Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

How Apple orchestrated web attack on researchers

From: David Farber <dave () farber net>
Date: Mon, 26 Mar 2007 04:12:28 -0400


Begin forwarded message:

From: Victor Marks <victormarks () gmail com>
Date: March 25, 2007 9:29:55 PM EDT
To: dave () farber net
Subject: Re: [IP] How Apple orchestrated web attack on researchers

Dave, for IP if you wish.

I just want to make sure I understand.
Apple doesn't like publicity about an exploit that makes it look as though their product is insecure. So they use their PR employees to get a clarification published? And they allegedly attempt to get a retraction? Once they secure a clarification, they then feed that to other reporters to get it published? 

That's not surprising.
What is surprising is that George Ou, the author of that piece believes that the appropriate reaction is for any security researcher to now publish exploits without submitting to the software vendor.
I'm not sure what to think of this article, when it ascribes the "month of Apple bugs" which were mostly non-Apple-software to a 'community' when it was two individuals behind it.
I'm not sure what to think of the author, when he supports their insistence that not talking to the vendors of the different software packages where they found bugs was the correct action.
Could someone explain why I should be surprised about PR reps defending their employer, and explain why George Ou and the two Month of Apple Bugs guys are right to believe that bugs should be openly disclosed?
What is more important, that software vendors fix vulnerabilities, or that reporters of vulnerabilities get recognition? 

Regards,
Victor Marks

On 3/25/07, David Farber <dave () farber net> wrote:

Begin forwarded message:

From: Bob Alberti <alberti () sanction net>
Date: March 25, 2007 6:02:59 PM EDT
To: dave () farber net
Subject: How Apple orchestrated web attack on researchers
Reply-To: alberti () sanction net

http://blogs.techrepublic.com.com/Ou/?p=451

"Last summer, when I wrote "Vicious orchestrated assault on MacBook
wireless researchers," it set off a long chain of heated debates and
blogs. I had hoped to release the information on who orchestrated the
vicious assault, but threats of lawsuits and a spineless company that
refused to defend itself meant I couldn't disclose the details. A lot
has
changed since then: Researcher David Maynor is no longer working for
SecureWorks, and he's finally given me permission to publish the
details."
--
Bob Alberti, CISSP, ISSMP                      President, Sanction, Inc.
Phone: (612) 485-6000 ext 211                              PO Box 583453
Cell: (612) 951-0507                                 Mpls, MN 55458-3453
alberti () sanction net                             http://www.sanction.net

"Sure you back up your data, but have you tested whether restores work?"



-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/@now
Powered by Listbox: http://www.listbox.com


-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/@now
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: