[Kerrigan]

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

If this story is true, it's a pretty major lapse of security. You know Apple legal are going to be burning the midnight oil tonight.

[Person Man]

Originally Posted by Kerrigan 

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

If this story is true, it's a pretty major lapse of security. You know Apple legal are going to be burning the midnight oil tonight.

Um... how is this Apple's fault? It was AT&T that got hacked, not Apple.

[Spheric Harlot]

Apple has absolutely nothing to do with this, other than that the hackers singled out the iPads' ICC IDs because they were easy to guess.

They could just as easily have pulled out all Sony-Ericsson or Nokia N97 users.

Also, salient quotes for those who don't wish to give these assholes any more hits:

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.

It doesn't stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment. A call to Rahm Emanuel's office at the White House has not be returned.

[....]

****** Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application. The security researchers were able to guess a large swath of ICC IDs by looking at known iPad 3G ICC IDs, some of which are shown in pictures posted by gadget enthusiasts to Flickr and other internet sites, and which can also be obtained through friendly associates who own iPads and are willing to share their information, available within the iPad "Settings" application.

To make AT&T's servers respond, the security group merely had to send an iPad-style "User agent" header in their Web request. Such header identify users' browser types to websites.

[turtle777]

So they got some email addresses from AT&Ts server.

I don't see how this is specific to the iPad though.
Shouldn't that have worked with any 3G device on AT&Ts network ?

-t

[Kerrigan]

I don't think this is Apple's fault either. But Gawker is obviously spinning this story for maximum negative impact.

[scaught]

Gawker's ass is hurting because apple wouldn't let them into the WWDC to see the stevenote.

At some point in the iphone debacle (besides a few other examples of shit journalism) I stopped going to gizmodo. I was wondering today if anything changed. Apparently not.

Clickbait headline if I ever saw one.

OH. And the story is written by the journalist who got all snippy with Jobs, without identifying himself as being with the media. Cute.

[Spheric Harlot]

They probably saw their hits drop off to quite a bit below what they were before the iPhone theft, once the initial brouhaha was over.

[scaught]

I would imagine so. They were asking people going to the stevenote to feed them info. They ended up just reposting stuff from other websites feeds. What a joke.

[slugslugslug]

Yeah, I can see how Apple people would be rightly annoyed or even, as Gawker says, embarrassed about this. But the article’s title—calling the breach Apple’s—is downright misleading.

[osiris]

I posted in the other thread, but the media needs to get their sh*t together before yelling out "Apple's worst security breech" and stuff like "suffered another embarrassment" (what was the first embarrassment?) Gawker sucks.

[Eriamjh]

Since when is an email address a security breach?

[Cold Warrior]

Originally Posted by osiris 

I posted in the other thread, but the media needs to get their sh*t together before yelling out "Apple's worst security breech" and stuff like "suffered another embarrassment" (what was the first embarrassment?) Gawker sucks.

Steve's point about not wanting a nation of bloggers seems apt.

[imitchellg5]

Originally Posted by Eriamjh 

Since when is an email address a security breach?

Are you being sarcastic? It's always been a breach. Hackers like this make millions off of selling email addresses to spammers.

[::maroma::]

Its a security breach because it was information that was supposed to be secure. It could've been iPad users' favorite colors or hair color or any other piece of information, but if it was supposed to be secured and someone got to it, then its a security breach.

[scaught]

Originally Posted by imitchellg5 

Are you being sarcastic? It's always been a breach. Hackers like this make millions off of selling email addresses to spammers.

Millions? I can buy 200,000,000 email addresses for $300. Buy Email Address Lists - Buy 200 million email address list Purchase Email Marketing Email Address Lists

i know what you're saying, but ...

[scaught]

Originally Posted by osiris 

I posted in the other thread, but the media needs to get their sh*t together before yelling out "Apple's worst security breech" and stuff like "suffered another embarrassment" (what was the first embarrassment?) Gawker sucks.

Who do you think got more clicks? The people who put apple in the headline or the people who put at&t in the headline?

[Laminar]

Technology - Bits Blog - NYTimes.com

I added the spaces.

The hacking group, G o a t s e Security, found that a program on AT&T’s Web site, when given an iPad’s ID number, would return the owner’s e-mail address. It used a script that could guess IDs and collect the associated e-mail addresses. The group eventually notified AT&T of the breach, and the security hole was closed.

[besson3c]

Originally Posted by Spheric Harlot 

Apple has absolutely nothing to do with this, other than that the hackers singled out the iPads' ICC IDs because they were easy to guess.

They could just as easily have pulled out all Sony-Ericsson or Nokia N97 users.

Also, salient quotes for those who don't wish to give these assholes any more hits:

What makes them assholes?

[imitchellg5]

Originally Posted by scaught 

Millions? I can buy 200,000,000 email addresses for $300. Buy Email Address Lists - Buy 200 million email address list Purchase Email Marketing Email Address Lists

i know what you're saying, but ...

Millions per year, sure.

[Spheric Harlot]

Originally Posted by Eriamjh 

Since when is an email address a security breach?

You don't do privacy, do you?

[Spheric Harlot]

Originally Posted by besson3c 

What makes them assholes?

Read the other thread on this.

Re: CES prank, iPhone prototype theft and fencing, whining about not being allowed in anymore, and now sensationalising this as an iPad problem. Their article is a blatant attempt to damage Apple out of a juvenile sense of revenge.

[besson3c]

Originally Posted by Spheric Harlot 

Read the other thread on this.

Re: CES prank, iPhone prototype theft and fencing, whining about not being allowed in anymore, and now sensationalising this as an iPad problem. Their article is a blatant attempt to damage Apple out of a juvenile sense of revenge.

It's business. Why use such strong language in moral/personal terms? They are just a company, as is Apple. This is what companies do, no? Do you really think that Apple doesn't pull underhanded stunts of their own?

[Spheric Harlot]

No, this is not what companies do. It's what dumb kids do before they grow out of it.

Brian will get slammed for extortion, and that other guy will probably be convicted of fencing stolen goods.

Exposing the name of the engineer who lost the phone isn't "what businesses do", either. That's simply people being complete assholes, and they would have got charged with privacy violations, had they pulled that idiocy in Europe.

"Companies" generally have legal counsel. These guys are kids thinking they're running a business.

[besson3c]

Fair enough, I thought that Gawker was bigger than that.

[Love Calm Quiet]

[QUOTE=Spheric Harlot;3976183
"Companies" generally have legal counsel. These guys are kids thinking they're running a business.[/QUOTE]

Companies that will survive in long run at least have a legal *clue*.

And, @besson: Bigger than what? The entire "found"/stolen iPhone reeked of "pulled off by a 'gang that couldn't shoot straight.' " They're great at garnering publicity. But I'll never look to them for anything approaching journalism (let alone integrity).