Quote:
Originally Posted by pluto
Seriously though it's a worrying trend that companies are punishing legitimate security researchers who point out flaws in their systems for the purpose of making them safer rather than exploiting them for commercial gain. Of course this isn't just Apple, though they do have a history of quietly sweeping security issues under the rug in an effort to preserve their image of "it just works".
|
Well, he hasn't been punished yet, although he ought to be. No ethical and legitimate security researcher will break into a site without permission, just to make a point. If he ever had a CISSP (certifying that he is a legitimate security worker) he's going to lose it now. At work, when we do penetration tests for paying clients me make doubly sure that all paperwork is in place and all affected parties are informed before proceeding. His cowboy antics could well land this guy in jail.
Also, Apple doesn't secretly fix security flaws. All their security fixes are published in security bulletins and due credit is given to the discovers of the vulnerabilities.
Cheers
Steffen.