1y ago

Apple refused to pay bounty to Kaspersky for uncovering vulnerability in 'Operation Triangulation' - 9to5Mac

9to5mac.com

Kaspersky uncovered iOS vulnerabilities in 'Operation Triangulation', reported to Apple, but was refused bounty payment
Apple's Security Bounty Program offers rewards up to $1 million for discovering vulnerabilities to prevent them from being sold on the dark web
Apple's refusal to pay Kaspersky could be due to restrictions on financial transactions with companies in sanctioned countries like Russia.

59 comments

Apple Security Bounty awards may not be paid to you if you are in any U.S. embargoed countries or on the U.S. Treasury Department’s list of Specially Designated Nationals, the U.S. Department of Commerce Denied Person’s List or Entity List, or any other restricted party lists.
Kaspersky can whine all they want. Russia is embargoed. They're not getting their money.
Kaspersky is a good company doing good work in the cyber security space. Unfortunately, because of the embargo, they may have to turn to the black market to sell future exploits. Or maybe not; I'm not totally sure what kind of ethical standards they have.
- Yeah sorry guys, did you forget you work for an asshole?
  
  Apple could have tried to work with them and said something like "We'll pay when the embargo ends", since now Kapersky has every reason to sell their next apple exploit on the black market.
  They've just turned a department of people successfully working to make apple more secure into a department of people working to make it less secure.
- It would be very very bad for world if the folks at Kaspersky turned to black hat activity
  
  I wish they opensource their framework
- Kaspersky also has a bunch of US-based subsidiaries or partners they're selling their software through. Or Apple could have just escrowed their reward until the embargo was over.
- Who/what are on those other lists.
"Apple refuses to send money to security company inside of embargoed country, to maintain compliance with USA law."
- Security company which is most likely controlled by the Kremlin
This is not really a story, is it.
I worked for an Australian company, that was bought by an American company. Instantly we were required to do business as per American law, such as embargo's. We lost many customers (businesses) that honestly had nothing to do with the actual reason for the embargos. For example Iran has an American embargo because of nuclear refinement, but we just wanted to sell "knives and forks" to them. Nope - they might use those forks in their refinement centrifuges... This is what happens (but also why embargos work).
Kaspersky is Russian owned, so the hacks were discovered by Russian [whitehat] hackers. I'll bet that Apple had no ability to do "business" with the company, even if it wanted to, since Russia is currently under embargo due to the Ukraine conflict.
Now if Kaspersky spent time undermining it's own failure of a government, and putting an end to its dictatorship, things would probably work out better for everyone in Russia.
- Is that the case though. You can buy a copy of Kaspersky anti virus right now if you live in the US. They have a US office. You can legally send them money.
  
  Or put the money in escrow pending resolution of the embargo ... This is, I think, the easiest, most responsible solution to show good faith
- but also why embargos work
  Ah yes Iran is falling due to lack of forks. \s
  I'm pretty sure the politicians and rich people in Iran are fine. Embargos "work" (if at all) by violently punishing the poor.
  Now if Kaspersky spent time undermining it’s own failure of a government, and putting an end to its dictatorship
  Do you ask the same of american corporations?
  
  Ah yes Iran is falling due to lack of forks. \s
  They were told to fork off (I'll see myself out).
  
  Iran's President sure was falling due to a lack of helicopter parts
  
  Do you ask the same of american corporations?
  If goverment can be disrupted by hack, the faster that happen the better. Then they maybe learn to have better security.
"refused". Okay, headline.
„Apple doesn’t want to send money to russia which is also illegal”
News 2024
Should've just sold on black market . Better luck next time .
- You trusted me? You fucking idiot. -Tim Apple
  
  What has trust go to do with anything. Apple cannot pay them due to sanctions. There is nothing to indicate they don't want to pay them, they are just legally not allowed to do so.
- No, Russia fucked Kaspersky on this by invading Ukraine.
  To be blunt, your spelling is atrocious even if you are not a native english speaker.
  Propaganda fueled alligator tears, cognitive dissonance, or just looney tunes bullshit?
  
  This is why I shouldnt comment when angry... You will say dumb shit you will reget later. So yes, looney tunes bullshit.
  
  No, Apple fucked themselves because one of the largest security firms now has much less incentive to work white hat.
Just pay them, Apple.

59 comments