David Maynor—He Just Won’t Go Away

In case you haven’t heard of the now infamous Maynor and Elich, let me give you some background. Once upon a time there were two security researchers who claimed to be able to hack a MacBook via its Wi-Fi connection. As you would assume, numerous questions arose from such a claim. (Head over to Daring Fireball for the complete recap down to the most riveting detail.) However, by far the most important questions became, “was this hack possible on a standard Mac not using 3rd party products?” and “did Apple influence them in any way with regards to their demonstration?”

This event triggered quite the publicity explosion. On one side you had Apple claiming “we didn’t see nuthin’, we didn’t know nuthin’...” and on the other Maynor and Elich saying “Proof? Who needs proof? Trust us ‘cause we’re us!” So depending on your bias, you either looked at the situation and thought Apple was trying to cover something up or that Maynor and Elich were full of crap. Either way I expected it to be resolved shortly. After all, if what Maynor and Elich said was indeed true, then all they had to do was provide the working details. End of story, Apple looks bad, the security guys get the recognition, and the users get a safer system. Only it didn’t work out quite like that.

The proof that everyone was waiting for….....................never came. Instead, Maynor and Elich started making claims that the lawyers at Apple had forced them into silence. This drew a great big “Oh really?” from everyone watching this story. And Apple didn’t exactly enhance their position when (true to their policy of secrecy) they immediately said nothing. Eventually Apple released a statement saying they never got any real proof from SecureWorks that related to M&E’s claims. So, media attention promptly swung back to Maynor and Elich. Apple pretty much called them liars, so now was the time for M&E to step up, release their exploit, and prove to the world that they weren’t a bunch of lying publicity hounds. Only it didn’t work out quite like that, again.

That was in the fall of last year. Fast forward to today. Maynor has now demonstrated (at the Black Hat DC 2007 no less) that he can crash a MacBook running 10.4.6 via an AirPort flaw (the current version of OS X is 10.4.8 if you had forgotten). He is also a bit upset that even though Apple fixed this flaw (as of 10.4.8), they did not give him credit for finding it.

In an interview after the event he mentions his previous exploit and the ensuing firestorm that followed. Apparently he is still upset that Apple didn’t give him credit when they released a patch for the AirPort, since, in his opinion, it was his work that allowed Apple to spot the flaw. He then goes even further and says that “...I’ll release all the crash and panic logs…” as proof that his claims are true. You do that Maynor, but in the meantime I, along with the rest of the pundits, will be….....................waiting.

So to recap:

What was originally claimed—he can take over a MacBook via its Wi-Fi connection

What was actually demonstrated 6 months later—he can crash a MacBook via its Wi-Fi connection

This might just be me, but I find myself wondering if Maynor will ever produce anything, oh what’s the word, useful? It is interesting that he can crash a system running out-of-date software, and I’ve no doubt that it could possibly affect someone out there, but doesn’t this reek a bit of desperation?

He originally announced he could “slay a giant,” later found out that it was too hard, and now has opted for “kicking a midget.” Now, I’m not saying he won’t ever stumble upon something important, but if this is the best he can do, he really should stop giving press conferences.