How Apple Orchestrated Attack On Researchers 389
An anonymous reader sends us to George Ou's blog on ZDNet for a tale of how Apple's PR director reportedly orchestrated a smear campaign against security researchers David Maynor and Jon Ellch last summer. Ou has been sitting on this story ever since and is only now at liberty to tell it. He posits that the Month of Apple Bugs was a direct result of Apple's bad behavior in the Maynor-Ellch affair. From the blog: "Apple continued to claim that there were no vulnerabilities in Mac OS X but came a month later and patched their Wireless Drivers (presumably for vulnerabilities that didn't actually exist). Apple patched these 'non-existent vulnerabilities' but then refused to give any credit to David Maynor and Jon Ellch. Since Apple was going to take research, not give proper attribution, and smear security researchers, the security research community responded to Apple's behavior with the MoAB (Month of Apple Bugs) and released a flood of zero-day exploits without giving Apple any notification. The end result is that Apple was forced to patch 62 vulnerabilities in just the first three months of 2007 including last week's megapatch of 45 vulnerabilities."
i didn't know that. (Score:5, Funny)
Karl Rove is Apple's PR director?
Re:George Ou? (Score:3, Funny)
No, I only hang out with the smart people - the engineers.
March is 'month of slow news days' on slashdot. (Score:5, Funny)
Re:So I don't get it... (Score:1, Funny)
As I recall there were a few bugs (a very significant minority) in there that Apple had some responsibility for, but they were obscure and there were no known in-the-wild attacks.
MoAB was nothing but a smear campaign. I'm happy to see Apple smearing them back.
Comment removed (Score:2, Funny)
Re:Ou appears to be a liar (Score:1, Funny)
He doesn't appear too observant, either. One of his blogs sang the vitues of Vista's ACL, and tried to compare it to OS X's authentication, saying how nice and friendly the ACL was, as all you had to do was click "allow" instead of being forced to go through the trouble of entering an administratior's name and password for authentication before a system software update, and how it wasn't annoying at all- who could possibly think that users would turn such a charming bit of incredible security protection off? His peanut gallery made me giggle, too.
Personally, I think we now know upon which head Mr. Balmer's chair landed.
Re:So I don't get it... (Score:4, Funny)
Wait a minute! (Score:2, Funny)