Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Thread beginning with comment 478991
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Responsible?
by ourcomputerbloke on Tue 28th Jun 2011 23:38 UTC in reply to "RE: Responsible?"
ourcomputerbloke
Member since:
2011-05-12

Yes? At least that's what I would do. If they won't fix a security concern, I will widely publicize it to force them to fix it.


And if they were burgled would you accept that you are an accessory to the crime? I'm no lawyer but I suspect that's the way it would be viewed...

Edited 2011-06-28 23:39 UTC

Reply Parent Score: 1

RE[3]: Responsible?
by Thom_Holwerda on Tue 28th Jun 2011 23:45 in reply to "RE[2]: Responsible?"
Thom_Holwerda Member since:
2005-06-29

"Yes? At least that's what I would do. If they won't fix a security concern, I will widely publicize it to force them to fix it.


And if they were burgled would you accept that you are an accessory to the crime? I'm no lawyer but I suspect that's the way it would be viewed...
"

And if they were burgled, but the damage could've been greatly limited had you informed account holders?

Reply Parent Score: 2

RE[4]: Responsible?
by ourcomputerbloke on Wed 29th Jun 2011 00:03 in reply to "RE[3]: Responsible?"
ourcomputerbloke Member since:
2011-05-12

And if they were burgled...


That is the point at which the responsible and ethical thing to do would be to come forward and say "We told them so!" Yes the crime has been committed, but you played no active part in it. Regardless of the motives I don't see anything ethical or responsible about actively facilitating a crime. You found the weakness, you reported it, you've actively tried to prevent the crime. Changing tack and becoming an active facilitator for the crime makes you no better than those who would commit the crime in the first place IMHO.

But anyway, that's the way I view it.

Reply Parent Score: 2

RE[3]: Responsible?
by pantheraleo on Tue 28th Jun 2011 23:46 in reply to "RE[2]: Responsible?"
pantheraleo Member since:
2007-03-07

And if they were burgled would you accept that you are an accessory to the crime? I'm no lawyer but I suspect that's the way it would be viewed...


Standard "This is provided for informational purposes only. We assume no responsibility for how this information is used, etc." legal disclaimer applies. Not sure it would hold up. But then again, it's not like you are going to use your real name or make it easy for the feds to find you if you share information with a newspaper about how to rob a bank.

Reply Parent Score: 2

jabbotts Member since:
2007-09-06

In these cases, the civilian public is the last to know. If Hackers (ethical) discoved the issue, you can be sure that Crackers (unethical) have also discovered it. They are not publicizing something that criminals do not already know about.

If I can see how one might break in through your back door, you can be sure that burgler's have also noticed this.

Reply Parent Score: 2