Smart? Socially maladjusted, and not a bit of sense. Guess how much money his smartness has made him so far. He could have got himself a proper job, and he would have made more in the time it takes walking to the coffee machine and back.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Now Including Unique Identifiers for In App Purchase Receipts to Combat Hack
- Thread starter MacRumors
- Start date
- Sort by reaction score
Smart? Socially maladjusted, and not a bit of sense. Guess how much money his smartness has made him so far. He could have got himself a proper job, and he would have made more in the time it takes walking to the coffee machine and back.
Our iPhone app hasn't been updated since Apple's UDID ban came into effect and still collects UDIDs, and the unique_identifier in our receipts matches the UDID perfectly in every purchase we've gotten since they started including unique_identifier - I'm not sure where TNW got their information but for us at least the IDs do match.
Tying a device UDID to a purchase is not the solution (some people have more than one device, move to a new device and resell, etc.).
What Apple should provide developers is some sort of 'Account ID', that is unique to each AppleID/iTunes Account, but anonymous (i.e., impossible to figure out the actual AppleID/e-mail address of the user from this proposed ID)
----------
Hey, it's not such a big deal. I'm a total php/sysadmin noob and yet got it running relatively quick. I believe I nailed it quite robustly, too.
There is lots of sample code. The hard part is perhaps getting a hosting service with performance suiting your live needs (reliability, bandwith) without being a rip-off, and setting up SSL certificates.
What Apple should provide developers is some sort of 'Account ID', that is unique to each AppleID/iTunes Account, but anonymous (i.e., impossible to figure out the actual AppleID/e-mail address of the user from this proposed ID)
----------
Hey, it's not such a big deal. I'm a total php/sysadmin noob and yet got it running relatively quick. I believe I nailed it quite robustly, too.
There is lots of sample code. The hard part is perhaps getting a hosting service with performance suiting your live needs (reliability, bandwith) without being a rip-off, and setting up SSL certificates.
I wasn't saying he's wise, simply wondering if it's a good idea to announce these counter measures on a well read website.
Who knows what job opportunities are available where he lives, somewhere in Russia presumably. Perhaps he's too young to work or has some other handicap preventing him from honest employment. Whatever, I agree he shouldn't be doing this, but all this attention probably isn't helping matters IMO.
That's what I was trying to say. It's only clear text for the hacker who hosts the servers because he has forced false certificates onto the device and therefore has the power to decrypt whatever the iPhone is encrypting.
So let me get this right...
Apple has enough money in the bank to take the whole of Europe out of the financial crises, buy a few countries up, send a few tens of expeditions in outer space, end poverty for a considerable part of Africa, etc. etc.
Ok.
Now, recently, they are being repeatedly taken to the cleaners by hackers. And then, if we are lucky enough, they react to that. Be it with 500,000 users data stolen or with less damage. Of course most security issues that are reported but not widely reported and don't constitute an immediate pr threat are simply put under the rug.
Recently, I read they asked kaspersky for advice....
Now, my question is, seeing as they could buy every kasperky in the solar system, and quite a few of them in inhabited planets in the galaxy....
Why the heck aren't they doing it?
When are they going to start being proactive?
When are they going to start justifying their 50% margins in an industry that right now operates with razor thin margins?
Apple has enough money in the bank to take the whole of Europe out of the financial crises, buy a few countries up, send a few tens of expeditions in outer space, end poverty for a considerable part of Africa, etc. etc.
Ok.
Now, recently, they are being repeatedly taken to the cleaners by hackers. And then, if we are lucky enough, they react to that. Be it with 500,000 users data stolen or with less damage. Of course most security issues that are reported but not widely reported and don't constitute an immediate pr threat are simply put under the rug.
Recently, I read they asked kaspersky for advice....
Now, my question is, seeing as they could buy every kasperky in the solar system, and quite a few of them in inhabited planets in the galaxy....
Why the heck aren't they doing it?
When are they going to start being proactive?
When are they going to start justifying their 50% margins in an industry that right now operates with razor thin margins?
Because sometimes stealing is okay...as long as it's from a greedy American. Oh, that's right there are iOS developers all over the world who use their time away from their family and friends to create apps and expect to be compensated for that time so they can feed their families. Do you get paid for the job function you perform? Thought so, unless you're an unemployed leech.
Excuse me...
But where did you find that data of 500,000 users was stolen from Apple?
Chances are very good that the author of the article is just confused and mistook a UUID (unique universal identifier) for a UDID (unique device identifier).
Last edited:
How will this impact those of us that have an iPad and an iPhone? Will we be required to pay for the app 1 time, but the in-app stuff twice??
All of your FarmPointz or whatever will suddenly stop being genuine
----------
Once I read this sentence, I knew what this was going to be about. "Apple should spread the wealth!" or something.
They've already justified their setup by becoming the largest company in the world after being almost bankrupt.
----------
Yeah, hackers = losers. I got the IP of a guy who hacked some Yahoo! accounts, and... oops, entering the "ban" zone.
Also, am I the only one who finds it odd that hackforums.net is not constantly attacked? I can't believe a site like that is allowed to exist, but I guess it's "freedom of expression".
Last edited:
just identify the person we're dealing with
I don't understand why Apple does not give out the id's of the person buying a product from me. After all - Apple is just a 3rd party in the deal, right? Why should one of the actors not know who the other one is? It's not share holders dealing here.
I don't understand why Apple does not give out the id's of the person buying a product from me. After all - Apple is just a 3rd party in the deal, right? Why should one of the actors not know who the other one is? It's not share holders dealing here.
Apple just needs to update iOS to make sure that the connection to the apple server was signed with the correct certificate, problem solved.
not from apple, from apple users, flashback trojan, get your facts straight.
Get your facts straight. Flashback trojan didn't steal anything from any Mac users. And it wasn't very good at stealing from anyone else either.
And let me just see if I got this right: You make a post that clearly claims that Apple is taken to the cleaners with 500,000 users' data stolen. That means that these users' data was stolen from Apple, since you said _Apple_ was taken to the cleaners, not the users. I ask for proof. You then turn around, change your story to "data stolen from users", and you tell me to get my facts straight when you can't even stick to the same story for five minutes?
If you think you need to know my AppleID before you are willing to sell to me, then you can keep whatever you are selling.
Last edited:
Oh, yeah, it didn't steal anything? Why? Cause you 've personally checked all of the at least 600,000 infected macs? Or cause you say so as an apple apologist and we have to take your word for it?
http://mashable.com/2012/04/11/mac-flashback-trojan-effects/
No, when I say apple is taken to the cleaners, I mean their os is taken to the cleaners via malware and that results to user's data being compromised. Perfectly clear, and perfectly simple. If you can't get your facts straight at least don't misconstrue what others are saying.
Taken to the cleaners - I don't think it means what you think it means, somehow.
Flashback didn't really do much and it's now dead. I am sure we'll see more exploits and more malware but so far nobody was taken to the cleaners. By and large Flashback required users to download the malware and enter their admin password.... what's horrific is that Adobe's official Flash updater works in the exact same way, but that will hopefully come to an end with sandboxing in Mountain Lion. Why you'd write your software to work exactly like a piece of malware is beyond me... but that's Adobe for you
Back on topic not sure I am too happy about this - I don't really understand enough about it but I do wonder why the UDID is necessary, I sure hope Apple doesn't go all Nazi and starts tracking UDIDs. A class action lawsuit is going to come anyways but if they did collect data it would have merit, too.
The way to prevent a man in the middle attack is by using cryptography. This is what any kind of public key system and even HTTPS is designed for. It should be possible for Apple to implement in app purchases in a way that the phone can be sure it's actually talking to Apple servers?!
No. HF is a grey hat website, we help people, more than we hurt people, and we're a NO FRAUD forum. We pay our taxes, we're a US REGISTERED BUSINESS. Believe me, we would not risk our 400,000 active member database.
PM me for forums that exist, that include credit card fraud that shouldn't.
ALSO, we get DDoSed all the ****ing time.
Sorry, I'm going to have to call BS on that. Well, I guess you do help people hurt other people:
If that site has been DDOS'd, that's good to hear. And it looks like some good hackers are hacking the bad hackers: http://seclists.org/fulldisclosure/2009/Jul/164. But since you're paying taxes, I'm sorry that I can't give a little tax money to the US since I don't see any ads.
If anyone cares to see more:
Well at least they closed down the "manipulation" section.
Last edited:
All of those sections are for information purposes. The Manipulation section is closed because people were committing fraud, we're a no fraud forum.
I understand we have some risqué sections, but believe me, the good outweighs the bad.
If you look through our entire site you won't find one infected link.
We pay A LOT of taxes, we receive hundreds of dollars of donations daily.
An official group costs 4,000 cash, and we have at least 1 new group monthly.
We were even once BlackListed my Malware Bytes.
Look at the owners success "Omniscient" or Jesse Labrocca (Owner of HackForums)
http://forums.malwarebytes.org//index.php?showtopic=36808
We ended up getting nasty legally, all 300,000 members of HF got free pro memberships to malware bytes.
We're not the bad guys.
Check out
alboraaq.com
So you're claiming that this site is completely good-natured with so many sections dedicated to exploiting servers? I understand that there are good sections and that the site itself is not dangerous, but it harbors malicious hackers in its forums and has sections for tutorials on how to hack servers. That's unacceptable.
Again, we teach, 99% of the people whom claim to have defaced an website leave messages like secure your server. We're not the target for a reason, the government would prefer a forum our size hosted on short, that they have to reason to seize, over all the carding forums which are close to our size, hosted offshore. Our forum contains more people who kiss the admins ass for 24x24 pixel awards, than actual hackers.
----------
Though we're not 100% goodnatured, we're not illegal, what the members do is not our problem, as long as they don't do anything fraud relating, claiming to, or showing how to access a server is not illegal, and purely informational.
99% of website that are breached, are just to show the owners to secure their ****.