks was wrong about the Airport hardware and drivers.
Ou then compliments his possibly imaginary friend on his legal acumen. You can learn a lot on the set of a popular legal show! I wish he’d asked him what Shatner’s really like!
While I know for a fact that Gruber is wrong and doesn’t know what he is talking about since I’m sitting on sensitive information at this point, I’m amazed that you can take Gruber’s own analysis and take it apart and get eerily close to what the truth is.
Well! Someone’s been hanging out in the super-secret hacker treefort in Maynor’s mom’s back yard with the Farah Fawcett poster on the wall!
I wonder if Ou has talked to Apple. Because single-sourcing from SecureWorks may not be the best way to go right now (see: Krebs, Brian). We already know that Ou has gone out of his way to falsely portray SecureWorks as good faith actors who were only interested in making Macs more secure and kittens and puppies more prevalent and spring! with the flowers and dancing and… and…
And that’s bullshit.
You don’t get to run around and say you want to stick a lit cigarette in its user-base’s eye and then pretend you weren’t out to get Apple.
At the end of the day, SecureWorks may be able to demonstrate a hack of Airport. I suspect there’s smoke coming out of that super-secret treefort right now and it’s not from the vigorous self-gratification to the Farah Fawcett poster. But until someone puts up or shuts up, a responsible journalist would not make ham-handed efforts to brow-beat others into silence with vague threats of lightning bolts from Mt. Olympus.
You might be thinking, jeez, this guy writes for ZDNet, I mean, that must mean he’s a responsible journalist, right?
Eh, maybe not.
What the hell? It’s too early for this, I tells ya!
…heh-heh, he said “holes”
…heh-heh, I’m number 2
And, First!
And, Second!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU! OU!
Remember the name “Ou”, boys and girls.. I’m sure with a little more practice, he’ll be a regular Paul Thurrott.
-jcr
Dang, I thought I had achieved another Ace-Deuce punch.
Where are all the people that have replicated this hack using the real deal?
Fifth little pony!
Sixxxx
HELLISH ISN’T IT!?
Seven goes to heaven.
Take that Satan.
you bitch, you can’t use my toothbrush.
and now to read the article
8!!!!!
With 9 you get Peanut Butter Jelly Time!!!!
Of course the setup for the great 11!!!!
12?
oh i got 11….
and 12….
Wow. that article was far too serious and important for CARS. I’m impressed. When ars links to it I’ll sit back and laugh because CARS has become to place for logical discussion. Far out man.
See now I feel Eft. Really I do not just from a SOAP standpoint but from a toothbrush standpoint.
Now I need to just go and have a big ole honkin bowl of Oatmeal for lunch.
Maybe some salmon too.
OOOOH and maybe some applesauce!!!
uh…
Ok, so that’s not the wind making that treefort violently shake. This is the hard-hitting, snub-nosed, gumshoe wearing journalism that we’ve all come to expect from the CARS website’s
comments section.
HA. (of doom)
“Apple may in fact fully well have been contacted by Secureworks and may be quite aware the exploit exists and are working on it.”
And they may in fact have been promised a PONY, too. Heck, anything’s possible.
UNLEASH HELL, MOLTZ! YEAH!
Yeah… Farrah Fricken’ Fawcett…
nothin’ like showin that CARS has new tricks up it’s pony…er, ponies up it’s sleeve….
nevermind.
After reading that article from Ou, one can see why CARS took a serious approach: CARS is in danger of being replaced by George if this keeps up!
CARS got some of the most delicious bits above (super-long post, HAHAHA). Enjoy, denizens.
heh…
CARS totally used the Washington Post’s toothbrush.
Real reporting …. sigh … Crazy Apple Rumors/Real Reporting Site … CARRRS
nah – just leave it at CARS
Hope you’re getting overtime John.
Wouldn’t CARRRS be CARS for pirates or even pirates with ponies.
On a semi-serious note…
The company I (work) for did the recordings of all of the BlackHat and Defcon sessions. Maynor stated in the BlackHat session, that the flaw is with the 3rd party drivers. In fact, the session title is ‘Device Drivers’. During the Defcon session, they did try to clarify things a bit. David IS working with Apple, and upon confirmation a affected platforms, will help with a patch.
If I can, I will try to post a MP3 of the recordings sometime very soon…
moo
“When ars links to cars” (paraphase) – that’s gotta be the funniest post in a long time – in so many ways.
What!? Moltz is Jade?
Looks like we’ve got a side order of O’Grady Watch going too! Ou! That’s gotta sting! Here’s hoping O’GW goes aboveground real soon.
Ou! Ou! Ou! No! Let go of the damn toothbrush guys! No means No, Ou!
Where’d I leave that 10 gig iPod, and the sock?
This piece is too conceptual. I don’t get it. I like your more believable characters like “Ugluk” and “Entity.” This “Ou” character doesn’t make much sense.
I agree with Carl. I can believe in mysterious intergalactic entities, but it is just not credible that a real person would be a stupid as this imaginary Ou character. That and the name is just not realistic either. Maybe you should change his name to something believable like Oulu or something.
En’kay. I watched Maynor’s video and he says:
So Maynor is demonstrating the vulnerability of a stupid third party wireless card on a Mac that comes with Apple’s Airport card!!
Am I missing something here??!!
What is all the fuss about? I mean, I’m all for a good fuss and have been known to throw are killer fuss when one is called for but I find myself hard pressed to care about this.
I’ll publish a ‘funny’ post here in the comments for the sake of those who thought the Moltz™ was being too serious.
WTF? OU! WTF? OU! WTF? OU!
APPLY DIRECTLY TO THE FOREHEAD.
Although Maynor’s video doesn’t claim that they had hacked a Mac’s internal wireless, their interview with Krebs DID make that claim:
http://blog.washingtonpost.com/securityfix/2006/08/followup_to_macbook_post.html
Bunch of lying idiots……
Okay, so it isn’t that funny. But hey, this ain’t my website either!!
Thank you, Joe. Here’s my response to the same question:
You’re missing something.
Krebs reported that Maynor said the flaw was also in the stock Airport card and drivers. Ou, oddly, reported that Maynor never said that, but did *demonstrate* that (which makes very little sense).
Check this out. In Ou’s previous post he says
Oh, so it’s all about a third part card and driver. Airport was never involved. Case closed!
Oh, but then, in the same paragraph, he says
Wait, wha-huh?
Which is it, dude?! Pick one!
True enough Joe, but even there they only claim that the exploit is present in the Apple hardware. No one has demonstrated it.
This is how security “experts” make a name for themselves.
Still not able to care…
Longest. Post. Ever.
OK, Ahyner, you don’t have to care, but I think you’re underestimating what they’re claiming. Krebs reported that they – after the videotaped demo – claimed to have done it on stock Airport hardware and software.
I get it John. I’m just not too impressed with claims about that. Why not just crank out another video with them hacking an Airport? Prove what you claim.
Besides, I use a third party PC Card 802.11g and so I’m… Oh. Wait.
Don’t worry guys, problem solved.
I went over there and used their toothbrushes. Then I let my kittens and ponies use their toothbrushes. So I think we are all good now.
John, you hit it right on the head. How could Ou put up another post, after that huge mistake, and then go on a childish rant? Just doesn’t seem smart. I think he’s either:
a. GOT to know something that he thinks will save his reputation.
b. Desperately wants us to think he knows something that he can’t yet share, hoping we’ll forget later,
c. Never listened when his mom told him to think before he writes. Or something like that.
In fairness to George, we all make mistakes. I’m no Charlie’s Angel (because if I was, I’d be in front of a mirror right now….), but he is writing as a journalist (isn’t he?), so he’s got some higher standards to live up to. Especially on such a serious subject, that he’s treating far too nonchalantly.
I’m sorry, but nothing out of that camp (Ou, Kreb, etc) has made much sense at all. They must not be able to say anything sensible without either damning Mac users (by putting them at risk) or damning themselves. In which case, Kreb opened a can of worms that aren’t gonna be put back in the can, and he should just retract his posts and say he made a boo-boo so this whole thing blows over until a patch comes out.
You know, it really burns putting up serious posts on CARS. In uncomfortable places. I’ll leave the disambiguation to the reader as an exercise.
Well, it’s not exactly serious.
Besides, what are you talking about? All of our posts are factual, hard-hitting journamalism.
Uh…
I mean “journalism.”
That’s what I meant to say.
now that you put it that way, it makes it all better.
And yes, the burning has stopped, if you’re interested.
…
Which I’m pretty sure you’re not.
I’m not.
At all.
In the least.
But it is beginning to burn over here now.
Damn you, Step.
It burns on the penis
I George Ou is “going down with the ship.
Bad grammar, e-lawyers and flame wars. I had no idea Ou was a 12 year old girl.
Somebody call fandom_wank.
Ou! Ou! I read Ou’s article I love how we are told that his friend is ‘very smart’, why bother letting his intelligence shine through his analysis when we can just be told? Also I like how he doesn’t never use a lot of double negatives.
After reading that article I have to get this off my chest: NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! NO EVIDENCE! ah much better.
Damn 12 year old girls with thier e-lawyers and flame wars, why can’t they just enjoy ponies like the rest of us?
Oh and a half century. Woohoo!
> Also I like how he doesn’t never use a lot of double negatives.
Ou am to journamalism what Bizarro is not to Superman!
a digg for thee.
Hey everyone let’s get CARS on the front page of Digg!
journamalism…YES! And commenting on your own post repeatedly. That’s just damn fine journamalism®™℠©℗.
“But my money’s on this David Burke, who has a recurring role as a D.A. on Boston Legal.”
There’s something oddly familar about that twitchy barrister…
What disappoints you most about the video iPod 1.0?
Total number of votes cast: 26206
It doesn’t get Cinemax:
3465 votes, 13.22%
It requires far too much physical effort to cram a DVD into the Dock connector:
3170 votes, 12.10%
You can’t stick your face in the screen like with the TV in Videodrome:
3239 votes, 12.36%
Showing home movies on the iPod makes it too easy for viewers to escape:
3171 votes, 12.10%
I can fit 140 hours of TV in my pocket, but it sure is a hassle lugging this couch everywhere I go:
13161 votes, 50.22%
You know, I should care more, but I can’t seem to garner the strength.
Maybe it’s because I’m still on frickin’ DIAL-UP.
Yeah. No hi-speed, so no Wi-Fi worries, no staying awake nights worrying about hackers using my toothbrush…unless they’re DIAL-UP hackers.
Feh.
Someone needs to send me a pony.
Does Ou have any link to Ohio University?
Thanks Nxxx,
My mom always promised that one day she would tell me where ponies came from, but due to a terrible accident with a three hole paper punch I was never to learn the answer.
You know, I *am* a lawyer and a “student of logic and critical reasoning,” and I’m baffled by the entire post.
Both Ou and Burke basically ignore the fact that Apple itself says it has seen no evidence of any kind of an exploit, and instead cherry-pick and obsess over the claim that Apple says it was given no code, and parse this to mean (ignoring everything else Apple said) that Apple could still have been contacted by Maynor and is just using PR weasel words to make him look bad.
Burke finishes his “cross examination” by saying “So his main concern is garbage. See why you need trained people to examine the evidence? Sometimes what looks obvious is not.”
Whenever someone essentially says “Nuh uh! You’re just saying that because you’re not as smart as I am” you know they’ve got nothing.
Whoa. Things have, like, gotten totally heavy around here.
What is most frustrating about this, is all the shots across the bow (blog posts) between everyone and breaking down into a game of “he said, she said, whatever you say bounces off of me and sticks to you”, but Maynor and “Johnny Cahce” are both silent.
I think they thought they had invented Cold Fusion, called a press conference, and realized too late that what they really had was Con Fusion, and just decided to go with the Con.
The defenders of these two also can not seem to make a straight thought as to how Maynor can come out with his “I want to burn the eyes of smug Mac users with a lit cigarrete” blast, but this NOT be all about trying to descredit the Mac. If this was just about wireless drivers in ALL computing platforms, we would not have Kerbs coming out with his “MacBook Hacked in 60 seconds or less” article that started the uproar. I think they started this off as being an anti-mac thing, then realized how much the wrath of the Mac users can burn, and now are hiding under their beds and hoping it all goes away.
I have two theories on this.
1. This smacks a lot of the Anti-Linux crap that MS has been pushing for so long. Their ad’s about how much more secure Windows Server 2003 was compared to Linux, and how much more cost effective it was as well. I can just see M$ out there paying people like this to find any major security hole and exploit their find in the media for all it is worth. This rings even more true when you look at some of the articles that Ou has published, including the article where he states that people who say that M$ produces bloated programs don’t know what they are talking about. Yeah, I am sure Ou is VERRRRRY objective.
2. (This IS a Crazy Rumors site, so stay with me on this one). Maynor and company have found a wireless security hole on ALL laptops that they can hack into the computer and make the battery explode, the user of the computer to worship at the shrine of Monkey Boy Balmer, and steals their toothbrush. Maynor and company realize that this is a HUGE threat to national security, and have decided to sell it to Iran, but got caught, and are now in an undisclosed prision being held on terrorist charges, which is why he has not been able to contact Apple.
I will say this just as I said it on Ou’s blog comments. Maynor and company can make this ALL go away if they either come out and tell the truth that it was a hoax, or they can demonstrate this “in the wild” on a target laptop that they have not had any physical access to. Anything short of that, and this isn’t going away for a very long time. And it only hurts them to have someone like George Ou trying (and failing) to defend them.
Ou gives himself away in the responses to his blog post:
“Does this mean that for a machine to be vulnerable it has to have two network cards?”
No, it means for a non-weaponized version of this exploit, it needs the two cards. But the exploit is still very serious. Exploits don’t have to be weaponized or 100% reliable to be of a grave concern. You shouldn’t have to wait for a 100% reliable exploit to demonstrate a serious issue.
I’m gone for, what? 2 years, and this place turns into a legitimate news source?
Seriously, nice work Moltz.
11TH!!!
If Ou was a responsible journalist, he’s lost it, should have shut up the minute the s#@t hit the fan.
Jeez, has it been two years? Whereya been?
Smallworks is now claiming that they’ve been unable to hack a MacBook with Apple hardware and software. Looks like Ou and Krebs are busted.
You make some funny points, but it’s just as sloppy of you to assume that the David Burke in question is an actor and not a lawyer as it is for Ou to make his strange “out of ass” arguments.
I mean, wouldn’t the David Burke in question more likely be this one:
http://www.rc.com/BioBURKE.htm
or this one?
http://www.imdb.com/name/nm0121651/
I mean, if you’re going to pick actors named David Burke, are you sure you’ve picked the right one out of ten?
http://www.imdb.com/find?s=all&q=david+burke
Good times.
Dude, I don’t *really* think it’s the guy from Boston Legal.
It could be this David Burke, no? Uhh, no, probably not.
But maybe it’s this one. He appeared on Iron Chef America once, losing to Bobby Flay (natch). The special ingredient was lamb.
He said weaponized. heh.
As a professional journamalist…
Sorry.
(clears throat)
As a VERY SMART professional journalist, I can say two things with some confidence. First, Ou can’t write. If I got copy in like that from a freelance it wouldn’t be so much ‘subbed’ as ‘butchered’. With seasonings and everything. And crackling. And fries, obviously.
Secondly, David Burke isn’t the actor. Sorry. Nor is he the one from Robinson & Moltz LLC or whoever the hell they are. No, he’s a figment of Ou’s imagination. I mean, if you take “but one of my readers David Burke who is a very smart legal professional took it upon himself to cross examine Mr. Gruber’s analysis”, add some punctuation to make it a vaguely coherent sentence, use Google Translate to turn it into Russian and then back to English again, then you get:
“The lurkers support me in e-mail”.
You do. Try it.
According to the Boston Legal guy, “there was some level of compliance with Apples wish’s and a third party card and driver was used”. Ummmm, “wish’s”? How could anybody take this legalman seriously?
Man, this guy is hilarious??? First off he thinks an actor in a TV show about law qualifies as a legal professional. Funny thing is, I am in law, and not in acting, and the commentary I made on Ou’s blog has to do with my extensive training in logic an critical reasoning and nothing to do with my legal expertise.
I mean I’m kind of laughing, but who is this John Moltz wing nut…with all the clever analysis with the extra added cursing for emphatically pretending to sound like he knows what he is talking about…and angry too!
I’m not going to waste my poor typing pinkies spending a lot of time responding to this kind of shoddy reporting/analysis. Its so poorly thought out its only reasonable purpose must have to be comic relief! Ha!
Let’s put it this way on each significant comment he makes
1. Wrong
2. Wrong again
3. Don’t even think you understand the issue so no comment
4. Umm…clearly wrong
5. Really wrong
Saying much more I’m just robbing myself of valuable time.
Hello, you have great site!
[...] This has got to be one of the best exclamations I’ve seen in a long time: Someone’s been hanging out in the super-secret hacker treefort in Maynor’s mom’s back yard with the Farah Fawcett poster on the wall! [...]
I couldn’t understand some parts of this article BREAKING NEWS: OU LASHES OUT AGAIN!, but I guess I just need to check some more resources regarding this, because it sounds interesting.