it's a timing issue
aegisdesign said:
If you've the time to kill,
http://www.daringfireball.net has a very verbose set of articles on the subject ...
As I understand the hack, you need two cards to flood the drivers with enough packets. The exploit doesn't work with just one card. So for most people the exploit is pointless.
Actually, the Brian Krebs Watch (
http://briankrebswatch.blogspot.com/) has a good set of links to a variety of sites with different attitudes and takes on the issue. I strongly advise looking them over if you are interested.
Also, as to the original hack.
Maynor stated in the video that he was using the third party card to avoid exposing the built-in card/s manufacturer from exposure. Which is a crock, because the name of that manufacturer is publicly known, so that was no protection.
He did NOT state in that video that he was using both cards. Ellch later stated on another blog that they had to use two cards, one to create the original connection to allow code to be dropped for a call back, and the other one was used in the demo to speed up the demo, cause the hack crashed the first card. Using the second for the callback allowed them to make the demo look better.
That is the main reason so many folks in hte Mac world object to the demo. Not only did they rig the MacBook with a second card (just to make the demo look better), but they didn't tell us in the demo that was part of the methodology. Plus, there has been speculation that they may evewn have created their own drivers to enable the hack. It is known that they caertainly couldn't use the same code for attacking just any machine. Ellch admitted in his blog entries that they had to create different code for each brand card.
Not exactly a field grade hack, now is it? However, it does demonstrate a class of vulnerabilities in the wireless world, which was supposed to be their point.
But the way they seemed to focus on the Mac platform (especially with their ill-advised comment about cigarette butts and Mac users' eyes) muddied the waters, especially after Maynor alledged in a later interview with the Washington Post blogger Brian Krebs that the native drivers in the MacBook were vulnerable to the same hack.
So now it stands that nobody knows where the fix stands.
SecureWorks has admitted that the demo was not about the native drivers, Apple says that neither SecureWorks nor Maynor & Ellch (M&E) have provided them with evidence of the vulnerability in Mac drivers, and now neither M nor E is allowed to talk about it at all.
Many of us that have been following the story on the blogs have readily admitted that the native drivers are probably affected, but M&E never provided any code to Apple to prove their point. But this new collaboration seems to underline the possibility that not only are they vulnerable, but that SecureWorks now has provided Apple with enough proof that they are willing to work with SecureWorks to fix it.
Did SecureWorks find evidence that M&E were holding back for ToorCon that should have been provided to Apple weeks before? And then provided that evidence to Apple separately from M&E in order to get Apple to work with them?
Could that be why M&E were prevented from giving their talk?
