Sent from my BlackBerry® smartphone -----Original Message-----
From: Subscriptions from Posterous Spaces
Date: Wed, 9 Nov 2011 13:37:07 To:
Subject: Your Daily Posterous Spaces Update
Your Daily Posterous Spaces Update November 9th, 2011
Find A Vulnerability In Apple Software; Lose Your License As An Apple Developer Posted about 21 hours ago by joelpomales to joelpomales's posterous Find A Vulnerability In Apple Software; Lose Your License As An Apple Developer
via Techdirt by Mike Masnick on 11/8/11
It appears that Apple is the latest company to take a "kill the messenger" approach to security vulnerabilities. Hours after security researcher Charlie Miller found a huge vulnerability in iOS , which would allow malicious software to be installed on iOS devices, Apple responded by taking away his developer's license .
The obvious implication: don't search for security vulnerabilities in Apple products, and if you do find them, keep them to yourself.
First off, here's Miller explaining the security hole: Embedded media -- click here to see it. To be fair, Miller did get Apple to approve an app that he was using to demo the security flaw. However, kicking him out of its developer program is exactly the wrong response. Miller, clearly, was not looking to use the code maliciously -- just demoing a problem with their system. In other words, he was helping Apple become more secure, and they punished him for it. The message seems to be that Apple doesn't want you to help make their system more secure. Instead, they'd rather let the malicious hackers run wild. As Miller noted to Andy Greenberg at Forbes (the link above): "I'm mad," he says. "I report bugs to them all the time. Being part of the developer program helps me do that. They're hurting themselves, and making my life harder." And, no, this is not a case where he went public first either. He told Apple about this particular bug back on October 14th. Either way, this seems like a really brain-dead move by Apple. It's only going to make Apple's systems less secure when it punishes the folks who tell it about security vulnerabilities.
Permalink | Comments | Email This Story Want your own? Change your email settings
From: Subscriptions from Posterous Spaces
Date: Wed, 9 Nov 2011 13:37:07 To:
Subject: Your Daily Posterous Spaces Update
Your Daily Posterous Spaces Update November 9th, 2011
Find A Vulnerability In Apple Software; Lose Your License As An Apple Developer Posted about 21 hours ago by joelpomales to joelpomales's posterous Find A Vulnerability In Apple Software; Lose Your License As An Apple Developer
via Techdirt by Mike Masnick on 11/8/11
It appears that Apple is the latest company to take a "kill the messenger" approach to security vulnerabilities. Hours after security researcher Charlie Miller found a huge vulnerability in iOS , which would allow malicious software to be installed on iOS devices, Apple responded by taking away his developer's license .
The obvious implication: don't search for security vulnerabilities in Apple products, and if you do find them, keep them to yourself.
First off, here's Miller explaining the security hole: Embedded media -- click here to see it. To be fair, Miller did get Apple to approve an app that he was using to demo the security flaw. However, kicking him out of its developer program is exactly the wrong response. Miller, clearly, was not looking to use the code maliciously -- just demoing a problem with their system. In other words, he was helping Apple become more secure, and they punished him for it. The message seems to be that Apple doesn't want you to help make their system more secure. Instead, they'd rather let the malicious hackers run wild. As Miller noted to Andy Greenberg at Forbes (the link above): "I'm mad," he says. "I report bugs to them all the time. Being part of the developer program helps me do that. They're hurting themselves, and making my life harder." And, no, this is not a case where he went public first either. He told Apple about this particular bug back on October 14th. Either way, this seems like a really brain-dead move by Apple. It's only going to make Apple's systems less secure when it punishes the folks who tell it about security vulnerabilities.
Permalink | Comments | Email This Story Want your own? Change your email settings
No comments:
Post a Comment