Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Takes Credit for Security Breach of Apple's Developer Center
- Thread starter MacRumors
- Start date
- Sort by reaction score
not to get into this, but bank's have security all over the place too. Entryway, cameras, etc..
I like his analogy. It's not perfect, but getting there..
Spams
I have been getting signed up on various websites mailing lists all day as well.
(With my developer email address, however they all have spelled my first name wrong.)
I also received a phone call from Kazakhstan which I did not answer (Country code +7)
I have been getting signed up on various websites mailing lists all day as well.
(With my developer email address, however they all have spelled my first name wrong.)
I also received a phone call from Kazakhstan which I did not answer (Country code +7)
Let me know when you've solved the world's crime problem. Do you think you can have it done in the next 24 hours or so?
I wonder if he can be called a "researcher".
If he is a real researcher, and his company does some research on other companies' servers, he and his company should ask a consent from the interested company or makes some contract first.
I know many "internet marketing" companies do things like this to develop their own way of putting some ad or malware, or to sell their capability.
However, it is very immoral business behavior.
He would be more frank if he said he was just a hacker.
I was recently contacted by SD-based company which revealed themselves as a company which is to provide new user experience on the web. However, it turned out that they were a company which made really bad advertising method which hooks to others' web site and replace some of content with theirs. I think they were sued by Yahoo or Google a few years ago.
Although he/his company may be successful in spreading their names, I think it's very immoral business conduct.
I doubt if he really did "research". Probably he just tried to "find out".
By using the word, "research", probably he tried to be exempt from any responsibility. Well.. I think he is just another hacker, not a researcher.
If he is a real researcher, and his company does some research on other companies' servers, he and his company should ask a consent from the interested company or makes some contract first.
I know many "internet marketing" companies do things like this to develop their own way of putting some ad or malware, or to sell their capability.
However, it is very immoral business behavior.
He would be more frank if he said he was just a hacker.
I was recently contacted by SD-based company which revealed themselves as a company which is to provide new user experience on the web. However, it turned out that they were a company which made really bad advertising method which hooks to others' web site and replace some of content with theirs. I think they were sued by Yahoo or Google a few years ago.
Although he/his company may be successful in spreading their names, I think it's very immoral business conduct.
I doubt if he really did "research". Probably he just tried to "find out".
By using the word, "research", probably he tried to be exempt from any responsibility. Well.. I think he is just another hacker, not a researcher.
Think of it like this then. Would you rather someone like this guy go around looking for security holes so he can bring it to whatever company's attention...
...or one day waking up and seeing a sticky post up on top of the forum saying that all Apple accounts have been hacked, and everyone here need to change their usernames, passwords, and cancel their credit cards to be safe?
Regardless of the legality of it, his intentions were good. Given half a chance, he could've done a goodly bit of damage with what he discovered instead of informing Apple about it.
Hacker isn't a bad word per se you know? Hackers are extremely useful in our connected world.
Whatever you want to call him, he found a vulnerability and reported it to Apple. There's nothing wrong in probing a website. Nothing illegal either.
His intentions were not good. He stole info and now some devs are having problems with spam etc. Including me.
The guy either sold some of the info or is using it himself.
Seems to be a case of "he said, she said." However, those security breaches may not have been discovered. Apple needs to re-examine their systems. Either way, I'll hold off any judgment(s) until more facts are presented.
An aside, I have noticed a bit of an uptake in such matters after the [now infamous] NSA revelations.
An aside, I have noticed a bit of an uptake in such matters after the [now infamous] NSA revelations.
What else would you expect? It is pretty unlikely there was going to be a constant stream of comments reserving judgement until all the facts are known.
That's a false dichotomy. If you want to go around looking for security holes, there are legitimate ways to do that.
Would you say the same thing if he bypassed the physical security of a bank and took some money out of the vault as proof? Or even just their customer's names and addresses from some file cabinet?
fair enough, I still say better him than say some chinaman with real malicious intent. This guy could have stayed under the radar and done some real damage. There is no reason to believe Apple knew he was inside aside from him actually telling Apple.
This might KILL iCloud for most users.
Yes, the way to know. Is to stop using the same email address and user info for multiple purposes. Get about a dozen gmail accounts. Same with credit cards, don't give Apple one that you use for any other purpose.
Actually I LIKE what this guy did, it should have been impossible but he proves that Apple got lazy. Apple should have had NOTHING of value that has not encrypted.
Users who re-use the same name, password and credit card are to blame too. Especially developers who SHOULD understand these issues.
I hope this problem leaks over to their iCloud service too. People will loose confidence in iCloud when they hear about this. Apple will need some transparent way to prove it is safe. Perhaps hire a dozen guys like this hacker to work full time to try and break iCloud and keep a public blog of their efforts. I don't know how else they can prove it safe.
So over all I'm happy Apple was forced to action. Maybe they re-think security.
Yes, the way to know. Is to stop using the same email address and user info for multiple purposes. Get about a dozen gmail accounts. Same with credit cards, don't give Apple one that you use for any other purpose.
Actually I LIKE what this guy did, it should have been impossible but he proves that Apple got lazy. Apple should have had NOTHING of value that has not encrypted.
Users who re-use the same name, password and credit card are to blame too. Especially developers who SHOULD understand these issues.
I hope this problem leaks over to their iCloud service too. People will loose confidence in iCloud when they hear about this. Apple will need some transparent way to prove it is safe. Perhaps hire a dozen guys like this hacker to work full time to try and break iCloud and keep a public blog of their efforts. I don't know how else they can prove it safe.
So over all I'm happy Apple was forced to action. Maybe they re-think security.
Well, to take the analogy further, lets say the storage company found out who committed the break in and stole your property, but then told the police to not bother with prosecuting the thief. I would be even more mad at the storage company than before, but still mad at the original thief as well.
Anyway, we will see if apple sues him for civil damages, or if authorities in the UK are interested in a criminal investigation against the hacker/unauthorized security analyst (whichever term applies depends on your point of view.)
So true, but it's what we do in forums. Leap without knowing jack diddly. I can say that I have thoroughly enjoyed some of the comically paranoid explanations regarding the guy's true goal.
Again, I agree regarding the horribly bad analogies. I would almost prefer an equally terrible Ferrari/Porsche/BMW analogy to what we are getting in this post. I've seen much better from MacRumors.
In this case. Yes. He did not have Apple's permission. What he did is considered illegal. Bad security or not.
I believe he would still get a trial to establish that. This isn't the NSA we're talking about here.
In what country?
you're right, that was stupid.
but i know what i mean lol
hackers are useful
Innocent of what? Even if his intensions weren't bad what he did wasn't legal was it? Again I can't believe how many are using the ends justify the means excuse.