david maynor Resources on ZDNet

ZDNet Resources

Apple bolsters QuickTime defenses... or do they?: A couple of great articles came out recently, one from Ryan Naraine and one from our very own Larry Dignan, about some of the defenses that Apple is trying to build into QuickTime to defend Vista users. As we've talked about here before, with Vista, it's all...; Tags: Apple QuickTime, Blog, Microsoft Windows Vista, Apple Inc., Data Execution Prevention, ASLR, David Maynor, Microsoft Windows Vista (Longhorn), Blogging, Digital Music, Digital Media, Operating Systems, Microsoft Windows, Software, Internet, Personal Technology, Consumer Electronics, Nathan McFeters; Blog posts 2008-04-08
OpenBSD team mocked at first ever 'Pwnie' awards: OpenBSD team mocked at first ever 'Pwnie' awardsDavid Maynor definitely deserves a JeerHe has to be one of the most unprofessional bug hunters.Re: Maynor's bugI wonder when we'll get a comment from Mr. Ou regarding this one.Maynor's BugIt seems to me that the problem was that the judges here are...; Tags: SECURITY, UNIX, team, OpenBSD, Apple Inc., David Maynor, Pwnie, Maynor, vulnerability; Discussion threads 2007-08-02
OpenBSD team mocked at first ever 'Pwnie' awards: LAS VEGAS -- The OpenBSD team has won an award for the most spectacular "mishandling" of a critical security vulnerability.Here's why:The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a "reliability fix" for it. A week later Core Security had developed proof of concept code...; Tags: Zero-day attacks, Wireless, Windows Vista, Wi-Fi security, Vulnerability research, Viruses and Worms, Responsible disclosure, Pen testing, Patch Watch, Mozilla, Microsoft, Hackers, Google, Firefox, Exploit code, Data theft, Browsers, Botnets, Apple; Blog posts 2007-08-02
Microsoft's advisories giving clues to hackers: Hows this for a new twist on the old responsible disclosure debate: Hackers are taking advantage of information released in Microsofts security advisories to create exploits for unpatched security vulnerabilities.The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within...; Tags: Exploit code, Data theft, Browsers, Botnets, Black Hat, Zero-day attacks, Vulnerability research, Viruses and Worms, Spyware and Adware, Spam and Phishing, Rootkits, Responsible disclosure, Pen testing, Patch Watch, Microsoft, Metasploit, Hackers; Blog posts 2007-04-16
How Apple orchestrated web attack on researchers: Last summer, when I wrote "Vicious orchestrated assault on MacBook wireless researchers," it set off a long chain of heated debates and blogs. I had hoped to release the information on who orchestrated the vicious assault, but threats of lawsuits and a spineless company that refused to defend itself meant...; Tags: Blogging, Wi-Fi, Web, SecureWorks Inc., David Maynor, David Chartier, Jim Dalrymple, Apple Computer Inc., video; Blog posts 2007-03-20

More on Maynor: Last summer, David Maynor announced an exploit for Mac OS X and Apples AirPort drivers that would allow third party code to be run. The hack was proven to work, but became controversial when a third party wireless card and third party drivers were involved with the exploit.Maynor since offered...; Tags: Airport, WiFi, Security, Hack; Blog posts 2007-03-06
Maynor demos MacBook Wi-Fi hijack, admits mistakes: Looking to put to rest one of the most bizarre vulnerability disclosure disputes in recent memory, hacker David Maynor offered an apology for mistakes made, provided a live demo of the controversial MacBook Wi-Fi takeover and promised to release e-mail exchanges, crash/panic logs and exploit code to clear his tarnished...; Tags: Wi-Fi security, Pen testing, Metasploit, Responsible disclosure, Exploit code, Hackers, Zero-day attacks, Apple, Vulnerability research, Patch Watch; Blog posts 2007-03-01
Hacking with Metasploit on a Nokia N800: Earlier this month at the RSA conference, I got a chance to see a demo of Immunitys Silica, a $3600 handheld devide that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform. ...; Tags: Data theft, Exploit code, Hackers, Metasploit, Open source, Pen testing, Vulnerability research, Wi-Fi security; Blog posts 2007-02-25
Will BitTyrant poison the well for BitTorrent users?: David Maynor has pointed to an interesting development on the BitTorrent scene in a new "selfish" BitTorrent client called BitTyrant. Speaking of poisoning the well, BitTyrant requires Java 1.5 to run which means you have to tolerate Java version conflict hell and massively bloated and inefficient software which is...; Tags: Infrastructure, Networking, Fun Stuff, Desktop, Technology policy, VoIP, BitTorrent; Blog posts 2007-01-05
Clampdown at Toorcon imminent for Apple Wi-Fi flaw: Clampdown at Toorcon imminent for Apple Wi-Fi flawYes, we're all shockedThe great reveal, promised to us for months now has, once again, been postponed. I'm so surprised.George, why are you so adamant about blaming all of this on Apple? Apple has publicly answered all of your questions. ...; Tags: Wireless LANs, SECURITY, Apple Inc., David Maynor, ToorCon, SecureWorks Inc., Wi-Fi; Discussion threads 2006-09-29
Clampdown at Toorcon imminent for Apple Wi-Fi flaw: In a possible repeat of what happened at last years Black Hat convention with Mike Lynn and Cisco , Ive just received word from Elizabeth Clarke who is the VP of Corporate Communications at SecureWorks that David Maynor will not be presenting at Toorcon. Even as late as yesterday...; Tags: Maynor, SecureWorks Inc.; Blog posts 2006-09-29
David Burke dissects Apple's response on SecureWorks: David Burke who is a very sharp reader decided to chime in on Apple's seemingly firm denial that SecureWorks supplied nothing of significance to Apple for the Apple Wi-Fi security patch. This isn't the first time Mr. Burke has weighed in here on Real World IT, he took John...; Tags: SecureWorks Inc., Maynor, Apple Computer Inc.; Blog posts 2006-09-25
More drama with Apple's AirPort security: Apple released updates to their wireless networking drivers last week and they appear to have created more questions than they answered with it. AirPort Update 2006-001 (version 1.0) was released to "improves AirPort reliability on Macintosh computers" and is only for Apple's AirPort Extreme cards. An...; Tags: Apple Computer Inc., Ellch; Blog posts 2006-09-25
Apple patches Wi-Fi but refuses to give researchers due credit: Apple patches Wi-Fi but refuses to give researchers due creditthanks for following up on thisI was wondering what happened after Apple accused the researchers of falsifying the story. This episode clearly brings out Apple's true colors.Still a HoaxThe simple fact is this "hack" has not been demonstrated on a stock...; Tags: Notebooks, Wi-Fi, Maynor, Apple Inc., Apple MacBook, SecureWorks Inc., David Maynor; Discussion threads 2006-09-23
Apple patches Wi-Fi but refuses to give researchers credit: [UPDATE 9/25/2006: The word "due" was dropped from the title because it is now disputed by Apple. Apple has issued a strong denial that anything useful was given to them and responded to this blog in detail.]After all the controversy, it turns out that there really are critical vulnerabilities...; Tags: David Maynor, Brian Krebs; Blog posts 2006-09-23
How did Atheros get pulled in to Mac wireless-gate?: [Updated 8/29/2006 11:00PM] The Mac blogsphere has had a field day over the so-called "revelation" that Atheros has now come out and stated that researchers David Maynor, Jon Ellch and SecureWorks never contacted them about any security vulnerability. Some in the press have pointed to this revelation as "proof"...; Tags: Atheros Communications; Blog posts 2006-08-26
MacBooks and death threats: The soap opera of the MacBook that was hacked wirelessly takes another turn.Back in early August hackers Jon "Johnny Cache" Ellch and David Maynor demonstrated how they exploited a defect in a wireless device driver to compromise a MacBook notebook computer. I blogged about the exploit and later updated my...; Tags: Maynor, Apple MacBook; Blog posts 2006-08-21
Vicious orchestrated assault on MacBook wireless researchers: There has been a vicious orchestrated assault on researcher David Maynor and the company SecureWorks claiming that the Maynor and SecureWorks falsified their research presented at Black Hat 2006. In a video demonstration, Maynor completely took over an Apple MacBook using a vulnerability in a third party wireless driver....; Tags: Maynor; Blog posts 2006-08-20