I think what's more relevant here is that there were two remote code execution vulnerabilities found which were responsible for the dev center being taken down. So it wasn't a result of Ibrahim Balic's "information disclosure issue"
>> "An information disclosure issue was addressed. We would like to acknowledge Ibrahim BALIC (Balich IT - www.balicbilisim.com) for reporting this issue.
This was the guy who posted the YouTube video claiming he found the flaw that forced Apple to take the developer center down for one week.
It's interesting how the names of all of the security specialists and other discoverers of flaws in this list appear to be non-Anglo-American in origin. Very international.
There's 6 Billion people. About 300 Million or so in the US. Ignoring the fact that there's not all countries are fully developed, if only 1 out of 20 were "Anglo-American", it'd be about right.
Looking through the list, there's plenty of Anglo-American sounding names, and the percentages seem about right:
David Bloom,
Will Drewry,
Christian Matthies,
Jeremy Richards,
Joshua Long
Also, while it may be less true in some "Anglo" nations, there's millions upon millions of "international" sounding names in the US. In Houston, there's tons of hispanic sounding names (and despite what some might say, plenty of them aren't illegal, but from families where they've been here for generations). Go up north, plenty of Germanic names. (My ex's maiden name was Krausert, and she was very American). Tons of other examples.
It might also be "interesting" to you the number of monolingual people born and raised in the US who have "non-Anglo-American" origins.
It always puzzles me to see statements like this... Maybe I'm biased by the fact that I am American but don't have a western european surname and a good number of Americans I interact with do not either. In what part of the country does it seem remarkable for someone to have a "non-Anglo-American" name?
I would say that nowhere in America would a "non-Anglo-American" surname be remarkable. In some areas the distribution of "non-Anglo-American" names and "Anglo-American" names may be considered remarkable though. Basically, I think he is seeing a trend that he finds interesting, which is a different than finding a particular instance interesting.
Put it this way, if I ran into somebody named "Lutz", I wouldn't think anything of it. If I ran across many people with Germanic names though, I might wonder if I were in somewhere like south-central PA (an area notable for a large number of German descendants: http://en.wikipedia.org/wiki/Pennsylvania_Dutch). The distribution would catch my eye, not the particular name itself.
(Personally, I'm not really seeing any interesting trends with those names.)
Yes, I was thinking specifically about "pockets" which have long history of this.. Germans in places like PA or OH, Irish and Italians in basically any northeastern city, Polish and other Slavs in Chicago, Nordic in the upper midwest, Ashkenazi in New York, Dutch in New York, French in Louisiana, Spanish in the west but increasingly everywhere... Even taking 20th and 21st century immigration as "rounding error", I don't think there's very many places you can go without being surrounded with non-English names.
It's because non-Anglo-Americans lack the intelligence and talent to be able to obtain and maintain regular employment in their field. It's no accident that the most successful companies, e.g. Apple, are American and that those doing the grunt work are 'international.'
It still amazes me that Apple responded to a responsible disclosure of an exploit by taking their system down for weeks. Can you imagine someone like Facebook or Amazon having to do that?
If you become aware that your system is compromised, and you don't yet know the extent of how compromised it is, and that system contains highly sensitive data, why would you do anything other than take it down until you have fully restored your confidence in the system?
What difference does it make if the disclosure was responsible or not?
If Facebook's billing platform for advertisers was compromised in some fashion, do you think they'd wait even a minute to take it off-line until they situation was under control?
>What difference does it make if the disclosure was responsible or not?
If someone gives you reproduce steps for an issue, that's a lot better than just seeing intrusions or weird stuff happening without any idea of the cause.
Sorry if I was unclear. It's not taking the system down that I am surprised at... it's keeping it down for weeks. How many people have software jobs that would accept a sev 1 outage for that long? I know we would get escalated to the CEO. But I guess that's the benefit for Apple... they don't have to care about their developer customers.
And steps to reproduce should help you bring the system up faster.
> But I guess that's the benefit for Apple... they don't have to care about their developer customers.
I'm not sure I understand your argument.
You seem to be implying that they kept their dev center down for longer than they could have? I don't think we have any idea how hard they worked to get it back online — maybe they put in as much effort as they could to resolve the issue as quickly as possible, and "as quickly as possible" turned out to be weeks.
They did restore the most useful dev tools after one week (adding devices, updating provisioning profiles). So it's not like they kept the entire system down for weeks.
And surely rebuilding their system now is better for their developer customers in the long term? If they had simply attempted to patch it up, it may have led to other exploits down the road. Rebuilding it from scratch seemed like a painful but necessary long-term procedure.
I'm not exactly sure why you would equate Apple taking down their developer support subsystem with all of Facebook or Amazon coming down. Apple.com didn't go down. 99.99% of their customers never knew the difference.
This outage would be equivalent to an outage of Amazon's merchant APIs for adding new products. Even if that happened, normal Amazon.com commerce would continue.
iTunes Connect remained up, but developers couldn't create new App IDs for a while, so if you were uploading new apps (as I was) you had to wait until that particular portion of the developer portal was back.
Amazon and Facebook couldn't really afford to. The dev center being down was largely more inconvenience than disaster. Now, if it had been iTunes Connect, that might have been different.
This title is inaccurate - the linked pages credits 7dscan.com and SCANV for reporting the developer centre issue.
Ibrahim BALIC is credited with reporting an apparently unrelated issue in iAd Workbench.