Full Disclosure and why Vendors Hate it (Jonathan A. Zdziarski)
(via RISKS Digest)
Jonathan A. Zdziarski, May 2008
I did a talk recently at O’Reilly’s Ignite Boston party about the exciting
iPhone forensics community emerging in law enforcement circles. With all of
the excitement came shame, however; not for me, but for everyone in the
audience who had bought an iPhone and put something otherwise embarrassing
or private on it. Very few people, it seemed, were fully aware of just how
much personal data the iPhone retains, in spite of the fact that Apple has
known about it for quite some time. In spite of the impressive quantities of
beer that get drunk at Tommy Doyle’s, I was surprised to find that many
people were sober enough to turn their epiphany about privacy into a
discussion about full disclosure. This has been a hot topic in the iPhone
development community lately, and I have spent much time pleading with the
different camps to return to embracing the practice of full disclosure.
The iPhone is shrouded in secrecy on both sides – Apple (of course) uses
their secrets to instill hype (and gloss over many otherwise obvious privacy
flaws), while the iPhone development community uses their secrets to ensure
they can exploit future versions of the firmware to find these flaws (along
with all the other fun stuff we do). The secrets on both sides appear to
have not only hurt the product, but run the risk of devolving an otherwise
amazing device into the next surveillance fear. With the military and
federal agencies testing the iPhone for possible use, some of the long-held
secrets surrounding the iPhone even run the risk of affecting national
security. …
Relentless Inquiry 
Leave a Reply