That data set, combined with a hole in Safari for iPad that the group says Apple has failed to fix since March, could put iPad users at serious risk against foreign cyber criminals, Auernheimer argued: "When we disclosed this, we did it as a service to our nation. We love America and the idea of the Russians or Chinese being able to subvert American infrastructure is a nightmare."
The question, again, is whether or not Ormandy and Goatse did the right thing. On the one hand, their actions have equipped would-be bad guys with tools to take advantage of innocent end-users. Perhaps Microsoft, AT&T, and Apple have compelling reasons to work at their own pace in addressing security issues and to ensure those fixes are done properly.
Yet on the other hand, two months is a long time to wait for a patch of a security hole, whether it's in Windows XP or Safari for the iPad. If a white hat hacker group knows about a vulnerability or if a security engineer knows about a vulnerability, it's entirely possible that a professional cyber criminal or an entire syndicate knows about the hole as well.
The real difference is now the public knows about the problem, which means two things: First, users can be more vigilant and take steps to protect their data as best they can. Second, AT&T, Microsoft, and Apple are (or should be) feeling heavy pressure from customers, shareholders, and the public at large to fix the problem. And bad PR, combined with potentially lost business revenue, can spur a company to do the right thing.
The bottom line, end-users and organizations alike rely on technology companies such as Microsoft, Apple, and AT&T to keep their data safe -- or as safe as possible. Yes, it's tough to keep up with the bad guys who work 24/7 to uncover security holes. The question is, do Microsoft, Apple, and AT&T similarly work 24/7 to close those holes when they're revealed? My inner cynic says no, they're putting their resources toward more profitable endeavors; for the time being, white hat dark knights do serve a useful purpose.
This article, "Do cyber vigilantes make the computing world safer?," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.