|Home » Industry Watch » The Technological » Hall of Monkeys
The Hall of Monkeys be getting crowded.
So here we go again. As if any of this is new. Truly aghast Kool-Aid™ drinkers and resellers shocked positively shocked their pseudo platform can be hacked faster than Windows.
But Charlie Miller of ISE pointed out a year ago how easy it is to hack Apple computers given their bait and switch attitude towards open source. Apple reacted fast by patching the PCRE hole Charlie found - they had to. He embarrassed them. But otherwise the smug in Cupertino did nothing at all. And things are still chaotic under Bertie.
The CanSecWest hack is merely the latest in a never ending string of scandals. Scandals like Ooompa Loompa and Opener. And people are surprised? Either they just turned twelve and got their first computer or they're terminally stupid.
The rabid wee monsters also conveniently sidestep the fact CanSecWest knew all the details and in consideration of same decided to award the prize to Charlie. The Technological think this a Good Thing™.
What PWN2OWN and CanSecWest want to do with their money is their business - not the business of a bunch of underage Apple weirdos.
Truly sad? Yes - these people are as pathetic as it gets. Which is why they're herewith admitted to The Technological's Hall of Monkeys.
[Note: the quotes have been redacted as most of these people are severely undereducated.]
This is truly sad. I was surprised when the Mac was the first to fall but had assumed it was something new. To have the Mac first to fall for a year old bug is indeed a very big smudge on Apple's reputation.
Lunatic rantings without any statistical data related to Apple Inc's processes
I think he should have to return all his prizes since the bug wasn't an 'unknown bug' as the rules stipulated. Sure he didn't know it was already released, sure his team found it - after reading the release on it back in November!
He exploited a serious bug that should have been fixed a while back but wasn't. The publicity forced a fix. Your OS is now more secure. Stop being a meany and let him keep the cash.
Someone at Apple should have a title along the lines of Chief Open Source Watchdog. Those updates can sneak by anyone.
The contest stipulated 'previously undisclosed zero-day vulnerabilities'. He claims he found it on his own, even though it was previously disclosed. Ignorance is not an excuse! Can he absolutely positively prove beyond a shadow of a doubt he did discover it without help? It should be incumbent upon all entrants to know what vulnerabilities have already been disclosed and if you don't do all your homework beforehand that's just too bad. Otherwise everybody can claim the same thing he did.
I'm not sure why you would assume the bug was new. After the rules were relaxed on the second day this exploit was used within minutes. Clearly the vector of attack was known and planned prior to the event.
As Netizen_Kane stated, the contest stipulated previously undisclosed zero-day vulnerabilities.
Ouch that's painful. It is a good point that it's not technically a zero-day bug though.
Industry Watch: Black Apples
Industry Watch: Two Minute Toast
Macworld: Mac hack contest bug public for a year