Sometimes ‘journalists’ make me spitting mad

Okay, so I can’t believe I’m defending Apple in this post.

Joe Barr writes in NewsForge (“The Online Newspaper for Linux and Open Source“), an article entitled “The Black Hat Wi-Fi exploit coverup“.

He starts with a point I can get behind – that it’s hardly sporting to give a demonstration of an exploit using a video – it’s like demonstrating a piece of software with a screenshot. There’s no feel for “yes, I really saw that happen”.

On the other hand, I can also get behind the researchers’ reasoning for not demonstrating the exploit live – in an auditorium filled with WiFi-enabled notebooks, you’re not going to be popular if you launch an exploit that takes down even 10% of the audience. Funny, yes. Popular, no. Appropriate, definitely not.

Joe comes up with a really catchy term for this, “faux disclosure”. Not that this is really any different from someone who posts news of an exploit without any accompanying code – which is a pretty responsible way to publicly disclose a vulnerability prior to its being patched, in my opinion.

But the really offensive part comes later:

I asked Lynn Fox, Apple’s director of Mac public relations, two very direct questions.

1. Are Apple MacBook users at risk using their built-in Wi-Fi capability?

2. Is Krebs’ Washington Post report about Apple pressuring researchers not to reveal a MacBook Wi-Fi vulnerability/exploit accurate?

I’ve received no response to that query. Nor do I expect one.

And of course, “Apple pressuring researchers” could be as savage as the security response team at Apple (they have one, yes?) asking the researchers to hold off publishing details until they have a patch together. “Think of the users,” I’m sure they’d say – damn, that’s pressure. OK, so maybe there’s more to it than that, but we have no reason to believe so.

Since this is all speculation and rumour, it’s really no surprise that anyone is willing to confirm anything – and that’s just what you need to feed a good conspiracy theory. A good slice of silence practically confirms the best kind of fear, uncertainty and doubt (FUD). A smart listener can learn to understand that silence, or “I refuse to dignify that question with an answer” sometimes means only that the question, or the questioner, is not worth answering.

And as for an earlier comment in his article – “what is meant by full disclosure these days” – notifying the vendor before notifying the world (which, clearly, contains, as a subset, all the hackers, crackers and script juvies in the world, as well as all the users) – boy, that really tips the wink as to which side this poster is on – he wants to punish the vendors, and it doesn’t matter to Joe who gets hurt along the way.

A mature response is to do whatever it takes to protect the users, now and in the future. If punishing the vendor is the only way to protect the user, then so be it – but it seems like we left that back some time closer to the last century. If assisting the vendor is the best way to protect the users, then assist the vendor, no matter how repugnant they are to you.

Joe Barr needs to mature a little. Grow up.

3 thoughts on “Sometimes ‘journalists’ make me spitting mad”

  1. Keep applying the salve, and hope it doesn’t come back next year?
    Who am I kidding, I love being an MVP – it doesn’t change anything about who I am, or what I do or say, but it puts me in touch with a lot of other people with the same goals and drive to achieve them.

  2. The bit that made me laugh loudest was Intel insisting the problem was caused by Microsoft bad drivers. Yes they are technically correct the drivers in question are distributed and signed by Microsoft as part of Windows and use the same dumb code Intel gave to Apple who also distributed the same problem to their users. Nice shake of the shoulders Intel you seem to have moved the blame nicely in the Windows world and Apple need you to keep being nice and supplying processors to them ahead of Dell so have little option but to keep quiet.

Leave a Reply

Your email address will not be published. Required fields are marked *