Interesting People mailing list archives
How Apple orchestrated web attack on researchers
From: David Farber <dave () farber net>
Date: Mon, 26 Mar 2007 04:12:28 -0400
Begin forwarded message: From: Victor Marks <victormarks () gmail com> Date: March 25, 2007 9:29:55 PM EDT To: dave () farber net Subject: Re: [IP] How Apple orchestrated web attack on researchers Dave, for IP if you wish. I just want to make sure I understand.Apple doesn't like publicity about an exploit that makes it look as though their product is insecure. So they use their PR employees to get a clarification published? And they allegedly attempt to get a retraction? Once they secure a clarification, they then feed that to other reporters to get it published?
That's not surprising.What is surprising is that George Ou, the author of that piece believes that the appropriate reaction is for any security researcher to now publish exploits without submitting to the software vendor.
I'm not sure what to think of this article, when it ascribes the "month of Apple bugs" which were mostly non-Apple-software to a 'community' when it was two individuals behind it.
I'm not sure what to think of the author, when he supports their insistence that not talking to the vendors of the different software packages where they found bugs was the correct action.
Could someone explain why I should be surprised about PR reps defending their employer, and explain why George Ou and the two Month of Apple Bugs guys are right to believe that bugs should be openly disclosed?
What is more important, that software vendors fix vulnerabilities, or that reporters of vulnerabilities get recognition?
Regards, Victor Marks On 3/25/07, David Farber <dave () farber net> wrote: Begin forwarded message: From: Bob Alberti <alberti () sanction net> Date: March 25, 2007 6:02:59 PM EDT To: dave () farber net Subject: How Apple orchestrated web attack on researchers Reply-To: alberti () sanction net http://blogs.techrepublic.com.com/Ou/?p=451 "Last summer, when I wrote "Vicious orchestrated assault on MacBook wireless researchers," it set off a long chain of heated debates and blogs. I had hoped to release the information on who orchestrated the vicious assault, but threats of lawsuits and a spineless company that refused to defend itself meant I couldn't disclose the details. A lot has changed since then: Researcher David Maynor is no longer working for SecureWorks, and he's finally given me permission to publish the details." -- Bob Alberti, CISSP, ISSMP President, Sanction, Inc. Phone: (612) 485-6000 ext 211 PO Box 583453 Cell: (612) 951-0507 Mpls, MN 55458-3453 alberti () sanction net http://www.sanction.net "Sure you back up your data, but have you tested whether restores work?" ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com
Current thread:
- How Apple orchestrated web attack on researchers David Farber (Mar 25)
- <Possible follow-ups>
- How Apple orchestrated web attack on researchers David Farber (Mar 26)
- Re: How Apple orchestrated web attack on researchers David Farber (Mar 26)
- Re: How Apple orchestrated web attack on researchers David Farber (Mar 26)