PDA

View Full Version : Apple Fighting Back Against In App Purchase Hack, But Service Still Operational




MacRumors
Jul 16, 2012, 10:02 AM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2012/07/16/apple-fighting-back-against-in-app-purchase-hack-but-service-still-operational/)


http://images.macrumors.com/article-new/2011/05/in_app_purchase_icon.jpg

Late last week, we reported (http://www.macrumors.com/2012/07/13/hacker-releases-tools-for-bypassing-apples-in-app-purchase-mechanism/) on the launch of a new method to allow App Store users to bypass Apple's In App Purchase mechanism and receive additional content free of charge. At the time, we noted that use of the method involved theft of content from developers and exposed iOS device users to dangers as their account and device information was being routed to servers under the control of the Russian hacker running the service, but we felt that reporting on the issue to bring it to light was the responsible thing to do in order to alert developers to the issue and perhaps spur Apple into action.

The Next Web now follows up (http://thenextweb.com/apple/2012/07/16/apple-begins-bid-to-block-in-app-purchasing-flaw-but-service-remains-operational-for-now/) with a report outlining some of the steps Apple has been taking to combat the issue, including issuing a copyright claim to have the original video showing the hack in action pulled from YouTube.Over the weekend, Apple began blocking the IP address of the server used by Russian hacker Alexey V. Borodin to authenticate purchases.

It followed this up with a takedown request on the original server, taking down third-party authentication with it, also issuing a copyright claim on the overview video Borodin used to document the circumvention method. PayPal also got involved, placing a block on the original donation account for violating its terms of service.The hacker, Alexey Borodin, remains committed to the service and has been working to skirt around the roadblocks being thrown up by Apple, in part by moving the service to a server in another country, but it is clear that Apple is working on the issue and addressing it through multiple routes in order to improve the security of In App Purchase content. For now, however, the service remains operational.

Article Link: Apple Fighting Back Against In App Purchase Hack, But Service Still Operational (http://www.macrumors.com/2012/07/16/apple-fighting-back-against-in-app-purchase-hack-but-service-still-operational/)



thelink
Jul 16, 2012, 10:06 AM
Leave it to Apple to take away someone's fun.... :rolleyes:

Shrink
Jul 16, 2012, 10:06 AM
Ripping off the devs....putz!:mad:

madrag
Jul 16, 2012, 10:07 AM
It's like a tick, very hard to catch...

Mad Mac Maniac
Jul 16, 2012, 10:09 AM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

aristotle
Jul 16, 2012, 10:10 AM
I feel sorry for Alexey Borodin. He has no moral centre.

JGowan
Jul 16, 2012, 10:13 AM
It's like a tick, very hard to catch...I think you mean "flea". Fleas are super fast jumpers. On the other hand, Ticks either crawl very slowly on you or are attached, sucking on you (or your pet.)

sweetbrat
Jul 16, 2012, 10:16 AM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

If someone wants to steal, they'll find some way to do it. I don't think it's fair to blame the news sites for posting this. It's relevant to the MacRumors community because it involves a security issue. I think it's actually helpful that places are posting it, provided they're also telling people why it's insanely stupid to use this hack. It might actually discourage some people from trying it.

haincha
Jul 16, 2012, 10:16 AM
Any person with a jailbreak can get this same thing, without having to send your info through a rogue server. If you're non jailbroken and attempt this, you deserve any penalty that could be handed out. I know devs have a way of checking if you have legitimately purchased their app, same thing can apply. Or do like that FPS game did for PS3, pirates get an unkillable mob that just rages until you're dead.

LastLine
Jul 16, 2012, 10:17 AM
Leave it to Apple to take away someone's fun.... :rolleyes:

You realise this isn't 'someone's fun' - it's theft, that affects developers income.

bartonlynch
Jul 16, 2012, 10:17 AM
Leave it to Apple to take away someone's fun.... :rolleyes:

Leave it to hackers to steal from people who worked hard on their products :rolleyes:

DisMyMac
Jul 16, 2012, 10:19 AM
All the Napster thieves suddenly grow up....

gnasher729
Jul 16, 2012, 10:20 AM
From the article: Borodin also notes that Apple has not contacted him over the issue.
Of course Apple would not contact _him_. They would be contacting the police where he lives.

Glideslope
Jul 16, 2012, 10:21 AM
It's like a tick, very hard to catch...

Just kill the host body. ;)

Uncle Ruckus
Jul 16, 2012, 10:22 AM
I think what he doing is wrong but who am I to say.

Uncle Ruckus no relations

writingdevil
Jul 16, 2012, 10:22 AM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

Agreed. And they not only reported, in detail, about it, but posted a video showing exactly how to execute it. Several people commented on the risk of doing this and, of course, got "grow up" feedback from others who seemed to enjoy the opportunity for theft.

i'm not a developer and couldn't be if I wanted to as I just don't have the skill set to program day in and day out. But it makes me wonder, if the people who do hack, who enjoy "breaking and entering, theft of product" would, if given the means, break into a store and take merchandise, knowing they wouldn't get caught? I work in film and every illegal download of media may not represent a purchase that would have been made since some people wouldn't pay if that were the only way to get the product, but it reduces the pool from which we get paid. The same could apply to any product or service, but somehow the theft of media and certainly the current hacking craze means a lot of ordinary "law abiding" users don't mind a little theft,once in a while. Even more weird is the logic "if they didn't charge so much, then I wouldn't steal." That's the gangbangers mantra. Maybe it's moving mainstream?

Mad Mac Maniac
Jul 16, 2012, 10:22 AM
If someone wants to steal, they'll find some way to do it.

You mean like how people have been stealing from the app store for the past 4 years? :rolleyes:

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.

Glideslope
Jul 16, 2012, 10:23 AM
All the Napster thieves suddenly grow up....

Scary thought. :apple:

nagromme
Jul 16, 2012, 10:24 AM
Any person with a jailbreak can get this same thing, without having to send your info through a rogue server. If you're non jailbroken and attempt this, you deserve any penalty that could be handed out. I know devs have a way of checking if you have legitimately purchased their app, same thing can apply. Or do like that FPS game did for PS3, pirates get an unkillable mob that just rages until you're dead.

If you ARE jailbroken and attempt this, you still deserve punishment. Stealing from developersí hard work is what gives jailbreaking a bad name.

dynamojoe
Jul 16, 2012, 10:25 AM
I think the best way for Apple to stop this would be to start emailing all the thieves receipts and charging their credit cards, or just cancelling their iTunes accounts.

aamirshah
Jul 16, 2012, 10:27 AM
wow this is sure very bad news for apple. how do they hack such a secure systems, i remember few months ago hackers hacked psn network and caused sony millions.

xraydoc
Jul 16, 2012, 10:27 AM
You mean like how people have been stealing from the app store for the past 4 years? :rolleyes:

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.

Karma's a bitch.

writingdevil
Jul 16, 2012, 10:28 AM
... I think it's actually helpful that places are posting it, provided they're also telling people why it's insanely stupid to use this hack. It might actually discourage some people from trying it.

This kind of reasoning totally escapes, at least for me, any form of logic one subscribes to. "Let's show people, specifically and in detail, how to X, it will certainly discourage people from doing X. ?????????????

PBG4 Dude
Jul 16, 2012, 10:29 AM
You mean like how people have been stealing from the app store for the past 4 years? :rolleyes:

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.

If the thought of giving someone the credentials to your iTunes account (and all the power that entails) in order to save a buck doesn't deter you from pirating (again, over chump change), then you deserve all the ID theft coming your way.

Honestly, you're using an at least $200 device (iPod touch) in order to steal relatively pennies' worth of goods. Yay.

blucable
Jul 16, 2012, 10:29 AM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

I think you are the only one. It's good that they post this, I mean, if it was like Windows stuff, the OS costs $350, that is a ridiculous price for something you can only use in one computer, if you use it more than 3 times in one computer you are screwed, you need to buy a new license. At this point I would go and pirate the crap out of that windows.

In apple's case tho, I mean for real? you are going to crack $0.99 apps? it is totally ridiculous, even the Lion upgrade which I bought 2 days ago for $29.99 that is quite an affordable price, and you get a top quality OS or apps. Customers who pay for their stuff are the ones that allow apple to keep developing better applications and OS, come on, they dont get paid, there's poor or no development at all. Isn't that encouraging enough to go pay for the software you get?

sweetbrat
Jul 16, 2012, 10:29 AM
You mean like how people have been stealing from the app store for the past 4 years? :rolleyes:

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.

They're not saying "don't do this or you might get caught." They're saying that if you do this, you're sending your private information to someone who is already stealing from others. So if you do it, there's a good chance that you'll get stolen from, too. To me, that seems like a decent way to discourage people from doing it.

The whole issue of whether or not something should be reported on isn't unique to this story. There's always things to take into consideration. It's deciding if the good outweighs the bad, or if the bad overcomes the public's right to know. That's a decision that all news outlets have to make, and at least with MacRumors it sounds like they didn't take the decision lightly.

Schizoid
Jul 16, 2012, 10:30 AM
...Apple could unleash the ultimate deterrent... give him a job!

sweetbrat
Jul 16, 2012, 10:31 AM
This kind of reasoning totally escapes, at least for me, any form of logic one subscribes to. "Let's show people, specifically and in detail, how to X, it will certainly discourage people from doing X. ?????????????

No...posting what the consequences are likely to be is the deterrent. You're sending your personal information to a hacker. That should be a deterrent to any logical person out there. If it's not, they're going to find a way to steal it, whether through this method or something else.

charlituna
Jul 16, 2012, 10:36 AM
Ripping off the devs....putz!:mad:

That's not even what its really about. He's using folks distaste for 'greedy developers' to get access to Apple IDs that might have usable credit cards on them. Use them to get hardware he can sell on ebay etc. Even those that have iTunes credits on them can be of use to him cause he can get free movies and such, rip the DRM off them and post them online (on a site with ads of course) and so on

That he can stick to the developers is just icing on the cake

charlituna
Jul 16, 2012, 10:41 AM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

I agree somewhat. I think that its good that sites are mentioning it, particularly also pointing out the security risk. It's that they are telling in detail how it is done that I disagree with. Same with giving links to his guy's youtube, website etc.

----------

You realise this isn't 'someone's fun' - it's theft, that affects developers income.

the classic argument for the other side would be that they weren't going to pay for it anyway so the developer isn't getting the money he wasn't going to get in the first place so how was anything stolen.

They use the same thing to 'justify' torrents and such.

----------

I think the best way for Apple to stop this would be to start emailing all the thieves receipts and charging their credit cards, or just cancelling their iTunes accounts.

You missed an important detail. This isn't going through Apple's servers so how do they know who to screw over. They don't.

Tmelon
Jul 16, 2012, 10:43 AM
I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

Kaibelf
Jul 16, 2012, 10:44 AM
Leave it to Apple to take away someone's fun.... :rolleyes:

I do hope you're being sarcastic.

ArtOfWarfare
Jul 16, 2012, 10:45 AM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

I'm a developer and I appreciate it that MacRumors is keeping me updated on the status of this hack.

coalchamber1022
Jul 16, 2012, 10:46 AM
Haven't cracked apps been around for a long time since jailbreaking was first found? I'm not sure why nothing was done to enforce that but once in-app purchases were cracked now everybody is up in arms about it.

Plus I feel some of these in-app purchases are way too expensive, If I pay for the app the most expensive in-app purchase should be 10 bucks. 99$ dollars for some in app money is ridiculous for that much one should get infinite money.

JohnDoe98
Jul 16, 2012, 10:50 AM
I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

Because Apple doesn't negotiate with software terrorists!:D

ChazUK
Jul 16, 2012, 10:50 AM
I hope the thieving sh**s have their bank accounts wiped out via their iTunes credentials that are exposed.

sweetbrat
Jul 16, 2012, 10:52 AM
Plus I feel some of these in-app purchases are way too expensive, If I pay for the app the most expensive in-app purchase should be 10 bucks. 99$ dollars for some in app money is ridiculous for that much one should get infinite money.

This is irrelevant. Just because you think something is too expensive, it doesn't give you the right to steal it. If you went to a store and the video game you wanted was too expensive, would you steal it? It's the same thing, only since apps are digital files people seem to think they can do whatever they want to get them. People try to justify it by saying that the developers are charging too much. That argument doesn't hold up.

geoffm33
Jul 16, 2012, 10:54 AM
Haven't cracked apps been around for a long time since jailbreaking was first found? I'm not sure why nothing was done to enforce that but once in-app purchases were cracked now everybody is up in arms about it.

Plus I feel some of these in-app purchases are way too expensive, If I pay for the app the most expensive in-app purchase should be 10 bucks. 99$ dollars for some in app money is ridiculous for that much one should get infinite money.

Cracked apps are available in jailbroken phones. This hack is for stock phones.

As has been mentioned in other threads, if you feel the in app purchases are too expensive, don't buy the app in the first place. The developer sets the price, you make the decision to buy it.

In the app store, for apps that have IAP there is a link to "Top In-App Purchases". Click it and you'll see whats available. And/or read a review.

JHankwitz
Jul 16, 2012, 10:55 AM
the classic argument for the other side would be that they weren't going to pay for it anyway so the developer isn't getting the money he wasn't going to get in the first place so how was anything stolen.

Let me get this straight... If I'm not planning to pay for your car you parked out on the street, and you weren't going to get any money from me in the first place, it's OK for me to steel it? Please tell me where you live.

geoffm33
Jul 16, 2012, 10:55 AM
Because Apple doesn't negotiate with software terrorists!:D

From what I understand of the hack, I don't think Apple needs to speak with him. I imagine they have a good idea what he's done.

Reeebo
Jul 16, 2012, 10:56 AM
Free Alexey!

AR999
Jul 16, 2012, 10:56 AM
From the article:
Of course Apple would not contact _him_. They would be contacting the police where he lives.

The police?

What makes you think this is a criminal matter. Wherever he lives it will likely be considered as a civil matter.

BTW, its not "theft" in any kind of legal sense.

WeegieMac
Jul 16, 2012, 11:02 AM
Surely Apple will also be able to trace those who used this service to obtain IAP content illegally?

You could find your Apple I.D suddenly become inactive, folks.

Enjoy!

Tmelon
Jul 16, 2012, 11:07 AM
I hope the thieving sh**s have their bank accounts wiped out via their iTunes credentials that are exposed.

Unfortunately, Apple can't just go to your bank accounts and take all your money. It would be a mess of Civil lawsuits that I doubt Apple is going to pursue.

justperry
Jul 16, 2012, 11:10 AM
I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

Yeah, and one thing leads to another, you want to end up in a country where I currently reside, Indonesia where corruption, collusion, bribing and the lot is a daily problem.

Marcus-k
Jul 16, 2012, 11:14 AM
Let me get this straight... If I'm not planning to pay for your car you parked out on the street, and you weren't going to get any money from me in the first place, it's OK for me to steel it? Please tell me where you live.

Not if you stole it, but if you copied it so we both got a perfect copy of the car i would gladly give that to you for free.

ChazUK
Jul 16, 2012, 11:15 AM
Unfortunately, Apple can't just go to your bank accounts and take all your money. It would be a mess of Civil lawsuits that I doubt Apple is going to pursue.

I'm not even suggesting it'll be Apple doing this.

When used the hack sends your iTunes login and password in plain text to the hosts meaning you're potentially letting yourself into a bag of hurt if they are harvesting these logins for malicious purposes.

If people are stupid enough to put something that may be directly linked to their bank accounts at risk over a "free" in app purchase, they deserve some kind of recourse.

Shearwater
Jul 16, 2012, 11:15 AM
Because Apple doesn't negotiate with software terrorists!:D


...well..unless they are speaking to Microsoft or Adobe..lol

C.G.B. Spender
Jul 16, 2012, 11:16 AM
Itís just plain wrong and must end, but on the other hand when you think there are some games where these so called developers are just extorting money from people that play those games plain and simple.

There is one good example in that video where this russian chap shows how itís working. 19.99 for some crazy ass points in app purchase? Seriuosly?

ghostface147
Jul 16, 2012, 11:18 AM
Yeah, and one thing leads to another, you want to end up in a country where I currently reside, Indonesia where corruption, collusion, bribing and the lot is a daily problem.

Isn't that every country? Some are just more open about it than others.

geoffm33
Jul 16, 2012, 11:19 AM
Not if you stole it, but if you copied it so we both got a perfect copy of the car i would gladly give that to you for free.

What if you built the car and it cost you $15,000. And you would gladly make a copy for anyone that is willing to pay you, say, $50.

And you are hoping you can get enough people to buy it at $50 to recoup development costs, invest in future car production and make a profit for yourself (you don't work for free you know!).

How many people are you willing to let walk away with a copy of your car for free?

EDIT: Just because someone claims they would never have paid you in the first place would not factor in my decision making to answer that question.

gnasher729
Jul 16, 2012, 11:21 AM
I feel sorry for Alexey Borodin. He has no moral centre.

I'm wondering if there is something mentally wrong with him. Apart from the moral side, if I had written this then surely I would start thinking now. Maybe not whether what I'm doing is wrong, but whether what I'm doing is getting me into serious trouble. One likely consequence of his actions is "never being able to set foot into the USA or Western Europe", but worse things might happen.


It’s just plain wrong and must end, but on the other hand when you think there are some games where these so called developers are just extorting money from people that play those games plain and simple.

There is one good example in that video where this russian chap shows how it’s working. 19.99 for some crazy ass points in app purchase? Seriuosly?

Why would that be "extorting money"? Is there anyone forcing you to buy "crazy ass points"? If you think that these "crazy ass points" are not worth 19.99, which they probably aren't, then don't buy and play the game without, and if the game is no fun without these points, then delete the game.

tbrinkma
Jul 16, 2012, 11:21 AM
Unfortunately, Apple can't just go to your bank accounts and take all your money. It would be a mess of Civil lawsuits that I doubt Apple is going to pursue.

:eek: Way to miss the OP's point.

I don't think he was suggesting that *Apple* would be the one to do it. If you use this hack, you're sending your iTunes account info to a guy who has absolutely no qualms about ripping people off. What on earth would lead you to believe that he wouldn't rip *you* off?

thelink
Jul 16, 2012, 11:24 AM
I do hope you're being sarcastic.

Of course...hence the "rolleyes"

vsighi
Jul 16, 2012, 11:25 AM
Free Alexey!

I think your SOVIET lover is free and well...you can email him .i..

notyourattorney
Jul 16, 2012, 11:27 AM
What makes you think this is a criminal matter. Wherever he lives it will likely be considered as a civil matter.

Among other U.S. criminal laws he is violating, he is certainly committing wire fraud, which applies outside the U.S.

BTW, its not "theft" in any kind of legal sense.

Yes, it is. Assuming he's actually used his own system, he's committed intellectual property theft. Even if he hasn't, he's guilty of theft through accomplice and/or conspiracy principles.

gnasher729
Jul 16, 2012, 11:29 AM
The police?

What makes you think this is a criminal matter. Wherever he lives it will likely be considered as a civil matter.

BTW, its not "theft" in any kind of legal sense.

Not theft. But if you use this to convince the servers of company X to give you something without paying, then you can be sure that this falls straight under computer hacking laws which are definitely not a civil matter. It will also quite likely fall under fraud, since you tricked them into giving you service for free.

kustardking
Jul 16, 2012, 11:31 AM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

...and it informs the un-evil builders of tomorrow who will need to prevent this kind of cheat in the future. Using information-hiding to make a "better world" is a dangerous tack to take. I don't believe in the full spilling of all information at all times, but this is not a matter of national security.

justperry
Jul 16, 2012, 11:33 AM
Isn't that every country? Some are just more open about it than others.

Erm, No.

Maybe where you are from but I am originally from The Netherlands and it's rare there and so is it in many Northern European countries.
If I paid a bribe to the police in Holland I would be in huge trouble, not so much here, that is, until now I never did.
But, to speed up things my girlfriend pays a bit extra for my visa, cigarette money.:eek:

JAT
Jul 16, 2012, 11:45 AM
it is totally ridiculous, even the Lion upgrade which I bought 2 days ago for $29.99 that is quite an affordable price, and you get a top quality OS or apps. Customers who pay for their stuff are the ones that allow apple to keep developing better applications and OS, come on, they dont get paid, there's poor or no development at all. Isn't that encouraging enough to go pay for the software you get?
I hope that was for a computer that can't run Mountain Lion.

AppleGuesser
Jul 16, 2012, 11:54 AM
I hope that was for a computer that can't run Mountain Lion.

Me too. You can jump from SL on 10.6.8 to ML 10.8 if your Mac can run ML. No reason to spend money on an old OS that will be outdated in a week or two.

NewAnger
Jul 16, 2012, 11:55 AM
I hope the thieving sh**s have their bank accounts wiped out via their iTunes credentials that are exposed.

This hack has been enabled so that user logs out of his/her account before doing anything. The instructions say to do the purchase and then login using any made up user name and password. It never uses the persons real Apple ID to make the in app purchases.

Earendil
Jul 16, 2012, 12:16 PM
This kind of reasoning totally escapes, at least for me, any form of logic one subscribes to. "Let's show people, specifically and in detail, how to X, it will certainly discourage people from doing X. ?????????????

I think you and a few others didn't read the entire article, or read it very well.
The information is already out there. What MacRumors and other sites are doing is giving the entire story, which is that this man gets your iTunes account info and password when you use his "service". I don't think any sane person that reads the MacRumors article, even if they had zero moral issues with stealing, would actually procede to use it based on all the info that is provided.

----------


It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.

You either didn't read the entire article, or you're not very good with analogies :)

This is more like saying:
"Someone on the street is telling people that the combination to the corner convenience store vault is 32-16-50. The information is correct, but be warned that if you try and use it that your wallet will be taken from you."

This also allows all the small time devs to get a handle on what is going on, and take action if they are capable or care.

s15119
Jul 16, 2012, 12:34 PM
"For now, however, the service remains operational. "

It's not a service. It's a criminal enterprise.

----------

am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

I agree, I think it serves to directly assist the criminal enterprise. I also think it's deliberate.

Earendil
Jul 16, 2012, 12:46 PM
"For now, however, the service remains operational. "

It's not a service. It's a criminal enterprise.


It's a service regardless of its legality. Criminal Enterprises often times provide services.

I agree, I think it serves to directly assist the criminal enterprise. I also think it's deliberate.

How?! How is stating quite clearly that this is an illegal action that will result in a Russian Hacker having your iTunes account login and password in ANY way persuading anyone but the illiterate and incredibly stupid to go for this?

If you think that giving access to your account to an admitted criminal is worth saving $2 on the next set of Angry Birds levels, then you are a very silly person indeed. I'll tell you what, if you email me your account info and password I'll give you $20 to upgrade with. I will then use your account to download media until your account is locked due to insufficient funds. Fair trade, right?

ChazUK
Jul 16, 2012, 12:46 PM
This hack has been enabled so that user logs out of his/her account before doing anything. The instructions say to do the purchase and then login using any made up user name and password. It never uses the persons real Apple ID to make the in app purchases.

Thanks for explaining that. I hadn't realised those changes had been made to make it "safer".

huffboy
Jul 16, 2012, 12:53 PM
Cook please call up Putin to hunt this criminal down and send him to the firing squad. These kind of people are no different from thieves.

ironpony
Jul 16, 2012, 01:02 PM
Yes, I believe this is wrong.
But, can buying an app then having to make an in app purchase to use the app a form of bait and switch?
Does the money go directly to the developers or to the itunes store then to the developers. I think they may be directly robbing Apple. Not sure.

If I gave someone permissioon to sell copies and 1,000 were missing do I go to whom I gave permisssion or who received the product.
Again, I think they are robbing Apple.

Wow, what might Apple be able to do to an individual.

There should be a movie coming out of this.

This Russian is probably having a blast. (again it is wrong)

OK, wheres the new iPhones, I'm ready already.

Rodimus Prime
Jul 16, 2012, 01:03 PM
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

I am on the other side and think should for no other reason that to kick Apple into action. Apple tends not to fix a lot of things until the media starts reporting on it.

This was the right move because noticed how fast Apple went into action after being notificed. The hole could of been reported months before hand and Apple does nothing.

Rennir
Jul 16, 2012, 01:03 PM
Cook please call up Putin to hunt this criminal down and send him to the firing squad. These kind of people are no different from thieves.

So all thieves should be subject to capital punishment now? Slow down there bud. :cool:

geoffm33
Jul 16, 2012, 01:07 PM
Yes, I believe this is wrong.
But, can buying an app then having to make an in app purchase to use the app a form of bait and switch?

No, it isn't. All in-app purchases are listed in the app store along with the product they relate to. I haven't seen an app yet that is unusable unless you make a further purchase (not that they don't exist, I just haven't seen one.)


Does the money go directly to the developers or to the itunes store then to the developers. I think they may be directly robbing Apple. Not sure.

The money for IAP are split 70/30 just like the original app purchase.


If I gave someone permissioon to sell copies and 1,000 were missing do I go to whom I gave permisssion or who received the product.
Again, I think they are robbing Apple.


Those that perform this method of obtaining IAP are robbing the devs and Apple.


Wow, what might Apple be able to do to an individual.


Not sure what you mean here?


There should be a movie coming out of this.
This Russian is probably having a blast. (again it is wrong)
OK, wheres the new iPhones, I'm ready already.

Would not make for a very good movie, at all.

C.G.B. Spender
Jul 16, 2012, 01:16 PM
Why would that be "extorting money"? Is there anyone forcing you to buy "crazy ass points"? If you think that these "crazy ass points" are not worth 19.99, which they probably aren't, then don't buy and play the game without, and if the game is no fun without these points, then delete the game.

If you donít like this Ąserviceď donít use it. Good enough?

boyd1955
Jul 16, 2012, 01:22 PM
Perhaps it will stop a lot of these spam producers producing these crap apps ... Apple keep on pushing this idea that there are so many apps for things ... Yeah ... Right ... Nearly all of them are complete rubbish
There's literally about 200 that are of any use whatsoever
Don't pay for them guys
Down 'em and delete them when you realise what a waste of space they are

charlituna
Jul 16, 2012, 01:25 PM
This hack has been enabled so that user logs out of his/her account before doing anything. The instructions say to do the purchase and then login using any made up user name and password. It never uses the persons real Apple ID to make the in app purchases.

Now yes. But it seems originally you were sending a legit id and password.

gnasher729
Jul 16, 2012, 01:47 PM
If you donít like this Ąserviceď donít use it. Good enough?

If you want to use this "service" and turn yourself into a criminal, that's your decision. Good enough?

WRP
Jul 16, 2012, 01:49 PM
Someone giving a thief their username and password doesn't sound like the most intelligent individual.

charlituna
Jul 16, 2012, 02:04 PM
. The hole could of been reported months before hand and Apple does nothing.

Or Apple wasn't. Think about it, this takes money from them. You think they would know about it for months, lose money for months and do nothing. No, they would have come up with a fix, demanded all apps use it etc never with a word of why it is so importanr

bawbac
Jul 16, 2012, 02:42 PM
You realise this isn't 'someone's fun' - it's theft, that affects developers income.

But it's ok to use torrent to steal from corperations & musicians.:rolleyes:

ranReloaded
Jul 16, 2012, 02:43 PM
what if you built the car and it cost you $15,000. And you would gladly make a copy for anyone that is willing to pay you, say, $50.

And you are hoping you can get enough people to buy it at $50 to recoup development costs, invest in future car production and make a profit for yourself (you don't work for free you know!).

How many people are you willing to let walk away with a copy of your car for free?

edit: just because someone claims they would never have paid you in the first place would not factor in my decision making to answer that question.


this

Erwin-Br
Jul 16, 2012, 03:18 PM
I'm wondering how many of you using big words like "thieves" and "criminals" have never illegally downloaded music or a movie before.

Either all the Saints of the Internet are on this single forum, or we have a bunch of hypocrites here.

gwangung
Jul 16, 2012, 03:30 PM
I'm wondering how many of you using big words like "thieves" and "criminals" have never illegally downloaded music or a movie before.

Either all the Saints of the Internet are on this single forum, or we have a bunch of hypocrites here.

You are, of course, happy to say that to the original artists of this music, right? To their faces?

sweetbrat
Jul 16, 2012, 03:39 PM
I'm wondering how many of you using big words like "thieves" and "criminals" have never illegally downloaded music or a movie before.

Either all the Saints of the Internet are on this single forum, or we have a bunch of hypocrites here.

What's the point of this comment? It's pretty obvious that what this guy is doing is wrong. It's pretty obvious that people using a hack to get out of paying for something is basically stealing. Is it your argument that what this guy is doing is fine? Based on the fact that a lot of people take advantage of it?

And because I'm sure it will get brought up again, no, I haven't ever illegally downloaded music, a movie, or an app. There's a lot of us in this world that believe in paying for what we want instead of stealing it. If others can steal and it doesn't bother their conscience, so be it.

JDW
Jul 16, 2012, 04:41 PM
It's interesting to read through some of the posts over there:
http://www.in-appstore.com/

People there are basically divided in the same way as folks in this forum, with no one talking about the real problem or long-term solution. Everyone seems to be praising piracy or condemning it, or going off-topic on things like taxes.

This is really NAPSTER all over again. In the past, people stole music like mad because there was no popular legal means to get that music in a convenient, modern way like the iTunes Music Store. Now most people in deveoped countries buy their music (including myself) rather than stealing it. That's true not because NAPSTER's flame was extinguished but because Apple provided a convenient and reasonably priced solution.

But with app buying, you don't always know what your getting until you pay, and then you don't get your money back if you don't like what you paid for. Hence this Russian Developer, on some level, is to be praised as much as they are to be condemned, not unlike NAPSTER was to be praised ó not for encouraging theft, but for allowing people to Try Before We Buy, and to put pressure on the app industry (i.e., Apple) to change the status quo and give app buyers Trials and give developers App Upgrades in the app store.

We can howl and cry all we want about right and wrong, but these naughty guys often do more good than bad in the end, especially if we legitimate buyers of apps keep up the pressure in Apple to enacted improvements to the app buying experience:

http://www.apple.com/feedback/iphone.html
or
http://www.apple.com/feedback/ipad.html

Earendil
Jul 16, 2012, 05:31 PM
It's interesting to read through some of the posts over there:
http://www.in-appstore.com/

People there are basically divided in the same way as folks in this forum, with no one talking about the real problem or long-term solution. Everyone seems to be praising piracy or condemning it, or going off-topic on things like taxes.



I actually don't see anyone in here praising piracy. Most of the debate here centers around whether news sites should or should have reported on this. But since I like where you're going, I'll let the comparison slide :)


But with app buying, you don't always know what your getting until you pay, and then you don't get your money back if you don't like what you paid for.


I'm with you so far...

Hence this Russian Developer, on some level, is to be praised as much as they are to be condemned,


And you lost me. The problem with allowing this guy to represent your nice idea, is that he is letting you "try" in app software upgrades or new content. You already HAVE tried the app at the point where this Russian steps up to the plate.

Try before you buy Apps would be a great thing. I don't know if I've ever bought traditional desktop software without using a demo/shareware version. The exception would be computer games, but in that case I watch minutes upon minutes of in game preview video to get a good feel for if this is the kind of experience I want. iPhone apps DO have this mechanism to a degree. You can have a "free" app that has most of the content hidden away as an in App purchase. It's actually a concept that works okay if you know what's going on. The problem is that this Russian is actually ruining the only try-before-you-buy system that we DO have.

hardselius
Jul 16, 2012, 05:42 PM
And noone's angry at Apple? I'm glad they got hacked, 'cause it proves that Apple did some bull-feces work on security. The hack sounds like the classic man-in-the-middle attack, which has been around for ages.

Yeah, it sucks that people steal. But if I handed my products to a retailer that didn't care to check whether customers passed by the clerk to pay for the stuff on their way out, I would sure as hell be unhappy with the re-seller. Or as in this case, customers entering the store, picking something up and showing the clerk a fake receipt.

Very unprofessional, Apple. Very. Unprofessional.

b0blndsy
Jul 16, 2012, 05:46 PM
I think you are the only one. It's good that they post this, I mean, if it was like Windows stuff, the OS costs $350, that is a ridiculous price for something you can only use in one computer, if you use it more than 3 times in one computer you are screwed, you need to buy a new license. At this point I would go and pirate the crap out of that windows.

In apple's case tho, I mean for real? you are going to crack $0.99 apps? it is totally ridiculous, even the Lion upgrade which I bought 2 days ago for $29.99 that is quite an affordable price, and you get a top quality OS or apps. Customers who pay for their stuff are the ones that allow apple to keep developing better applications and OS, come on, they dont get paid, there's poor or no development at all. Isn't that encouraging enough to go pay for the software you get?

I totally, agree. I think iOS apps pricing is competitive and reasonable enough to make them apps accessible for the people and at the same time compensating the developers to keep on producing useful apps.

I wouldn't know about Windows pricing anymore though. Been using pirated stuff since I learned how to use Demonoid.:D

Earendil
Jul 16, 2012, 05:56 PM
And noone's angry at Apple? I'm glad they got hacked, 'cause it proves that Apple did some bull-feces work on security.

No, it doesn't "prove" Apple did some "bull-feces" work on security. Could it be better? Of course, all security can. Is there no security at all? Not at all. The existence of a hole in security, unless we're talking about an NSA Bunker, does not prove the security is crap. The only thing it proves is that the security is not perfect.

The hack sounds like the classic man-in-the-middle attack, which has been around for ages.

Almost every form of attack has been around for ages. It's the implementation that is always tricky and different.

Yeah, it sucks that people steal. But if I handed my products to a retailer that didn't care to check whether customers passed by the clerk to pay for the stuff on their way out, I would sure as hell be unhappy with the re-seller. Or as in this case, customers entering the store, picking something up and showing the clerk a fake receipt.

Very unprofessional, Apple. Very. Unprofessional.

How many stores that check receipts could spot a fake? I'm pretty sure I could walk down to the local grocery store, grab an apple, and walk out. Security can only be so good, and usually only serves to detour thieves, not make it impossible.

Unprofessional would be if Apple did nothing. Apple is doing something, lots of things in fact, on multiple fronts. I think it would be interesting to see a running total of the current number of employees and dollars per hour that apple is burning up to resolve this is a quick and professional manor.

You lock your home when you leave it, right? Have you installed unbreakable glass as well? You haven't? How unprofessional of you :rolleyes:

hardselius
Jul 16, 2012, 06:48 PM
No, it doesn't "prove" Apple did some "bull-feces" work on security. Could it be better? Of course, all security can. Is there no security at all? Not at all. The existence of a hole in security, unless we're talking about an NSA Bunker, does not prove the security is crap. The only thing it proves is that the security is not perfect.

Well... It may not be catastrophic, but it seems to be very far from perfect.

Update 2: Macworld also chatted with Borodin, who noted that he can indeed see users' App Store account names and passwords, as they are transmitted in clear text as part of the In App Purchase process.

I mean, who does that? Who in their right minds treat secrets like that?

How many stores that check receipts could spot a fake? I'm pretty sure I could walk down to the local grocery store, grab an apple, and walk out. Security can only be so good, and usually only serves to detour thieves, not make it impossible.

Alright. My bad. But that's a problem with physical stores that shouldn't exist in this case, since e-stores really shouldn't rely on the client telling the truth without some thorough checking.
And sure, you could go down there and just steal an apple, but that scenario isn't really applicable here.

As for the rest of what you wrote, I think will leave you without an answer. This thread is already overloaded with shaky metaphors. Metaphors works fine as a pedagogical tool to reinforce an explanation, not as arguments themselves. Of course I lock my doors. I have normal windows. I don't care about most of my stuff, but I have an insurance if anything should happen to it.

Anyways. I hope they solve it fast. Not just by stopping the info on how to steal from them, but by actually solving the security issues.

blow45
Jul 16, 2012, 07:25 PM
It's interesting to read through some of the posts over there:
http://www.in-appstore.com/

People there are basically divided in the same way as folks in this forum, with no one talking about the real problem or long-term solution. Everyone seems to be praising piracy or condemning it, or going off-topic on things like taxes.

This is really NAPSTER all over again. In the past, people stole music like mad because there was no popular legal means to get that music in a convenient, modern way like the iTunes Music Store. Now most people in deveoped countries buy their music (including myself) rather than stealing it. That's true not because NAPSTER's flame was extinguished but because Apple provided a convenient and reasonably priced solution.

But with app buying, you don't always know what your getting until you pay, and then you don't get your money back if you don't like what you paid for. Hence this Russian Developer, on some level, is to be praised as much as they are to be condemned, not unlike NAPSTER was to be praised — not for encouraging theft, but for allowing people to Try Before We Buy, and to put pressure on the app industry (i.e., Apple) to change the status quo and give app buyers Trials and give developers App Upgrades in the app store.

We can howl and cry all we want about right and wrong, but these naughty guys often do more good than bad in the end, especially if we legitimate buyers of apps keep up the pressure in Apple to enacted improvements to the app buying experience:

http://www.apple.com/feedback/iphone.html
or
http://www.apple.com/feedback/ipad.html

QFT.

There has to be some system for trial of an app for a period of time, both in the ios and the mac app store. That's the way it's always been for software.

There are countless times when you use an app and feel you've been ripped off.

Returning a purchase is also a worldwide buyers right in most every item sold.

Why not apps then?

I wish the russian guy all the best, he's making a valid point. I am 100% against ripping devs off but I am 100% against getting ripped by them too.

Update 2: Macworld also chatted with Borodin, who noted that he can indeed see users' App Store account names and passwords, as they are transmitted in clear text as part of the In App Purchase process.

Wow, great, just great, another security fiasco from apple. With all that money they have one would think they'd be more responsible with their users data... How about starting to cough it up to buy Kaspersky or a few of these Russians that are routinely taking them to the cleaners?

Earendil
Jul 16, 2012, 07:26 PM
Well... It may not be catastrophic, but it seems to be very far from perfect.

Depends on your definition of "far" :)
Users still have to hack their own phone in order to get this to work, and it only works on in-app purchases, not store purchases. Far from good, but far from perfect?

Macworld also chatted with Borodin, who noted that he can indeed see users' App Store account names and passwords, as they are transmitted in clear text as part of the In App Purchase process.

I mean, who does that? Who in their right minds treat secrets like that?

Let me continue to quote him:
According to Tabini, though, ďApple presumes itís talking to its own server with a valid security certificate.Ē
Source (http://www.macworld.com/article/1167677/hacker_exploits_ios_flaw_for_free_in_app_purchases.html).

Perhaps I don't understand everything, so correct me if you understand it better.
The iphone usually creates a secure SSL connection with an Apple server, which it then uses to communicate information. The connection as a whole *IS* encrypted. The information within the encryption line is not encrypted a second time.

This is ONLY a problem you hack your own phone, and tell your phone to create a secure connection with someone ELSE. Of course the person on the other end can see the "in the clear" information. This is not a problem for the Russian, and it's not a problem for someone that hacks their own phone and sets up their own server. This is only a problem if you hack your own phone, and then connect to someone else's shady server.

When I call my bank from my cell phone, I don't speak in code, because the call its self is encrypted. If I decide to call someone that is not my bank, I do not start talking about my financial information, because I am not an idiot. If I hack my phone to talk to a store that is not the Apple store, I would be stupid to give that store my login and password.

It's not as if you can "sniff out" this "in the clear" information just by observing the comms. You literally have to send the data to the guy. Working in software myself, I can just see how this conversation went down in the meeting room:

SE 1: "Hey guys, I think we should spend a bunch more money and time to encrypt the information inside the encrypted communication stream"

SE 2: "What's the use case? Wouldn't that only effect a user if they hacked their own phone, and directed the phone to connect to some other server?"

SE 1: "...yes".

SE 2: "Putting aside that they're hacking their own phone, is there a legitimate reason why a user would redirect store communication to a third party server?"

SE 1: "No, there is no reason for a user to do that for legitimate means"

SE 2: "And even for illegitimate reasons, why would a user connect to a server they don't trust?!"

SE 1: "You're right, there is no reason to spend money on that problem".

Apple should most definitely patch the ability for users to hack their own phones in this way. But once you start connecting to Russian hacker servers to do your internet shopping, all bets are off. Apple PR can't laugh, but I bet you there are a bunch of Apple devs laughing like me at any dope that would connect to a shady server.

Alright. My bad. But that's a problem with physical stores that shouldn't exist in this case, since e-stores really shouldn't rely on the client telling the truth without some thorough checking.

The client does thourough checking. In this case though, you have kidnapped the client (the iPhone) and are forcing it to do business with an illegal server. I have a metaphore for you...

This thread is already overloaded with shaky metaphors.

Great! Then you'll love this one!

Apple is Greyhound, the iPhone is a bus, and the App store is your local legal drug store.

Greyhound (Apple) should try and prevent the users from high jacking the bus (iPhone). That much is obvious. But, if you manage to hijack the bus, and drive down to the local crack dealer to score a hit, don't be surprised if the dealer robs you blind. And if the dealer does rob you, don't blame Greyhound because they didn't have security in place to protect you AFTER you hijacked their damn bus! :D

Stellar analogy, right? ;)

blow45
Jul 16, 2012, 07:33 PM
What about middleman attacks then? These are perfectly possible if some entity, a middleman impersonates the app store.

NewAnger
Jul 16, 2012, 07:58 PM
Someone giving a thief their username and password doesn't sound like the most intelligent individual.

Which is why the hack was modified so that it accepts any fake user name and password. JUst type in random letters and numbers and the login accepts it and approves the in app purchase. He can no longer see Apple IDs and passwords or at least valid ones.

Swordylove
Jul 16, 2012, 09:43 PM
Thank God there are people like Alexey Borodin. Not because you can get non-free apps for free, but because he made everyone aware of the flaw in the In App Purchase's security. Passwords sent in plain text? :eek: Really? (Refer to a previous article.) People should be cursing Apple, and not him. :rolleyes:

I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

Heck, Apple should probably even hire him as a security tester (or what ever they're usually called). That's what lawful hackers do... they help corporations and banks to improve the security of their systems.

Pips
Jul 17, 2012, 12:43 AM
I'm curious. Going to try out this hack and report back.

I'm wondering if there is something mentally wrong with him. Apart from the moral side, if I had written this then surely I would start thinking now. Maybe not whether what I'm doing is wrong, but whether what I'm doing is getting me into serious trouble. One likely consequence of his actions is "never being able to set foot into the USA or Western Europe", but worse things might happen.

He was clever to figure it out. Maybe he wanted to share how smart he was? More likely he wanted to make a bit of money from donations I think :) Time will tell if it'll cost him. People do stupid things, take risks...especially for money.

edit: Nevermind..found a video showing it. You don't have to enter your Apple ID and password but there still are risks (some might consider them slight, others would be the opposite)

frabber
Jul 17, 2012, 02:32 AM
Grown up men (apple and hackers) chasing each other over bits and bytes.

Sigh, Richard Stallman was right all along.
It's just not right getting all legal or charging money for software.

LastLine
Jul 17, 2012, 02:57 AM
But it's ok to use torrent to steal from corperations & musicians.:rolleyes:

Did I say that at all? Nope. I agree that the tormenting of music, software whatever's not acceptable. That's kind of my point really.

roadbloc
Jul 17, 2012, 03:01 AM
This is Apple's fault for not providing a good enough authentication system for buying Apps. The piss poor DRM that iOS and MAS OS X Apps has been mentioned many times.

rich2000
Jul 17, 2012, 07:32 AM
But it's ok to use torrent to steal from corperations & musicians.:rolleyes:

No it's not, next question

Relativistic
Jul 17, 2012, 09:15 AM
You are, of course, happy to say that to the original artists of this music, right? To their faces?
I would, and I have.

I would also tell them that this is the sole reason I started listening to that band which enabled me to pay tickets for their gigs and buy their merchandise (which is a much bigger income source for the artists, at least in metal anyway). If I hadn't downloaded their songs none of that would have happened.

----------

If you want to use this "service" and turn yourself into a criminal, that's your decision. Good enough?
Yeah someone circumventing a $0.99 in-app purchase which is an obvious money grab is a criminal. They should be hung along with child molesters.

Poor Apple, being attacked by a vicious terrorist with no morals. In fact I'm going to open a donation fund to help Apple catch this terrorist.

/sarcasm off

Earendil
Jul 17, 2012, 11:00 AM
Thank God there are people like Alexey Borodin. Not because you can get non-free apps for free, but because he made everyone aware of the flaw in the In App Purchase's security. Passwords sent in plain text? :eek: Really? (Refer to a previous article.) People should be cursing Apple, and not him. :rolleyes:

I shall refer to you a previous post in this thread, and quote it in part:

The iPhone usually creates a secure SSL connection with an Apple server, which it then uses to communicate information. The connection as a whole *IS* encrypted. The information within the encryption line is not encrypted a second time.

This is ONLY a problem [if] you hack your own phone, and tell your phone to create a secure connection with someone ELSE. Of course the person on the other end can see the "in the clear" information. This is not a problem for the Russian, and it's not a problem for someone that hacks their own phone and sets up their own server. This is only a problem if you hack your own phone, and then connect to someone else's shady server.

When I call my bank from my cell phone, I don't speak in code, because the call its self is encrypted. If I decide to call someone that is not my bank, I do not start talking about my financial information, because I am not an idiot. If I hack my phone to talk to a store that is not the Apple store, I would be stupid to give that store my login and password.

It's not as if you can "sniff out" this "in the clear" information just by observing the comms. You literally have to send the data to the guy.

Given that, why should Apple spent resources to doubly encrypt information, when the only (afaik) way for this to be a problem is if you hack your own phone, tell it to connect to an illegal server, and than voluntarily send them your login and password?!

[quote]Heck, Apple should probably even hire him as a security tester (or what ever they're usually called). That's what lawful hackers do... they help corporations and banks to improve the security of their systems.

That's what lawful hackers do... he has not shown himself to be a lawful hacker yet, has he?

This is Apple's fault for not providing a good enough authentication system for buying Apps. The piss poor DRM that iOS and MAS OS X Apps has been mentioned many times.

The authentication system for buying Apps has not been broken. As far as anyone knows, it is still rock solid. One of the two ways of doing in app purchases has been broken, but it takes physical access to ones own phone. This security hole only directly affects Apple and iPhone dev's pocket book, not the end user.

the8thark
Jul 17, 2012, 12:04 PM
If someone wants to steal, they'll find some way to do it. I don't think it's fair to blame the news sites for posting this. It's relevant to the MacRumors community because it involves a security issue. I think it's actually helpful that places are posting it, provided they're also telling people why it's insanely stupid to use this hack. It might actually discourage some people from trying it.

He must be a great artist. As great artists steal.

Earendil
Jul 17, 2012, 12:14 PM
He must be a great artist. As great artists steal.

All humans eat, this does not mean that everything that eats is human ;)

StyxMaker
Jul 17, 2012, 01:16 PM
… allow App Store users to bypass Apple's In App Purchase mechanism and receive additional content free of charge…

Be honest MR it allows them to steal content.

Earendil
Jul 17, 2012, 01:25 PM
… allow App Store users to bypass Apple's In App Purchase mechanism and receive additional content free of charge…

Be honest MR it allows them to steal content.

Be honest StyxMaker, MR said exactly that in the next line.

"...allow App Store users to bypass Apple's In App Purchase mechanism and receive additional content free of charge. At the time, we noted that use of the method involved theft of content from developers..."

Also, "For Free" does not mean one didn't steal it, it means one didn't pay anything for it. If you didn't pay for something you should have, that's stealing. It's also still free.

"Free" - The cost of an item.
"Stealing" - The method by which one acquires said item.


And FYI, if you forge a price tag of $5 on a $1000 diamond, pay the clerk $5, and walk out, it is still theft, and it also wasn't free.

StyxMaker
Jul 17, 2012, 01:31 PM
Any person with a jailbreak can get this same thing, without having to send your info through a rogue server. If you're non jailbroken and attempt this, you deserve any penalty that could be handed out.

Let me see if I understand, if you jailbreak it's ok to steal content, if you don't jailbreak then you should be punished for stealing content.

StyxMaker
Jul 17, 2012, 01:45 PM
I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

That's known as extortion.

StyxMaker
Jul 17, 2012, 02:37 PM
I'm wondering how many of you using big words like "thieves" and "criminals" have never illegally downloaded music or a movie before.

Either all the Saints of the Internet are on this single forum, or we have a bunch of hypocrites here.

Count me as one, I've never downloaded music or movies without paying for them. I'm not a saint, i just not a theif.

gnasher729
Jul 17, 2012, 03:45 PM
Heck, Apple should probably even hire him as a security tester (or what ever they're usually called). That's what lawful hackers do... they help corporations and banks to improve the security of their systems.

If you said that Apple should offer him a job, I'd fully agree. Offer him a job, send him a flight ticket to San Francisco, - and let the cops pick him up on the airport. He wouldn't be the first idiot getting caught that way.

But giving him a job? That is absolutely stupid. This is a person who has demonstrated that he has no morals, and no judgement. A person who has amply demonstrated that they cannot be trusted. What makes you think that Apple doesn't have people looking for security problems and fixing them? You just don't hear of them because they don't exploit problems, they fix them.

madrag
Jul 17, 2012, 05:39 PM
I think you mean "flea". Fleas are super fast jumpers. On the other hand, Ticks either crawl very slowly on you or are attached, sucking on you (or your pet.)

I meant a tick, but what I meant wasn't hard to catch, should be "hard to remove"...

Earendil
Jul 17, 2012, 05:43 PM
I meant a tick, but what I meant wasn't hard to catch, should be "hard to remove"...

Fleas are in fact much harder to remove, and usually requires special shampoo or medication over a period of time. Ticks on the other hand are easy to find and remove with ones fingers in about 2 seconds.

Source: I'm a country boy.

madrag
Jul 18, 2012, 04:09 AM
Fleas are in fact much harder to remove, and usually requires special shampoo or medication over a period of time. Ticks on the other hand are easy to find and remove with ones fingers in about 2 seconds.

Source: I'm a country boy.

Depends on the fleas and ticks... Some ticks, after removal, leave their insides on the host and that's the worst scenario!

Other ticks can be removed with vinager or a burning match.

Fleas are indeed hard to catch, but I meant removal (on topic of the post I wanted to mean that this hack will be as hard to remove as a tick)

maybe I should have said a lyce? or better: hard to remove like a staph infection.

P.S. I'm also a country boy :)

thewitt
Jul 18, 2012, 05:34 AM
Grown up men (apple and hackers) chasing each other over bits and bytes.

Sigh, Richard Stallman was right all along.
It's just not right getting all legal or charging money for software.

Do you work for a living?

Do you give away your labor for free?

MikeBRich
Jul 19, 2012, 03:44 AM
i might be a selfish bastard not respecting Apple's security system and their work but here's a way how to use ZonD80's method to get the free in-app purchases http://forums.macorg.net/threads/russian-hacker-zond80-hacked-app-store.43/

blucable
Jul 19, 2012, 10:12 AM
I hope that was for a computer that can't run Mountain Lion.

It was actually for my gaming hackintosh that I built and took advantage of that and installed it in my macbook pro as well. :)

geoffm33
Jul 26, 2012, 09:28 PM
hey friends i got this page usefull in terms of finding games & apps which working with this hack as well magazines.

http://www.iosideas.tk/2012/07/hack-in-appstore-to-get-free-purchases.html

Boooooooooo!

Tech198
Aug 5, 2012, 12:14 PM
I'm just wondering why Apple never saw this comming ?

I mean... even since IOS x..... ? even IOS6 is affected... I wold be more woried about the security of the device, then running around after some guy.

Deal with this later... Fix the issue first.