May 29, 2012 - 03:08 PM EDT — AAPL: 571.15 (+8.86, +1.58%) | NASDAQ: 2861.25 (+23.72, +0.84%)

Starting January 1st: “Month of Apple Bugs”

Tuesday, December 19, 2006 · 1:09 pm · 71 Comments

“A pair of security researchers has picked January 2007 as the starting point for a month-long project in which each passing day will feature a previously undocumented security hole in Apple’s OS X operating system or in Apple applications that run on top of it,” Brian Krebs, yes, that Brian Krebs, reports for The Washington Post.

“The ‘Month of Apple Bugs’ project, currently slated to begin on Jan. 1, is being orchestrated in part by a security researcher who asked to be identified only by his online alias ‘LMH.’ This is the same researcher who in November ran the ‘Month of Kernel Bugs’ project. LMH’s partner in this project is Kevin Finisterre, a researcher who has reported numerous bugs to Apple over the past few years,” Krebs reports.

Krebs reports, “To the chagrin of some security experts, however, LMH declined to give affected vendors advance noticed before posting evidence of kernel bugs on his Web site last month. Eleven of those kernel bugs were related to Apple software and applications, including a serious security hole that prompted a software update from Apple just two weeks later. As with the kernel bugs project, Apple will be given no advance notice with the Month of Apple bugs, LMH said in an interview conducted over instant message.”

Krebs reports, “LMH said that while his upcoming project had the potential to at least temporarily make security more tenuous for the average Mac user, he believes that in the long run the project will improve OS X security. ‘Right now, many OS X users still think their system is bulletproof, and some people are interested on making it look that way,’ LMH said.”

Full article here.

MacDailyNews Take: Which Mac OS X users think their systems are bulletproof? No one we know. Most of us simply know for a fact that Mac OS X is vastly more secure than Windows. Hopefully, “LMH” finds something of value with which Apple can work and his irresponsible method of posting them before notifying Apple doesn’t cause any damage. Judging from past performances, we’re sure Krebs is fairly drooling over the possibilities, real or imagined.

Related article:
Re: Brian Krebs’ reporting on supposed MacBook Wi-Fi exploit – August 04, 2006

Categories: All Sites, News

Thank You for supporting MacDailyNews!

♥ Adobe Photoshop CS6 Extended for Mac - Student and Teacher Edition DVD (65171323) only $249!
♥ Blowout: Apple 15.4" MacBook Pro i7/4Core/2.0GHz/4GB/500GB (MC721LL/A) only $1,549.99 + Free Shipping from MacMall
♥ Mac Madness Save 25% on Parallels Desktop 7!
♥ 15% Off Compatible Ink. 10% Off All Others (excludes OEMs). Free Shipping over $55. Coupon: 123BLOSSOM, Expires 6.18.12
♥ Save up to 60% at the Hammacher Schlemmer Special Values Sale-While supplies last.
♥ Dragon Dictate for Mac 2.5 - New! Simply Smarter Speech Recognition
♥ Up to 30% OFF Accessories from Verizon Wireless
♥ Limited Time Offer: Get free ZAGGsmartbuds when you buy a ZAGGsparq!

Comment Feed

71 Comments

1 2 3 4 Next »

Cubert

Tuesday, December 19, 2006 - 2:17 pm · Reply

Hopefully this will be good for OS X security, but it just seems to reek of a publicity ploy for these people – always riding on other people’s coat tails.
2Shae

Tuesday, December 19, 2006 - 2:18 pm · Reply

be happy that people are willing to do this for Apple!!
January 24, 1984

Tuesday, December 19, 2006 - 2:19 pm · Reply

Maybe someone should hack his personal information, and disclose such without warning.

This just sounds malicious.

All public good is obviated by these tactics.
Dick Cheney

Tuesday, December 19, 2006 - 2:24 pm · Reply

I just shot my Mac in the face (by accident).

Nope. Not bulletproof. Why did my lawyer just run screaming from the room?
Geo

Tuesday, December 19, 2006 - 2:24 pm · Reply

On the last OS security story, Brian Krebs proved to be a hack writer who doesn’t know technology and can’t be bothered with little things like accuracy or research.

Let’s see how he handles this next piece.
Unsquirted

Tuesday, December 19, 2006 - 2:26 pm · Reply

If these exploit rumors keep going around, we should call it the Krebs Cycle.
Huh?

Tuesday, December 19, 2006 - 2:27 pm · Reply

Rather than reporting a crime, the Washington Post intends to inform criminals all houses whose doors and windows are left ajar. So much for ethics in journalism.
Ryan

Tuesday, December 19, 2006 - 2:30 pm · Reply

At least Apple has advance warning of the Month of Bugs. If I were them I’d put a rotating 24/7 team of patch developers and PR spokespeople on duty during that month.
SJR

Tuesday, December 19, 2006 - 2:30 pm · Reply

Take anything this Krebs character reports with several grains of salt.
bruce

Tuesday, December 19, 2006 - 2:34 pm · Reply

Irresponsible, gutless coward. LMH have the nuts to use your real name if you’re going to do something that lays open the vulnerabilities for many people, no matter the OS. Your methods are wretched, the means do not justify the ends. Unless the end you’re intending is to cause undue harm to others. To you it may seem a trifle inconvience, but if a serious problem were to happen to someone’s sytem due to your irresponsible action it may lead to more than a broken computer system. Sensitive information lays within our computers. Have you ever heard of identity theft, it’s whole possible through our systems. I’d rather be shot.

Fucking asshole.

Now does anyone know how to contact him so I can forward this to him.
Branch Director

Tuesday, December 19, 2006 - 2:35 pm · Reply

What?
I thought this was an article on aphids.
maczealot

Tuesday, December 19, 2006 - 2:36 pm · Reply

If Krebs has any journalistic integrity and competency, he should publish a comparison of Microsoft versus Apple OS exploits, failures, and hazards and quantify them. A rigorous and detailed comparison of Microsoft and Apple should provide the public with more useful information and help people make a truly informed decision.
Macaday

Tuesday, December 19, 2006 - 2:36 pm · Reply

Hopefully Krebbs will have learned from the mistakes he made with the MacBook airport security issue when he failed miserably to check out what he was reporting on…

Anyway, this kind of activity is pointless. Why don’t they just report the issues they discover to Apple? Or have they something to sell and need the ‘WOW GEE LOOK OSX SECURITY HOLES’ press…

And by the way, look at the fscking inane comments from WinTrolls on that blog…
Simon

Tuesday, December 19, 2006 - 2:36 pm · Reply

LMH, like so many others in the security business feel they have the right to force companies to fix bugs by exposing them without notice, putting the rest of the public at risk.

Whether they like or not bugs happen and private companies should be given the chance to fix them in their own time. I’m a software engineer and I know It can take some time to do a fix correctly not just a bodge job (Microsoft take note).

LMH may be a great programmer and thinks he knows everything but the fact is he has no idea what it will really take to fix the bug. Any idiot can find a bug, fixing it without any knock on’s is the real business (Microsoft take note).

Apple is one of those companies that does not communicate their security status unless they have to. The fact that LMH may not get a response in the time he expects doesn’t mean Apple haven’t taken onboard what he has said and that they are not working on a fix. I suppose he feels rejected when he see’s that empty mail box.

For god sake if you’re gonna contribute do so, don’t demand! otherwise go get a real job!

Rant over… Sorry. : )

p.s. I also hate the fact that they rate companies based on how quickly it takes to fix bugs. It takes as long as it takes!
meatofmoose

Tuesday, December 19, 2006 - 2:43 pm · Reply

If all these reported security holes are plugged with 10.5, what then? Apple sells more copies of Leopard. When Microsoft’s Vista suffers zero-day exploits this will be dismissed as Windows funtioning normally and as expected. People generaly expect more from Apple and less from microsoft. Same ol’ dance.
gypsy

Tuesday, December 19, 2006 - 2:44 pm · Reply

‘LMH’s irresponsiblity is actually supported by Microcrap to slow down Apple

How much you being paid, BOY ??!! Too ashamed of using your own name, BOY ??!!

What, nothing to say, BOY ??!!

I quess MS weasles (no offense to the weasle genre) are beginning to come out from under their rocks
anaknipedro

Tuesday, December 19, 2006 - 2:55 pm · Reply

meatofmoose beat me to it. I don’t think 10.5 will be bullet proof, but my guess is that most if not all of LMH bugs will be fixed. Leopard will have its own set of problems. I think Leopard will be ready for WWDC rendering LMH’s “discoveries” moot.
FUDsucker Proxy

Tuesday, December 19, 2006 - 2:55 pm · Reply

I’m starting something similar, “the Decade of Win Bugs” I hope I can get to all of them, that’s not a lot of time!

MW = lived
oh, I thought it said livid…
john

Tuesday, December 19, 2006 - 2:55 pm · Reply

About time MDN revealed its identity too…
Hywel

Tuesday, December 19, 2006 - 2:57 pm · Reply

My buddy with a G5 iMac doesn’t think his is bulletproof after 10.4.8 fried the contents of his hard drive. “This is why I moved away from windows” is what he said.

Had to bring the drive over to me so that I could re-partition it. It wouldn’t even mount in diskutility on my G5 PowerMac, but did against MacBook. Diskwarrior couldn’t see it either.

1 2 3 4 Next »

MacDailyNews

MacDailyNews Poll

5 Day Most Commented

Follow MacDailyNews via Email

Opinion Archive

Current Headlines

MacNN

AppleInsider

TUAW

MacRumors

9to5Mac

Cult of Mac

GigaOM Apple

Macworld UK

Starting January 1st: “Month of Apple Bugs”

Thank You for supporting MacDailyNews!

71 Comments

Add Your Feedback

 Top 10 Mac Apps

 Top 10 iPad Apps

 Top 10 iPhone Apps

 Top 10 iTunes Songs

 Top 10 TV Shows

 Top 10 iBooks

MacDailyNews Poll

5 Day Most Commented

Follow MacDailyNews via Email

Opinion Archive

Current Headlines

Thank You for supporting MacDailyNews!

71 Comments

Add Your Feedback

Recent Articles