I doubt that, the guy lives some place in Turkey and they'd have to find him first He could be in some country that ends in "-stan". Likely he broke no laws in the place where he did this.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Takes Credit for Security Breach of Apple's Developer Center
- Thread starter MacRumors
- Start date
- Sort by reaction score
I doubt that, the guy lives some place in Turkey and they'd have to find him first He could be in some country that ends in "-stan". Likely he broke no laws in the place where he did this.
I find comparing cars and hardware idiotic too but in this case, his analogy actually works. Let him try to break in to your house but since all of security measures must be in place, make sure you to call the police when he tries because that also is a security measures that he's suppose to go around.
Exactly! One has to assume Apple was not aware of the security holes otherwise they would have patched them. Hopefully! As others have pointed out, you really have no idea how secure or safe you are until someone decides to test it.
How do you stop someone from, for example, starting a fire? The answer is that you take reasonable precautions, but basically there is nothing you can do to stop every possibility without draconian measures that inconvenience everyone.
Because Apple oNLY cares if the break in is made public. They don't care if data are stolen and no one finds out. The do care about their public image.
If he broken in then just told Apple the only thing that would happen is his email would be deleted.
What this guy has done is made is reputation more valuable. He is the guy who shut down the Apple dev site. Now he can charge clients a MUCH higher hourly rate.
If he had been the guy who sent Apple an bug report which was ignored he would not be able to charge his clients more. Heck I can send a report to Apple's bit-bucket.
Guess what: He didn't have to prove that any vulnerability existed. And according to his claims, what was behind the door was very much relevant, because he took it.
It occurred to me, how have tried to get permission to crack (correct term) a test site?
Apple probably does not want to do it, since if the crack works on a test site, then it will work on the live site, and just gives a lot more crackers (oft called hackers) the practice to run amok.
I recall Kasperky told Apple of a dangerous Mac virus about 2 years back. For about 1 month Apple ignored him, but suddenly revered course and aggressively attacked the virus with built in anti-virus efforts.
Apple seems to have a sens of invulnerability.
Even if this person did keep the ID's, the fact the revealed the bugs and vulnerabilities is worth far, far more. Now Apple knows it has a problem and will change it. Much better then not knowing and having massive IT theft.
Count your blessings
For those excoriating this guy you should count your blessings. At least he didn't do this: http://arstechnica.com/security/201...ssword-data-for-2-million-ubuntu-forum-users/
We all know there is no 100% hack proof security. The best we can hope for is vigilance from those we trust with our information... and a quick response.
My take from this is a hacker exposed a hole in Apple's security. Apple is fixing it. That fix is for the betterment of the dev community over the long haul. Someone with far more nefarious motives could have found the exploit and done far worse.
I am not in agreement with the youtube self-aggrandisement, but not everyone expresses themselves the way we would.
For those excoriating this guy you should count your blessings. At least he didn't do this: http://arstechnica.com/security/201...ssword-data-for-2-million-ubuntu-forum-users/
We all know there is no 100% hack proof security. The best we can hope for is vigilance from those we trust with our information... and a quick response.
My take from this is a hacker exposed a hole in Apple's security. Apple is fixing it. That fix is for the betterment of the dev community over the long haul. Someone with far more nefarious motives could have found the exploit and done far worse.
I am not in agreement with the youtube self-aggrandisement, but not everyone expresses themselves the way we would.
Actually, that page, developer.apple.com has been up the entire time.
The access page they're talking about, which is still down is accessible through the "iOS dev Center" and "Mac Dev Center". Click those links, and you'll see the maintenance message.
The access page they're talking about, which is still down is accessible through the "iOS dev Center" and "Mac Dev Center". Click those links, and you'll see the maintenance message.
Apple needs to take a break for messing with phones. They seem to be putting all their resources into making trivial changes to things like the screen size and the exact shape of color used for an icon.
At one time Apple's software was way ahead. They used BSD on a Mach micro kernel to build NetStep. That effort was way out in front of everything else. But in the last 10 years they just sat on top of that, they have matured it and added stuff but nothing "new", no leap forward.
It appears now that even Apple's web site designers are technically inept to allow this to happen at all. Why does't Apple have a dozen full-time engineers trying to break into their own sites. And if they do have such a team they need to be fired.
Apple needs to actually be different again.
At one time Apple's software was way ahead. They used BSD on a Mach micro kernel to build NetStep. That effort was way out in front of everything else. But in the last 10 years they just sat on top of that, they have matured it and added stuff but nothing "new", no leap forward.
It appears now that even Apple's web site designers are technically inept to allow this to happen at all. Why does't Apple have a dozen full-time engineers trying to break into their own sites. And if they do have such a team they need to be fired.
Apple needs to actually be different again.
As sad as it is. Apple is pretty poor on dealing with security issues. Holes stay in there until someone makes it public. It is sad that it like that. Apple has had some pretty huge holes in the system that they were told about months before hand and did NOTHING until it was made public. Then they fix it with in a very short amount of time and chances are that fix became a rush job and not done the best way.
There is a problem with that though. Because iOS devices are used in government/financial/health care facilities and Apple has contracts with all of those branches then they must comply with the laws and publicly state when a security breach has occurred. Both SOX and HIPAA laws require it. Apple has to care about it and has to deal with it in a very public manner.
That analogy doesn't hold. This is more of an unsolicited external penetration testprobably the most effective test there is.
Physically breaking and entering is obviously different man
But how about if I hacked all of ur personal info (credit card, social security, etc, etc). Then I called u after i did it and told u all about it. And when u threatened to call the cops i assured u I wouldn't do anything malicious with it.
But yet the topics here that get the most discussion are about iDevices and things like screen size, form factor, icons etc.
As part of improving security, Apple could just hire someone to 'test' for security holes. Honestly, I am surprised they don't have a team of people for that purpose alone.
Yeah, sure...
So I guess I'm happy this was done by someone who claims to be a whitehat, cause if it were a blackhat doing this, that could be pretty bad (ie, a full database dump of Apple employees' personal information on BitTorrent).
However, he went about this the wrong way. I've been in this industry for a while, and an actual professional "whitehat" penetration tester would not attack a website without written permission, probably with an actual signature in ink. You can, and he probably will, get sued really really hard over this.
So I guess I'm happy this was done by someone who claims to be a whitehat, cause if it were a blackhat doing this, that could be pretty bad (ie, a full database dump of Apple employees' personal information on BitTorrent).
However, he went about this the wrong way. I've been in this industry for a while, and an actual professional "whitehat" penetration tester would not attack a website without written permission, probably with an actual signature in ink. You can, and he probably will, get sued really really hard over this.
Some hater saying Apple doesn't care doesn't make it true. That simple. No sane person will ignore a real and serious security hole.
Wow, cynical. I had someone from Apple respond to me personally once for a bug report I filed. I think the type and timeliness of the response from Apple depend on a number of factors, but I have seen no reason to believe they aren't being read and taken seriously. I'd bet there's a methodology behind how those bug reports are prioritized that is far more complicated than either of us can fathom and I'm sure it's not a perfect system.