Slashdot Mirror

← Back to Stories (view on slashdot.org)

Month of Apple Bugs - First Bug Unveiled

Posted by Zonk on from the apple-must-be-so-proud dept.

ens0niq writes "The first bug (a Quicktime rtsp URL Handler Stack-based Buffer Overflow) of the Month of Apple Bugs has been unveiled — as previously promised — by LMH and Kevin Finisterre. From the FAQ: 'This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system. A positive side-effect, probably, will be a more concerned (security-wise) user-base and better practices from the management side of Apple.'"

2 of 240 comments (clear)

  1. Re:good thought but I wonder by jellomizer · · Score: 5, Informative

    These people are doing Gray Hat hacking. Where like the White Hats their goal is not to do damage to others people computers, but like the black hats feel that people need to feel a little pain before anything can get done and just reporting the problems to the company is not effective enough to get it done. It falls in the range of legal hacking, But it may not be the most moral way of doing it though. It is like finding a car door open and yelling out "Hey This Car Door is Open and all the valuables are inside someone should lock it!" vs. Finding the person who owns the car and descretly telling him to that is is unlocked. Or just locking the door yourself.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  2. Doesn't work for me by Anonymous Coward · · Score: 5, Interesting

    I just tried this on my MacBook Pro using the provided QTL files and ruby scripts, but none of them seem to have the claimed effect. Anybody else already tried this?