Look at the comments posted to get an idea how complacent Mac users are! Deny, deny.

I kinda agree with tim_s, Apple should be given a reasonable amount of time. However, my general impression is they do NOT respond in a timely manner to such issues being brought to their attention. Both security issues and serious deal-breaker bugs in their software DO get ignored or possibly put into development for next year.

Shouldn't LMH be held accountable for essentially writing a manual (or at least a map) for would-be or want-a-be malicious hackers? It seems similar to me as someone who spends most of the day checking the doors of a residential community and then posting a list of the residences where residents accidently left their doors unlocked! The correct thing would be to let those residents know their doors are unlocked first. What is this jerk trying to accomplish? Nothing good I say.

I don't see any "Deny, dent" here. I see people saying that it's stupid for someone to try to attack something with no proactive intention. The guy obviously isn't doing this to help Apple, he's simply in it for the 'glory' of finding something wrong. If he were to contact the software providers before he posted lists so that they could correct it, it would be different.

In that fact we can see that he is more interested in causing trouble than helping the OS get better.

http://www.securityfocus.com/columnists/389

For info about Kevin Finisterre, founder of security startup Digital Munition, who created the three recent versions of the InqTana worm to raise awareness of security in Apple's OS X.

this irks me, since this guy pushes the publicity in order to give people a bad impression of OS X... In that he's failing the public since it hides the fact that OS X is still the FAR better and secure OS when compared to certain other offerings.

Right, because if it weren't for this one guy, everyone would know that Windows has huge security holes. But, nope, everyone thinks its the most secure ever, because their attention is being averted by this guy. Or, maybe, he's just trying to show people that Windows isn't the only insecure OS.

The only people I hear talking about this are PC'ers who have taken offense at the idea that regular people can actually enjoy their computer if the OS treats them with dignity.

Yeah, except for that "Mac" guy in the Apple ad, who says Macs don't have to worry about viruses or spyware. But, beyond him, its all the PCers. (And how the h*** does OS X treat users with dignity, and Windows doesn't???)

I like the fact that there are people with the know-how to find problems, but not notifying the company first smacks of childishness. Maybe if they publish fixes along with the bugs, it would be better.

Some would say that more knowledge the better. If one person finds a hole, who's to say others with bad reps haven't discovered it and already have threats in the wild. If you knew all the open security issues in Windows, would you maybe look at and say "Meh, I don't want to use that!" or perhaps "Wow, look at that issue, maybe I want to turn on my firewall".

Shouldn't LMH be held accountable for essentially writing a manual (or at least a map) for would-be or want-a-be malicious hackers? It seems similar to me as someone who spends most of the day checking the doors of a residential community and then posting a list of the residences where residents accidently left their doors unlocked! The correct thing would be to let those residents know their doors are unlocked first. What is this jerk trying to accomplish? Nothing good I say.

What kind of accountability? There's no law that says you can't tell everyone that Fred down the street leaves his doors unlocked. Some would say that if you just told them, they'd ignore the information. But if everyone knows you leave your doors unlocked, you might be more likely to lock them in the future.

I don't see any "Deny, dent" here. I see people saying that it's stupid for someone to try to attack something with no proactive intention. The guy obviously isn't doing this to help Apple, he's simply in it for the 'glory' of finding something wrong...

Why should it be his job to help Apple? I don't see too many here proclaiming this type of fervor when there's Windows attacks or new security holes found. Ah, but then that's that pit bull MS, and they deserve it, while Apple should be treated as a friendly puppy.

In that fact we can see that he is more interested in causing trouble than helping the OS get better.

Hey, guess what? Virus writers are also interested in nothing but causing trouble. Should we just pretend they don't exist?

And with all the denouncement here, you'd think people were concerned he was actually going to find real problems and then there'd be viruses or trojans or worms floating around in no time. Shouldn't you all wait and find out what his 'bugs' are? I mean, when you find out they're all of the mythical "doing such and such can cause a crash that could cause privilege escalation with a properly crafted file......" and then you'll have to spend all your time again saying "Gee, call me when someone actually crafts that file...."

I don't thimk may OSX is bullet proof but compared to the alternative it probably is better.

But the bottom line is it's not and I think most users know this.

Lets find out if HE is bullet-proof too! ;-)

If this guy was for real, he'd do the right thing - go thru the proper channels, get these fixed, and be done with it. "Anonymous security researcher" is apparently French for "I can't stand the light of day but I need to feel important."

Let's see his bug list. Let's see if any of them are "viruses" or "spyware."

And "testudo". If you knew that your neighbor left his doors unlocked, and you went and broadcast that to the world, you might be held legally liable as an accessory to any crime that led from that. IANAL and IANALAIDPOOTV but would be willing to wager you could open yourself to legal liability.

Apple already knows about these bugs, and just decides they aren’t worthy of time and effort - or at least they have other priorities.

I say, let him post the bugs, then duck out of the way.

i love the way you grab the parts of the post that allow you to make some kind of argument out of it.

you totally leave out the fact that nearly no one is objecting to him finding holes, it's his moral compass thats off...

regardless of how I or anyone feels about him attacking the mac to get his attention fix, it's about the fact that he doesn't do the responsible thing and report them to the companies so that they can fix them.

Everyone expects security flaws to pop up, i don't know if you could right an adaptable OS with thousands of compatibility tangents that would be watertight from the getgo if ever, really.

If you are bitching that the system is broke and you make it your whole job to sit and seek out ways a system can be exploited in "theoretical" way's but then you just rub it in their face instead of reporting it, well then, you are doing yourself, the company, and all the consumers of that product a disservice.

In conclusion, the s****** shouldn't get his kudos for what he's doing..

if he was listing vulnerabilities and submitting them on a daily basis, he'd be of more help, and therefore deserving of said kudos.

I have no problem with an unbiased person bringing light to these things to try and get them fixed, but being an a** about it and trying to make it sound like OS X is hole ridden is a little over the top. I think if it was REALLY that hole ridden someone would have slapped us with quite a few more viruses, etc by now. period.

I don't believe the Mac is bulletproof (it would be nearly impossible to write an OS that was without sacrificing the customizability and general-purpose nature that is expected of a modern OS--complexity breeds errors). However, I do know that there has never been a successful, in-the-wild virus or spyware application released for Mac OS X. In fact, to my knowledge, the only viruses ever written for OS X have been proof-of-concept only.

When the Apple ads claim that Macs don't have to worry about spyware or viruses, they aren't just blowing smoke. I don't believe the claim is that it is impossible to write such malware, but that none has ever been successfully written; up to this point, no Mac has had to worry about them. Contrast this to the tens of thousands of such programs written and successfully released in the Windows world.

Social nitwit!

...will never be 'bulletproof' we just choose to live in a neighbourhood without guns.

What are the odds this guy's a dealer?

McD

Apple already knows about these bugs, and just decides they aren’t worthy of time and effort - or at least they have other priorities.

Apple apparently believes there's lots of bugs that aren't worth the effort, considering the poor state of several pieces of their software (exactly when, Apple, will you find it worthy of your time to fix the freakin' finder! And why did iTunes 7 go out as crappy as it was initially??)

And its amazing how people seem to say that most people know OS X isn't without bugs, but fear that these announcements would cause mac users to think it has bugs? Or that the only people who find security holes are 'good' people, and the virus writers are just idiots waiting for someone else to find the problems, and without this guy, we'd have nothing to worry about.

Has an extremely tiny p****.

The OS is safe. If you think you're under attack you should probably be seeing a therapist. Until apple breaks 25% marketshare we'll never see truly harmful viruses -- not trojans that need your admin password to do harm.

ibug4,

What you are postulating is security through obscurity, which has been proven to be wrong.

There have been vulnerabilities exposed in the past that have had the potential for true disaster if not plugged. The recent security update, for instance. It is also proof that Apple can, and does, respond very fast when it sees a credible threat - code submitted Dec 5, and update issued two weeks later!

This guy's threats need to be taken seriously, whatever his motivations may be. I personally think he's out for more publicity, maybe even material for a book, but that doesn't mean he doesn't have some security holes to publicize.

I'm taking a 'wait and see' approach to this. I'll be watching Apple as much as the other guy.

Testudio, exactly how many Macs have successfully been compromised in the real world? Now estimate how many Windows systems have been compromised. Rounding the latter to the nearest million will suffice.