Titsup Apple Developer Centre mystery: Database interloper fingered After days of silence over an outage that's outraged developers, Apple has announced that its Developer Centre was subject to an attempted intrusion. Since Thursday, 18 July, the Developer Centre website has been offline with this message: Apple Cupertino's silence has led to increasing speculation that the outage was due …
and they don't know?
Kudos to them for accepting the worse case scenario and overhauling their systems.
So many systems belonging to large corps are compromised so often that I think it is obvious that ones data is not safe in the hands of any company with Internet facing servers. I like to think that I know a bit about securing data and networked systems. The truth of the matter is that there will always be someone who could simply walk through any security measures I employ. I don't believe that there is any such thing as a secure system. Even if code and hardware can be made 100% secure, if a person other than oneself has access, it can be compromised.
To sit on the leak for the best part of a week while the PR dept. apply the best spin they can muster then puff out a press release is somehow worthy of kudos? I think not. Those affected should have been notified as a matter of urgency not kept in the dark. Shameful.
It's software and hardware reviewers fault that misperception continues.
When's the last time they did an in-depth look at the landfill of complaints over the past 20 years about Apple stuff on Apple's own tech-help and 3rd party help websites?
Because an issue is restricted to <1% of users, it doesn't reach any threshold of action or discussion. But there are literally thousands of such issues that never do get resolved. I know this, having used Apple computers almost exclusively for almost 25 years.
Indeed. In fact in one sentence they used two differing definitions of the word virus (proper and malware) to hoodwink their customers.
Until recently they claimed that OSX's built in "defences" kept you safe, until a complaint from the ASA (post flashback) forced them to drop absolutes such as "safe" in favour of implied terms such as "safer".
Mind you what do you expect of the firm that told the courts that prior to the iPhone, all phones had small screens and keyboards...
According to http://thenextweb.com/apple/2013/07/22/researcher-claims-he-told-apple-of-developer-center-vulnerability-but-didnt-maliciously-steal-data/
a white hat hacker, Ibrahim Balic, "hacked" the site to prove his recently discovered vulnerabilities to Apple. 4 hours after he notified them the plug was pulled.
It looks as though Apple were unaware of the breach until he told them. Which begs the question, how can they be sure that they haven't previously been compromised?
They can't.
My Apple ID has been receiving spam with my full name on it to my primary, unrevealed alias. I wonder if there's a connection?
Also, I like it how Apple will extend subscriptions, but only if they expired. What about the downtime--is that not worth an extension all by itself?
As to the "Apple is a shining beacon of hope blah blah blah" brigade, please:
1. If you aren't a user of Apple products, go away. You're not helping.
2. If you *are* a user of Apple products, please consider submitting feedback on the respective product pages every single time you find a problem. If you have a dev account, please go to http://bugreport.apple.com/ and file clear bug reports as best you can. We can't change the perception that Apple is so-so about the robustness of its products unless we have clear evidence that Apple simply doesn't listen to its customers. The problem is probably just that enough voices aren't being heard, not that the problems aren't important enough.
If he's white hat, why exactly did he grab details from 100,000 users? Shouldn't the 73 Apple employees be more than good enough to demonstrate to Apple that he had found some real vulnerabilities that needed immediate attention. This raises a huge red flag to me, and obviously to Apple as well.
Once Apple saw that, and the details on the 73 employees he provided to them demonstrating he was for real, they had to treat this as an emergency and shut it down. They had no choice. They have no idea if this guy is really a white hat hacker or if he's going to try to blackmail them, sell information about the exploit to others, or indeed if he had already done so.
Just because he says "I'm in Facebook's White Hat list" they're supposed to believe he's a good guy? If I were a major corporation that would not make me think "OK, I won't worry he downloaded details on 100,000 users"
"If he's white hat, why exactly did he grab details from 100,000 users? Shouldn't the 73 Apple employees be more than good enough to demonstrate to Apple that he had found some real vulnerabilities that needed immediate attention. This raises a huge red flag to me, and obviously to Apple as well."
Perhaps he used the 100,000 to determine which were Apple employees.
If he wanted to blackmail Apple why would he have pointed out the bugs to them- prior to going further?
You are correct that Apple had to pull the plug but this would have had to happened regardless and should have happened when they were first notified. I appreciate it takes a while to verify bug reports but increasingly these firms are too arrogant to believe that they are anything less than perfect.
As an app developer, this doesn't surprise me. Their developer system is so convoluted and confusing, it's amazing to me how little they care about their developers. For Android it is as simple as uploading the content, for iTunes it's an absolute nightmare. If they spent 10% of the time on user experience for the dev side that they do on the hardware side, it would be a 100% improvement. It feels as though they think that since their market is so big, and developers need it to make ends meet, that they don't have to work on our user experience at all. With that in mind, I would dare say I am feeling that Apple doesn't care about us.
Now with this security breach, it shows their sloppy coding even moreso. We're probably all going to get spammed for Viagra now. Please care more about your developers, Apple, because we care about you.
so they took it down Thursday for 'maintenance' with the intruder still 'out there'.
Saturday they panic, not knowing what they are doing.
Sunday the 'intruder' also panics knowing his security reports are what did it.
Obviously he might know more than the Apple technicians so why was he not flown in as an advisor immediately? I admire the Apple plan of attack to distract from what now looks like technical incompetence.
Clearly isn't just the developer accounts that were lifted. Even if they were in this attack, there's a mass password reset request going on with apple IDs, quite a few people I know have been affected.
If apple are denying it somebody should ask why so many people who clearly don't have dev accounts are getting so many reset emails that they have to take to twitter to complain - https://twitter.com/search/realtime?q=apple%20id%20reset&src=typd
All started on the 20th.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
