Wireless FUD resolved, sort of
 
Apple yesterday issued an important set of security updates that fix flaws in their wireless (AirPort) drivers. These updates (there are different ones for different machines) address issues similar to those demonstrated, under very suspicious circumstances, a couple months back by researchers at the Black Hat conference. That demonstration introduced significant fear, uncertainty and doubt (FUD) into the whole issue of Macintosh Internet security.
 
The just-issued updates make it clear that there was at least some “there there” at Black Hat. By setting in motion a series of events that ultimately caused the updates to be issued, the researchers did Mac users a service that at least partially compensates for the FUD disservice they were also responsible for. According to Apple, the researchers didn’t provide Apple with any code or proof of a problem, but Apple launched an “internal audit” based on their claims and did find related problems. So the publicity the researchers garnered ultimately had a positive result. But did the ends justify the means?
 
According to most accounts (including in this blog), the researchers pretty much staged the demo, delivering it by videotape, using a third-party card and non-Apple drivers, and even, quite possibly, lying to a reporter at the Washington Post about the whole subject. It seems more than a bit likely at this point that the researchers simply guessed (based on their work elsewhere) that there was a flaw with Apple’s built-in drivers, but couldn’t prove it and so staged the demonstration the way they did to gain publicity. And that totally worked, as the press are suckers right now for anything having to do with Mac security.
 
Whether the Black Hat researchers are heroes or villains for getting done what they got done is pretty much just a matter of opinion. For now, we should all just go ahead and install the updates regardless.
Friday, September 22, 2006