Apple's Developer Center Experiences Daylong Outage

[Ed217]

If this is a security/breach kind of problem, there are a number of factors that would be need to addressed.

1. Repair any damage done using backups
2. Determine what allowed the issue to occur in the first place
3 Completely convince all involved that your fix to #2 is truly solid
4. Deal with the PR end of things, as clearly some real explanation is needed after almost 4 days down
5. Alert any third parties about any lasting effects due to #1

Only after all these are done can the system come back up. There are likely other factors as well that only those on the inside may appreciate.

For most firms #1 is probably the easy one. Items #3 and #4 are harder.

 

[japanime]

The fact that there still has been no official statement from Apple on the outage just goes to show how toothless the "tech journalism" industry has become.

These so-called journalists (Gruber, Dalrymple, Laporte, etc.) trip over one another as they rush to tell us all about the latest iToys.

Yet when real news happens at 1 Infinite Loop, we hear little more from them than, "The Developer Center is down. Yep."

Pathetic.

 

[Peace]

If you have a true concern about legitimate problems please email devprograms@apple.com rather than spam the bug reporter.

This way you have a technical followup ID #. Unfortunately they are closed on week-ends.

 

[Rogifan]

The fact that there still has been no official statement from Apple on the outage just goes to show how toothless the "tech journalism" industry has become.

These so-called journalists (Gruber, Dalrymple, Laporte, etc.) trip over one another as they rush to tell us all about the latest iToys.

Yet when real news happens at 1 Infinite Loop, we hear little more from them than, "The Developer Center is down. Yep."

Pathetic.

Sorry but when you refer to Apple products as "iToys" your rant loses credibility.

 

[3282868]

Not if there is a core vulnerability or error within the system, it would also affect the mirror as well.

Can't they just use a "Time Machine" backup?

 

[Four oF NINE]

Apple Developer Website Update

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.



I received this e-mail at 3:37 PDT

 

[HiRez]

These so-called journalists (Gruber, Dalrymple, Laporte, etc.) trip over one another as they rush to tell us all about the latest iToys.

Yet when real news happens at 1 Infinite Loop, we hear little more from them than, "The Developer Center is down. Yep."

Pathetic.

Well, according to Gruber, even his contacts inside Apple are completely mum on the matter. What is he supposed to do, call Tim Cook? I wonder if Tim Cook even knows about this yet, you would assume so, but how log did it take to get escalated, or has it yet?

 

[japanime]

Sorry but when you refer to Apple products as "iToys" your rant loses credibility.

It wasn't a rant. It was an observation about the state of tech journalism.

The point being that tech-industry journalists cannot see beyond the shininess of new devices. To them, iOS devices are nothing more than toys, and Apple is nothing more the toy store that provides them. Nobody would ever think of writing something critical about a toy store.

 

[HiRez]

Last Thursday, an intruder attempted to secure personal information

Is this for real? Please provide a link, because I don't see that on any of the sites, nor have I received an email. Also, this, to me, does not read like something Apple issued would.

 

[msheldrick]

I just got this?

 

[Four oF NINE]

Is this for real? Please provide a link, because I don't see that on any of the sites, nor have I received an email. Also, this, to me, does not read like something Apple issued would.

This is the complete text of an e-mail I received from Apple Cupertino at 3:37 PM PDT

 

[diddl14]

The email is real. I just got it on both my business as well as personal developer account.

 

[Michaelgtrusa]

Apple explains Developer Center outage: intruder attempted to retrieve users info http://9to5mac.com/2013/07/21/apple...c-MacAllDay+(9+to+5+Mac+-+Apple+Intelligence)

 

[Peace]

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

Good.. Finally some information.

 

[HiRez]

This is the complete text of an e-mail I received from Apple Cupertino at 3:37 PM PDT

Wow. For some reason, I haven't received it yet. That sounds the be major, to understate it. This could finally be the death knell for WebObjects (pure speculation there). If this is truly a security breach, it seems odd to me that they still allow you to log in with your dev ID before you find you can't access the site. Shouldn't they take it down at that point until they know exactly what was compromised?

 

[starnox]

Well here's to hoping we get a better developer website out of this

 

[bramfcool]

I received exactly the same message from Apple... Seems legit

 

[costica1234]

Received the same mail few minutes ago. I have just become an Apple Developer a week ago, can't believe something like this happened ...

 

[stuarty2003]

Legit email.

By the way - can someone confirm if sandbox in-app purchases are working?

 

[WolfSnap]

 

[starnox]

It's not that big a deal. Which website doesn't have your name, address and email address...

 

[diddl14]

That sounds the be major, to understate it. This could finally be the death knell for WebObjects (pure speculation there). If this is truly a security breach, it seems odd to me that they still allow you to log in with your dev ID before you find you can't access the site. Shouldn't they take it down at that point until they know exactly what was compromised?

iTunes Connect (which uses WebObjects) doesn't seem to be affected.

Only the developer portal is down that hosts the download area, provisioning stuff, forums, etc.

 

[Lalov001]

Legit email.

By the way - can someone confirm if sandbox in-app purchases are working?

Yes, sandbox in-app purchases are working, I've been using them all day.

 

[Peace]

Updating their Server software.

Why does that sound funny.

 

[Four oF NINE]

It's not that big a deal. Which website doesn't have your name, address and email address...

WOW!

You couldn't possibly be more wrong. This is a VERY BIG DEAL. They also have bankcard information, passwords, and other things.

You don't seem bothered, but many of us are deeply concerned.

I can only hope these hackers were unsuccessful in their efforts.

There will be more to follow.

Stay tuned.