You may not have noticed, but there is a serious storm brewing in the collision of Apple, network security and technology PR. It started earlier this month when Washington Post reporter Brian Krebs posted an article entitled "Hacking a MacBook in 60 Seconds or Less" about a WiFi security exploit that was demonstrated at the Black Hat security conference. The security researchers, Jon "Johnny Cache" Ellch* and David Maynor, both of SecureWorks, made a disingenuous statement that "they weren't picking on Macs here, but..." and in fact the article itself is clearly trying to exploit Apple's security reputation to grab a cheap headline. Well fine, but then it turns out that maybe there wasn't a hack at all, as the security researchers didn't actually use the MacBook's built-in WiFi hardware or software, but rather added a third-party card and driver and then hacked that. Which set off storm #1 wherein a huge number of bloggers, reporters and users said -- justifiably -- WTF?

Not content to leave well enough alone, and apparently not thinking clearly enough to provide a well-reasoned response, Krebs came back with this in a subsequent post: "During the course of our interview, it came out that Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers — mainly because Apple had not fixed the problem yet. Maynor acknowledged that he used a third-party wireless card in the demo so as not to draw attention to the flaw resident in Macbook drivers. But he also admitted that the same flaws were resident in the default Macbook wireless device drivers, and that those drivers were identically exploitable. And that is what I reported. I stand by my own reporting, as according to Maynor and Ellch it remains a fact that the default Macbook drivers are indeed exploitable." Translation: they said it and alluded to a big coverup so it must be true. And just to fuel the fire, Krebs added: "Again, the point was not to pick on Macs, but..." (article headline not withstanding -- maybe it was added in production, yeah, that must be it...) To which a now considerably annoyed collection of journalists, users and bloggers responded: WTF?

So then Krebs comes back with another response that acknowledges that while he inexplicably hasn't acknowledged this in his two previous articles on this subject, he has in fact seen the exploit working directly on Apple hardware/software. Um, okay, but why didn't you say that to begin with, or at least in your subsequent followup? And then the plot thickens: Apple denies that Secureworks has shared any exploit with them, with Apple spokesperson Lynn Fox rather unequivocally (?) stating: "Whatever they are claiming to have found, they haven't shared it with us." And then, Secureworks itself added this disclaimer: "This video presentation at Black Hat demonstrates vulnerabilities found in wireless device drivers. Although an Apple MacBook was used as the demo platform, it was exploited through a third-party wireless device driver — not the original wireless device driver that ships with the MacBook. As part of a responsible disclosure policy, we are not disclosing the name of the third-party wireless device driver until a patch is available." Adding insult to injury, Secureworks is apparently now not returning Krebs' phone calls asking for clarification: "I have several times now asked SecureWorks to share with me more specific information to back up their claims, but so far I have received no further details. If I hear back from SecureWorks with any more material information, I will update the blog."

So, what is really going on? Unfortunately, almost a month later, we don't yet have a clear answer from a security standpoint, which is just ridiculous. What we do know, however, is how not to handle this from a PR standpoint.

PR LOSERS: Maynor, Ellch and Secureworks, who clearly took advantage of the Mac's security reputation for professional gain and have thus far failed to substantiate their claims. If you buy into the myth that any coverage is good coverage, then I guess you'd be overjoyed. But if the objective was to enhance their reputation as outstanding and responsible security consultants, I'd say they're not doing too well thus far. A simple statement clarifying the situation was warranted weeks ago: is the MacBook hackable or not?

PR LOSER: Brian Krebs – went for a diggable headline and it came back to bury him. Had a chance to clear it up in a subsequent post but botched it. Came back a week later and tried again. Had apparently still not tried to use the usual journalistic technique of verification, and two weeks later that didn't turn out so well.

PR LOSERS: Tech Journalists – who unfortunately have also jumped on the argument from both sides, using sensationalist headlines around the story and a red herring argument: that the Mac hack was clearly done with third party hardware. Duh. We knew that on day one, and it is neither "admitting falsification" to clarify that nor a "vicious attack" to seek clarification on the true question: is the MacBook hackable? Could we see a little bit of, I don't know, actual reporting or investigative journalism? Hmmm? Maybe?

UNKNOWN: Apple. If their PR statement can be taken at face value then they are going to come out of this way ahead. If details come out indicating that they are being disingenuous, then not so much.

So is there a winner in all this? I believe so: a number of bloggers who come at this either from the Mac or from the security side have taken a well-reasoned, in depth look at the issues and, although reaching opposite conclusions, have at least attempted to sort out all of the conflicting claims and counter-claims while staying focused on the real issue (say it with me here): is the MacBook hackable or not?. As a PR professional that has been at this longer than most of the people mentioned in this post, I find it fascinating that bloggers are stepping in where journalists and columnists used to tread. Technology journalists will always remain central to what it is that we do, but we have long been encouraging clients to pay more attention to the blogging community in key markets. This confirms that recommendation. (Clarification: Rich Mogull of securosis.com, the security blog mentioned above, is a long time Gartner analyst and someone we've dealt with for clients. So one could argue that he doesn't count as a "blogger" – but it was on his blog that he tackled this issue and this is my article so I get to classify him as I please. So there.)

* as a footnote, can we please all agree that, in the tech industry at least, having a hip nickname like "Johnny Cache" makes you sound like an idiot?

-posted by Paul

The gamers' olympics is wrapping up in Leipzig, Germany where nerds from around the world are competing in the Guild Wars Factions(TM) World Championship. Produced by Bellevue-based ArenaNet and Korea-based NCsoft Corporation, the game was an instant bestseller when first released in 2005 and has since climbed the charts to be declared the #1 game in North America and Europe in early 2006. ArenaNet today announced that the latest and greatest version will be released worldwide on Oct. 27. Guild Wars Factions(TM) transports players to the fantastical land of Elona, where they compete with online players across the globe, battling mad rulers and outcast gods across dangerous coasts and poisonous deserts. For the over-eager, highly addicted gamer, the Guild Wars Nightfall Prerelease Bonus Pack will be available Sept. 15, and don't forget the long-awaited collectors' edition to be revealed in late October. Game on!

-posted by Mallory

Brett Marl at Pure Networks posted an interesting blog entry on the next generation of wireless routers now in development. The current standard of 802.11g carries speeds of up to 54 mbps, but that's not enough for moving huge files around your home, such as high definition video. The next iteration is 802.11n, which promises speeds of up to 600 mbps -- and, according to Brett, the IEEE governing standards committee expects to complete the guidelines by 2008.

-posted by Rachel

The September 21 meeting of the West Sound Technology Professionals Organization features Craig Bleile, Port Townsend-based Mobilisa's chief scientist, who will speak on the interoperability of the Navy's battle force. Mobilisa recently morphed from a company specializing in wireless infrastructure for water-based facilities (ocean liners, ferries, etc.) into one that tags itself as an expert in mobile and wireless -- period -- expanding into software development for PDAs, Pocket PCs and cell phones. Could be because of stiff competition from Seattle's SeaMobile, which announced a contract with Crystal Cruises (Crystal Serenity and Crystal Symphony ships) last month to deliver wireless services.

-posted by Rachel

Are you just waiting for your big break? You could be a Dotster Dot! To promote its "MyInternet" services, Dotster Inc. is announcing their search for the Dotster Dots. Dotster, a leading Internet domain name provider, is looking for "female company ambassadors" to travel the US at high-profile shows and events. The lucky Dotster Dots will be awarded a year-long spokesmodel contract and will be dressed to the nines in clothing from some of the biggest names in fashion. Auditions will be held in Miami, Atlanta, New York, and Los Angeles. Watch out "America's Next Top Model"!

-posted by Joanna

GPS and geo-caching continue to build momentum as one of the latest crazes in outdoor sports. Part technology, part treasure hunt and part hide-and-go-seek, there is a new element entering the fun from Tacoma based IndieClub.com and Right Way Productions. First, we have GPS - The Game, which takes geo-caching to a whole new level by adding online mysteries and forums where game players can interact. Next comes GPS - The Movie, where a group of college kids search for $2 Million throughout the Pacific Northwest, ending at a grave. Sounds like a fun way to spend a weekend.

-posted by Rachel

Years ago, we had the opportunity to work with Action Engine when it was first launching a mobile platform for smartphones that enabled users to access Web information. The Action Engine product got around the downloading and memory issues by having customers capture and store frequently used data. Now, Bellevue-based Webaroo has taken that same concept and added lots of bells and whistles so that consumers can literally, as it says, "search...unplugged." It's compatible with handhelds running Windows Pocket PC 2003 SE or Windows Mobile 5.0.

-posted by Rachel

There's an announcement this week from Seattle's Knewtrino about its new mobile messaging service in beta trial...but I'm more fascinated by the company's name. There are any number of startup companies that have made unusual choices for their monikers; others that have caught my attention recently are PixPulse, la la, Brain Murmurs and Ookla, to name a few. For an amusing game, try to figure out what these companies do, and then check their websites for info.

-posted by Rachel

Yet more news from the folks at Envision: Avaya reseller Cross was awarded Envision's 2006 Partner of the Year. In the past, we've frequently recommended to appropriate clients that they consider instituting an internal award program, particularly as a way to keep visibility in the media -- and here's an example of a company that's doing just that.

-posted by Rachel

There's a cool Kirkland-based company called GotVoice that is essentially enabling users to manage voicemail through a single online email box -- and the new GotVoice Dispatch, announced this week, provides "Ringless Messages" cross-carrier, an industry first. From a marketing standpoint, what's even more intriguing is that the company is successfully conducting an informational campaign through the blogging community, a true indication of the power of non-traditional digital media outlets.

-posted by Rachel

Our friends at Envision posted great news earlier this week -- the company is trumpeting an 80 percent increase in software license revenues and some new customers, including Tiffany & Co.

-posted by Rachel

Spanish soap opera/novela fans, take heart: Azteca America, one of the two largest producers of Spanish language television content, launched new affiliate KHCV Channel 45 for the Seattle to Olympia market this week.

-posted by Rachel

A cool factoid: VOXUS client CipherLab's hand-held wireless scanners are being used in the filming of a new television series, "Masters of Science Fiction," recently greenlighted by ABC. In reality, the barcode scanner is used in retail settings, but its sleek design caught the eye of the series' prop master who was looking for a piece of hardware that could be used to simulate a body scanner in a futuristic medical environment. The filming is now underway in Vancouver, BC.

-posted by Rachel

The August issue of PharmaVOICE features 100 of today's most inspiring people in the pharmaceutical and biotechnology industries...and two VOXUS clients made the list. Anthony J. Costello, co-founder and vice president of Nextrials made the list in "The Risk Takers" category, and Nosa Omoigui, founder, chairman and CEO of Nervana is noted in "The Technologists" category. The magazine is now in circulation, and the full list of winners can be viewed online. Congratulations to both!

-posted by Rachel

Last month, we noted that Onyx Software had found itself in the middle of an acquisition bidding war between M2M Holdings and Hong Kong-based CDC Corp. Now, Onyx shareholders approved the offer tendered by M2M, even though CDC offered more money. M2M promised to keep Onyx management in place, something CDC didn't guarantee. So who says investors are only in it for the money?

-posted by Rachel

Francisco Partners, a California-based private equity fund, is buying troubled WatchGuard Technologies. While it's no surprise that WatchGuard accepted a buyout, Francisco Partners is a new player -- Vector Capital had tendered an offer last February for the security company. It's an interesting purchase, since Francisco acquired WRQ in 2004 and brokered its merger with Attachmate.

-posted by Rachel