Hacker News new | past | comments | ask | show | jobs | submit login

That probably wouldn't have shut down the site, which in turn would not have gotten the attention. He wasn't making a point to Apple, who already knew the bugs existed, he was making Apple do something about it. He did.



> That probably wouldn't have shut down the site

So the guy is a hero. Thanks for disturbing real life businesses for several days, I guess?

> he was making Apple do something about it.

This behavior is endemic for the self-righteous security "researcher" scene. "I found a bug - you must do what I say, NOW, or else ..."

It's not like Apple would have ignored his bug reports if he wouldn't have scraped 100k developer accounts.


"This behavior is endemic for the self-righteous security 'researcher' scene"

Yes, and that behavior is moving us to a world where corporations have to be careful what they put out, not just rush the newest shiny feature out faster. Besides, who do you want exploiting the bug, a self-righteous guy who 'may' be in it for his own glory, or an out-and-out criminal?


He says he reported the bug previously and got no response...

So, it's very much "like Apple would have ignored his bug reports..."


What he leaves out is that he waited less than a day for a response. (You can see this from the radar shown in his video)


His video shows that he filed radars on July 19th - the same day downloaded the 100,000 developer names and email addresses.

This is not responsible reporting, and he's clearly broken the UK computer misuse laws, since he signed an agreement with Apple governing the use of these systems.

I hope he's arrested soon. This behavior does nothing to help legitimate business or the security community.


If it truly was same day, I agree, that changes everything. I'll wait until more information comes out to decide.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: