Researcher Takes Credit for Security Breach of Apple's Developer Center

[RobertMartens]

"Security researcher" Yeah, that's it. Is the guy "testing" my front door with a crowbar also a security researcher?

It is nice that he gave apple a couple of hours to respond. Classy of 'im.

Crooks don't warm you that your door is unlocked
They just take everything and sell it

This guy warned apple and they did nothing so he let himself in took a beer out of the fridge and waited for apple to come home

and now apple is angry at him

except that because of him no other real crooks will come in and steal everything

apple should be embarrassed

 

[Reason077]

He will now spend the next 15 years in court.

Let's hope so. This Hacker-Terrorist should not only be locked up, but billed/sued for the full value of lost productivity to the American economy for whatever length of time that Apple's developer resources are unavailable.

If he's a foreigner, he should be renditioned to Guantanimo Bay and tried as an enemy combatant.

 

[gnasher729]

Not really analogous.

It'd be like if somebody walked past my house when I wasn't home, noticed my front door didn't look like it was locked properly, turned the handle and opened it to make sure, then closed it and left a note letting me know that I need to make sure to lock my doors. It seems nefarious because he took user data, but that's common for security researchers. You take some info that proves that you did, indeed, gain access-- but you make sure that it's data that won't harm anybody or put anybody's privacy in jeopardy. If he just said, "Hey guys, I got into your database. No proof or anything though," his claim wouldn't hold a lot of weight.

Here's the problem: If among the information that he got was information from the company I work for, our lawyers would take a very, very dim view of that.

 

[gotluck]

Let's hope so. This Hacker-Terrorist should not only be locked up, but billed/sued for the full value of lost productivity to the American economy for whatever length of time that Apple's developer resources are unavailable.

If he's a foreigner, he should be renditioned to Guantanimo Bay and tried as an enemy combatant.

Lol I'm sure you'd prefer that a malicious hacker did this instead.

 

[2259]

http://www.youtube.com/watch?v=q000_EOWy80

^^ Worth a watch .... from the guy who's said it him that 'hacked' (accessed) Apple's Dev details.

 

[gnasher729]

This guy warned apple and they did nothing so he let himself in took a beer out of the fridge and waited for apple to come home

He didn't take a beer. He took information from app developers, and he might have taken information about developers from my company.

 

[ghostface147]

Beta4 could still happen as an OTA update as the systems aren't linked.

But you will need the new beta Xcode preview for beta 4, which isn't OTA.

 

[gotluck]

He didn't take a beer. He took information from app developers, and he might have taken information about developers from my company.

Isn't it encrypted and theoretically useless data?

Wow that video link looks like data is kept in plain text... that can't be right?

 

[millarj]

Not really analogous.

It'd be like if somebody walked past my house when I wasn't home, noticed my front door didn't look like it was locked properly, exploited the weak lock turned the handle and opened it to make sure, then rifled through my stuff and wrote down personal details about me and my family, then closed it and left a note letting me know that I need to make sure to lock my doors. It is nefarious because he took user data, but that's common for security researchers. You take some info that proves that you did, indeed, gain access-- but you make sure that it's data that won't harm anybody or put anybody's privacy in jeopardy. If he just said, "Hey guys, I got into your database. No proof or anything though," his claim wouldn't hold a lot of weight.

fixed that for ya.

Plus, I'm sure the 73 Apple employees aren't so happy about their data being "put into jeopardy"

 

[xraydoc]

Bad timing. I was just about to register as an iOS developer. Website's been down for what, 4 days now...? Hurry up and wait.

 

[Gnomepatrol]

And the fact that you are taking this at face value is just as moronic. As I posted this morning on another forum...you have to take this seriously. I have been in IT security meetings for last 3 hours on this. I work for a very large and well known company with a little over 10K iOS devices in use. While Apple says that the data wasn't compromised, we cannot take that chance. We now consider all certs (mdm, provisioning profiles, and csr) to be dead. We use a very large mdm platform to secure our devices and as of this morning that mdm cert on it is no longer valid. This for us is a real cluster****. As soon as we have access to our account we have to revoke the mdm cert, all provisioning profiles, all development certs.

First, the moronic comment was to the use of the physical anology of breaking into a house vs this issue and how these types of analogies are better not used as they are not comparable.

Second, you notice in my comment I said, if what he was saying is true. You should probably read the comment in its entirety. Either way if this happened with malice or for, as he says (still to be proven), helping in divulging a security issue. Good practice would dictate that your company would be doing the same thing that it is doing now; as you have no clue whether he was the first or the only to get to that data and I certainly would not trust anyone.

I realize it is a huge P.I.T.A. for everyone, but (and again if this guy is telling the truth) better to have this situation than someone selling off information to the highest bidder (I guess I should state AGAIN if what he is saying is what he did, since we have difficulty reading that I need to state it over and over).

 

[RobertMartens]

He didn't take a beer. He took information from app developers, and he might have taken information about developers from my company.

I suppose you can rest easier now that you know apple finally locked up your information in a safe place

as opposed to just sitting there on the clothes line

 

[leman]

Well, this is just stupidity. Hacking a website = a fellony, no matter what noble purpose the person had in mind. Not to mention that this resulted in inconvenience to many people around the world and also probably to financial damage to Apple. He should have waited longer for Apple to respond to his findings, and if they didn't respond, then publish the findings somewhere in the internet to make them understand the seriousness of the issue. But deliberately attacking the website? I feel sorry for him somehow, but stupidity is stupidity.

 

[oliversl]

Jail. Doing damage for self-promoting is not good.

 

[apollo1444]

he says "I have emailed and asked if I am putting them in any difficulty "

yeah you did with Apple's major iOS redesign since the original iPhone was introduced. What the hell does he want an award? a job?

 

[BaldiMac]

First, the moronic comment was to the use of the physical anology of breaking into a house vs this issue and how these types of analogies are better not used as they are not comparable.

What's wrong with the analogy? Seems reasonable to me for the point being made.

 

[DisMyMac]

"Shoot the messenger", say Apple fans.

That message being: "You are naked, Emperor..."

 

[bekiil]

I actually hate these people.. If you walk by a open door, you don't walk in just because you can do it and later tell the owners that you did and that they need to lock the door.

 

[April Knight]

Here's the problem: If among the information that he got was information from the company I work for, our lawyers would take a very, very dim view of that.

Sure. I had edited my post to reflect that his "noble" intentions don't make it any less illegal or dumb of him.

 

[BornAgainMac]

This is good news. It wasn't a hacker to do harm and at the same time some maintenance that was probably over due was done on Apple's side to make it more secure.

 

[John.B]

If the guy responsible for the AT&T iPad "hack" was prosecuted and convicted, I don't see how the guy who hacked Apple's developer website doesn't get the same treatment, "security researcher" or no...

 

[sfern]

The key thing to remember is that internet security is inherently complex. If it wasn't then I'm sure the likes of Facebook and Steam accounts, Apple IDs, emails and numerous internet companies whose whole business is conducted online would never be or ever will be compromised (anyone remember the Playstation Network debacle?). It's like expecting never to have a power blackout - it's unrealistic. I applaud any organisation that takes immediate action when a vulnerability is brought to their attention and is proactive in prevention.

My 2c.

 

[Marco123]

Well done to this man. He single handed alone has shown that apple are not the great company they think they are.
All they do is use their CURRENT popularity to bully other companies into making sure they stay at the top.

 

[RobertMartens]

I actually hate these people.. If you walk by a open door, you don't walk in just because you can do it and later tell the owners that you did and that they need to lock the door.

he had to actually hack apple to prove that the vulnerability existed
he was only proving that the door was unlocked
what was behind the door was not relavent to him

 

[BaldiMac]

he had to actually hack apple to prove that the vulnerability existed
he was only proving at the door was unlocked
what was behind the door was not relavent to him

Then why did he go inside and take stuff?