Yesterday, I watched wireless hacker Johnny Cache deliver a scathing set of prepared remarks at ToorCon, San Diego's annual security conference. Cache and his colleague David Maynor were to have given a talk detailing the vulnerabilities in Apple's wireless stack that they presented on at the Black Hat conference this summer.
But at the eleventh hour, the talk was cancelled due to pressure from Maynor's employer, SecureWorks, apparently at the behest of Apple (though one colleague at the show said she spoke to an Apple employee in the audience who denied that Apple had leaned on SecureWorks).
It was clear from the remarks that Cache was very angry about this. His and Maynor's research has been widely questioned by security researchers and defenders of the Mac, who accused the two of bait-and-switching or worse. It seems he'd been looking forward to clearing his good name, and also clear that he felt that Apple and SecureWorks had maligned him.
Cache sent me the text of his remarks:
Let's recap this thing.
We give a talk saying that device drivers have lots of bugs.
We demo one bug in Apple.
A few days later, when Apple starts flaking on a patch, we tell
them we are going to do a live demo of it at ToorCon, so it would
be a good idea to get it patched before that.Apple says that it doesnt exist, and we didnt talk to them about
it.A few weeks later (1 week before ToorCon) they patch it, and say
we had nothing to do with it.One day before the talk, secureworks and Apple get together to
and manage to stop dave from coming. They also issue a cutesy
press release
(Thanks, Johnny!)
Update: In reference to several people who've emailed me already on this — the talk was indeed cancelled due to outside pressure, as confirmed by ToorCon's organizers.
