Really annoyed how this delayed beta 4.
It may or may not have because there is no schedule made public.
Really annoyed how this delayed beta 4.
"He just wanted to see how deep he could go" ...that's not a white-hat hacker.
And posting a YouTube video of your attack is not the way to deal with a serious security threat like this.
This guy is at the least naive and immature, and at worst malicious. In either case, he's not a professional researcher, he's just a jackass looking for fame.
He should have given Apple more time before resorting to doing this. At least a week to respond, it's a large company.
He should have given Apple more time before resorting to doing this. At least a week to respond, it's a large company.
Going as deep as possible is exactly what most developers reporting a bug do, in an attempt to be helpful.
Eh? He didn't show how to do it.
It sounds like he was scared that Apple might blame him for their goof.
What on earth are you talking about? Resorting to what?
He officially and privately reported the data leaks to Apple, same as he had reported previous bugs. In (what he thought was a) response to his bug report, Apple shut down their website.
Days later, Apple finally posts a note blaming an intruder. He thought they meant him, although it's quite possible that his bug report actually clued them into a much larger problem.
And he still hasn't given any details on the data leak mechanics.
His only goof was showing some names in his video, but heck, even Apple claims those are not sensitive private details.
So he reports a bug 6 days ago (including 2 days of weekend) and instead of letting them fix it he runs to the media for attention????
Got it.
SMH.
"If he wanted to do ill, he says, he wouldn't have reported everything he found."
Something about this just seems a little fishy, I dunno. If I was to break into your house but steal nothing, that would still be a crime. Especially knowing how seriously Apple take security, I think there's the potential for this to balloon out of control.
Why is it silly? It's not the same, sure, but it still demonstrates the point well enough to make it.The "breaking into house" metaphor is silly. A better example is finding, for example, a hidden way into a bank's records. But that's silly too because it's not a bank, or a house. These metaphors are stupid and don't serve the truth, just personal judgements.
Yeah ... You notice a bank with its door open at night, you notify that bank, and the next night when the door is still opened you decide to go in and take some money, then you send some of that money back to the bank to show them what you were able to do, the bank then quickly closes for some time to figure out what exactly happened, what lead to it, what needs to be changed, etc., but you are the one who has been wronged somehow or should be a hero for how you went about it all? ... YeahHe reports the vulnerability to Apple and gets no reply and Apple chooses to shut down the Developer Center and still hasn't contacted him.
SMH
Yeah ... You notice a bank with its door open at night, you notify that bank, and the next night when the door is still opened you decide to go in and take some money, then you send some of that money back to the bank to show them what you were able to do, the bank then quickly closes for some time to figure out what exactly happened, what lead to it, what needs to be changed, etc., but you are the one who has been wronged somehow or should be a hero for how you went about it all? ... Yeah
Yeah ... You notice a bank with its door open at night, you notify that bank, and the next night when the door is still opened you decide to go in and take some money, then you send some of that money back to the bank to show them what you were able to do, the bank then quickly closes for some time to figure out what exactly happened, what lead to it, what needs to be changed, etc., but you are the one who has been wronged somehow or should be a hero for how you went about it all? ... Yeah
Yet another terribly reply.yet another terrible analogy lol
None of that justifies or excuses exploiting the issue though (perhaps beyond what was necessary for the original discovery), and that's a bigger part of it all.I believe the bank would have called me if I contacted them.
It does seem like the reasonable thing to do when someone tells you that you have a vulnerability that is putting their users (customer's) at risk.
The guy still hasn't heard from Apple and now he's doing an interview with CNN. Anyway you want to look at it Apple doesn't look good given the information currently available.
Apple handled it wrong and the CNN interview isn't going to do Apple any good considering their history of staying silent.
Who knows if this guy is the only one that has found all of the problems he did.
Who knows how many hackers have already accessed and copied information?
Apple should have informed the Developers the day they were notified and not almost 4 days later.
Apple Failure on the way they handled the situation on pretty much every level.
I'm just glad when they had the last iTunes hack where all you needed was a email address and a Birthday to reset your password giving full access to your account that I deleted my Credit Card info I had on file with them.
Can't hack our system my Ass.
Edit. It will be very interesting to see how Tim Cook handles this in tomorrow's conference call after they report their numbers for the quarter.
Going as deep as possible is exactly what most developers reporting a bug do, in an attempt to be helpful.
Eh? He didn't show how to do it.
The "breaking into house" metaphor is silly. A better example is finding, for example, a hidden way into a bank's records. But that's silly too because it's not a bank, or a house. These metaphors are stupid and don't serve the truth, just personal judgements.
Not when "going deep" means "download 100k user accounts". That's not probing deeper, that's just a kid in a candy store. Downloading 1 account would have been enough to verify the bug exists.
The point is, detailing the nature of the attack publicly before Apple had a chance to address the security issue is not behaving responsible and in a white hat manner.
He reports the vulnerability to Apple and gets no reply and Apple chooses to shut down the Developer Center and still hasn't contacted him.
SMH
some times you do not need to if 1 the bug report was good, 2 they were able to replicated it. Could be as soon as they knew they could easily replicated they shut it down. They do not need any farther information. I have done entire bug fixes on what I work on with nothing more than the bug report because it was written well and told me how to easily replicated it.
Going as deep as possible is exactly what most developers reporting a bug do, in an attempt to be helpful.
Eh? He didn't show how to do it.
It sounds like he was scared that Apple might blame him for their goof.
What on earth are you talking about? Resorting to what?
He officially and privately reported the data leaks to Apple, same as he had reported previous bugs. In (what he thought was a) response to his bug report, Apple shut down their website.
Days later, Apple finally posts a note blaming an intruder. He thought they meant him, although it's quite possible that his bug report actually clued them into a much larger problem.
And he still hasn't given any details on the data leak mechanics.
His only goof was showing some names in his video, but heck, even Apple claims those are not sensitive private details.
Did you contact the person(s) that reported the bug to you?
Why is it silly? It's not the same, sure, but it still demonstrates the point well enough to make it.
Oh. Umm … sorry for giving my personal judgement on a forum?![]()
Nope. Often time it is just tied into the next release. There is nothing public about it. Heck a lot of the bugs get lumped under the the term "and minor bug fixes" No reference to what the bugs even were.