N3OGH
Bear patrol must be working like a charm
Premium
join:2003-11-11
Philly burbs
 ·Verizon FIOS
 ·Verizon Online DSL
| OS X is more secure...
Well, I got ya to read it, didn't I?
If Maynor believed his discovery was a genuine threat, he should have waited until Apple patched it. It's called ETHICS folks. He's not some "black hat" hacker running net bots and Russian credit card scams. He works for a computer security company that bills itself as " the leading Managed Security Service Provider (MSSP) serving the security needs of banks, credit unions, healthcare providers, utilities and other security-oriented companies as they protect themselves against hackers and other cyber criminals." It's his job to stop people from hacking into computers, not show the whole world how to do it.
Putting this threat, or ANY threat out in the public realm, without making sure the company responsible has secured it is akin to medical malpractice.
If he believes the threat was indeed genuine, he needlessly put millions of computer users at risk of compromising their data for not other reason than to massage his ego. If he didn't believe the threat was genuine, he put out a fluff piece simply to..massage his own ego.
Quite frankly, he deserves a spanking from someone for either being unethical or being a damn liar. If SecureWorks wasn't willing to do it on their own, kudos to Apple for forcing them to... |
|
JakCrow
join:2001-12-06
Palo Alto, CA | Apple had plenty of time to patch it before these guys were going to go live with the flaw. Sometimes the only way to get a company like to "do the right thing" is to shame them into doing it. |
|
N3OGH
Bear patrol must be working like a charm
Premium
join:2003-11-11
Philly burbs
·Verizon FIOS
·Verizon Online DSL
| Either way, his profession is computer security.
So, while he's "shaming" someone, my data is at risk? How about this.
The police are conducting an investigation into a local bank robbery. The local paper decides they're "taking to long" and decides to publish the name and photograph of the robber in the local newspaper before they complete the investigation and arrest him, and he gets away.
Of course the paper knows this, but they do it anyway. Unethical? Damn skippy.
Same thing. If the risk was as high as he said it was, he put millions of USERS at risk for no good reason. Obviously no one knew about this exploit before he published it. Since no one knew of it, the risk was nill.
His actions are what made the exploit common knowledge, and ultimately a threat. He put MY data at risk for no good reason other than being the "guy who found the hole in the Mac". It's unethical, and no measure of rationalization can explain it away.... |
|
JakCrow
join:2001-12-06
Palo Alto, CA
1 edit | You misunderstand the whole issue. Apple had plenty of time to fix the problem. Apple -wasn't fixing it-. Apple was dragging its feet over the issue, or just providing misinformation about it. Quite a while has gone by since the original news about these flaws, and it was only last week that Apple released a fix. How long should someone sit on their research, waiting for a company to even admit there's a problem? A week? A month? 6 months? You realize that Microsoft wouldn't issue half the patches they do if it weren't for 3rd parties discovering security issues and going public with them, right? |
|
N3OGH
Bear patrol must be working like a charm
Premium
join:2003-11-11
Philly burbs
·Verizon FIOS
·Verizon Online DSL
| said by JakCrow  :How long should someone sit on their research, waiting for a company to even admit there's a problem? Till they die and rot, if it takes that long.
If this guy was a lone wolf, I would have a lot less of a problem with it. But his job is to make computers more secure for a multitude of large clients.
I don't believe for a second that his motives were 100% altruistic. This guy was looking for publicity. He got it, and now he reaps what he sows.
If he doesn't like it, he can quit his computer security job and go copy DVD's in his basement. Then he's free to speak wherever and whenever he wants. As long has he's working where he's working, he bound by their directives. |
|
Johnny
Premium
join:2001-06-27
Atlanta, GA | reply to JakCrow
Apple -wasn't fixing it-.
There was nothing to fix. The "flaw" he "discovered" didn't exist. Read Apple's response. |
|
