Linked by Thom Holwerda on Mon 22nd Jul 2013 10:10 UTC
Apple "Apple revealed Sunday that its Developer Center suffered a lengthy outage this week following a security breach that may have compromised data, but a security researcher has provided evidence to suggest the shutdown was in response to his identification of a vulnerability." It's no secret that Apple's developer portals are a mix of outdated, crappy technologies, and it seems that this security researcher did good work by making that fact very, very clear for everyone. Would be nice of Apple to acknowledge his work, although as we all know, that's about as unlikely as Pluto blocking the sun, no matter how Apple claims it wants to be "open" about this disaster in its public statement.
Thread beginning with comment 567726
To view parent comment, click here.
To read all comments associated with this story, please click here.
Soulbender
Member since:
2005-08-18

My best bet is: he worked hard to find holes, found, told Apple about them, waited for reconnaissance, did not come, raised the attempt to get it, failed again and now is very likely to be on a troubled situation.


It's perfectly possible to publicly disclose vulnerabilities without stealing data or causing damage. Any security researcher worth is salt knows this. Either he didn't know or he didn't care which makes him either not good at it or a bad guy.

Reply Parent Score: 3

Thom_Holwerda Member since:
2005-06-29

It's perfectly possible to publicly disclose vulnerabilities without stealing data or causing damage. Any security researcher worth is salt knows this. Either he didn't know or he didn't care which makes him either not good at it or a bad guy.


If stealing data is required to get a company to actually give a shit and properly protect the data their customers entrust them with, then so be it.

The world isn't black and white.

Reply Parent Score: 1

Tony Swash Member since:
2009-08-22

If stealing data is required to get a company to actually give a shit and properly protect the data their customers entrust them with, then so be it.

The world isn't black and white.


A bit rich coming from you I think given your comments about this story which portrayed things in a fairly black and white sort of way ;)

How long was it between this guy telling Apple about the problem and stealing the data?

Let's put it this way, if someone sent you an email telling you about a vulnerability on this web site how long before it was acceptable for him to break into your site using that vulnerability to steal some confidential data? A day? A week? A month?

Reply Parent Score: 5

tylerdurden Member since:
2009-03-17

Have you considered the possibility of two wrongs not making a right?

Reply Parent Score: 3

Soulbender Member since:
2005-08-18

If stealing data is required to get a company to actually give a shit and properly protect the data their customers entrust them with, then so be it.


Uh hu, but you know what? He never even TRIED to disclose this publicly in a responsible way so...f--k him. His actions are irresponsible and unprofessional and gives real security researchers a bad rep

The world isn't black and white.


No but this guy is in the wrong.

Edited 2013-07-23 03:35 UTC

Reply Parent Score: 5

bitwelder Member since:
2010-04-27


If stealing data is required to get a company to actually give a shit and properly protect the data their customers entrust them with, then so be it.

But is it necessary to steal data about 1000000 users to proof that the vulnerability exists?

Reply Parent Score: 4

lucas_maximus Member since:
2009-08-18

If stealing data is required to get a company to actually give a shit and properly protect the data their customers entrust them with, then so be it.

The world isn't black and white.


It is isn't ethical. I find it quite disturbing that you think the opposite.

There are a multitude of way that he could have drawn attention to the problem to force their hand without resorting to actually hacking the system.

I've found vulnerabilities in systems (usually SQL-injection) and have politely told the site owner.

Edited 2013-07-23 12:45 UTC

Reply Parent Score: 4