Linked by Thom Holwerda on Mon 22nd Jul 2013 10:10 UTC
Apple "Apple revealed Sunday that its Developer Center suffered a lengthy outage this week following a security breach that may have compromised data, but a security researcher has provided evidence to suggest the shutdown was in response to his identification of a vulnerability." It's no secret that Apple's developer portals are a mix of outdated, crappy technologies, and it seems that this security researcher did good work by making that fact very, very clear for everyone. Would be nice of Apple to acknowledge his work, although as we all know, that's about as unlikely as Pluto blocking the sun, no matter how Apple claims it wants to be "open" about this disaster in its public statement.
Permalink for comment 567793
To read all comments associated with this story, please click here.
lucas_maximus
Member since:
2009-08-18

I think most us wouldn't mind if some stranger told us we left our car unlocked, but we wouldn't like it if he also told us he sat in our car for a while, taking pictures, checking the radio presets and making copies of documents found on the glove compartment.


You hit the nail on the head here tbh.

I have contacted site owners (some that had quite a bit of traffic) and told them about SQL injection vulnerabilities (that I pretty much stumbled upon after seeing a MySQL error message bubble up to the surface) and shown them a proof of concept. For the most part, the response was positive.

If it wasn't, I made sure I kept the emails just in case I had to prove my intentions to law enforcement (I have been threatened once or twice after a heads up to a site owner).

Edited 2013-07-23 18:34 UTC

Reply Parent Score: 3