Apple Dev Sites Hacked, Researcher Claims Responsibility

[Andy Chalk]

Apple Dev Sites Hacked, Researcher Claims Responsibility

Apple's Developer sites has been taken offline following a hack which may have exposed developers' names, mailing addresses and/or email addresses.

Point yourself at Apple's Developer portal and try to hit any of the "Dev Centers [https://developer.apple.com/devcenter/ios/index.action]" and you'll be greeted with a friendly message saying, "We'll be back soon." The site was hacked on July 18 and has been offline ever since; Apple said that while all the information accessed in the breach was encrypted, "we have not been able to rule out the possibility that some developers' names, mailing addresses, and/or email addresses may have been accessed."

"In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then," the message states. "In order to prevent a security threat like this from happening again, we're completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon."

Turkish security researcher Ibrahim Balic claimed responsibility for the attack but said he carried it out simply to demonstrate the weakness of Apple's security. "My intention was not attacking. In total I found 13 bugs and reported [them] directly one by one to Apple straight away," he told the Guardian. "Just after my reporting [the] dev center got closed. I have not heard anything from them, and they announced that they got attacked. My aim was to report bugs and collect the datas [sic] for the purpose of seeing how deep I can go with it."

Apple has not commented on Balic's involvement, nor has it given any indication as to when the Developer sites might be back online, but developers whose memberships were set to expire during the downtime will have them automatically extended to make up for the lost time.

Source: The Guardian [https://developer.apple.com/]


Permalink

 

[CriticalMiss]

I see Apple got some website security tips from Sony then. You can't blame them though, it's not like they can afford to have cutting edge security systems.

 

[Vault Citizen]

Is this why I kept getting an email about changing my password?

 

[MorphingDragon]

I see Apple got some website security tips from Sony then. You can't blame them though, it's not like they can afford to have cutting edge security systems.

Cyber Security in practice for the most part is reactive. Unless there was a shocking case of not following the most basic standards (which I doubt) there's not a lot Apple or Sony could've done to prevent the attack happening in the first place .

At least Apple had a reasonable response plan.

 

[mokes310]

Buy an Apple they said. It's immune from security threats they said...

This is the exact kind of thinking that I've been arguing against for the longest time. The system is only as secure as its market penetration allows. The more popular Apple devices become, the more succeptible they will be to malicious attacks. While I'm no fan of Apple or their products, I applaud them on their immediate response (content of said response is a bit suspect).

 

[Strazdas]

Soo its too earnly to celebrate? That guy was actually doign apple a favour?

 

[RicoADF]

I see Apple got some website security tips from Sony then. You can't blame them though, it's not like they can afford to have cutting edge security systems.

It is literally impossible to stop all attacks forever, no matter how good their security is. If a hacker is determined he/she will eventually get in which is why the data is always encrypted. It's the response and how well the corporation reacts that matters. Sony failed badly in that regard, Apple doesn't appear to have done so although it's too early to tell.

 

[Gilhelmi]

There is better ways to "report bugs" then this. We are quickly moving out of the "Wild West" age of the internet. The older the Net gets, the more particular people will get about the law being followed. The days where a 'White hat' hacker can test out a network, and be thanked for it, are dwindling fast.

Soon the Internet will be held to the standards of the rest of society. You can be like Jesse James and get shot by an execution squad (arrested and jailed in these cases), or you can be Wild Bill Hitchcock and start a "traveling interweb show" (to make it sound 'older' be in a cool way to our children and their children. Remember our children will be as dumb as we were at their age.), reliving the glory days. Showing reenacted pirate battles (highly dramatized of course), and the trail blazing "quick-draw-393" who was both a gamer and a woman before women were mainstream (and hear about her, highly dramatized of course, struggles at being accepted). Dang, now I want to start this show. I got a dozen more, equally absurd sounding, features that I can add.

Lament in the past about forgotten glory, or move to the future, for no one can not stop the march of time.

 

[shirkbot]

There is better ways to "report bugs" then this.

Better? Yes. More fun? No. If we're really coming to the end of the "Wild West" period, then I'll smile every time I see something like this, and long after it's over I'll smile at the echoes.