Month of Apple Bugs (MOAB)

Hex Star hexstar at gmail.com
Tue Jan 2 16:50:11 PST 2007 

again...what's the big deal over just two exploits??? are there more then
two exploits these fools are publishing and if so where?? All I see are two
exploits they've publicised and if that's all that they've found I think
it's really silly that everyone is getting all hyped up over just two
exploits that Apple will no doubt quickly patch...but if there are more then
just two exploits these guys have published then where are they????

On 1/2/07, Patrick Coskren <pcoskren at mac.com> wrote:
>
> On Jan 2, 2007, at 7:28 PM, Robert La Ferla wrote:
>
> > Looks like we will get a bunch of bugs this month and hopefully
> > fixes by Apple...
> >
> > http://projects.info-pull.com/moab
>
> Goodie.  I've seen these guys post on Slashdot and one of the Mac OS
> security lists, and they really come across as a bunch of smug little
> college students looking to take the MacOS fanboys down a notch.
>
> From the site:
>
> > Are the issues being reported to the vendor before public disclosure?
> > Rarely, the point is releasing them without vendor notification.
> > Although, sometimes we may decide to pass an issue through the
> > appropriate people. The problem with so-called 'responsible
> > disclosure' is that for some people, it means keeping others on
> > hold for insane amounts of time, even when the fix should be
> > trivial. And the reward (automated responses and euphemism-heavy
> > advisories) doesn't pay off in the end.
>
> I mean, come on, how childish is that?  If you really want to force
> the point, submit the problem to the vendor with some sort of
> deadline.  Yeah, it's extortion, but at least the vendor has a
> chance.  Doing it like this, out of some weird misplaced cynicism, is
> just playing "gotcha".
>
> Hopefully, Apple already has a security team to rapidly assess and
> deal with "zero-day" vulnerabilities.  And hopefully all the bugs
> these jokers find are ones that are relatively easy to patch.  If
> they wind up finding a serious exploit and publicizing it before
> Apple can get a fix, out of some mistaken sense that vendor
> indifference is the only possible reason for the existence of
> security problems, then a lot of people could get screwed.  And these
> jerks will probably cross their arms, rock back on their heels, and
> murmur "told ya."
>
> -Patrick
> _______________________________________________
> MacOSX-talk mailing list
> MacOSX-talk at omnigroup.com
> http://www.omnigroup.com/mailman/listinfo/macosx-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /mailman/archive/macosx-talk/attachments/20070102/e447e5d4/attachment.html

More information about the MacOSX-talk mailing list