Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Thread beginning with comment 479002
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[6]: Responsible?
by ourcomputerbloke on Wed 29th Jun 2011 00:47 UTC in reply to "RE[5]: Responsible?"
Member since:

Well, I guess that's the reason I'm a gray hat instead of a white hat.

The shade of grey could very rapidly become a lot darker if you were considered an accessory to a crime tho ;)

Reply Parent Score: 1

RE[7]: Responsible?
by Alfman on Wed 29th Jun 2011 02:23 in reply to "RE[6]: Responsible?"
Alfman Member since:

I'm not saying it's right, but if we're all honest with one another, very few companies will make security a priority until information about insecurity reaches the public.

For companies where security doesn't drive sales, there's little incentive to be secure except to avoid public embarrassment after the fact. Whether we like it or not, going public is an effective way to motivate companies to enhance security *immediately*.

What is the solution for the lack of motivation otherwise?

More liability? I don't like the thought, but we can debate that.

Security regulation? I have doubts about the effectiveness of this.

A legal time frame after which security consultants are allowed to go public? I think this could work in a fair way, but it would never fly.

Let the public decide adequate security? Obviously this can only work if the public are aware of the relative security of competing companies, but it's hopeless if companies themselves don't even know where they stand, or they lie deliberately to customers.

What is the answer?

Reply Parent Score: 3

RE[7]: Responsible?
by pantheraleo on Wed 29th Jun 2011 06:46 in reply to "RE[6]: Responsible?"
pantheraleo Member since:

The shade of grey could very rapidly become a lot darker if you were considered an accessory to a crime tho ;)

There are things that trump legal law, and justify breaking it for moral reasons. Again, why I am a gray hat and not a white hat.

Reply Parent Score: 2

jabbotts Member since:

Apple's official policy was to deny the existance of malware they where finding on customer's computers when braught in for support.

- Do not aknowledge the existance of malware
- Do not fix the malware unless specifically asked to by the customer

It was not until public disclosure braught enough pressure from the consumer base that Apple publicly admitted knowledge of the problem and took steps to address it. The business PR image was more important than the customer's safety until customer's awareness threatened Apple's future product sales.

Reply Parent Score: 2