Security professionals gone wild!

Posted September 30, 2006 By The Macalope and has 9 comments.

News.com provides a Maynor and Ellch-friendly recap of Ellch’s ToorCon diatribe (antler tip to Wi-Fi Networking News), with two accusations that assume facts not in evidence.

Apple at the time critiqued the two for not proving their case, but came out with patches for Wi-Fi flaws last week.

Mmm, sweet, delicious assumption of guilt! As a matter of fact, no one has proved that Maynor and Ellch provided meaningful information to Apple or that the flaws that Apple patched were the same they asserted they could exploit.

While some in the Mac community see the cancellation of Saturday’s talk as proof that Maynor and Ellch are frauds…

Yes. Mac users simply must stop beating their wives.

Oh, and Ellch goes off on Apple without revealing anything. But we should all be used to that by now.

All the Macalope is asking is "Give iPhone rumors a chance."

By The Macalope and has 25 comments.

For the record, the Macalope likes David Pogue’s work, despite the fact that he – tongue firmly planted in his cheek – called Pogue a nasty name the other day.

But, the Macalope thinks he’s wrong about the iPhone here – the Macalope believes there will be one.

Pogue basically has two arguments against the iPhone:

  1. Carriers currently hold the power over hardware manufacturers and Apple would be unlikely to want to put itself in the position it would have to accede to their demands.
  2. iPhone rumors have been floating for several years now and still no iPhone.

Addressing the first argument, Apple’s uniquely positioned to change the balance of power with the carriers. They’ve sold over 60 million iPods to largely satisfied customers who would be more than willing to consider making their next iPod an iPhone.

And then there’s iTunes. Apple owns the largest channel for online music sales. People want their songs to play on all their devices. No iPod owner is going to buy a ZunePhone because they’d have to re-license all their (legally) downloaded music.

As for the second argument, well, Pogue more uses it as a means of pointing out that rumors do not a product make, and he’s right (crank-powered iBook, anyone?). But the set-top box was rumored for ten years and, lo and behold, Apple’s gonna sell one. While rumors do not mean Apple is going to make something, they don’t mean it isn’t going to make it, either.

Apart from disagreeing with his conclusion, however, the Macalope heartily agrees with the rest of the post.

I cannot imagine Apple giving veto power to ANYONE over its software design. It just ain’t gonna happen.

Neither can the Macalope, he doesn’t think that will be necessary. Apple has weight (it owns the digital music market). It can throw it around.

I think cellphones are as ripe for a radical rethink as the online music store was when Apple set up iTunes.

Quite. As a matter of fact, the Macalope would pay good money for a well-designed phone that’s easy to use and a beautiful marriage of hardware and software.

If only there were a company that does that kind of thing…

But let’s not go all wiggy every time someone passes around an iPhone rumor on the Web.

Indeed. Let’s not. But let’s also recognize that there is a great business opportunity here and Apple’s got all the right stuff to fill the gap.

Also, while Vic Keegan went off the deep end in proclaiming that Apple was losing the digital music war to ring tones, there is an increasing convergence between cell phones and digital music players. The Macalope’s gotta think Apple sees this coming and is heading it off at the pass.

Satire truly is dead.

Posted September 29, 2006 By The Macalope and has 4 comments.

Today on Macworld’s web site (antler tip to Daring Fireball):

Apple and SecureWorks “Working Together”; Toorcon Presentation Canceled.

“SecureWorks and Apple are working together in conjunction with the CERT Coordination Center on any reported security issues,” SecureWorks said in a statement provided to Macworld. “We will not make any additional public statements regarding work underway until both companies agree, along with CERT/CC, that it is appropriate.”

Last week on Crazy Apple Rumors:

Apple/SecureWorks Controversy Ends Bizarrely.

In a bizarre ending to the Apple/SecureWorks controversy (also known as Security Bitch Watch), technology industry sources indicate that the two companies – previously at bitter odds over the security of Apple’s Airport hardware and drivers – were seen making out together in the parking lot behind the dumpster.

“Wha-?” said ZDNet’s George Ou upon hearing the news. “But… but… after all I did for SecureWorks I thought…

“I thought SecureWorks and I… were…”

Ou burst into tears and ran into the girls bathroom.

Zune reaches critical mass of craptacularosity

By The Macalope and has 6 comments.

The Macalope was willing to give the Zune the benefit of the doubt for a while, but yesterday it reached a point where the negatives overtook the positives.

The Zune had three things the iPod didn’t: a physically larger screen, wireless and… brown. But as Pee Wee Herman said “Everyone I know has a big ‘but’.”

The screen is larger, but the resolution is still the same as the iPod’s. It has wireless, but it may drain the heck out of the battery and might only be useful if you run into Jim Allchin.

And, in the Macalope’s opinion, brown is a fine color for mythical beasts, but not for electronic devices. Many who have seen it in person say it has a nice retro look, but unless you’re going to put a tacky brown face plate on your cell phone, it doesn’t go with any of the devices you already own.  How’s a girl supposed to accessorize?

The Macalope believed the one thing that could make up for the Zune’s big “buts” and the iPod’s market advantage was aggressive pricing. But the Zune is actually 99 cents more expensive than the iPod. And that’s the cheapest Zune you can buy.  If you want to get play in the Zune pool, you’ve got to shell out $249.99.

The subscription service is a ridiculously high $14.99 a month or, if you want to buy songs individually, they’re roughly the same as iTunes’ 99 cents. Although, because Microsoft sells 80 Microsoft points for a dollar and songs are 79 points, you get one free song for every 396 you buy – so act now!

Well, not now, because you can’t buy it now. Act Nov. 14th!

But if you’ve purchased any DRM-protected songs (including the oxymoronically named Plays4Sure), they won’t play on the Zune. Remember when the news of the Zune was first leaked and we were breathlessly told by Microsoft boosters that all your iTunes songs are belong to us because they would somehow magically be re-licensed on the Zune because Apple stupidly published that API called NSListOfSongsToReLicense and Microsoft is just so mega-rich and mega-cool that they can do that and no one else in the world can and OMG, OMG, OMFG?!

Yeah, well, about all those songs you already bought… how’d you like to pay for them all over again? Or, better yet, every month for the rest of your life?

And the Macalope can’t help but wonder what the activation process is for the Zune, the store and the media. Does it involve 16-digit alphanumeric codes that you get after waiting on hold to talk to someone in Redmond? Frankly, the Macalope’s had enough problems with registering computers on iTunes, although the added ability to deregister them all in one swell foop has pretty much cleared that up.  Still, the process just doesn’t need to be any more complicated and you can forgive the Macalope if he doesn’t trust Microsoft to make a better mouse trap here.

Finally, the Zune’s supposed video advantage over the iPod may be difficult to enjoy. Microsoft’s store won’t be offering video on launch, so you have to bring your own.

Just, you know, make sure they aren’t DRM-protected. Because they won’t play.

Phew.

The Macalope’s not saying the Zune is DOA, but in its current form it’s remarkably troubled and is simply not a compelling competitor to the iPod. Microsoft has not leapfrogged Apple at all because each leap forward is matched by a leap back.

.Mac webmail – now with more cleavage!

Posted September 26, 2006 By The Macalope and has 4 comments.

The Macalope can’t quite put his hoof on it, but for some reason he already likes the upcoming .Mac webmail interface (antler tip to Daring Fireball).

Unbelievable

By The Macalope and has 4 comments.

Daring Fireball deconstructs Kieran McCarthy’s short piece on the wireless controversy, which sets a new standard for how wrong per inch someone can be.

10 [Wrong] Things They Hate About Macs

By The Macalope and has 3 comments.

In An Apple for the Enterprise, InfoWorld’s Tom Yager provides 10 ways to silence Apple-phobic IT professionals when they spout misperceptions about the Mac.

Sadly, shooting them in the face with a fire hose is not one of the ways.

Let the parsing begin!

By The Macalope and has 14 comments.

George Ou’s friend David Burke parses the crap out of Lynn Fox’s response.

The thrust of his “great analysis” is that Fox is saying that all Maynor told Apple about was the FreeBSD vulnerability, so why did they repeatedly ask for information on something that doesn’t affect Macs?

Frankly, there are so many ways to deflate Burke’s analysis that it’s hardly worth addressing, but the Macalope will just point out an alternate theory by way of an analogy with the names changed to protect the innocent.

Let’s say the Macalope just bought a 2006 Audi. And someone comes along and says “Hey, you should get a security system because those Audis are really easy to break into.”

And the Macalope is all like “What? What the hell are you talking about? The Macalope just got this car. Get out of here you crazy person. Stop being so crazy.”

But the person – let’s call him “Mavid Daynor” – is insistent, saying he read it in Consumer Reports and he could totally break into the car himself. So, the Macalope says, “OK, send the Macalope some of those articles.” But Daynor’s kind of pissy about it and says “Hey, I’m not just going to give you my Consumer Reports articles for free.”

Now the Macalope is kind of like, well, what the heck are you calling for if you’re just going to try to diss the Macalope’s car and not provide him any information? But he doesn’t say that out loud, just with his inside voice. He tries a couple of more times to get Daynor to send him the Consumer Reports articles but Daynor doesn’t reply.

All of a sudden, this other guy – let’s call him Krian Brebs – after talking to Daynor, publishes this post on his blog that says “Breaking into the Macalope’s car in 60 seconds or less.”

Now the Macalope’s really pissed. So he’s going to find out what these clowns think they’re talking about. He orders the back issues of Consumer Reports and it turns out there was a flaw in the 2005 Volkswagen where you could stick a coat hanger down the window and pop the door open really easily.

Just to be sure, the Macalope takes his car to the dealer and says “Hey, is this thing really easy to break into?” As the dealer’s looking it over, the Macalope sends out a press release saying despite the vague warnings of Mavid Daynor, there’s not evidence that the Macalope’s car is easy to break into.

All of a sudden this other guy – let’s call him… oh, hell, let’s just call him George Ou – who the Macalope doesn’t even know, starts going on in public about how the Macalope has defamed Mavid Daynor and demands he respond to certain questions.

The dealer comes back and says the car can’t be opened with a coat hanger through the window, but he added a security system just to fix some other issues.

So the Macalope sends an email to George Ou stating:

The only vulnerability Daynor mentioned was the Volkswagen one. Despite repeated requests for Consumer Reports back issues, he didn’t supply any.

The Macalope’s not saying this is how it went down. It’s just possible.

But in all likelihood, Apple has its own subscription to Consumer Reports.

Oh, wait, that was an analogy.

UPDATE: A more point-by-point take down of Burke’s “great analysis” is here.

One of these things is not like the other

Posted September 25, 2006 By The Macalope and has 4 comments.

Glenn Fleishman (who the Macalope has the utmost respect for):

[George Ou will] be at Toorcon and offer coverage of that event.

George Ou:

[Exploiting a MacBook Pro right out of the shipping carton is] precisely what I intend to do.

[UPDATE: Upon slow-motion review, it appears George was saying that recording the exploit of an out-of-the-box MacBook Pro was what he intended to do.]

Sounds like Ou will be actively participating in SecureWorks’ demonstration, not covering it.

Apple responds to George Ou

By The Macalope and has 9 comments.

Apple’s Lynn Fox – victim of a vicious smear campaign* orchestrated by SecureWorks and George Ou – provides some valuable answers to Ou’s questions.

Most notably, Fox says the only information they got from SecureWorks was not related to Apple products.

Hmm, what’s the Macalope full of again, George?

Ou had previously claimed on several occasions that the supposed flaws in OS X were the same as those in FreeBSD because “it’s all the same code.”

Fox smacks that down:

The only vulnerability mentioned by David Maynor was FreeBSD vulnerability CVE-2006-0226. This does not affect Apple products.

The code flaws we addressed with the Wi-Fi security updates we released on September 21 are not based on the same code as the FreeBSD flaw.

Also, this should put to rest Ou’s repeated insinuations that Apple’s failure to respond to his email must mean that SecureWorks was right all along.

This is not the last we’ll hear of this since Maynor and Ellch will be providing “the complete story” (note the Macalope’s use of sarcastic quotes) this weekend and Ou will certainly look for whatever wiggle room there is in Fox’s response, most likely accusing her of “choosing her words carefully” (as if she should do anything else).

But forgive the Macalope if he takes a moment to bask in the schadenfreude.

UPDATE: Ou has already posted this comment:

Please don’t assume anything yet. Like I said, this is getting very interesting. What Apple says now can be refuted with evidence. Just hold off on any judgements for now.

The author of Brian Krebs Watch responds thusly:

And again to my friends at SecureWorks who are reading this: if you’re going to do a demo, just annouce it. Don’t leak it out this way. You are not making any friends. Good PR is about narrative, about telling a story — not about making the most noise.

Indeed.

* The Macalope doesn’t really think Fox is the victim of a smear campaign. He’s just pointing out how silly Ou sounds when he says Maynor and Ellch are Apple’s victims.