You do realize that Apple was notified about this back in September right? There was absolutely nothing unethical about what Google did. Apple's the only one to blame for not having patched it up in 90 days.
You missed the point, until these bafoons at Project Zero decided to release the exploit, facilitating the creation of a zero-day exploit, it wasn't putting the public at risk, and they knew Apple was working on a fix, and had fixed it in 10.10.2.
They have done nothing except cause more harm than good in this case. Read the extensive commentary here, you'll see what I mean.
You missed the point, until these bafoons at Project Zero decided to release the exploit, facilitating the creation of a zero-day exploit, it wasn't putting the public at risk, and they knew Apple was working on a fix, and had fixed it in 10.10.2.
They have done nothing except cause more harm than good in this case. Read the extensive commentary here, you'll see what I mean.
Did they have it fixed in 10.10.2? Because from every single other source it says that it wasn't fixed yet.
I have read the commentary here, but a lot of it is extremely biased and so I can't take it seriously.
Google might not always be perfect (which corporation is for that matter?), but they did nothing unethical here. They gave the proper 90 days (longer than what the industry normally gives for that matter) and then published the report.
Regardless, this is all being blown far out of proportion. It's standard industry practice and if it helps the end user (which it is) then it's good in the long run.
Did they have it fixed in 10.10.2? Because from every single other source it says that it wasn't fixed yet.
I have read the commentary here, but a lot of it is extremely biased and so I can't take it seriously.
Google might not always be perfect (which corporation is for that matter?), but they did nothing unethical here. They gave the proper 90 days (longer than what the industry normally gives for that matter) and then published the report.
Regardless, this is all being blown far out of proportion. It's standard industry practice and if it helps the end user (which it is) then it's good in the long run.
Yes it has been patched in 10.10.2, as of reports confirming it today.
And there is no "industry standard" regarding timelines before reporting on technical aspects of discovered flaws. There are recommended guidelines for how and when to publish the technical details, however when the manufacturer states a patch is in the works, and even give an approximate timeline for release, which Apple did, then a technical release is no longer mandated.
Google pulled this same crap with Microsoft twice in a row now, even though MS informed them the patch was 3 days away from wide-scale release!
Sorry, there's nothing you can say that will shine a more flattering light on Project Zero, what they did was WRONG, pure and simple.
And it actually HURTS the end-user in the long run, as MANY people don't update their machines right away, sometimes ever! So now what's going to happen to those users? That's right, once again they'll get screwed over by Google because they just wanted to make the headlines and grab some attention towards themselves!
Yes it has been patched in 10.10.2, as of reports confirming it today.
And there is no "industry standard" regarding timelines before reporting on technical aspects of discovered flaws. There are recommended guidelines for how and when to publish the technical details, however when the manufacturer states a patch is in the works, and even give an approximate timeline for release, which Apple did, then a technical release is no longer mandated.
Google pulled this same crap with Microsoft twice in a row now, even though MS informed them the patch was 3 days away from wide-scale release!
Sorry, there's nothing you can say that will shine a more flattering light on Project Zero, what they did was WRONG, pure and simple.
And it actually HURTS the end-user in the long run, as MANY people don't update their machines right away, sometimes ever! So now what's going to happen to those users? That's right, once again they'll get screwed over by Google because they just wanted to make the headlines and grab some attention towards themselves!
OS X 10.10.2 isn't actually out yet. Good that Apple did fix it, but if they didn't communicate with anyone that the fixes were coming, Google couldn't have known.
Google isn't trying to grab headlines, but if that's what you want to believe, go right ahead. They're just using due diligence. Google gives the highest amount of time in the industry from what I've seen to fix the bugs. (CERT and others give 45 days or less). In all honesty, Apple could have resolved these bugs a long time ago, but rather waited on them. Still not unethical on Google's part.
OS X 10.10.2 isn't actually out yet. Good that Apple did fix it, but if they didn't communicate with anyone that the fixes were coming, Google couldn't have known.
Google isn't trying to grab headlines, but if that's what you want to believe, go right ahead. They're just using due diligence. Google gives the highest amount of time in the industry from what I've seen to fix the bugs. (CERT and others give 45 days or less). In all honesty, Apple could have resolved these bugs a long time ago, but rather waited on them. Still not unethical on Google's part.
Again, read previous (detailed) posts in this thread. CERT is 45 days OR MORE, depending on circumstance, and always extends if the vendor acknowledges the bug and provides ETA on fix, CERT will sometimes not even release details of the exploit, allowing the vendor to follow through without giving hackers the upper hand.
You're not an engineer at Apple, so don't go assuming you know how long it takes them to fix a bug, and TEST the fix to ensure nothing else breaks, because commentary like that is extremely presumptuous and arrogant, and yes, this IS unethical on Google's part, stop trying to spin it otherwise.
Again, read previous (detailed) posts in this thread. CERT is 45 days OR MORE, depending on circumstance, and always extends if the vendor acknowledges the bug and provides ETA on fix, CERT will sometimes not even release details of the exploit, allowing the vendor to follow through without giving hackers the upper hand.
You're not an engineer at Apple, so don't go assuming you know how long it takes them to fix a bug, and TEST the fix to ensure nothing else breaks, because commentary like that is extremely presumptuous and arrogant, and yes, this IS unethical on Google's part, stop trying to spin it otherwise.
Actually CERT is 45 days or LESS (depending on circumstances they say they will increase, but nobody can find any situation where they increased. They can find situations where they decreased it to 10 though)
I'm not trying to spin it in any way. It's the truth, it wasn't unethical whatsoever. Google gave 90 days which is longer than industry standard seems to be. After 90 days they published, which was what was supposed to happen in that scenario.
Again, read previous (detailed) posts in this thread. CERT is 45 days OR MORE, depending on circumstance, and always extends if the vendor acknowledges the bug and provides ETA on fix, CERT will sometimes not even release details of the exploit, allowing the vendor to follow through without giving hackers the upper hand.
You're not an engineer at Apple, so don't go assuming you know how long it takes them to fix a bug, and TEST the fix to ensure nothing else breaks, because commentary like that is extremely presumptuous and arrogant, and yes, this IS unethical on Google's part, stop trying to spin it otherwise.
Actually CERT is 45 days or LESS (depending on circumstances they say they will increase, but nobody can find any situation where they increased. They can find situations where they decreased it to 10 though)
I'm not trying to spin it in any way. It's the truth, it wasn't unethical whatsoever. Google gave 90 days which is longer than industry standard seems to be. After 90 days they published, which was what was supposed to happen in that scenario.
OK Mr. 9 posts on Ai, there has been enough discussion in this thread on this matter, and it's pretty much clear that Google was in the wrong here, not just with Apple, but with Microsoft as well, in their unethical disclosure of an exploit.
You seemingly came in here just to start shining a good light on Google, and I'm done. There's enough commentary here, with links to back up claims, to prove this.
You can believe what you wish, I don't condone what they did, neither does a large segment of the security community. You want to think they're angels in this, go right ahead, and keep fooling yourself into thinking that.
OK Mr. 9 posts on Ai, there has been enough discussion in this thread on this matter, and it's pretty much clear that Google was in the wrong here, not just with Apple, but with Microsoft as well, in their unethical disclosure of an exploit.
You seemingly came in here just to start shining a good light on Google, and I'm done. There's enough commentary here, with links to back up claims, to prove this.
You can believe what you wish, I don't condone what they did, neither does a large segment of the security community. You want to think they're angels in this, go right ahead, and keep fooling yourself into thinking that.
What security community?
Ars Technica and others have posted that what Google did was perfectly fine. I'll trust their words over some AI posters.
Comments
They have done nothing except cause more harm than good in this case. Read the extensive commentary here, you'll see what I mean.
You missed the point, until these bafoons at Project Zero decided to release the exploit, facilitating the creation of a zero-day exploit, it wasn't putting the public at risk, and they knew Apple was working on a fix, and had fixed it in 10.10.2.
They have done nothing except cause more harm than good in this case. Read the extensive commentary here, you'll see what I mean.
Did they have it fixed in 10.10.2? Because from every single other source it says that it wasn't fixed yet.
I have read the commentary here, but a lot of it is extremely biased and so I can't take it seriously.
Google might not always be perfect (which corporation is for that matter?), but they did nothing unethical here. They gave the proper 90 days (longer than what the industry normally gives for that matter) and then published the report.
Regardless, this is all being blown far out of proportion. It's standard industry practice and if it helps the end user (which it is) then it's good in the long run.
And there is no "industry standard" regarding timelines before reporting on technical aspects of discovered flaws. There are recommended guidelines for how and when to publish the technical details, however when the manufacturer states a patch is in the works, and even give an approximate timeline for release, which Apple did, then a technical release is no longer mandated.
Google pulled this same crap with Microsoft twice in a row now, even though MS informed them the patch was 3 days away from wide-scale release!
Sorry, there's nothing you can say that will shine a more flattering light on Project Zero, what they did was WRONG, pure and simple.
And it actually HURTS the end-user in the long run, as MANY people don't update their machines right away, sometimes ever! So now what's going to happen to those users? That's right, once again they'll get screwed over by Google because they just wanted to make the headlines and grab some attention towards themselves!
Yes it has been patched in 10.10.2, as of reports confirming it today.
And there is no "industry standard" regarding timelines before reporting on technical aspects of discovered flaws. There are recommended guidelines for how and when to publish the technical details, however when the manufacturer states a patch is in the works, and even give an approximate timeline for release, which Apple did, then a technical release is no longer mandated.
Google pulled this same crap with Microsoft twice in a row now, even though MS informed them the patch was 3 days away from wide-scale release!
Sorry, there's nothing you can say that will shine a more flattering light on Project Zero, what they did was WRONG, pure and simple.
And it actually HURTS the end-user in the long run, as MANY people don't update their machines right away, sometimes ever! So now what's going to happen to those users? That's right, once again they'll get screwed over by Google because they just wanted to make the headlines and grab some attention towards themselves!
OS X 10.10.2 isn't actually out yet. Good that Apple did fix it, but if they didn't communicate with anyone that the fixes were coming, Google couldn't have known.
Google isn't trying to grab headlines, but if that's what you want to believe, go right ahead. They're just using due diligence. Google gives the highest amount of time in the industry from what I've seen to fix the bugs. (CERT and others give 45 days or less). In all honesty, Apple could have resolved these bugs a long time ago, but rather waited on them. Still not unethical on Google's part.
You're not an engineer at Apple, so don't go assuming you know how long it takes them to fix a bug, and TEST the fix to ensure nothing else breaks, because commentary like that is extremely presumptuous and arrogant, and yes, this IS unethical on Google's part, stop trying to spin it otherwise.
Again, read previous (detailed) posts in this thread. CERT is 45 days OR MORE, depending on circumstance, and always extends if the vendor acknowledges the bug and provides ETA on fix, CERT will sometimes not even release details of the exploit, allowing the vendor to follow through without giving hackers the upper hand.
You're not an engineer at Apple, so don't go assuming you know how long it takes them to fix a bug, and TEST the fix to ensure nothing else breaks, because commentary like that is extremely presumptuous and arrogant, and yes, this IS unethical on Google's part, stop trying to spin it otherwise.
Actually CERT is 45 days or LESS (depending on circumstances they say they will increase, but nobody can find any situation where they increased. They can find situations where they decreased it to 10 though)
I'm not trying to spin it in any way. It's the truth, it wasn't unethical whatsoever. Google gave 90 days which is longer than industry standard seems to be. After 90 days they published, which was what was supposed to happen in that scenario.
Again, read previous (detailed) posts in this thread. CERT is 45 days OR MORE, depending on circumstance, and always extends if the vendor acknowledges the bug and provides ETA on fix, CERT will sometimes not even release details of the exploit, allowing the vendor to follow through without giving hackers the upper hand.
You're not an engineer at Apple, so don't go assuming you know how long it takes them to fix a bug, and TEST the fix to ensure nothing else breaks, because commentary like that is extremely presumptuous and arrogant, and yes, this IS unethical on Google's part, stop trying to spin it otherwise.
Also if you want to read CERT's policy: http://www.cert.org/vulnerability-analysis/vul-disclosure.cfm?
It's 45 days. Not 45 days or more. And like I've previously said, they have in the past only given 10 days when it was something very critical.
You seemingly came in here just to start shining a good light on Google, and I'm done. There's enough commentary here, with links to back up claims, to prove this.
You can believe what you wish, I don't condone what they did, neither does a large segment of the security community. You want to think they're angels in this, go right ahead, and keep fooling yourself into thinking that.
OK Mr. 9 posts on Ai, there has been enough discussion in this thread on this matter, and it's pretty much clear that Google was in the wrong here, not just with Apple, but with Microsoft as well, in their unethical disclosure of an exploit.
You seemingly came in here just to start shining a good light on Google, and I'm done. There's enough commentary here, with links to back up claims, to prove this.
You can believe what you wish, I don't condone what they did, neither does a large segment of the security community. You want to think they're angels in this, go right ahead, and keep fooling yourself into thinking that.
What security community?
Ars Technica and others have posted that what Google did was perfectly fine. I'll trust their words over some AI posters.