Ou, boy.
Here we go again.
George Ou is positively giddy about today’s announcement of a hack to older Airport cards.
Ou loves him some Artie MacStrawman.
The explanation given to me by members of the research community for this sudden disclosure was that these exploits are always “imaginary” to Apple and there are no exploits for the Mac. This is compounded by the fact that the Apple community has insisted that anyone talking about an Apple exploit without releasing proof of the exploit must be frauds.
You can’t see it, but the Macalope is rolling his eyes right now, George.
There. He did it again.
Roll.
And again.
Aaaaaaaaaaand…
Again.
OK, he’s done now.
But, hmm. The Macalope wonders who those “members of the research community” might be.
Hmm.
Hmm.
Who. Could. It. Be?
Hmm.
Hmm.
The Macalope is tapping his hooves together… he’s thinking… thinking…
Well, the Macalope won’t hazard a guess as that would be irresponsible.
[cough] Maynor and Ellch [cough]
Ou’s post is also just a marvel of his mad blogging skillz.
The Kernel Fun blog which released this exploit also cited a blog I wrote about Apple refusing to give credit to security researchers where Apple admitted they got the information that prompted an internal audit leading to a patch but refuses to give any credit to the researchers.
“A blog I wrote”? George, have you been reading Senator Ted Stevens’ Guide To Hip Internet Lingo again?
According to Brian Krebs, Apple’s Lynn Fox told him that “This issue affects a small percentage of previous generation AirPort enabled Macs and does not affect currently shipping or AirPort Extreme enabled Macs.” But the flaw affects all “Airport enabled Macs” which are the PowerPC based Macs that comprise roughly half of the Mac market. The “AirPort Extreme enabled Macs” are the newer Intel based Macs. But with potentially five more Apple kernel bugs coming out this month, the Intel based Macs may not be spared either.
The Macalope has long since learned that pointing out Ou’s mistakes will only get one branded an “Apple zealot” but, well, once more into the breach, dear friends.
George, the Macalope will explain it slowly and exaggerate his lip movements so it’s perfectly clear.
“Airport” is 802.11b. “Airport Extreme” is 802.11g.
It has nothing to do with whether or not the machine is Intel or PowerPC-based. While PowerPC-based Macs were sold up until this summer, Macs with 802.11b Airport cards haven’t been sold for three years.
Seriously, the fact that Ou continues to get many basic facts wrong…
Well, it’s what makes him so damn funny.
That and his pants-wetting excitement about an exploit to three-year-old Apple hardware.
Finally, to finish off his oeuvre – now thoroughly convinced that he’s put Apple and its entire user community in its place and assured himself that his hit count will skyrocket this week (sadly, he’s probably right on that last point) – Ou misspells John Gruber’s name (“Grubber”) in a postscript.
His work now done, he retires to the fort he made from the couch cushions to watch TeleTubbies and have a nice juice box.
OK, the Macalope recognizes that Apple doesn’t have the most open policy about… well… anything, frankly. But what we’ve seen so far is a possible hack of current hardware that’s never been publicly proved and a proven hack of hardware that hasn’t been sold in three years.
Posting triumphal and inaccurate “blogs” just makes you look like an ass.
ADDENDUM: Just seconds after posting this, the Macalope noticed the following response from Mr. Gruber:
Mmm. Delightfully shrill! The Macalope could only bring himself to go with “pants-wetting”. You have outdone me, sir! My antlers tilt in your general direction!
-
[…] Macalope! […]
-
Flaw discovered in older Airport drivers, blogosphere erupts into flames…
You may remember some weeks back the whole brouhaha over a supposed flaw in wireless drivers discovered by David Maynor and Jon Ellch of SecureWorks. For the most part, we here at Deep Thought ignored the whole issue, but some corners of the blogospher…
Let’s take up a collection for remedial journalism classes.
George is not the only one with a second name problem…
http://metasploit.com/svn/framework3/trunk/modules/auxiliary/dos/wireless/daringphucball.rb
Me, I’m not going to visit Ouseless’ blog ever again. But really, this guy is so wrong, so often, that I poked around on zdnet unsuccessfully looking for somewhere to send a complaint. Anyone got an editor addy for zdne?
As an actual member of the security research community, the following really pissed me off:
“The explanation given to me by members of the research community for this sudden disclosure was that these exploits are always “imaginary” to Apple and there are no exploits for the Mac”
I’ve dealt with Apple before, and am credited in their security updates, and have always found them professional (I also made this comment on Ou’s blog, but obviously he’s not going to respond). It would be nice if Ou had ever talked with someone who actually had communicated with Apple’s Product Security team on an issue, and THEN get their response. And sadly, that does not include Maynor/Ellich (until after most of the publicity had occurred, and now I doubt they’re willing to make any comments).
The email address form for the editor in chief is here:
http://blogs.zdnet.com/emailform.php?email=berlind
Note: in the time it took me to write a not-long email, the “security image” expired. So write in another window and then paste it into there.
Actually, what makes George Ou both so funny and so unreadable is his inability to compose grammatical English sentences. I know, “editors” are so twentieth-century, but seriously — I can’t parse half of his sentences.
Macalope! Jon Grubber want’s to buy you a beer! That’s a hell of an honor: http://daringfireball.net/linked/2006/november#wed-01-macalope
Let me put on my “Apple community” hat now: Hey, this exploit sounds like an actual exploit. I don’t think it’s imaginary. Unlike that last one which was never documented, never had any details disclosed, or was even “run” more than once in a very odd and smoke-and-mirrors kind of way by people who suddenly and abnormally clammed up.
Happy, George? Oh, you cute little widdly-bumpkin. You’re never happy, are you? Angry-wangry! You’re so adorable.
Okay, I have a serious question. How old is Ou? I would expect somebody writing for zdnet to be at least 20 years old. But then I read sentences like the one quoted by the Antler’d:
>The Kernel Fun blog which released this
>exploit also cited a blog I wrote about
>Apple refusing to give credit to security
>researchers where Apple admitted they
>got the information that prompted an
>internal audit leading to a patch but
>refuses to give any credit to the
>researchers.
…and I start to wonder. Now, english isn’t my first language. It’s not even my second. In Switzerland, you’re forced to learn tons of languages before you get to learn English. So I will fully admit that my english skills could never measure up to those of a native person.
But then I read Ou’s, well… crap, and I think to myself: This guy can’t be older than 12. He *looks* older on this picture, but… oh, the sentences! They hurt so much! Of course, it’s absolutely possible that English isn’t Ou’s first language, either. But if that is the case, why not have his entries checked by an editor?
I realize this is absolutely orthogonal to the issue at hand, but I can’t help but think that somebody who writes such incoherent, rambling sentences can’t possibly be trusted with *anything*.
This isn’t the first time Ou has “blogged,” unfortunately. http://technically.us/doc/articles/2006/09/28/stop-george-ou-before-he-ruins-weblogs-for-everyone