Linked by Thom Holwerda on Mon 22nd Jul 2013 10:10 UTC
Apple "Apple revealed Sunday that its Developer Center suffered a lengthy outage this week following a security breach that may have compromised data, but a security researcher has provided evidence to suggest the shutdown was in response to his identification of a vulnerability." It's no secret that Apple's developer portals are a mix of outdated, crappy technologies, and it seems that this security researcher did good work by making that fact very, very clear for everyone. Would be nice of Apple to acknowledge his work, although as we all know, that's about as unlikely as Pluto blocking the sun, no matter how Apple claims it wants to be "open" about this disaster in its public statement.
Thread beginning with comment 567718
To view parent comment, click here.
To read all comments associated with this story, please click here.
Laurence
Member since:
2007-03-26

Sometimes organizations will leave known vulnerabilities in place even after they've been reported. So sometimes it takes the threat of going public -and even much worse- to actually get companies to take notice.

While I don't agree with taking such data - sometimes it's a lesser evil compared to that software going unpatched and open to genuine malicious intent. So while I don't agree with what he did, I can forgive him for doing it.

Reply Parent Score: 4

Soulbender Member since:
2005-08-18

The problem is that he never put any pressure on them. He just sat on his ass and maybe sent some emails to Apple. He never publicly disclosed the vulnerabilities after, say, a week of no action from Apple like he should have done.

To be honest, it smells not unlike that he tried to extort something from them. I mean, why else would he not publicly disclose what he knew once he thought Apple had taken too long? The only other explanation that makes sense is that he's an incompetent dumbass.

Reply Parent Score: 3