Quote:
Originally Posted by Steffen
Well, he hasn't been punished yet, although he ought to be. No ethical and legitimate security researcher will break into a site without permission, just to make a point. If he ever had a CISSP (certifying that he is a legitimate security worker) he's going to lose it now. At work, when we do penetration tests for paying clients me make doubly sure that all paperwork is in place and all affected parties are informed before proceeding. His cowboy antics could well land this guy in jail.
Also, Apple doesn't secretly fix security flaws. All their security fixes are published in security bulletins and due credit is given to the discovers of the vulnerabilities.
Cheers
Steffen.
|
Fair enough, thanks for the info.
I guess that leaves me with the question of why he would have done it the way he did then?. I mean if he was a professional then surely he would have known the protocol to follow when conducting this type of research and if he was trying to do something bad then surely he wouldn't have told Apple about it and put his hand up in public afterwards... perhaps he just wanted to see how far he could get...?
Obviously I don't read computer security news but it seems to me there are similar cases to this every now and then, I suppose I find it strange that there are that many skilled people doing this stuff with good intentions but going about it the wrong way, after all that type of work requires some serious learning and thinking skills. I've interpreted that to mean that the companies are reacting harshly to these people but I see your point.