Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Developer Website Hacked: Developer Names, Addresses May Have Been Taken
- Thread starter MacRumors
- Start date
- Sort by reaction score
It seems you don't have much experience building secure websites. What you do is building security in depth. You make sure nobody can get in, and you make sure there's nothing to see if somebody gets in. You always assume that someone _might_ figure out how to get around one defense, and have a second defense in place. That's what Apple did, and it worked. Most likely the attacker didn't get access to anything, and what there was to access was encrypted.
If you knew of ways to get past one of the defences, you would of course fix it. Somebody got in, which means they used a method that wasn't anticipated and couldn't have been fixed. Because of "security in depth", that breach didn't gain the attacker anything, but now Apple knows what they did and makes the necessary changes. It is quite possible that Apple's security developers have from time to time found possible attacks and quietly fixed them; you wouldn't notice it.
----------
That's of course nonsense, and you know that. And if it was true, you wouldn't go after the NSA. You go after someone who can't lock you away for the rest of your sad life without a court case.
Nonsense. There's security in depth in place. Someone got past one defense, was promptly detected, and other defenses stopped him. Exactly how it is supposed to work. Public trust is also based on how a company handles problems: Apple handled it by immediately shutting down the site, which is inconvenient, but the absolutely safe thing to do, and they promptly informed the affected people about what was going on. Others companies would have kept the site running, hoping that nothing else happens. That's the companies you can't trust.
Last edited:
The "digital age" makes long for the days before wireless communication (other than mobile phones) and servers filled with endless information and data. There was a time in my youthful naivety that I would state, "Let them have my information, I have nothing to hide." While I may not have anything to hide, it wasn't until my later years that I realized that wasn't the point.
Now it seems we can never turn back.
"Just remember, the sweet is never as sweet without the sour."
Now it seems we can never turn back.
"Just remember, the sweet is never as sweet without the sour."
I don't know what sort of courtesy Apple will extend as a result of this, but if history is any guide (dot mac, mobile me) everyone will get a very generous extension; several months in the cases above.. for the inconvenience.
Of course that was when Steve Jobs was still around.
Of course that was when Steve Jobs was still around.
Perhaps they wanted to make sure they understood the issue completely before issuing a statement. Can you imagine the field day the press would have if Apple issued a statement saying they were hacked but didn't supply any details about the extent of the attack?
The people affected are developers. And developers know how the game works. They know that what Apple did was exactly the right thing to do. And Apple is generous; any app that would have been removed from the App Store because someone's developers license ran out will stay on the store for now.
Microsoft was hacked about 13 years ago, since then the only notorious microsoft hacking I'm aware of is when their Macs were hacked in their Mac business unit. AFAIK No information about Microsoft accounts have been hacked on any sort of decent scale.
Hmm.
If sensitive personal information "cannot be accessed"... but "names and addresses may have been accessed"...
Then the logical conclusion is that names and addresses are not considered "sensitive personal information".
The "sensitive" category would probably be reserved for things like credit card numbers.
Apple has pretty good security, so it might have been quite a sophisticated effort to pull this off, maybe even involving state actors.
All this, and yet people are still foolishly attacking the NSA, who are being constantly vigilant in trying to find out where this stuff comes from.
All this, and yet people are still foolishly attacking the NSA, who are being constantly vigilant in trying to find out where this stuff comes from.
Your original quote was:
in respsonse to Apple:
You seem to be under the impression that by putting up the "Routine Maintenance" sign, that would then make the task be considered part of "routine maintenance" work.
Obviously they're different teams (although there's more than likely overlaps), but it'd be stupid for them to release the 4th beta. Sure the OTA would work, but actual developers need access to the 4th beta of Xcode for it to be of any worth. You need the developer website for this.
For what?
Anyways, this is pretty bad...brings up another issue of iCloud and services. Not exactly Apple's strongest place.
By coincident, my iMessage started to get spammed by @163 (huge & known Chinese spammer domain) since the past weekend. 
It gave a huge boost to Sony's competitor Microsoft and its XBL service for a while.
All people talked about was about the hack.
True, but I debate how much of a boost. It's hard to switch services when you already invested money into a console, multiple games, and other digital content.
That will probably be the main deterrent in stopping Xbox One leakage over to the PS4, but since last gen games won't be able to play on the One, Microsoft effectively cut the ecosystem cord.
Besides, these are dev accounts. Most devs are tech savvy and understand the demons of the industry, and use the dev service to support their development (presumably for money). I don't see them turning tail from a market they're already in because of this.
IMO, this was well organized with large resources to get in. I'm very curious as to the hacker's location. Don't discount it being domestic for a second.
I'm sure Apple and the NSA have already "increased their transparency" on Fri/Sat.
"Trust the Government. It worked for the Indians."
I hope everybody uses a separate AppleID for AppStore business.
Unfortunately, due to the way Apple's implemented it, it means you can't use 2-factor authentication unless you have a personal dedicated development iOS device.
On the other hand, even if your account is compromised the damage is limited.
Unfortunately, due to the way Apple's implemented it, it means you can't use 2-factor authentication unless you have a personal dedicated development iOS device.
On the other hand, even if your account is compromised the damage is limited.