Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Permalink for comment 479161
To read all comments associated with this story, please click here.
"Ethical" doesn't seem to work.
by UltraZelda64 on Wed 29th Jun 2011 20:59 UTC
UltraZelda64
Member since:
2006-12-05

Seriously, companies always seem to have higher priorities than their own users/customers' security. The beginning of the article proves it, for the millionth time:

"One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days."

Replace "Apple" with "Microsoft" or "Adobe" and you've got a pretty typical article; company puts out buggy and security-flawed product, knows about security flaw, but doesn't feel like getting around to fix it any time soon. Unless it starts being used by the bad guys.

Meanwhile, if these hackers would have went the "unethical" route and just said what the exploit was and how to perform it, as well as telling Apple themselves... the company would be scrambling, tripping over themselves trying to get it fixed if it's bad enough of a bug, before those bad guys are able to react.

See how swiftly Sony reacted when they got their asses handed to them, hardcore and deservedly I might add, by Anonymous. Of course, it helps that their customers' personal info was on the line, but well... would they have ever learned otherwise? Probably not, they would have likely went the quickest possible route to get their systems back online. It even made them realize that their password-reset page was buggy, so they even had to re-think that part of the system and re-implement it properly. I'm sure after that disaster, Sony will think at least a little bit more about the security of their systems.

Companies don't learn unless they have to actually react to something bad enough to be referred to as a "disaster," "emergency" or "catastrophe." I doubt that Microsoft would have got so much more serious about Windows XP's security starting with SP2 if there weren't people exploiting and tearing the the living hell out of the OS all though years ago, wreaking havoc and making computers around the world miserable. I'm amazed so many people just took it and continue to even trust them, really. Their illegal monopoly really saved their asses.

Edited 2011-06-29 21:01 UTC

Reply Score: 2