It astounds me to see all of the fingers being pointed at Goatse Security this morning. Several prominent blogs are backtracking today in light of the FBI investigation. When this security hole was first brought to light last week, most people agreed that the folks at Goatse were great guys for identifying and publicizing this exploit – one that could have had some serious effects had it gone unnoticed. Today, however, I’m seeing people quietly wondering how soon these white hat hackers will be punished.
In my opinion, the fingers should be pointing directly at AT&T. They are the people who allowed the iPads to be breached to begin with. If it weren’t for white hat hackers, many thousands of security holes on devices would go undiscovered – until the bad type of hackers found them. If anything, people like those at Goatse Security should be rewarded and applauded for what they do. Their team didn’t set out to hurt anyone. They had a suspicion and investigated. It’s not their fault they were right. It’s also not their fault that AT&T then took several days to even communicate the problem to their customers.
TechCrunch only gives out their Crunchie award during their annual ceremony. However, they have decided to award one now to Goatse Security for their work in this investigation. Even if you don’t like the name of the security team, you have to admit (once you read everything about this mess) that what they did was the right thing to do.
AT&T is a huge company. Perhaps they’re hoping to use that fact in order to shift the blame to someone else (namely Goatse Security) for something they should have found and fixed themselves? I’m glad to see that they plan to “cooperate fully” with the FBI investigation. At the end of the day, it’s the communications conglomerate who should be left holding the bag.