Cocoaphony

The $10,000 Mac Hack

I recently read a comment about this hack wondering how long the author had sat on the exploit rather than reporting it to Apple. It’s a very important point.

My opinion of these “security researchers” is well known: there’s a difference between bird watching and research. Finding yet another buffer overflow isn’t “research.” Creating a new way to secure systems is research. Coming up with whole new classes of attack might be research (along the lines of bioweapon research). Those who hunt new instances of old bugs are collectors of exotic animals, weapon manufacturers, volunteer quality testers, or a half-dozen other categories that have little to do with science or research. Read more…