Dailydave mailing list archives
Re: How Apple orchestrated web attack on researchers
From: "James Sineath" <bow.sineath () gmail com>
Date: Tue, 20 Mar 2007 10:13:20 -0400
On 3/20/07, Daniel <daniel () ugc-labs co uk> wrote:
Tell me George, if you owned a mega corporation and you had two researchers threatening to drop a few % from your share price, what would you do? Open up your arms, give them a free macbook and see millions lost on the FTSE/Nasdaq?
Yea, lets just lie about everything and cover it up. That always works out well....
Apple's PR protected the brand, same as Bush protected his brand and Billy G protected his brand. This is business 101 and it's time for security and security researchers to realise the golden years are long gone in todays litigation market. I can't just walk into Ford and say that all american cars are crap, blow up and kill people without expecting some force, so why do researchers think they can get away with it with this "we are protecting the world" approach?
That comparison makes no sense at all. You are comparing two people finding a flaw in wireless drivers with blowing up and killing people. Every Machead I debate this with says the same thing. They argue about how Full Disclosure is bad for everyone and how all of us are wrong and unethical for releasing flaws to the public if a company doesn't patch a flaw in a timely and appropriate manner. I'd like to remind you that this isn't the first incident where Apple has lied to the public about the seriousness of a flaw to protect themselves. You (and the rest of the Apple community that thinks this way) need to wake up. Would you rather us find flaws and keep them to ourselves if the vendor decides not to fix it? Thats how the blackhat community works, they find flaws and keep them to themselves for later use. The blackhat community doesn't give a crap about what the corporations think, they have no rules to abide by. If they find a flaw, they keep it to themselves and use it when they deem necessary. There is a good chance that a number of these flaws were already known by the blackhat community. Do you feel safe knowing that blackhats have their own private collection of exploits that they can use against you? Would you rather they continue to have a collection of unpatched flaws? Instead of binding the hands of white hats with legal and political garbage, you should be encouraging them to find and disclose flaws, not cover them up and hide them. People need to be aware of the risk to their information. Don't get me wrong. I'm all for responsible disclosure, but Apple has shown time and time again that they will not act responsibly in return. The community needs to be aware of the risks and if Apple won't tell the truth, then the community will. Blackhats already have the advantage, why give them one more by binding our hands? Do you REALLY want that risk? -- Bow Sineath - bow.sineath () gmail com _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: my idea of the day, (continued)
- Re: my idea of the day Dragos Ruiu (Mar 17)
- Re: my idea of the day christian void (Mar 16)
- Re: my idea of the day Douglas F. Calvert (Mar 16)
- Re: my idea of the day Cowboym (Mar 16)
- Re: my idea of the day dgiesema (Mar 19)
- Message not available
- Re: my idea of the day Dan Gieseman (Mar 19)
- Re: my idea of the day Robert Graham (Mar 19)
- How Apple orchestrated web attack on researchers George Ou (Mar 20)
- Re: How Apple orchestrated web attack on researchers Daniel (Mar 20)
- Re: How Apple orchestrated web attack on researchers James Sineath (Mar 20)
- Re: How Apple orchestrated web attack on researchers Daniel (Mar 20)
- Re: How Apple orchestrated web attack on researchers Ralph Logan (Mar 20)
- Re: How Apple orchestrated web attack on researchers Matt Beaumont (Mar 21)
- Re: How Apple orchestrated web attack on researchers Mark J Cox (Mar 21)
- PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Dragos Ruiu (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Bob Mahoney (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Adriel T. Desautels (Mar 21)
- Re: PWN to OWN (was Re: How Apple orchestrated web attack on researchers) Nicolas RUFF (Mar 21)