Linked by Thom Holwerda on Mon 22nd Jul 2013 10:10 UTC
Apple "Apple revealed Sunday that its Developer Center suffered a lengthy outage this week following a security breach that may have compromised data, but a security researcher has provided evidence to suggest the shutdown was in response to his identification of a vulnerability." It's no secret that Apple's developer portals are a mix of outdated, crappy technologies, and it seems that this security researcher did good work by making that fact very, very clear for everyone. Would be nice of Apple to acknowledge his work, although as we all know, that's about as unlikely as Pluto blocking the sun, no matter how Apple claims it wants to be "open" about this disaster in its public statement.
Thread beginning with comment 567714
To read all comments associated with this story, please click here.
Perhaps, wanted the spotlights
by acobar on Mon 22nd Jul 2013 13:42 UTC
acobar
Member since:
2005-11-15

May I be wrong, but on most case hackers want the "spotlights", it is on their DNA culture.

They work hard to find breaches and to rise their reputation over their competencies.

My best bet is: he worked hard to find holes, found, told Apple about them, waited for reconnaissance, did not come, raised the attempt to get it, failed again and now is very likely to be on a troubled situation.

Arrogance, pride and vengeance paves the shortest path to hell.

Hope he, somehow, gets as less burned as possible.

Reply Score: 5

Tony Swash Member since:
2009-08-22

Reports at Electronista say Apple shut down it's system fours hours after getting the email from ibrahim Balic.

http://www.electronista.com/articles/13/07/22/says.he.reported.vuln...

Reply Parent Score: 3

Soulbender Member since:
2005-08-18

My best bet is: he worked hard to find holes, found, told Apple about them, waited for reconnaissance, did not come, raised the attempt to get it, failed again and now is very likely to be on a troubled situation.


It's perfectly possible to publicly disclose vulnerabilities without stealing data or causing damage. Any security researcher worth is salt knows this. Either he didn't know or he didn't care which makes him either not good at it or a bad guy.

Reply Parent Score: 3

Thom_Holwerda Member since:
2005-06-29

It's perfectly possible to publicly disclose vulnerabilities without stealing data or causing damage. Any security researcher worth is salt knows this. Either he didn't know or he didn't care which makes him either not good at it or a bad guy.


If stealing data is required to get a company to actually give a shit and properly protect the data their customers entrust them with, then so be it.

The world isn't black and white.

Reply Parent Score: 1