AT&T sent out emails to all iPad 3G users apologizing for a recent security breach uncovered by Goatse Security. The email called those who uncovered the vulnerability 'malicious' and Goatse Security wasn't at all happy with that.
Well if i understand it correctly. Goetse security found the adresses and then published them openly.
It seems like it would be best for them to contact ATT/Apple, tell them of the flaw and then prove it with the addresses all with only disclosing to the public that a major security flaw was found, what it did, and then that it had been fixed.
Assuming thats correct, Goatse security is in the wrong
ordcestus - I had the same thought. A professional white hat security company would work that way - unless there is more to the story we're missing. You'd probably see less profanity in the response, as well.
[citation][nom]gtvr[/nom]ordcestus - I had the same thought. A professional white hat security company would work that way - unless there is more to the story we're missing. You'd probably see less profanity in the response, as well.[/citation]
yeah the response sounds like it was written by a college student with a temper. Probably just a kid getting his jollies breaking into computer systems under the veil of legitamacy.
If Goatse didn't want to appear malicious, they should have contacted AT&T directly. Instead they shared the info with god knows who, and it wasn't until a third party notified AT&T that it was able to be patched. IMHO, that makes Goatse malicious.
What a bunch of morons! Hey, I only shot you in the leg because you were about to walk out into oncoming traffic. You would have been run over! You should thank me for shooting you!
For anyone who thinks this activity is acceptable, just think what would happen if "research companies" like this took YOUR identity for a joy ride. Rake up thousands of dollars in your name and then sent you a notice telling you "See, your identity can be stolen". You would not be thanking them which is why this action is considered illegal.
Goatse Security needs to fire that idiot for his response and instead of being subversive about this mess they should agree to work with AT&T further (if they really cared about America). But hey, I guess there are limits to how much one (company) really cares.