back to article Titsup Apple Developer Centre mystery: Database interloper fingered

After days of silence over an outage that's outraged developers, Apple has announced that its Developer Centre was subject to an attempted intrusion. Since Thursday, 18 July, the Developer Centre website has been offline with this message: Apple Cupertino's silence has led to increasing speculation that the outage was due to …

COMMENTS

This topic is closed for new posts.
Silver badge

An intruder did or didn't

and they don't know?

Kudos to them for accepting the worse case scenario and overhauling their systems.

So many systems belonging to large corps are compromised so often that I think it is obvious that ones data is not safe in the hands of any company with Internet facing servers. I like to think that I know a bit about securing data and networked systems. The truth of the matter is that there will always be someone who could simply walk through any security measures I employ. I don't believe that there is any such thing as a secure system. Even if code and hardware can be made 100% secure, if a person other than oneself has access, it can be compromised.

4
2
Silver badge
Happy

Re: An intruder did or didn't

There's a saying in physical security that the only completely secure building is one with no way in or out. It's all about risk management.

1
0
Anonymous Coward

Re: An intruder did or didn't

To sit on the leak for the best part of a week while the PR dept. apply the best spin they can muster then puff out a press release is somehow worthy of kudos? I think not. Those affected should have been notified as a matter of urgency not kept in the dark. Shameful.

1
0
Silver badge

Re: An intruder did or didn't

It's sometimes good PR to wait until you know what you're talking about before speaking

0
1
Anonymous Coward

Re: An intruder did or didn't

Sony opted to be 100% honest and adopt the worst case scenario when they couldn't be 100% sure, the press savaged them for this.

Apple have taken the best case, and seem to have been let off the hook...

0
0

"...customer information is securely encrypted."

[I feel so much better now.]

China has the world's fastest supercomputer.

1
1
Silver badge

It seems unlikely the Chinese would be interested in devoting the resources to hack weather, calculator and fart apps. Targeting the developers seems more of a run of the mill hack with no super strategy behind it: Just do it and see if something 'worthwhile' happens.

3
1

China seems to take the same Keith Alexander, NSA approach to data. The whole haystack, vacuum-cleaner approach. See what neat stuff falls out of the bag.

And no, there are more there than fart apps.

0
0
Silver badge

Attention Apple App Developers!

Prepare to be spammed with offers from Microsoft to develop/port apps for Win 8, RT, and Win Phone platforms!

8
0
Silver badge
FAIL

And we thought ...

and were told, ad nauseum, that Apple is fault and error free.

Bollocks.

P.S. They also lie.

3
8

Re: And we thought ...

It's software and hardware reviewers fault that misperception continues.

When's the last time they did an in-depth look at the landfill of complaints over the past 20 years about Apple stuff on Apple's own tech-help and 3rd party help websites?

Because an issue is restricted to <1% of users, it doesn't reach any threshold of action or discussion. But there are literally thousands of such issues that never do get resolved. I know this, having used Apple computers almost exclusively for almost 25 years.

1
1
Anonymous Coward

Re: And we thought ... @JaitcH

I don't think they have ever claimed they are fault and error free.

They have just been lucky for a long time, and I can't see that they are telling porkies. Looks like they took their time to find out what was wrong, then told everyone.

2
1
Anonymous Coward

Re: And we thought ... @JaitcH

Apart from all those adverts where they did the PC vs Mac thing, and they made some pretty outrageous claims, such as no-viruses, more secure, faster, etc. etc.

0
0

Re: And we thought ... @JaitcH

Indeed. In fact in one sentence they used two differing definitions of the word virus (proper and malware) to hoodwink their customers.

Until recently they claimed that OSX's built in "defences" kept you safe, until a complaint from the ASA (post flashback) forced them to drop absolutes such as "safe" in favour of implied terms such as "safer".

Mind you what do you expect of the firm that told the courts that prior to the iPhone, all phones had small screens and keyboards...

0
0

According to http://thenextweb.com/apple/2013/07/22/researcher-claims-he-told-apple-of-developer-center-vulnerability-but-didnt-maliciously-steal-data/

a white hat hacker, Ibrahim Balic, "hacked" the site to prove his recently discovered vulnerabilities to Apple. 4 hours after he notified them the plug was pulled.

It looks as though Apple were unaware of the breach until he told them. Which begs the question, how can they be sure that they haven't previously been compromised?

1
1
Unhappy

How can they be sure that they haven't previously been compromised?

They can't.

My Apple ID has been receiving spam with my full name on it to my primary, unrevealed alias. I wonder if there's a connection?

Also, I like it how Apple will extend subscriptions, but only if they expired. What about the downtime--is that not worth an extension all by itself?

As to the "Apple is a shining beacon of hope blah blah blah" brigade, please:

1. If you aren't a user of Apple products, go away. You're not helping.

2. If you *are* a user of Apple products, please consider submitting feedback on the respective product pages every single time you find a problem. If you have a dev account, please go to http://bugreport.apple.com/ and file clear bug reports as best you can. We can't change the perception that Apple is so-so about the robustness of its products unless we have clear evidence that Apple simply doesn't listen to its customers. The problem is probably just that enough voices aren't being heard, not that the problems aren't important enough.

1
2
Silver badge
Stop

"White hat hacker"...yeah right

If he's white hat, why exactly did he grab details from 100,000 users? Shouldn't the 73 Apple employees be more than good enough to demonstrate to Apple that he had found some real vulnerabilities that needed immediate attention. This raises a huge red flag to me, and obviously to Apple as well.

Once Apple saw that, and the details on the 73 employees he provided to them demonstrating he was for real, they had to treat this as an emergency and shut it down. They had no choice. They have no idea if this guy is really a white hat hacker or if he's going to try to blackmail them, sell information about the exploit to others, or indeed if he had already done so.

Just because he says "I'm in Facebook's White Hat list" they're supposed to believe he's a good guy? If I were a major corporation that would not make me think "OK, I won't worry he downloaded details on 100,000 users"

0
0

Re: "White hat hacker"...yeah right

"If he's white hat, why exactly did he grab details from 100,000 users? Shouldn't the 73 Apple employees be more than good enough to demonstrate to Apple that he had found some real vulnerabilities that needed immediate attention. This raises a huge red flag to me, and obviously to Apple as well."

Perhaps he used the 100,000 to determine which were Apple employees.

If he wanted to blackmail Apple why would he have pointed out the bugs to them- prior to going further?

You are correct that Apple had to pull the plug but this would have had to happened regardless and should have happened when they were first notified. I appreciate it takes a while to verify bug reports but increasingly these firms are too arrogant to believe that they are anything less than perfect.

0
0
Anonymous Coward

angered developers who spent a weekend on the Refresh button

Surely it's a good excuse to be down the pub rather than working at the weekend ...

3
0

Refresh Button is one of those new made up drugs

you know, a bit like CAKE

3
0
Silver badge
Mushroom

spent a weekend on the Refresh button wondering when the site would return

Could have helped me mixing concrete...

1
0
Anonymous Coward

90m account details stolen

But unlike Sony, Apple have taken the Microsoft approach are hoping to cover it all up.

1
0
Silver badge

Re: 90m account details stolen

"Anonymous Coward"

Anonymous? You wish!

0
0
Anonymous Coward

Re: 90m account details stolen

"taken the Microsoft approach are hoping to cover it all up"

Microsoft disclose pretty much everything and have done since 1984 - the only exception being for privately communicated issues that if revealed could put customers at risk pending a patch release....

0
0

Re: 90m account details stolen

"Microsoft disclose pretty much everything and have done since 1984 - the only exception being"... And their (slightly less than Apple=esque) tax avoidance.

0
0
Anonymous Coward

As an app developer, this doesn't surprise me. Their developer system is so convoluted and confusing, it's amazing to me how little they care about their developers. For Android it is as simple as uploading the content, for iTunes it's an absolute nightmare. If they spent 10% of the time on user experience for the dev side that they do on the hardware side, it would be a 100% improvement. It feels as though they think that since their market is so big, and developers need it to make ends meet, that they don't have to work on our user experience at all. With that in mind, I would dare say I am feeling that Apple doesn't care about us.

Now with this security breach, it shows their sloppy coding even moreso. We're probably all going to get spammed for Viagra now. Please care more about your developers, Apple, because we care about you.

1
0
Go

"In the spirit of transparency"

That's funny!

0
0
Bronze badge

Hilarious transparency.

so they took it down Thursday for 'maintenance' with the intruder still 'out there'.

Saturday they panic, not knowing what they are doing.

Sunday the 'intruder' also panics knowing his security reports are what did it.

Obviously he might know more than the Apple technicians so why was he not flown in as an advisor immediately? I admire the Apple plan of attack to distract from what now looks like technical incompetence.

0
0
Bronze badge

'On the run'

The white hat hacker was probably 'on the run'' and panicked.

Expecting to be living it up no expense spared while helping them fix it, instead he sat there waiting a police raid!

How would you react?

0
0
Anonymous Coward

Google security hole - well rewarded , Apple.....

you become a fugitive.

Just Google it!

0
0
Bronze badge

Clearly isn't just the developer accounts that were lifted. Even if they were in this attack, there's a mass password reset request going on with apple IDs, quite a few people I know have been affected.

If apple are denying it somebody should ask why so many people who clearly don't have dev accounts are getting so many reset emails that they have to take to twitter to complain - https://twitter.com/search/realtime?q=apple%20id%20reset&src=typd

All started on the 20th.

0
0
This topic is closed for new posts.

Forums