|Home » Industry Watch
Dancing on a String
George Ou publishes heretofore confidential undisclosed documents about the Ellch/Fox/Maynor brouhaha.
Apple's Lynn Fox orchestrated a web attack on wireless security researchers Jon Ellch and David Maynor, according to George Ou who backs his claim up with previously unreleased correspondence between Fox and Maynor.
'Last summer when I wrote 'Vicious orchestrated assault on MacBook wireless researchers' it set off a long chain of heated debates and blogs. I had hoped to release the information on who orchestrated the vicious assault, but threats of lawsuits and a spineless company that refused to defend itself meant I couldn't disclose the details', begins Ou.
'A lot has changed since then: researcher David Maynor is no longer working for SecureWorks, and he's finally given me permission to publish the details.'
What it all boils down to is this.
- Apple get wind of Ellch and Maynor and their coming presentation.
- Apple's Lynn Fox gets Ellch and Maynor to use third party in their presentation.
- Apple's Lynn Fox asks (demands) Maynor publish a 'clarification' at his company's website. (The clarification is dictated by Fox and is to be published word for word with the same prominence as earlier articles.)
- Apple's Lynn Fox then instructs Jim Dalrymple and David Chartier to cite this disclaimer and expose Ellch and Maynor as 'frauds'.
So Jim Dalrymple danced on a string, claiming the research was a 'misrepresentation'. Anyone following the story closely knew it was nothing of the sort. Ellch and Maynor had originally planned to use an Apple computer straight 'out of the box' but were approached by Apple and told to not do so. Then Dalrymple danced on a string again the day after, citing that first article in a new article published at a new site.
Nothing like citing oneself as a source to push a point; just repeat the lie and it becomes true.
Lynn Fox next pushed David Chartier of TUAW onto the dance floor in an article with the juicy title 'SecureWorks admits to falsifying MacBook wireless hack'.
But this is all conjecture, right? This is all some paranoid conspiracy theory? Apple's Lynn Fox would never get behind something like this, would she?
Ou's subsequent contact with Maynor made it clear she would - and did.
'She not only contacted sympathetic bloggers like Chartier and 'journalists' like Jim Dalrymple, she was actually the one who got SecureWorks to publish the 'clarification' in the first place. Once she got SecureWorks to publish a clarification that merely reiterated the fact that third party hardware was used in the original video (and it was clearly disclosed in the first 20 seconds of the video that it was third party hardware) she used that as 'incriminating' evidence that the researchers admitted to falsifying the video and shared her 'findings' with Apple friendly press.'
And the clarification SecureWorks published was nothing like the version Fox tried to push down their throats. And Ou now releases his copy of the correspondence.
From: Lynn Fox <####@apple.com>
To: David Maynor <####@mac.com>
Cc: Moody David <####@apple.com>, Wiley Hodges <####@apple.com>
Date: Tue Aug 15, 2006 06:14:09 PM PDT
Subject: Your post on SecureWorks website
Below is the note we drafted about the MacBook exploit confusion.
Please confirm that you've received this and will post it without text changes on your blog and front and center on SecureWorks' news & events page tonight. The placement of this post should be as prominent as the initial announcement of the exploit demo at Black Hat.
You are welcome to call me on my cell at 415-###-#### if you need to discuss any further.
For the Record: MacBook is not inherently vulnerable to Black Hat-demonstrated exploit
By David Maynor
I want to clarify something about the wifi device driver exploit we demonstrated at Black Hat in Las Vegas a couple weeks ago.
Confusion has mounted as to whether the exploit I demoed at Black Hat and for Brian Krebs of the Washington Post is reliant the use of a third party driver. In short, the answer is yes. The MacBook is not inherently vulnerable to the attack, and I never said that it was.
Part of the confusion lies in the fact that we have not specifically named the third-party device driver; this is because we know that the vendor is working on a patch and we don't want to release the name of the chipset until the fix is in place.
I hope this clears up some of the confusion. Stay tuned for a live demo of this exploit live at Toorcon.
When Ou received this document from an enraged Maynor he immediately rang the cell number for Fox - and got her.
'Lynn Fox was quite upset and demanded to know where I got the number. I declined to answer since the email at the time was given to me by David Maynor off the record. I asked Fox about the scandal and she told me that her cell phone was breaking up and that she'd call me back. Within a minute I had David Maynor instant messaging me that Lynn Fox was on the phone with him in a rage.'
'The bottom line is that Lynn Fox played Jim Dalrymple, David Chartier, and the rest of the Mac press/blogosphere like a violin, though it was clear they were all willing participants. When I pointed out the flaws in their stories, Chartier and Dalrymple simply ignored me and stuck to their guns and Chartier erased all of my comments on his weblog.'
Ou's conclusions aren't kind: after attributing the Month of Apple Bugs to a backlash in the security community he ends with the following.
'Apple is a mega corporation that nearly smashed the reputation of two individuals with bogus claims of fraud. It didn't matter that they weren't the ones pulling the trigger because they were pulling all the strings. David Chartier should be ashamed of himself and his blog. Jim Dalrymple of Macworld and his colleagues who jumped on the bandwagon should be ashamed of their reporting. Most of all, shame on Apple.'