Apple Employees Hacked By Visiting iPhoneDevSDK

[drunifex]

I do wonder if the compromize is bigger than they admit. This morning I got a your account was accessed from a new device warning. Also one of my colleagues got the same thing. Seems like some user accounts "might" have been grabbed from apple.

[krye]

iPhoneDevSDK is a great forum, but they are forever being attacked. There has been several times I've visited the site, for Safari to throw up that "this site contains malicous code" warning.

[Shrink]

Quote:

Originally Posted by Fatalbert

The plural form of "virus" when using Latin declension is "viri", but since you're comparing it to "this", it should be the ablative plural "viribus". Or just say viruses

I LOVE IT!!!

The Latin Pedant Strikes Again!!

Is this a classy Forum, or what!!??

[ncaissie]

Quote:

Originally Posted by Fatalbert

1. Apple, ban Java from your employees' computers that need to be secure.

2. I'd pay extra for an ISP that has severed all connections to China. Really, just ban them from the Internet. That country is downright nasty. I get connections all the time from it trying to get the admin password from my website, and I've been unsuccessfully brute force attacked over SSH once from China (after that, I changed my SSH port to something non-default). The only good thing about China having advanced tech is that Cables Unlimited can make its probably-illegal HDCP remover to free us from Intel's BS.

This looks really bad for Oracle and Apple, though it's mainly Oracle's fault. I think Apple should release a statement to shove the blame over, which would help with their quest to kill Java (not that I agree with their goals fully).

LOL yes that would teach them one hell of a lesson if every ISP filtered out China.
I would love to see that.

[PBG4 Dude]

Quote:

Originally Posted by drunifex

I do wonder if the compromize is bigger than they admit. This morning I got a your account was accessed from a new device warning. Also one of my colleagues got the same thing. Seems like some user accounts "might" have been grabbed from apple.

The have a post on the iphonedevsdk site that says all user passwords have been reset "as a precaution" and you'll have to go through the forgot password routine to log back in.

This is why I stick to my iPad for most of my surfing. Much harder to compromise.

[tbrinkma]

Quote:

Originally Posted by nagromme

If the Chinese hacks are "supposed" and not real, and the US government is behind a massive hoax, then they got Facebook, Apple, the New York Times and many others to cooperate in the hoax. All for an effect that has nothing to do with taking away privacy, and affects very few users. How would all those parties get together to create such AMAZING technical detail, and why would the bother and then have the threat be so trivial it goes right over most peoples' heads? How would this Chinese hack news derail all the opposition to bad Internet legislation? It wouldn't.

Rule of thumb for conspiracies: if it requires HUGE numbers of people to keep a secret, it's probably just your paranoia.

I don't think he was saying the hackings were fake, but that the *source* might not be China. That keeps the theorized conspiracy safely out of the 'has to involve thousands of people' territory. Still unlikely, though.

[mtneer]

Quote:

Originally Posted by WestonHarvey1

Something sinister is going on at iPhoneDevSDK. That or total incompetence. The last time they shut it down for malware and came back with the new system, the sysop claimed it was vBulletin's fault and that vBulletin is impossible to secure. Then why doesn't MacRumors have these problems? Well we know that's a load of BS now anyway.

Do we know that for sure? No warnings don't necessarily mean nothing is happening...

[charlituna]

Quote:

Originally Posted by Amazing Iceman

Yeah, but lately, the weak point has been either Java or Flash, being the first one the most common nowadays. It may be time to ditch JAVA, and get over with this nonsense. It has had too many security flaws, and nothing can assure us there are no more to be discovered.

Very true. And likely part of why Apple ditched 'in house' support for Flash and Java. Many don't need either with sites moving to be more device friendly and they are security nightmares. By reducing Apple's connection they can get out of liability issues for supporting them at their service options also, so a win win in many ways

I'm rather impressed myself with their turn around on a patch and pull once they could see the issue first hand. Matter of days it seems. So the number of users computers affected, provided everyone installs this, should be low. In fact I would hazard that Apple admitted the attack in part because they know they get spread around the sites so folks should see the news about the updates as well. Taking one for the greater good if you will.

----------

Quote:

Originally Posted by whooleytoo

Safari has had 'drive by' vulnerabilities too which have been fixed; do you still occasionally use Safari?

Safari hasn't had nearly as many issues as Flash or Java. To the point where I don't have either installed on my main machines. I have one old laptop I use for streaming music and such that still has Flash and Silverlight.

I've done pretty good so far on still having access to everything I need

----------

Quote:

Originally Posted by drunifex

I do wonder if the compromize is bigger than they admit. This morning I got a your account was accessed from a new device warning. Also one of my colleagues got the same thing. Seems like some user accounts "might" have been grabbed from apple.

Are you sure that was from Apple and not a phish to get you to change your password. It would be the right time for someone to try that trick. Same group or other

----------

Quote:

Originally Posted by nagromme

If the Chinese hacks are "supposed" and not real, and the US government is behind a massive hoax, then they got Facebook, Apple, the New York Times and many others to cooperate in the hoax.

You have no proof this was some ploy to get folks to side with the cyber security folks at the cost of access etc. or that Apple etc were involved. Even if this was a 'fake' Chinese attack, the folks doing it could have actually attacked these groups without their prior knowledge or consent. And who knows what other companies without their knowledge that just haven't admitted it

[hayesk]

Quote:

Originally Posted by Fatalbert

2. I'd pay extra for an ISP that has severed all connections to China. Really, just ban them from the Internet. That country is downright nasty.

1. These hacks came from Europe, not China.
2. Do you think the hackers couldn't just connect through other sites in other countries?
3. You are judging a country of a billion people by the actions of a few?
4. Do you think that the US doesn't hack sites in other countries? Hackers come from everywhere, including government sanctioned ones. Should the US be banned from the Internet too?

What do you think severing connections to China will actually do?

[alms]

Quote:

Originally Posted by Peace

Folks are gonna get ticked at me but man. Had developers used the dev discussion instead of this place there probably wouldn't be this problem.

Is that site a place for jailbreakers ?

It is not a place for jail breakers, but it is a place where you can talk freely about iOS code, the app store, analytics, and Apple without having to worry about the thread being shut down by Apple.

The format is also much easier to use: normal threaded forums rather than Apple's bizarre chaotic ocean of discussion.

[WestonHarvey1]

Quote:

Originally Posted by mtneer

Do we know that for sure? No warnings don't necessarily mean nothing is happening...

Can't know for sure, but much larger user base here. I'd expect a higher rate of infection and thus a higher likelyhood of detection.

[iChrist]

Quote:

Originally Posted by Fatalbert

2. I'd pay extra for an ISP that has severed all connections to China. Really, just ban them from the Internet. That country is downright nasty.

And yet you are using a computer that was made there? That makes zero sense.


This is the fault of users, not China. User of computers are ignorant, even at Apple. To blame the hacker is silly. User must be aware of what they are doing.

The Apple employees should be fired. They have demonstrated a clear lack of computing common sense.

[Fatalbert]

Quote:

Originally Posted by iChrist

And yet you are using a computer that was made there? That makes zero sense.

I don't need a fiber optic cable going from my computer to China in order to buy a computer that has been made in China. You make zero sense.

----------

Quote:

Originally Posted by hayesk

1. These hacks came from Europe, not China.
2. Do you think the hackers couldn't just connect through other sites in other countries?
3. You are judging a country of a billion people by the actions of a few?
4. Do you think that the US doesn't hack sites in other countries? Hackers come from everywhere, including government sanctioned ones. Should the US be banned from the Internet too?

What do you think severing connections to China will actually do?

Severing connections to China would eliminate most hacking attempts. Why would the average American consumer (or I) need to have a connection to China? Out of the >1G people there, only the hackers have ever connected to me and tried to log in.

These hacks did come from China, and so do many hacks. Yeah, they can use a different country, but they usually don't. I've already banned China from my website, and I've been getting WAY LESS spam and hack attempts.

[Amazing Iceman]

It's easier to hack the user than the computer.