Linked by Thom Holwerda on Mon 22nd Jul 2013 10:10 UTC
Apple "Apple revealed Sunday that its Developer Center suffered a lengthy outage this week following a security breach that may have compromised data, but a security researcher has provided evidence to suggest the shutdown was in response to his identification of a vulnerability." It's no secret that Apple's developer portals are a mix of outdated, crappy technologies, and it seems that this security researcher did good work by making that fact very, very clear for everyone. Would be nice of Apple to acknowledge his work, although as we all know, that's about as unlikely as Pluto blocking the sun, no matter how Apple claims it wants to be "open" about this disaster in its public statement.
Permalink for comment 567710
To read all comments associated with this story, please click here.
RE: Unfortunate course of action
by bouhko on Mon 22nd Jul 2013 12:45 UTC in reply to "Unfortunate course of action"
bouhko
Member since:
2010-06-24

It is not clear why he did this, he says it was to get Apple's attention but he had not contacted Apple about the bugs prior to the hack, he decided to hack first.

I don't know from where you get this information, but he is claiming the contrary in this techcrunch comment :
http://techcrunch.com/2013/07/21/apple-confirms-that-the-dev-center...

Where he says :
I didn't attempt to get the datas first and report then, instead I have reported first.


His version is basically : "I reported bugs to Apple, they didn't answer my mails so I got pissed off and collected data".

Now, it is unclear how much time he gave Apple between the first report and his collection of user data in retaliation.

But it seems Apple f--ked up too. It's not really smart to ignore the emails of someone reporting vulnerabilities on your website.

I think we should wait for further clarification before jumping to conclusion about the good Apple being hacked by a bad guy.

Edited 2013-07-22 12:46 UTC

Reply Parent Score: 5