Apple Developer Website Hacked: Developer Names, Addresses May Have Been Taken

[japanime]

This whole Apple vs Android fanboys thing is a little tiring for us normal people. Half of the comments are about how Android fanboys will hurt your feelings after this and you are already coming up with how you should fire back. Grow up and get a life! Both sides! The only thing that makes you a representative of either company is a malfunctioning group of cells in your brains.

Well said. I couldn't agree with you more.

I was criticized in the previous thread about the Dev Center outage when I lamented that tech journalists are more interested in getting their hands on the latest gadgets than they are in asking hard companies of the companies they cover.

One of the Apple fanboys got all bent out of shape when I referred to the gadgets as "iToys," and dismissed my valid observations as a "rant."

I develop for iOS, and I love Apple products. Some might even consider me a fanboy myself. But I love objective journalism and critical thinking even more.

 

[A Hebrew]

Image

On a related note, how is this at all related to my first post?

 

[Casiotone]

yeah, I'm not buying that. Also, nothing but FUD in the techcrunch comments section.

It's now news : http://thenextweb.com/apple/2013/07/22/researcher-claims-he-told-apple-of-developer-center-vulnerability-but-didnt-maliciously-steal-data/

 

[Dulcimer]

I suppose that the option of company espionage can't be ruled out... Samsung? Google?

 

[dazcox5181]

Assume this means the iOS and Mavericks betas won't be updated today?

 

[tech4all]

This whole Apple vs Android fanboys thing is a little tiring for us normal people. Half of the comments are about how Android fanboys will hurt your feelings after this and you are already coming up with how you should fire back. Grow up and get a life! Both sides! The only thing that makes you a representative of either company is a malfunctioning group of cells in your brains.

Back to the actual topic, that's a pretty major fail on Apple's side. And before you jump into any conclusions, I'm an iPhone user.

This has to be the most sensible post I've read on this site.

Apple warriors and fandroids have issues IMO. They are soooooooo concerned that the other side is going to attack or something. And they have armor up for a counter strike.

Watch I'll say Samsung and I know I just raised the blood pressure of iFanBoy.

Quit acting like children!

 

[galrito]

Excellent point. Yet, someone still has to make the viruses that the hired engineers/hackers fight. It'd be rather ironic if the very engineers who create viruses are also hired by virus companies to quarantine and destroy them.

Actually, that's rather brilliant.

Inspired by the pharmaceutical industry.

 

[Giuly]

This kind of stuff is what has always worried me about CLOUD stuff.

Government agencies doing the same thing, with permission from Apple, then scream "TERRORISM!!!11" when caught - not a problem.

1984 wasn't (or isn't) like 1984. Instead of Newspeak, language was reduced to the bare minimum in order to fit 140 characters.

Credo nos latinam loqui debere, amirite? Quia latinam tam mala loquor, nullus algosrithmus numquam logum meum sciturum posse.

 

[tech4all]

Well said. I couldn't agree with you more.

I was criticized in the previous thread about the Dev Center outage when I lamented that tech journalists are more interested in getting their hands on the latest gadgets than they are in asking hard companies of the companies they cover.

One of the Apple fanboys got all bent out of shape when I referred to the gadgets as "iToys," and dismissed my valid observations as a "rant."

I develop for iOS, and I love Apple products. Some might even consider me a fanboy myself. But I love objective journalism and critical thinking even more.

Haha I saw that post. They get their panties in a bunch for anything remotely insulting to Apple or the iDevices. Just goes to show you how sensitive they really are! Or more like insecure...

 

[patent10021]

This explains why I have had the four alerts pop up on my iPad/iPhone (2x each) of someone trying to reset my apple account password. If You guys haven't set this up yet, May I be the one to recommend it?

How?

 

[locust76]

I suppose that the option of company espionage can't be ruled out... Samsung? Google?

I'd say that it can be ruled out, because hacking a website would yield pretty much no useful information to a competing firm. Getting into internal systems would yield info on future plans. Attacking a public website would just be annoying.

 

[BvizioN]

This whole Apple vs Android fanboys thing is a little tiring for us normal people. Half of the comments are about how Android fanboys will hurt your feelings after this and you are already coming up with how you should fire back. Grow up and get a life! Both sides! The only thing that makes you a representative of either company is a malfunctioning group of cells in your brains.

Back to the actual topic, that's a pretty major fail on Apple's side. And before you jump into any conclusions, I'm an iPhone user.

Of course you are not, you didn't even have to say it.

 

[macsrcool1234]

Image

Try again.

 

[Yamcha]

For some reason I always find Hack's funny regardless of who it is . But I understand it can be very serious depending on who's been hacked..

 

[Mike MA]

With every hack emerged in the past I somehow was impressed that Apple seemed to be not affected at all. Well, now they also got hit.

 

[TwoBytes]

Sp iOS and mavericks could be delayed?

 

[superknoppix]

Good on Apple to try to be transparent about this. No system is perfect and anything can be hacked with enough time and resources. At least Apple are the ones letting their users know of the breach first hand instead of random speculation from other media sources.

 

[xplora]

I highly doubt they'll offer to change apple ids. I don't think they have the mechanism to do that.

appleid.apple.com allows you to change your Apple ID

 

[petvas]

Sp iOS and mavericks could be delayed?

First, there is no way to know when the betas will come. Yes, we got used to the two weeks interval, but that doesn't mean anything.
I think we will see new betas this week, but even that is just an assumption that I make.

 

[kgtenacious]

It's now news : http://thenextweb.com/apple/2013/07/22/researcher-claims-he-told-apple-of-developer-center-vulnerability-but-didnt-maliciously-steal-data/

The "news" is that he is claiming credit for finding the exploit on Apple's server side, not that he actually did. It may be on the up and up, we'll see.

His bug report highlighted in the video is rdar://14488816, with an origination date of Friday the 19th at 4:31 AM. He may get credit for discovering the exploit, we'll see, but with the notice I got from Apple just giving a fuzzy "Thursday" and his reporting it at that time (I assume UK time)... Well, let's just say I've never seen apple move that fast on a bug report - they usually don't even get to them for a day or two, unless a dev files it and calls immediately.

If he did file it and call immediately and they did take down the site in response to it, why is he worried about, as he says on youtube "[sic]This is definitely not an hack attack. I have reported all the bugs I have found to the company and waited for approval. I am being accused of hacking but I have not given any harm to the system and i did notwanted to damage."

I'm not saying he's lying, I'm just saying I'm not fully convinced. And what's with all the techno music and quick cuts in that video? You really don't get a chance to see anything in that video, it is obfuscated by the video editing.

As for the FUD I was referring to in the comments section at TC, people are claiming to have received notices from Apple to change their passwords, i.e. a6's comment "if only dev account were affected, why are the rest of us receiving "change password" links in our emails twice a day?"

To my knowledge, no emails are being sent out by apple telling dev's to change their passwords. At least, I haven't received one. I've only received the one Apple blasted out at 4pm PDT on Sunday.

As I haven't logged into dev*apple.com since last wednesday, I don't know the exact time A* pulled the site.

 

[Apple Knowledge Navigator]

Well Tim, perhaps now's a good time to double-down on security?

 

[mw360]

Glad it was hacked. If it weren't, this would not have happened or seemed as important to do:

What an idiotic thing to say. You attach great importance to them securing their website against intrusion, but consider an intrusion as acceptable collateral damage in getting there. Weird.

 

[mw360]

An interesting comments from the techcrunch article:



http://techcrunch.com/2013/07/21/ap...kers/?hubRefSrc=permalink#lf_comment=87472293

It's an interesting story. I believe it because its kinda naive and sad.

----------

As for the FUD I was referring to in the comments section at TC, people are claiming to have received notices from Apple to change their passwords, i.e. a6's comment "if only dev account were affected, why are the rest of us receiving "change password" links in our emails twice a day?"

To my knowledge, no emails are being sent out by apple telling dev's to change their passwords. At least, I haven't received one. I've only received the one Apple blasted out at 4pm PDT on Sunday.

Perfect time for a phishing attack.

 

[loon3y]

so i cannot provision new devices?

 

[ihuman:D]

I haven't received any emails from Apple, whether warning me about the hack or to change my password, developer.apple.com also still seems to be up.