Microsoft & Apple vs. The White Hat Hacker

22

Comments

+ Add a Comment
avatar

Balgaroo

Fire Sale?  Oh please can someone smarter than me please prove why we should listen to what people are telling us.  

 

 

 It's a Die Hard reference if your too stupid to get it.  

avatar

bathtbgin

I'm sorry i stopped reading the article after seeing Goatse Security, when i'm done laughing i'll try to read the rest.  Also MPC you really dropped the ball on the graphic you could have used for this story.

avatar

bskoreyko

I don't think it is fair to charge these people with any illegal activity. While their methods may be breaking the law or software agreements they didn't turn around and sell this information. I don't agree with breaking any laws however if there is no organization who will test the various hardware/software/technical devices released by big corporate companies then these littles guys who are up for the challange have my support!

Checks and balances? Google, you should back your employees... Google is big enough it could have gone to Microsoft with the findings of the employee and said man you should fix this!!! Apple has no hope as Steve Jobs is a complete douche bag!!!

avatar

tkid124

I think the question is did Google have anything to do with what the employee did?  If they put the employee up to it then, yes they should stand by their work.  However contrary to popular belief, Google is a publicly traded business, meaning their job is to protect their investor’s pocket books.  This includes not defending a rouge employee.

avatar

tkid124

First the only Wall Street Journal article that I found on the subject, (http://online.wsj.com/article/SB10001424052748703885104575303032919382858.html) was at most critical, not criminalizing as Weev claims.
While their actions may be illegal, I have to wonder if end consumers would really stand by as a company attacks a person acting to protect them.  Sadly I think many consumers would.  AT&T got embarrassed; they can just get over it.  They have more than enough bad press for the entire year now, between their removing of unlimited data plans, threatening to send a cease and desist letter for the common practice of a customer emailing the CEO, do they really want to take a group of hackers/helpers to court.  Quite frankly I don’t think these companies are doing enough.  They should be screening and hiring these hackers in advance of product releases.  Not pressing chargers after they hand over the information of security weaknesses.  While I do think that the Google employee should have given more time to Microsoft so they could fix the problem, if we prevent these hackers from being able to take information to the press we fail the good they do.  In essence a company could take the info, say oh that will never happen and just sit on it, leaving the hackers there sucking their thumbs, our data not as secure as it could be, and nothing being done about it.
I have a recommendation:
The big players, (ie Google, Microsoft, Unbuntu, Apple, ETC) should become involved in offering competitive grants to non-profit White Hat Hackers.  Because the big players hold the money for these new non-profits they would be able to mandate who can and who can’t have unprosecuted access to their companies servers, etc.  This keeps the government off their backs and away from slowing down innovation, consumers safer, and hackers busy and offers a financial reward (however small it may be) to those who meet certain bench marks.  Under this or a modified version of my recommendation white hackers would have very clear rules of what they can and cannot do in terms of releasing information to the press, but they must be free after a reasonable amount of time to get public credit for their work and to make the end users aware that there was a security flaw.

avatar

Neon Samurai

I have to admit that I was surprised that Apple beat Microsoft to a patch for the Pwn2own demonstrated browser vulnerabilities. Also, Mirosft's own technet posting about this latest vulnerability came out pretty quietly; if Windows admin's who monitory new posts noticed, you can bet most of the public at risk did not. You can also bet that if a researcher found this, people with criminal intent also knew of the vulnerability and had it stockpiled with whatever else they've found.

- Reporting it publicly brought media coverage notifying a much wider audience outside of the few Windows admins who have Technet rss feeds.

- Reporting details allows end users and those who support them to implement workarounds for protection between now and whenever Microsoft finally ships a patch.

- Reporting it allowed for peer review during which, other researchers found further extent of the vulnerability. MS own researchers are smart but they're crippled by time/money budgets and corporate PR image limitations.

I say that releasing details was the responsible thing to do because the only people who didn't know about this where the people at most risk of being breached because of it.

(I also see irony in having to specify "white hat" or "ethical hacker". The norm should be having to specify "unethical hacker" as the majority of the subculture are ethical and well intentioned people keeping there self directed learning within there own lab environments.)

(edit): meant to reply to Arrowdodger's comment below but it works as a general comment also.

avatar

cynical

hmmm guess they should've put wings on the iPad to stop those leaks.

avatar

s1r 70nk

Someone has to be looking out for the end-users. 

avatar

Five Rabbits

These guys should be okay, I mean surely a company like Apple is more concerned with the quality of their product than their image... oh wait, yeah these guys are screwed.

avatar

Ian_Gompers

White hats are just plain helpful, Jobs should be happy that Goatse aren't grey or black hats.

avatar

gendoikari1

They're brown hats. 

avatar

Dark_Matter

They are criminals

avatar

mrvander

Gauge.

avatar

CentiZen

In the eyes of the law, of course whitehats are criminals. Regardless of weather or not goatse waited to releaser the data untill the system had been secured, they still broke into a computer system, and they still stole data that wasn't theirs.

Now, I consider myself a whitehat. I've been doing it for years, and while I might not be as high profile as these guys, I do know more than just a thing or two. Whitehats, if you will pardon the analogy, are sort of like batman. They work hard to make the internet a safer place, to stop those that will use the internet to harm others and so on. But, the way they go about it, is still illegal, and even though the authorities might respect what they do, they still have to try to stop them, even if the ends justify the means. 

SHEILA: AMD X4 965 3.2GHZ ; 4 GB G.SKILL GAMING RAM ; RADEON HD 5770 1GB

avatar

fiXXer

I for one truely appreciate those white hatters with the skills to expose these exploits.  Not only that but they (hopefully) have the integrity to use the information for the right reasons.  If they didn't bring these vulnerabilities to light in a responsible way, someone else would eventually find them and use them for all the WRONG reasons.  Shame on Microsoft and Apple both for jumping the gun and labeling these people/groups as criminals without any evidence of wrong-doing.

avatar

BuLLg0d

These companies should thank the public for paying to beta test their "finished" product for them and informing them of security leaks, exploits and glitches.  If political correctness goe's awry in this field the way it did in so many other areas of regular life during the late 90's then I just give up.  Oh, and as far as Apple is concerned, it's about time someone actually showed them they are not as bullet proof to exploits as they all think. When you have little market share, no one cares about breaking in. When you gain popularity in the market, it gives hackers no choice but to break finalized OS's. No one hacked any Apple OS before because no one cared. Now that so many people are on the Apple bandwagon there is much more data to "want" from these people.

 The last thing any of these ignorant people want is to push the white hat's over to the dark side. Then who will protect us? Certainly not Apple, Microsoft, and newspaper journalists.  White hatters would make oh so evil Sith Lords. You REALLY don't want that. 

 

FYI reporters, and those who write code. Drop the sham about your shit being bulletproof and leave those people who work on your crap for free and inform you of YOUR mistakes and YOUR security holes ALONE.  These are your friends and saviours. They help make your false claims true, over time.  YOU should be judged for your false advertising and misleading articles. 

 

Watch and see, Every 3 seconds, according to "Stevie Boy" Jobs, another iPad is purchased. The game "King Of The Mountain" is about other people trying to knock you off. Your pathetic snobby. elitist attitude is what almost killed Apple in the first place. I see things coming full circle.   And Microsoft, Windows 7 was my idea bitches.

avatar

blazewardog

I pity the poor innocent journalists that had to google Goatse to find information about this group and their finding of gaping holes

avatar

tapple

ROLF LMAO

I think this was all a ploy to get the world to search for goatse

avatar

jamesrascal

I always find these stories amazing, not so much from the point of view of a hacker more so of that of the company's reaction to what exploits have been found. If you look at what happened with Apple the guys that found the exploit where only using it to show people "look we found a problem fix it". Then when the company's like Apple and Microsoft react like they do in such a negative way we are surprised. These company's should be rewarding these guys and not punishing them.

avatar

Arrowdodger

It really depends on how it goes down. In the Apple incident, they waited until it was patched before telling everyone it was there. That's a good thing. In the Google/Microsoft incident, I'm pretty sure they just released details right away, without waiting for Microsoft to issue a fix. That's bad.

avatar

Camerone

I also doubt that the people who DO blow the whistle on such exploits and vulnerabilities are not the first people to discover them; these companies should be grateful for the help these people provide.  Obviously their own employees couldn't discover them in a timely fashion >_>

avatar

Blues22475

I think part of the reason why people think white hats are bad is because the term "hacker" has a negative connotation to it. People seem to infer from the term "hacker" that a person might have malicious intent. Some folks don't see there are different "classes" of hackers and that they all don't mean harm. As a matter of fact, White Hats are benefical for software developers by helping find the flaws in a product.

---------------------------------------------

Ignorance is man's greatest enemy.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.