Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Thread beginning with comment 478994
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Responsible?
by ourcomputerbloke on Wed 29th Jun 2011 00:03 UTC in reply to "RE[3]: Responsible?"
ourcomputerbloke
Member since:
2011-05-12

And if they were burgled...


That is the point at which the responsible and ethical thing to do would be to come forward and say "We told them so!" Yes the crime has been committed, but you played no active part in it. Regardless of the motives I don't see anything ethical or responsible about actively facilitating a crime. You found the weakness, you reported it, you've actively tried to prevent the crime. Changing tack and becoming an active facilitator for the crime makes you no better than those who would commit the crime in the first place IMHO.

But anyway, that's the way I view it.

Reply Parent Score: 2

RE[5]: Responsible?
by pantheraleo on Wed 29th Jun 2011 00:11 in reply to "RE[4]: Responsible?"
pantheraleo Member since:
2007-03-07

[Changing tack and becoming an active facilitator for the crime makes you no better than those who would commit the crime in the first place IMHO.


Well, I guess that's the reason I'm a gray hat instead of a white hat.

Reply Parent Score: 2

RE[6]: Responsible?
by ourcomputerbloke on Wed 29th Jun 2011 00:47 in reply to "RE[5]: Responsible?"
ourcomputerbloke Member since:
2011-05-12

Well, I guess that's the reason I'm a gray hat instead of a white hat.


The shade of grey could very rapidly become a lot darker if you were considered an accessory to a crime tho ;)

Reply Parent Score: 1

RE[5]: Responsible?
by matt.r on Wed 29th Jun 2011 10:39 in reply to "RE[4]: Responsible?"
matt.r Member since:
2011-06-29

Regardless of the motives I don't see anything ethical or responsible about actively facilitating a crime. You found the weakness, you reported it, you've actively tried to prevent the crime. Changing tack and becoming an active facilitator for the crime makes you no better than those who would commit the crime in the first place IMHO.


Apple put them into a lose-lose situation ethically by not fixing the vulnerability.

a) leave others vulnerable to the possibly unethical hackers.
b) disclose the vulnerability.

they absolved themselves of any responsibility when they privately contacted apple to let them know of the problem and gave them ample time to fix it.

further, instead of just disclosing the vulnerability, they publicly stated their intent to disclose the vulnerability without actually doing so, and giving them a further time to act.

as a last resort, the public deserves to know the details of how they are vulnerable when dealing with a specific company. Is someone held responsible for pointing out that the rat turds in their raisin bran aren't raisins?

Reply Parent Score: 3