Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

5/15/2007
09:45 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Up Close With David Maynor

The hacker talks tribe, Macbooks, and surprises in store for next Black Hat

Most of David Maynor's colleagues in the security research community are surprised when they learn that he's a Native American. The renowned security researcher best known for his controversial Macbook hack, is also a member of the small, North Carolina-based Lumbee tribe, which is currently seeking full status as a federally recognized Indian tribe.

Figure 1:

"In Wikipedia, I'm one of the [notable] Lumbees," Maynor says. (You probably also didn't know Maynor shares his tribal roots with another notable Lumbee, Heather Locklear, who's listed among famous Lumbees.)

Maynor, 29, grew up in tiny Pembroke, N.C., a town that just got its first Wal-Mart and where most of the locals claim the coveted Lumbee bloodline. Like most of today's premier security researchers, Maynor didn't get a college degree, although he took classes at Georgia Tech. "In technology, there are more advancements in private industry than in universities. It's hard for academics to keep up" with the pace of security technology, he says, noting that most of what you learn in security, you learn on your own.

Maynor started hacking his parents' and sisters' phone calls at age 14, in what he calls the "lamest" of hacks that required literally cutting the handset plug to the base station of the phone, and attaching clips to lines on the phone cable, among other things. "You could listen to phone calls," he says. "That was 'beige-boxing.' "

Today he's kind of a jack-of-all-trades hacker who digs into Microsoft software bugs as well as wireless driver vulnerabilities, such as the one he and fellow researcher Jon Ellch demonstrated at Black Hat USA last August. "I like focusing on things than can be used to break into your computer or steal information or do bad things to you. If you think about the typical, motivated hacker-for-hire, he's not going to be [an expert in] wireless-only. The enemy is cross-disciplinary, and so should you be."

Maynor says he gets a kick out of how people romanticize security research. It's really not very sexy. [Ed. note: Now there's a shocker.] "If someone were to watch me working, they'd see me sitting for hours in front of my computer, dissembling [code]."

And it's not always the lone cowboy existence it's cracked up to be. It was Ellch, a.k.a. johnnycache, who taught him wireless packet injection, which got Maynor writing fuzzers and finding wireless bugs. Such tutoring and informal support is common among the security research community, he says, where he often vets new research ideas. "It's 'that's cool' or 'that's lame, you shouldn't do that,' " he says of the advice he and other researchers dispense.

Maynor spent just four months at SecureWorks Inc. , the company he was working for during the Apple controversy, before leaving to start up Errata Security with its CEO, Robert Graham, former chief scientist at IBM Internet Security Systems . Errata does research and provides vulnerability analysis services and professional consulting and architecture review services. Prior to joining SecureWorks, Maynor spent three years writing exploit code for ISS. (See Startup to Take Measure of Security and 10 Hot Security Startups.)

The Macbook hack at Black Hat last year made Maynor a household name in the security world -- and more like "mud" among Apple enthusiasts who refused to believe their platform had security weaknesses. And although Maynor says he's so over the Apple thing, he prefers not to talk much about it anymore, having finally gone public at the Black Hat D.C. briefings with some details of the hack and his communiqué with Apple (See Apple Flap Redux.)

Not all researchers were satisfied with his account -- some are still calling for him to release code to show the nitty-gritty details. Maynor says if he had it to do all over again, he wouldn't have been so careful to "protect" Apple users. "I would have dropped the exploit on stage," he says. "I wouldn't have taken such pains to protect their customers."

Ironically, he says he really isn't in favor of full disclosure, where hackers go public with bugs without letting the vendor weigh in with a fix first. "Responsible disclosure works both ways. If a vendor behaves badly, I won't work with them anymore, and then I'm on a full disclosure path. I don't like it, but what are you going to do?"

Still, he sees a major shift in the vulnerability research process underway: Hackers are getting gun-shy amid the threat of vendor lawsuits, and their financial motivation is waning -- it's only the bad guys who make the real bucks for bugs now, and there are few indie researchers left. Most have "real" jobs with security companies now.

"I don't think vulnerability discovery and disclosure is going to continue. There's going to be a huge shift... with information being closely guarded by vendors. Their researchers' findings will be considered trade secrets and will not be publicly disclosed. That will hurt security."

But look out -- Maynor has big plans for this year's Black Hat USA briefings in Las Vegas. "We're planning something bigger than that for Black Hat this year," he says. No details, but look for him and Robert Graham to expose holes in security vendors' claims. "We are mostly interested in how security vendors do stuff or how they don't do stuff [they claim]. That's the heart of our [upcoming] Black Hat presentation."

And no, Apple Inc. (Nasdaq: AAPL) won't be among the vendors they expose, he says.

Personality Bytes

  • Blue Hat?:"I have a close relationship with Microsoft. I can say 'here's a bug, fix it,' and they will."

  • Source of insomnia: "The biggest vulnerability in any company is the people. No matter what security technology you buy, or what processes you put in place, if a user is convinced to click on an [malicious] email, it's game over. You can't protect against that."

  • Favorite team: "Duke University basketball. Coach K for life."

  • On target: "I love long-distance [target] shooting. I used to hunt as a kid, and we'd eat what we killed. Nowadays I don't have time for it, plus we have McDonald's. I don't see the point of killing [an animal] for no reason."

  • After hours: "Movies and reading. But I don't do chick flicks."

  • Favorite hangout: "The Highlander. It's a dive bar in Atlanta near a movie theater. I've been going there for years. It's like my version of Cheers."

  • In Maynor's iPod: "Everything from Japanese Schoolgirls to Hank Williams Jr., and Rammstein... rap, country, and alternative."

  • PC or Mac? "Both -- I'm using a MacBook right now, but I use PCs, too. I usually carry two laptops, and use whatever gets the job done."

  • Comfort food: "Filet mignon."

  • Ride: "A bright orange Dodge Neon. Living in Atlanta, I get tired of cars getting scratched, stolen, glass broken, and stuff like that, so if... my Neon gets stolen or broken, I really don't care about it. It's disposable."

    — Kelly Jackson Higgins, Senior Editor, Dark Reading

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 6/5/2020
    Abandoned Apps May Pose Security Risk to Mobile Devices
    Robert Lemos, Contributing Writer,  5/29/2020
    How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
    Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: What? IT said I needed virus protection!
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13842
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
    CVE-2020-13843
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
    CVE-2020-13839
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
    CVE-2020-13840
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
    CVE-2020-13841
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).