Atheros responds to supposed wireless hack

Brian Krebs of the Washington Post reports receiving the following
statement from Bill McFarland of Atheros:

"Atheros has not been contacted by SecureWorks and Atheros has not
received any code or other proof demonstrating a security vulnerability
in our chips or wireless drivers used in any laptop computers. We
believe SecureWorks' modified statement and the flaws revealed in its
presentation and methodology demonstrates only a security vulnerability
in the wireless USB adapter they used in the demo, not in the laptop's
internal Wi-Fi card."

<http://blog.washingtonpost.com/secur..._on_the_apple_
macbook_cl.html>



Neill Massello

On Tue, 22 Aug 2006 02:54:16 GMT, (E-Mail Removed) (Neill
Massello) wrote in <1hkfsng.1r01734fmuzi2N%(E-Mail Removed) t>:

>Brian Krebs of the Washington Post reports receiving the following
>statement from Bill McFarland of Atheros:
>
>"Atheros has not been contacted by SecureWorks and Atheros has not
>received any code or other proof demonstrating a security vulnerability
>in our chips or wireless drivers used in any laptop computers. We
>believe SecureWorks' modified statement and the flaws revealed in its
>presentation and methodology demonstrates only a security vulnerability
>in the wireless USB adapter they used in the demo, not in the laptop's
>internal Wi-Fi card."
>
><http://blog.washingtonpost.com/secur..._on_the_apple_
>macbook_cl.html>

Part of what you snipped:

A number of news outlets and blogs have picked up on these various
statements and clarifications, but nowhere have I seen this tidbit:
Apple's Fox said that prior to the Black Hat demo, SecureWorks did
contact Apple about a wireless flaw in FreeBSD, the open-source code
upon which Apple's OS X operating system is based. In January,
FreeBSD released a patch to fix the problem, which according to the
accompanying advisory, related to a flaw in the way FreeBSD systems
scanned for wireless networks that could be exploited to allow
attackers to take complete control over the targeted machine.

I looked through the last eight months of patches from Apple and
could not find any evidence that it also shipped an update to correct
this flaw. Fox said she would check with Apple and get back to me.
Fox also said Apple staff were already aware of the flaw when
SecureWorks contacted them about it prior to their Black Hat
presentation, and that Apple had already determined that the wireless
flaw addressed in the FreeBSD patch was not exploitable on any of the
Mac products.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>