so people should only look bugs if there is a reward? No one asked him to do it.
Apple is dick?
of course it's on Apple. But again no one asked this guy to look for bugs.
0/10
But it's a dick move to put it out there and say I'm not gonna tell Apple cause there's no bug bounty.
so people should only look bugs if there is a reward? No one asked him to do it.
Well now Apple engineer are just going to focus on the Keychain app and will likely find the exploit.
Apple is not entitled to his labor.But it's a dick move to put it out there and say I'm not gonna tell Apple cause there's no bug bounty.
Another hate on Apple for no reason thread
Meanwhile there's millions of exploits on windows probably
This is how these things in software work. People interested in software poke around. Typically, if something wrong is discovered, a bug bounty incentives sharing that information. That's why so many other companies have them.so people should only look bugs if there is a reward? No one asked him to do it.
Apple is dick?
of course it's on Apple. But again no one asked this guy to look for bugs.
But it's a dick move to put it out there and say I'm not gonna tell Apple cause there's no bug bounty.
Another hate on Apple for no reason thread
Meanwhile there's millions of exploits on windows probably
This would be like me coming to your house and writing a report all the ways I can get in your house then sending you an invoice for my assessment. You didn't ASK me to do it.
No, actually there's not. Many of the exploits in windows are from driver or application issues, not OS issuesAnother hate on Apple for no reason thread
Meanwhile there's millions of exploits on windows probably
Poor giant corporation falling victim to the evils of capitalism.Yea it's interesting seeing so many posters suddenly discovering their inner capitalist lmao.
He's not forcing them to pay.This would be like me coming to your house and writing a report all the ways I can get in your house then sending you an invoice for my assessment. You didn't ASK me to do it.
Neither did Apple, in this case.
Don't want to work for free? Don't do shit without an agreement in place. This isn't hard.
Want to know something someone else knows? Pay then to find out. This isn't hard.Don't want to work for free? Don't do shit without an agreement in place. This isn't hard.
I agree that apple should just give contracts to every coder on the planet. I would personally take that deal. The text of the contract would sound like:This would be like me coming to your house and writing a report all the ways I can get in your house then sending you an invoice for my assessment. You didn't ASK me to do it.
Neither did Apple, in this case.
Don't want to work for free? Don't do shit without an agreement in place. This isn't hard.
Then go make a thread about them.Another hate on Apple for no reason thread
Meanwhile there's millions of exploits on windows probably
This would be like me coming to your house and writing a report all the ways I can get in your house then sending you an invoice for my assessment. You didn't ASK me to do it.
Neither did Apple, in this case.
Don't want to work for free? Don't do shit without an agreement in place. This isn't hard.
This would be like me coming to your house and writing a report all the ways I can get in your house then sending you an invoice for my assessment. You didn't ASK me to do it.
Neither did Apple, in this case.
Don't want to work for free? Don't do shit without an agreement in place. This isn't hard.
Difference is I don't have millions of people coming in my house leaving their valuable shit.This would be like me coming to your house and writing a report all the ways I can get in your house then sending you an invoice for my assessment. You didn't ASK me to do it.
Neither did Apple, in this case.
Don't want to work for free? Don't do shit without an agreement in place. This isn't hard.
But it's a dick move to put it out there and say I'm not gonna tell Apple cause there's no bug bounty.
Apple sucks at cooperating with the security community when it comes to bugs, not having a bounty for critical macOS bugs is part of that. Just like that Facetime bug, too often they completely ignore the issue when it's reported to them, bounty or not, until there's press coverage. Only then do they make haste and contact those who discovered it.so people should only look bugs if there is a reward? No one asked him to do it.
Apple is dick?
of course it's on Apple. But again no one asked this guy to look for bugs.
But it's a dick move to put it out there and say I'm not gonna tell Apple cause there's no bug bounty.
This would be like me coming to your house and writing a report all the ways I can get in your house then sending you an invoice for my assessment. You didn't ASK me to do it.
Neither did Apple, in this case.
Don't want to work for free? Don't do shit without an agreement in place. This isn't hard.
Poor giant corporation falling victim to the evils of capitalism.
It's not this kid's responsibility to fix Apple's fuck ups. He did what he is supposed to do for free if he discovers an exploit. Apple is free to fix it themselves or scrap it and start over again. Or they can just pay the kid for his efforts.
>Kid is greedyMore like the users whose passwords will get compromised cause some kid is greedy.
But that's OK cause Apple is getting owned!
Why?
He's not selling the exploit. Nor is he sharing a public PoC. He simply had it verified by another security researcher.
If he found it, so have others.
He is making the existence of the 0day public so that the public can be aware, and take steps to protect themselves.
Meanwhile, Apple now has constructive knowledge of the issue, and can spend engineering time fixing it.
More like the users whose passwords will get compromised cause some kid is greedy.
But that's OK cause Apple is getting owned!
If he found it then other people have probably found it. But unlike him putting it out in public they are trying to cause harm. People like him that find critical flaws in software that millions of people use is not the villain in this scenario.More like the users whose passwords will get compromised cause some kid is greedy.
But that's OK cause Apple is getting owned!
>Kid is greedy
>Apple has 250+ billion in the bank but can't spend resources on a bounty program
Apple released the software with the flaw, the kid just want a buck for doing their job better than them. Corporate apologists are the worst boot lickers; don't even care about labours getting their worth within the capitalist system they support.
Don't be a software manufacturer and refuse to participate in basic infosec community protocol? This ain't hard.Don't hold an exploit hostage for a payday cause you don't agree with their policy? This ain't hard.
250 billion in the bank and they can't cut him a check for doing their job for them.
Not really.
Please go read up on Apple's lack of transparency regarding security. The users are getting owned because Apple has some hard-on for secrecy that doesn't go well with security.More like the users whose passwords will get compromised cause some kid is greedy.
But that's OK cause Apple is getting owned!