Do what we say...


CoreSecurity has revealed that Apple's iCal has three security holes and they've also published "proof-of-concept" examples (ie how to do it).

Three vulnerabilities discovered in the iCal application may allow un-authenticated attackers to execute arbitrary code on vulnerable systems with (and potentially without) the assistance from the end user of the application or to repeateadly execute a denial of service attack to crash the iCal application.

The interesting part of this story comes from ComputerWorld:

macbook pro,apple macbook pro,macbook pro core 2


After several delays requested by Apple, the security vendor put its foot down and told the company's security team it would release information about the vulnerabilities May 21, whether Apple had issued patches or not.

What exactly is CoreSecurity's vested interest here? What gives them the right or authority to 'put their foot down'?

Moreover, these issues were discovered by a CoreSecurity staffer, Rodrigo Carvalho. That is, a person the company pays.

That said, if CoreSecurity is paying Carvalho to find Apple security problems, it follows that the company "expects" to get paid for the work.

Forgive my lack of sophistication, but when is blackmail not blackmail?

Hasn't the fine line between whistle blower and thug been crossed here?

A Fistful of Dollars--See Clint as his bad self blow away the bad guys!