Good ideas spread like daring wildfire

Here’s a section from MDJ 2006.08.30:

Given the secrecy, duplicity, and inconsistency that has marked Maynor and Ellch’s presentation, starting with going to the press to take on that Mac user “aura of smugness” before Black Hat and continuing through the next month, there are only two easy ways for the pair’s credibility to be restored. One would be for Apple to release a patch for the problem they found, describing it and fixing it so that everyone would be free to talk about it. That, of course, presumes the bug exists and affects Apple’s hardware, not just third-party drivers.

The other way is trivial. Maynor or Ellch (or both) need to perform their demonstration attack not in front of people like Krebs who don’t know the platform well, but in front of recognized Macintosh security and networking experts who do. We’d nominate Glenn Fleishman, but Alan Oppenheimer at Open Door Networks or Macworld Labs would be just fine, too.

The task is simple: Maynor or Ellch would bring whatever tools they wanted to use for their attack, but the target machine would be a stock, unmodified, black MacBook computer (though extra RAM might be allowable), with AirPort turned on and a valid network available if the researchers need it. They would then be free to do whatever they wanted to attack the MacBook except physically touch it.

If they can repeat the demo feat of logging into the MacBook, with or without root privileges, and create and delete files on the desktop, they are redeemed. If they can’t do it in, say, two hours, then they withdraw their claims about MacBook vulnerabilities and apologize to everyone involved. The experts who monitor the test would have to agree not to divulge details about how the vulnerability works, of course, but that’s a small thing – if the vulnerability is real, Mac experts won’t want it in the wild any more than Maynor and Ellch would.

Less than two days later, John Gruber took this upon himself!

I’m issuing the following challenge to David Maynor and Jon Ellch:

If you can hijack a brand-new MacBook out of the box, it’s yours to keep.

Gruber’s version of the challenge doesn’t allow extra RAM in the MacBook, nor does it require a black MacBook as seen in the demo, or stipulate the presence of known Macintosh security experts like Fleishman, Oppenheimer, or the Macworld Labs folks. Still, if either Maynor or Ellch demanded these things, we suspect Gruber might acquiesce – and you have to admire him stepping up and putting his own money at risk for it.

Third-party monitors might make Maynor and Ellch feel like they’re not being railroaded, but if Gruber wants to pay for the MacBook, we say he has the right to watch the attack succeed or fail – provided no one tries to snoop on the network packets as Maynor and Ellch have always said they feared.

But especially now, with a stock machine ready for the demonstration any time this week that they want, Maynor and Ellch either need to put up or shut up. Either they can compromise a MacBook’s internal AirPort Extreme hardware with no additional user requirements, or they can’t and have just enjoyed the attention from almost publicly claiming that they could. They need to do it and be revered, or note the end of their 15 minutes and go away.

If the duo will not demonstrate this attack under controlled conditions now, a full month after demoing it at Black Hat, no reasonable person should be expected to believe the vulnerability ever existed.

(MWJ subscribers: This issue of MDJ is now in your MWJ RSS feed per our previous policy of providing MDJ issues when MWJ is delayed – enjoy!)