Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Thread beginning with comment 479040
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Responsible?
by matt.r on Wed 29th Jun 2011 10:39 UTC in reply to "RE[4]: Responsible?"
matt.r
Member since:
2011-06-29

Regardless of the motives I don't see anything ethical or responsible about actively facilitating a crime. You found the weakness, you reported it, you've actively tried to prevent the crime. Changing tack and becoming an active facilitator for the crime makes you no better than those who would commit the crime in the first place IMHO.


Apple put them into a lose-lose situation ethically by not fixing the vulnerability.

a) leave others vulnerable to the possibly unethical hackers.
b) disclose the vulnerability.

they absolved themselves of any responsibility when they privately contacted apple to let them know of the problem and gave them ample time to fix it.

further, instead of just disclosing the vulnerability, they publicly stated their intent to disclose the vulnerability without actually doing so, and giving them a further time to act.

as a last resort, the public deserves to know the details of how they are vulnerable when dealing with a specific company. Is someone held responsible for pointing out that the rat turds in their raisin bran aren't raisins?

Reply Parent Score: 3