Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News | Apple

 

Former Apple Security Engineer To Apple: 'Fix Your Sh-t'

Feb 24 2014, 12:26am CST | by

1 Updates
Former Apple Security Engineer To Apple: 'Fix Your Sh-t'
 
 

YouTube Videos Comments

Recommend Your Tweet as Top Tweet:

Full Story

Former Apple Security Engineer To Apple: 'Fix Your Sh-t'

If it wasn’t yet clear to Apple that its ‘gotofail’ security flaw has the undivided attention of the information security industry, one of its own recently departed star engineers just spelled out the severity of that bug in highly profane terms.

“WHAT THE EVER LOVING F**K, APPLE??!?!!” wrote former Apple security researcher Kristin Paget in a post on her personal blog  Sunday. “FIX. YOUR. SH-T. Soon. Please??”

Paget, a well-regarded researcher who left her position on Apple’s security team for a job at Tesla just earlier this month, wrote perhaps the most scathing critique yet of the company’s security response to its “gotofail” bug, which would allow a wide array of Apple programs’ SSL-encrypted communications to be hijacked, eavesdropped or corrupted . The vulnerability, which earned its nickname due to being caused by a single misplaced “goto” command in Apple’s code, was patched Friday for iOS. But researchers quickly found that it affected Apple’s desktop OSX software as well, and the company has yet to fix the desktop version of the bug.

Paget focused on Apple’s questionable decision to publicize the bug in iOS while leaving the same vulnerability unpatched in millions of desktop devices, practically inviting hackers to take advantage of the flaw. “Did you seriously just use one of your platforms to drop an SSL 0day on your other platform?” she writes, using the phrase “zero-day,” an industry term for a previously unknown security flaw. “As I sit here on my mac I’m vulnerable to this and there’s nothing I can do, because you couldn’t release a patch for both platforms at the same time? You do know there’s a bunch of live, working exploits for this out in the wild right now, right?”

Paget’s post illustrates the security community’s growing frustration with Apple’s handling of the security flaw, and her relative fame within that community adds to Apple’s embarrassment. Paget gained widespread attention for hacker stunts such as intercepting AT&T cell phone calls with a homemade fake cell tower at one hacker conference and demonstrating that an RFID chip in a credit card can be read and used to make fraudulent transactions on stage at an another. Her former title at Apple was “hacker princess,” and she had also held positions at eBay and Google.

I’ve reached out to Apple for comment multiple times since the “gotofail” bug came to light, without response. The company promised on Saturday to release a fix for the OSX bug “very soon,” according to a statement it sent to Reuters –not soon enough for Paget.

“Come the hell on, Apple,” she writes. “You just dropped an ugly 0day on us and then went home for the weekend – goto fail indeed.”


Follow me on Twitter  , email me , anonymously send me sensitive documents or tips  , and check out the new paperback edition of my book, This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers .

 

Source: Forbes

 

You Might Also Like

Updates


Sponsored Update


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Apple Updates HealthBook With Even More
Apple Updates HealthBook With Even More
The health tracking app has received another beta update
 
 
Preparations For Massive iPhone Sales Underway
Preparations For Massive iPhone Sales Underway
68 million phones have been ordered by Apple
 
 
Dave Grohl Promotes New HBO Documentary At TCA Press Tour
Dave Grohl Promotes New HBO Documentary At TCA Press Tour
At the summer press tour of the Television Critics Association (TCA) held in Beverly Hills, Foo Fighters frontman Dave Grohl sat down to talk about his upcoming HBO documentary which debuts on October. Speaking to a...
 
 
Analyst Ming-Chi Kuo&#039;s take on the Apple iWatch
Analyst Ming-Chi Kuo's take on the Apple iWatch
Apple’s sapphire-covered ‘iWatch’ to enter mass production in November