Without a proof of concept he'd have been dismissed out of hand. He wasn't out to steal peoples' information with that app and fully disclosed what the app was capable of doing once he had proof of his claims. Where exactly was he in the wrong? Grow up.
Actually if you all really read he told apple 3 weeks before he EVER posted this app.. they ignored him so he proved it to them their mess up all that way.. their developer relations are horrible if helping them out gets the person canned because they didn't listen so he HAD to violate his agreement and show them he knew he'd get fired.. he's not upset he got fired he's upset they didn't listen when he tried to tell them this guy is a hero and an amazing programmer and asset to any company he finds problems and tells them how to fix them he's not the problem he's the solution and Apple needs to burn for not acknowledging him for trying to save their product from what will likely be a disaster of epic proportions when someone with malice actually uses the flaw on something that's purchased and downloaded millions of times. Boo apple boo..
So that means you don't use an iPhone of course- unless I'm missing the obvious way to uninstall Newsstand, Safari, Calculator, Compass, Voice Memos, Weather, Stocks, iTunes, Music, Camera, Maps, Photos, Clock?
"Security researcher" Charlie Miller - Booted for doing his job as a Security researcher!
It´s like working in a bank, as long as you don´t touch the money you safe, but who cares if you can´t do you job proper.
Appstore security? What security - My itunes account has been hacked twice. Explanation or cooperation from apple? You got to be kidding. Just ask them for a list of authorized devices on your account and see how they answer, or ask for ip addresses of your own downloads.
i dunno y people defend apple here. i work in open-source, & as a developer i welcome proof of concepts, it's actually helpful to receive poc's as they help us developers see the exploit in action and we can fix it quicker.
the only thing we ask of hackers when they find exploits in our software is that they contact us and explain the exploit to us & give us a week or 2 to find a fix and get a new release out before they make the exploit public. whilst some people say making it public is being malicious, i myself think that exploits in the public actually push developers to write more securely, and then pushes users to actually spend the time to update their software.
though there are some companies that do not listen and think they're too good & no matter what is said, they do not believe you when you tell them of an exploit in their software. i have had my fair share of arguments with some developers on different projects when i mentioned that i had found exploits, & they ridiculed and told me i don't know what i'm talking about. so i had to show them. depending on my mood, i either defaced their software, or i locked them out for a few hours.
but i have always offered them advice on how to fix it, sometimes i fix it & give them the fixed code so they don't need to investigate it much. but i have never made anything public before i have given them ample time to fix it and update it.
No one is saying damn Miller, and no one is implying that Apple did not listen to his advice. What we are saying is that Miller broke a rule that he did not need to break to prove a point, and no one cares if "HE MAD!" about it. Except android fan boys, so they can buck the system in comments!
Changing the computer world, one comment at a time.
I'm sure hes mad because he doesn't want to go to android. Its garbage.
I really want to agree with you. But the arti le says *"Miller had allegedly alerted Apple about the exploit three weeks ago." Which would mean he told them, they did nothing, showed them by doing it.
At least that is what I gathered.
Apple should think about this. Is it really a good idea to piss a guy like this off?