The best way to look for answers on the AT&T/Apple iPad snafu this week is to look for analyses from the experts who cover this technology. Here are some excerpts and links to help figure out what went wrong.
Gregg Keizer at Computer World says: "The hackers who harvested an estimated 114,000 Apple iPad 3G owner e-mail addresses defended their actions Friday as "ethical" and said they did nothing illegal. The hacking group Goatse Security obtained the e-mail addresses using an automated PHP script that collected iPad 3G owners' ICC-ID numbers and associated addresses from AT&T's servers using a publicly-available feature of the carrier's Web site. AT&T disabled the feature last Tuesday, a day before the Valleywag Web site [that was given the info from the hackers] first reported the story.
Gawker Media LLC is the focus of a Wall Street Journal article that is tied into the controversy this week of iPad owners' email addresses. Even thought the FBI, say the WSJ, is looking into Gawker records, it not a focus of the investigation. "Gawker's Valleywag section wrote Wednesday about a glitch in AT&T Inc.'s website that exposed the email addresses of iPad owners, including politicians, military officials and media executives," notes the article.
Information Week's blogger George Hulme through in cut to the chase message on Friday: "Essentially, all that happened is that a security firm managed to brute force a process that returned the correct unique identifier for the iPad and associated e-mail address. Based upon published lists, there were plenty of .gov, .mil, as well as high-level politicians, journalists, and CEOs affected. Our Paul McDougall has an in-depth write-up here. Jim Rapoza blogged earlier today that Cloud Is Real Culprit in iPad/AT&T Security Hole... The "cloud" isn't the culprit at all: AT&T's security and development processes are.
No doubt we will hear more about this in coming days, as well as other security issues for mobile technology.
Sunday, June 13, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment