"We will deny your reapplication to the iOS Developer Program for at least a year, considering the nature of your acts," the letter read.
Apple's revoking action is one of the ways in which such attackers can be forestalled by making them reapply and reapply again for re-entry to the program, each time paying an entry fee and/or having to assume another bogus identity until it no longer becomes worth their while.
By the way, is anybody seeing evidence that Charlie or some of his cohorts have started unleashing attacks on iPhone users leveraging the vulnerability, or is it just my imagination, or my iOS5 iPhones playing up?
By the way, is anybody seeing evidence that Charlie or some of his cohorts have started unleashing attacks on iPhone users leveraging the vulnerability, or is it just my imagination, or my iOS5 iPhones playing up?
As far as my knowledge of Charlie Miller and his work goes, he has never released anything he's found to anyone but Apple. He gives exploit talks but I don't think anything malicious has ever happened because of it. It wouldn't be very smart to do so because there's the potential for a lot of money to be made from selling your security services. And Charlie Miller knows what he's doing obviously.
I disagree. Whether it's a proof of concept that he won't release to the public, or intended to harm or steal from users is irrelevant, Apple has to protect their base and ridding someone who wrote an app that breaks guidelines and allows developers backdoor access into a user's device should not be allowed.
I didn't look through all the sections, only 2 and 22 because they appeared to cover many of the offenses committed by Miller with this app so I don't know if there are others that would fit the bill, nor do I know if all the ones I listed fit the bill. Either way, I think it's clear Miller broke an excessive number of rules of the App Store which should not tolerated.
PS: As Steve N. states, "Apple needs to work closer with Miller." But that doesn't mean Miller should be allowed to violate Apple's Store policies.
i agree with following whatever the standard guidelines would be, however, apple should have acknowledged him with at least a 'we thank you for your concern and we are committed to providing the most secure environment possible. Apple will immediately look into this potential issue. However, due to terms of service blah, blah blah kick you out.
i for one think that apple users should be glad that a good guy pointed this out and that it isn't the other way around with an infestation of rogue apps planted by black hat guys doing real damage.
He did implement it, which is why his app was pulled and he banned from the developer program. Think about it; this isn't Charlie Miller's first rodeo exposing vulnerabilities with Apple's code yet it was only after he used that code to implement an app that he agreed was a legit app that didn't violate any of the terms of service and that Apple, as the retailer, backed did Apple take any action against Miller. Whether you think his overall intent was honorable everything he did in regards to the App Store policies and what users expect from App Store apps was unscrupulous.
I enjoyed that movie.
Let me get this straight. Because there are deceitful methods that can be employed Apple should bend over to placate all those that could potentially do evil movie villain harm? How much should Apple pay these guys that are keeping them hostage?
i don't know about 'holding them hostage' but i don't see this type of animosity regarding Chrome bugs since they pay well for people finding them. A very smart move by google. Apple should do the same.
Waiting and hoping and wishing doesn't make for a good security program.
Comments
Apple's revoking action is one of the ways in which such attackers can be forestalled by making them reapply and reapply again for re-entry to the program, each time paying an entry fee and/or having to assume another bogus identity until it no longer becomes worth their while.
By the way, is anybody seeing evidence that Charlie or some of his cohorts have started unleashing attacks on iPhone users leveraging the vulnerability, or is it just my imagination, or my iOS5 iPhones playing up?
By the way, is anybody seeing evidence that Charlie or some of his cohorts have started unleashing attacks on iPhone users leveraging the vulnerability, or is it just my imagination, or my iOS5 iPhones playing up?
As far as my knowledge of Charlie Miller and his work goes, he has never released anything he's found to anyone but Apple. He gives exploit talks but I don't think anything malicious has ever happened because of it. It wouldn't be very smart to do so because there's the potential for a lot of money to be made from selling your security services. And Charlie Miller knows what he's doing obviously.
I disagree. Whether it's a proof of concept that he won't release to the public, or intended to harm or steal from users is irrelevant, Apple has to protect their base and ridding someone who wrote an app that breaks guidelines and allows developers backdoor access into a user's device should not be allowed.
I didn't look through all the sections, only 2 and 22 because they appeared to cover many of the offenses committed by Miller with this app so I don't know if there are others that would fit the bill, nor do I know if all the ones I listed fit the bill. Either way, I think it's clear Miller broke an excessive number of rules of the App Store which should not tolerated.
PS: As Steve N. states, "Apple needs to work closer with Miller." But that doesn't mean Miller should be allowed to violate Apple's Store policies.
i agree with following whatever the standard guidelines would be, however, apple should have acknowledged him with at least a 'we thank you for your concern and we are committed to providing the most secure environment possible. Apple will immediately look into this potential issue. However, due to terms of service blah, blah blah kick you out.
i for one think that apple users should be glad that a good guy pointed this out and that it isn't the other way around with an infestation of rogue apps planted by black hat guys doing real damage.
He did implement it, which is why his app was pulled and he banned from the developer program. Think about it; this isn't Charlie Miller's first rodeo exposing vulnerabilities with Apple's code yet it was only after he used that code to implement an app that he agreed was a legit app that didn't violate any of the terms of service and that Apple, as the retailer, backed did Apple take any action against Miller. Whether you think his overall intent was honorable everything he did in regards to the App Store policies and what users expect from App Store apps was unscrupulous.
I enjoyed that movie.
Let me get this straight. Because there are deceitful methods that can be employed Apple should bend over to placate all those that could potentially do evil movie villain harm? How much should Apple pay these guys that are keeping them hostage?
i don't know about 'holding them hostage' but i don't see this type of animosity regarding Chrome bugs since they pay well for people finding them. A very smart move by google. Apple should do the same.
Waiting and hoping and wishing doesn't make for a good security program.