For what it’s worth, I have dealt with Apple’s security team; on one occasion I
was very unimpressed by the response and ended up disclosing to the public one
month after the deadline I’d given Apple (sixty days) and on the other occasion
I got a straight and immediate reply confirming the behav
I would agree, take the case of I believe it was United airlines. Someone
found a vulnerability in their systems and received a million frequent flyer
miles in return. A lot of times people get jobs out of these discoveries and
are placed in some sort of security consulting position.
> On A
ge-
From: macvisionaries@googlegroups.com [mailto:macvisionaries@googlegroups.com]
On Behalf Of Shaf
Sent: Thursday, August 13, 2015 11:53
To: macvisionaries@googlegroups.com
Subject: Re: Why you shouldn't freak out about scary sounding exploits
That's good for you. A wealthy company such as Apple
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Generally they do actually pay people who find security problems or
payment can be worked out. But finding exploits isn't as easy as
tweaking a setting here or there, it takes a lot of work. Usually when
you do it there's other reasons behind it--being
Of Shaf Sent:
>> Thursday, August 13, 2015 11:53 To:
>> macvisionaries@googlegroups.com Subject: Re: Why you shouldn't
>> freak out about scary sounding exploits
>>
>> That's good for you. A wealthy company such as Apple should pay
>> those who f
@googlegroups.com
> [mailto:macvisionaries@googlegroups.com] On Behalf Of Shaf
> Sent: Thursday, August 13, 2015 11:53
> To: macvisionaries@googlegroups.com
> Subject: Re: Why you shouldn't freak out about scary sounding exploits
>
> That's good for you. A wealthy company such
[mailto:macvisionaries@googlegroups.com]
On Behalf Of Shaf
Sent: Thursday, August 13, 2015 11:53
To: macvisionaries@googlegroups.com
Subject: Re: Why you shouldn't freak out about scary sounding exploits
That's good for you. A wealthy company such as Apple should pay those
who find security holes and repo
That's good for you. A wealthy company such as Apple should pay those
who find security holes and report to them.
On 8/13/2015 7:36 PM, Littlefield, Tyler wrote:
> Hello: A lot of companies do have bounties like this. For example,
> the company I worked for works on Drupal. There was a bounty
> of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello:
A lot of companies do have bounties like this. For example, the
company I worked for works on Drupal. There was a bounty offered
through the association. I report stuff like this I find when it is a
problem, not because I want to get paid but be
Chris you’re right of course. This is the general way it’s done. Someone
finds an exploit, submits to the company and depending on how they react and if
they take it seriously or not determines your next steps.
I’m with the original author though, I think most of this is noise and designed
to
Why should I tell Apple of exploits if they don't pay me??
They should introduce a bug bounty program. Otherwise I have no interest
in keeping their bugs confidential.
On 8/13/2015 7:10 PM, 'Chris Blouch' via MacVisionaries wrote:
> With the complexity of OSX and iOS I think if somebody figures o
With the complexity of OSX and iOS I think if somebody figures out the
right combination of tweaks to bypass security they should tell Apple
right away and hold off a bit before telling the world. At least give
them a chance to fix it before giving a free hand up to the bad guys. Of
course that
Absolutely +1 this.
On 8/13/2015 6:21 PM, Sabahattin Gucukoglu wrote:
> I don’t agree with the author. Of course, this is MacWorld—some amount of
> Apple butt-kissing is to be expected—but I find his attitude very worrying.
>
> First, “Responsible disclosure” vs “Full disclosure” is a choice of
I don’t agree with the author. Of course, this is MacWorld—some amount of
Apple butt-kissing is to be expected—but I find his attitude very worrying.
First, “Responsible disclosure” vs “Full disclosure” is a choice of
researchers, and privileged authors of the press shouldn’t be using their
pe
14 matches
Mail list logo
