Do you develop on GitHub? You can keep using GitHub but automatically
sync your GitHub releases to SourceForge quickly and easily with
this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today! ×
165258922 story Patrick Wardle, founder of the Objective-See Foundation, a nonprofit that creates open-source security tools for macOS, has had his code make its way into a number of commercial products over the years -- "all without the users crediting him or licensing and paying for the work," reports The Verge. Wardle, a Mac malware specialist and former employee of the NSA and NASA, will lay out his case in a presentation today at the Black Hat cybersecurity conference with Tom McGuire, a cybersecurity researcher at Johns Hopkins University. From the report:
The problem, Wardle says, is that it's difficult to prove that the code was stolen rather than implemented in a similar way by coincidence. Fortunately, because of Wardle's skill in reverse-engineering software, he was able to make more progress than most. "I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common," Wardle told The Verge in a call before the talk. "Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern." One of the central examples in Wardle's case is a software tool called OverSight, which Wardle released in 2016. Oversight was developed as a way to monitor whether any macOS applications were surreptitiously accessing the microphone or webcam, with much success: it was effective not only as a way to find Mac malware that was surveilling users but also to uncover the fact that a legitimate application like Shazam was always listening in the background. [...] But years after Oversight was released, he was surprised to find a number of commercial applications incorporating similar application logic in their own products -- even down to replicating the same bugs that Wardle's code had.
Three different companies were found to be incorporating techniques lifted from Wardle's work in their own commercially sold software. None of the offending companies are named in the Black Hat talk, as Wardle says that he believes the code theft was likely the work of an individual employee, rather than a top-down strategy. The companies also reacted positively when confronted about it, Wardle says: all three vendors he approached reportedly acknowledged that his code had been used in their products without authorization, and all eventually paid him directly or donated money to the Objective-See Foundation.
The Verge notes that Wardle's cousin Josh Wardle created the popular Wordle game, which was purchased earlier this year by The New York Times.
An engineering environment unlike any other We pride ourselves on being a challenger to Big Tech. But we're no small fry - with up to 11 million queries per second, SLAs in the milliseconds, and up to 120 terabytes of data generated each day, we're tackling data and software challenges at massive scale.
You can apply here.