backtop


Print 36 comment(s) - last by applepie.. on Jul 24 at 12:24 AM

Apple's developer site was attacked on Thursday

Apple's developer portal – which provides access to everything from developer previews of upcoming software (i.e. iOS 7 and OS X 10.9 Mavericks), to registering iOS devices for testing, to submitting apps to the App Store -- has been offline since Thursday (Apple initially only stated that it was undergoing routine maintenance).
 
Apple has been tightlipped about what exactly was going on with the site while developers were left scratching their heads.


Apple at first just suggested that the dev site was undergoing typical maintenance
 
As the outage went on for a few days, speculation about what was going on behind the scenes began to grow. The folks over at Neowin picked up on the fact that a number of developers had taken to Twitter to state that they had received "Reset your password" notification emails from Apple, indicating that at least some user accounts could have possibly been compromised.
 
Well, Apple finally broke its silence today and sent out an email informing developers that an intruder had attempted to hack its system to retrieve personal information. However, we're not so sure that "attempted" is the right word in this case, considering that a breach [serious enough to take down a site responsible for distributing crucial test builds of its two most important upcoming software products] appears to have taken place.


By Sunday evening, Apple came clean about what actually took place
 
And while Apple tries to downplay the matter somewhat by stating that "sensitive personal information" wasn't accessed, the company goes on to state that names, mailing address, and email addresses could be wide open for perusal (which would explain the password reset emails).
 
There is no word on how this security breach will affect the release of the fourth beta of iOS 7, which is expected to be released tomorrow.

Sources: Apple Insider, Neowin



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Karma
By morgan12x on 7/22/2013 12:02:19 AM , Rating: 5
While I don't advocate malicious hacking and could really care less if Apple does well or poorly, I do get a chuckle out of seeing a company who thrives on marketing their systems as "more secure" getting knocked down to the real world that everyone else has to play in.




RE: Karma
By morgan12x on 7/22/2013 12:03:39 AM , Rating: 5
Funny, this was the quote from DT on the bottom of the screen: "Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller


RE: Karma
By ReloadAO on 7/22/2013 5:06:10 AM , Rating: 2
"And boy have we patented it!" -- Steve Jobs, Macworld 2007


RE: Karma
By flyingpants1 on 7/22/13, Rating: -1
RE: Karma
By Cheesew1z69 on 7/22/2013 8:20:44 AM , Rating: 1
Apples developer site is just some random site?


RE: Karma
By Flunk on 7/22/2013 9:15:59 AM , Rating: 2
At this point plain text passwords would be the equivalent of leaving the key under the mat in front of your door. That's like saying "At least they weren't the most incompetent people in the entire universe".


RE: Karma
By mjv.theory on 7/22/2013 4:56:47 AM , Rating: 5
quote:
In the spirit of transparency, we want to inform you of the issue.


Should read:
"In the spirit of transparency, we'll take our own good time before telling you."

So you've been hacked and don't want to own up about it. Fine, that is your prerogative, but don't make it worse by bullsh*tting to the affected users.


RE: Karma
By hughlle on 7/22/2013 6:58:48 AM , Rating: 3
Exactly. Would they have taken the route of transparency if they had been able to sort out the problem in the first 24 hours and just continued with the line of routine maintenance?


RE: Karma
By applepie on 7/24/2013 12:24:39 AM , Rating: 2
Does this mean Mac users won't be limited to Intego Security Software? It used to be unnecessary, right?


Make of this what you will
By name99 on 7/22/2013 1:47:26 PM , Rating: 2
Researcher claims he told Apple about the vulnerabilities, and the shut down was to fix them.
Lots of bad faith shouting at each other on both sides here. I don't quite understand the researcher's attitude or why he's upset. What Apple know is that they could have been compromised (the bugs he described), and they WERE compromised (at the very least by him). They don't know if he limited what he did to what he says, and they don't know if anyone else took advantage of the bugs. I don't see a problem with the reason Apple gave for the shut down.

Assuming the story is true, Apple actually comes off as pretty good here. The existence of the bugs is obviously bad, but they responded pretty immediately on learning of the issues; they were willing to take the site down to resolve them.

http://thenextweb.com/apple/2013/07/22/researcher-...




RE: Make of this what you will
By jimbo2779 on 7/23/2013 4:23:04 AM , Rating: 2
They waited days to inform thousands of their users that their personal information could have been compromised. This would give any hacker lots of time to use this information for their own dastardly deeds. Even Sony took their sites/services down right away and informed their users right away when they got hacked.

Delaying by days to notify your users is not coming off as pretty good, it is very bad of them to hide the true reason for their temporary shut down and could have put their users at risk.


What really happened- Apple
By applepie on 7/24/2013 12:11:41 AM , Rating: 2
A known attacker who executed a vindictive MBP intrusion with remote access, key logging and bots... a remotely jail broken IPhone 5. I was connected to Apple Level III IP for possible intrusion and Apple confidentiality issue to be viewed by this tech remotely.

Upon hearing my IOS situation, I was promptly dismissed and the questionable breach never investigated. "An IPhone is ALWAYS jail broken by the owner, miss. What you are saying is impossible, and frankly not true".

Apple has been both pouring and drinking the Kool-Aid. I'll never leave, but that is the real problem. Read any respected hacker publication to see this was the golden ring. No delay in IOS 7 release will firm up that product. Serious skills out there.




Solaborate-
By agon on 7/23/2013 8:25:37 AM , Rating: 1
Solaborate- New social networking and collaboration platform for technology professionals and companies. Experience it yourself by requesting a beta key @ www.solaborate.com




What actually happened
By Tony Swash on 7/22/13, Rating: -1
RE: What actually happened
By futrtrubl on 7/22/2013 6:39:38 AM , Rating: 2
quote:
They waited three days to alert developers because they were trying to figure out exactly what data was exposed

Interesting idea. Let the hackers have a 3 day window to do whatever they want with the data they get before telling people there might be a problem.


RE: What actually happened
By testerguy on 7/22/2013 7:27:43 AM , Rating: 1
Huh?

So are you saying that because Apple has now made the hack public, the hackers suddenly can't do anything with the data which they still have? How does that make sense?

Since Apple took the service down immediately, they minimised the damage which could be done with that data.


RE: What actually happened
By jimbo2779 on 7/22/2013 8:53:48 AM , Rating: 2
The difference is that if they informed their users right away they could have then gone and changed passwords to other sites they may be signed up to with the same password. This happens all of the time.

That is why when a site gets hacked the responsible thing to do is inform your users right away not deny it for days while the hackers find a way to exploit the information they have.

Before you say the passwords are not stored in plain text that does not excuse it, there are ways around cracking hashed passwords to get the original or flat out just using the hashed password on other common sites.


RE: What actually happened
By Tony Swash on 7/22/13, Rating: -1
RE: What actually happened
By ReloadAO on 7/22/2013 10:26:39 AM , Rating: 2
If you loose the key, you try to change the lock as soon as possible.


RE: What actually happened
By Tony Swash on 7/22/13, Rating: 0
RE: What actually happened
By ReloadAO on 7/22/2013 11:37:14 AM , Rating: 2
Well that is not really the same. A LOT of people are using same credentials for different kind of webpages or services.
And as they stated they did not know what kind of data hacker has taken.

I'm pretty sure they just wanted a careless weekend.
No blame for that one. :D


RE: What actually happened
By testerguy on 7/22/13, Rating: 0
RE: What actually happened
By ReloadAO on 7/22/2013 10:33:37 AM , Rating: 2
Apple do not know what was stolen.
They didn't know they were hacked!

It's the same crap as "Maintenance" LOL


RE: What actually happened
By half_duplex on 7/22/2013 10:36:34 AM , Rating: 2
You obviously have no clue how passwords/hashing works.


RE: What actually happened
By jimbo2779 on 7/23/2013 4:28:38 AM , Rating: 2
You obviously have no idea about what I do. Are you telling me you couldn't take an MD5 hashed password and use that at another site that uses an unsalted MD5 hashed login? Of course you could.

I was not saying in all instances it can be done but there are ways and means of cracking any password and Apple not releasing full details of the hack is very bad on their part.

Just because Apple claim that the passwords were not stored in plain text does not mean that they were partcularly well encoded or even slightly secure, the passwords that were taken could potentiall easily have been used at other sites.


My prediction
By Tony Swash on 7/22/13, Rating: -1
RE: My prediction
By drycrust3 on 7/22/2013 6:54:08 AM , Rating: 2
One of the Ubuntu support website ubuntuforums.org has been down for several days because of a hacking attempt too. It would be interesting to know if these events are related.


RE: My prediction
By hpglow on 7/22/2013 8:00:19 AM , Rating: 2
Attempt. Everything got compromised. All user data.


RE: My prediction
RE: My prediction
By drycrust3 on 7/22/2013 2:54:30 PM , Rating: 2
My apologies for understating the problem.
Canonical, who run that forum, have been given a right toasting by those posting comments.
From the comments it appears Canonical were using some proprietary software called vBulletin to run that forum, which was totally unnecessary, and that was the means the hackers used to gain access to the various databases. Canonical have lost face over this.


RE: My prediction
By Nyu on 7/22/2013 7:39:31 AM , Rating: 2
They deserved it.


RE: My prediction
By Lord 666 on 7/22/2013 7:43:03 AM , Rating: 2
Is that an Apple Haiku?

Its about disclosure or the lack of it. Developers have been the life blood of the Apple renaissance launching an entirely new economy surrounding app development. These developers depend on the ability to log in and see performance metrics along with the Apple iTunes Connect system on getting paid. Expect much more fallout to follow if data was breached that tied the purchases and Apple ID information.


RE: My prediction
By retrospooty on 7/22/2013 8:52:09 AM , Rating: 4
"Many comments attacking Apple.
Few attacking the hacking.
Some welcoming it and wallowing in Apple's misfortune
Few noting the other big companies also hacked."


Jab, deflect, divert. Done.

NEXT!


RE: My prediction
By Camikazi on 7/22/2013 4:10:08 PM , Rating: 1
We know about the other companies and they have their problems too but this article is about Apple not about those other companies.


RE: My prediction
By Monkey's Uncle on 7/22/2013 6:05:52 PM , Rating: 1
This seems to be a pretty simple and common case:

- A company's security was cracked.

- cracker caught.

- Company will do whatever it has to do to keep this problem from being repeated.

- cracker to be punished (or hired as a security consultant).

Nothing new here - happens all the time. Moving on to the next new item.


RE: My prediction
By Fleeb on 7/23/2013 3:40:56 AM , Rating: 1
Why are you getting it backwards again? We all know all companies got hacked at one point, and people would say that Apple is secure. Now we are just pointing that out that Apple can also get hacked - just like any other company.

And that is your defense?


"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller














botimage
Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki