Apple’s Hacker Friend

A Chinese researcher is finding more than twice the bugs in Apple software than Apple’s whole security team can find.

In an article on Forbes.com, Andy Greenberg says maybe Apple should hire the researcher, 35-year-old Wu Shi, who detects flaws in software and sells them to vulnerability bounty projects, including Zero Day Initiative and iDefense, for sometimes between $5000 and $10,000 per flaw.

“Since 2007 [Wu] has found and reported more than 100 critical flaws in Web browsers like internet Explorer, Safari and Chrome that could be used to hijack users’ computers when they browse to an infected Web page,” says the article. Wu has a unique way of using a method called “fuzzing” which, he says, focuses on the software’s structure, not the details. More than half of the flaws he finds are from Apple’s Safari browser.

“Wu says that he focuses on Apple’s flaws because it’s clear that the company hasn’t,” Greenberg writes. “…Apple has enjoyed complacent years of being ignored by cybercriminals. But Wu says that lull can’t last.”

To read the Forbes article, click here: 
http://www.forbes.com/2010/07/14/apple-microsoft-security-technology-

wu-shi.html?boxes=Homepagechannels