or Connect
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Ping, Apple's music social network, already plagued with spammers
New Posts  All Forums:Forum Nav:

Ping, Apple's music social network, already plagued with spammers

post #1 of 137
Thread Starter 
Spammers have wasted no time in flocking to Apple's new music-related social media service integrated within iTunes 10, Ping, which does not feature any protective filtering measures.

Security firm Sophos noted on its blog this week that Ping has been "drowning in scams and spams" since it launched on Wednesday. Since Ping does not feature spam or URL filtering, some have flooded the profiles of popular artists like Katy Perry.

Most of the spam, appropriately, is offering users Apple products, with links claiming to offer free iPhones and other devices in exchange for filling out a survey.

"If half as many free iPads, iPhones and iPods were being given away as Ping comments might lead you to believe, there will be no reason to bother with going to an Apple Store," wrote Chester Wisniewski, security expert with Sophos. "But if you actually want an Apple device, my advice is to go out and buy one, as filling out surveys will likely only end in tears."

While spam appears to be coming through regularly, Apple does prevent profile pictures from being uploaded without approval. The report noted that it is "quite easy" to create bogus accounts for Ping, because no credit card information is required.

Ping has already been involved in a minor controversy as well, as the site suggested it offered Facebook connectivity when it first launched, only for the feature to be inactive. Reports have indicated that is because Facebook blocked API access to Ping after the company failed to reach an agreement with Apple, as the website demanded "onerous terms" from the iTunes maker, Chief Executive Steve Jobs said.



While Ping is susceptible to spammers, iTunes 10 does pack a number of important security features. Sophos noted that the latest update patches 13 separate vulnerabilities in the WebKit components used to render the media suite for Mac and Windows.

Apple introduced Ping at its iPod-centric keynote on Wednesday. On Ping, users can "follow" artists and friends, and iTunes will populate a customized top 10 list that represents what those people are downloading. The service also allows users to see what local concerts are coming, and inform their friends that they will be attending.

The appeal to spammers is easy to see: Ping is open to over 160 million customers that already have active iTunes accounts with credit cards, a fact that Jobs noted Wednesday during his presentation.
post #2 of 137
This was totally expected and as the service grows, I suspect Apple will adjust accordingly.
post #3 of 137
Quote:
Originally Posted by smerch View Post

If this was "totally expected," then why wasn't the issue dealt with proactively?

That's like asking "if they knew the computer software was going to get hacked, why didn't they deal with it proactively". It's an inevitable fact. You deal with it as it comes. And it will probably always need to be patched at some point.
post #4 of 137
I just have to laugh; too funny. Welcome to social media Apple!
post #5 of 137
Just what we need, another opportunity for spammers.
I haven't even upgraded to iTunes 10, but I'm just hoping you can avoid even having Ping.
post #6 of 137
God I hate spammers...

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply

Do not overrate what you have received, nor envy others.
15" Matte MacBook Pro: 2.66Ghz i7, 8GB RAM, GT330m 512MB, 512GB SSD

iPhone 5 Black 32GB

iPad 3rd Generation, 32GB

Mac Mini Core2Duo 2.26ghz,...

Reply
post #7 of 137
they can claim almost huge amount of growth in active users in only 2 days!!! (lol)

on a side note, i would think Apple would have set up a system to stop this by now

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply
post #8 of 137
Quote:
Originally Posted by old-wiz View Post

Just what we need, another opportunity for spammers.
I haven't even upgraded to iTunes 10, but I'm just hoping you can avoid even having Ping.

You have to activate it from within iTunes, it is not automatically on when you upgrate to
v10. Thank God.
post #9 of 137
Apple has always had their head in their butt when it comes to security. They have gotten away with this by being a niche market. One day they are going to get bitten so badly it's gonna really hurt.

But this is what you get when you can't partner with existing services and you have such a huge ego you feel you can do everything better yourself. Right Steve?
post #10 of 137
Social media through an iTunes application is not all that useful, it must be accessable from any browser at anytime. I guess we have to wait for cloud iTunes then.
bb
Reply
bb
Reply
post #11 of 137
There's a special place in Hell reserved for spammers.
"Don't be a dick!"Wil Wheaton
Reply
"Don't be a dick!"Wil Wheaton
Reply
post #12 of 137
Has anyone here received any spam on Ping?

No one follows me that I don't want, I only follow artists I'm interested in. No spam here.

Plagued? After 48 hours?! More FUD from a "security" company trying to boost their profile/revenue.
post #13 of 137
Quote:
Originally Posted by Blackintosh View Post

Apple has always had their head in their butt when it comes to security. They have gotten away with this by being a niche market. One day they are going to get bitten so badly it's gonna really hurt.

one day, SJ is gonna be working and someone is going to tell them that PC (a mac is indeed a Personal Computer) just got hacked, and that all upgrade plans are now released online (in 3 months, we add a flash to itouch, then hm a third camera to iphone, then decide to make the ipod nano go back to its 2nd/3rd gen form, add the bottoms back on and call it revolutionary, ewtc)

on that note, it is really true that Apple is going to spend money on security, maybe they will also bump up there R&D depatment's burget up, to look for a way to make everyone use iOS and move away from OSX to make it cheaper (the last part, was a joke)

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply
post #14 of 137
Quote:
Originally Posted by bloggerblog View Post

Social media through an iTunes application is not all that useful, it must be accessable from any browser at anytime. I guess we have to wait for cloud iTunes then.

Why must it?
post #15 of 137
Quote:
Originally Posted by old-wiz View Post

Just what we need, another opportunity for spammers.
I haven't even upgraded to iTunes 10, but I'm just hoping you can avoid even having Ping.

Yes, it's entirely opt-in. And for the record - no spam here. Feel more secure on here than Facebook and know exactly who can see me.
post #16 of 137
Quote:
Originally Posted by storneo View Post

That's like asking "if they knew the computer software was going to get hacked, why didn't they deal with it proactively". It's an inevitable fact. You deal with it as it comes. And it will probably always need to be patched at some point.

Nice fantasy world you live in. So if you own a car do you just drive it until it stops working then take it into the repair shop so they can completely replace the seized engine, or do you proactively take it to a mechanic or dealer for regular oil changes & other maintenance in order to avoid that outcome?

If it's an inevitable fact that a service like Ping is going to become a spammer haven then Apple should have designed it from day 1 to address that issue. Things like automated filtering/deletion of spammy submissions, an easy way for users to report spammy posts/links that can automatically flag/hide posts for review, limiting the amount of posts a user/account can make in a period of time, ensuring that a user/account isn't posting the same (or very identical) message multiple times, etc. should have been built into Ping from the very beginning.

There's been decades worth of research on identifying and dealing with spam in e-mail, blog postings, forums like this one, chat systems (IRC, AIM) etc. that Apple could have easily used as a base to build upon when adding anti-spam support into Ping. It appears that either they didn't at all or they didn't do it effectively.
post #17 of 137
Quote:
Originally Posted by nkhm View Post

Has anyone here received any spam on Ping?

No one follows me that I don't want, I only follow artists I'm interested in. No spam here.

Plagued? After 48 hours?! More FUD from a "security" company trying to boost their profile/revenue.

Quote:
Originally Posted by nkhm View Post

Yes, it's entirely opt-in. And for the record - no spam here. Feel more secure on here than Facebook and know exactly who can see me.

Just remember that you =/= world.

And why does 48 hours seem so impossible? If it is as easy to create a fake Ping user as the report says, then spammers can easily create a program that does it repeatedly and automatically.

Spammers have been around for a long time and 48 hours is way more time than they need to bog down a system.
\Apple has always had competition. It's just been in its blind spot.
Reply
\Apple has always had competition. It's just been in its blind spot.
Reply
post #18 of 137
Quote:
Originally Posted by bloggerblog View Post

Social media through an iTunes application is not all that useful, it must be accessable from any browser at anytime. I guess we have to wait for cloud iTunes then.

Actually, it makes sense that Apple is restricting their "social media" concept to iTunes. They're not trying to be another FaceBooka community for anyone and everyone. It's a "niche" community of music lovers and fans (and perhapshopefullyeventually, book and movie lovers as well). If they open it up to "any browser at any time", they run into all sorts of issues regarding security, browser compatibility, hardware compatibility, etc. If it's kept in the iTunes fold, then there's the assurance that if iTunes works on the user's computer, then Ping will work as well.
"Don't be a dick!"Wil Wheaton
Reply
"Don't be a dick!"Wil Wheaton
Reply
post #19 of 137
Quote:
Originally Posted by nkhm View Post

Why must it?

So you can correspond and communicate anytime (internet cafe cell-phone etc), otherwise it's just a gimmik.
bb
Reply
bb
Reply
post #20 of 137
It's me. I'm the spammer. I just really need to get rid of this generic viagra at ultra l0w price$
post #21 of 137
Quote:
Originally Posted by Blackintosh View Post

Apple has always had their head in their butt when it comes to security. They have gotten away with this by being a niche market. One day they are going to get bitten so badly it's gonna really hurt.

But this is what you get when you can't partner with existing services and you have such a huge ego you feel you can do everything better yourself. Right Steve?

Nonsense. The iPod is a niche market? Where are the iViruses for these HUNDREDS of MILLIONS of devices. Apple do take security seriously and from what I've seen are quicker to react that microsoft - I'm aware of issues publicly known in XP that are still not addressed. The worse I've seen from apple is a fortnight for the PDF issue last month. Two weeks isn't all that bad, and from what I heard on line (and we would have heard) this remained unexploited by all except jailbreakme.com.

Updates are all now security signed and you can't install anything or alter the system without manually typing your admin password (if you run as root, then more fool you!).

The argument that "small market share == small risk" is ridiculous. There are a LOT of people who like to damage apple with a very public virus - there hasn't been one for a reason, and that reason has nothing to with having their "head in their butt".

I repeat there has NOT been a virus in the wild on Mac, there have been proof of concepts and bugs, there has even been spyware and malware through third-party software but NO viruses. At ALL, EVER.

and from sophos themselves:

Quote:
While Ping is susceptible to spammers, iTunes 10 does pack a number of important security features. Sophos noted that the latest update patches 13 separate vulnerabilities in the WebKit components used to render the media suite for Mac and Windows.

Apple don't publicly highlight when security is (and continues to be) tightened.

It's a good thing.

General myths believed by windows users - Apple has no virus protection (wrong, it's built into the system) Apple has no firewall (again, in the system) Apple has no security and is easy to hack - simply FUD. It hasn't happened for a reason, people want to do it - plenty of them and they've so far failed.

It annoys companies like sophos, norton, mcafee because they can't sell their products to an ever increasing base of users and so stories like this are spread and blown out of proportion (normally by these self same companies).

Receiving a spam email is not an "attack", nor is it endangering your system in any way. Phishing - if this is the case here - has nothing to do with system security or viruses it's about end user action and is platform irrelevant.

Additionally, Apple approached Facebook, so they didn't try to go it alone...
post #22 of 137
Quote:
Originally Posted by bloggerblog View Post

So you can correspond and communicate anytime (internet cafe cell-phone etc), otherwise it's just a gimmik.

Well I have itunes on my laptop, which is with me at all times. Itunes exists on the iPad, so it's with you at all times, The PING app is on the Ipod and iPhone. Itunes is rumoured to be in the cloud - but personally - a social network about music is only of interest to me when I'm listening to said music. This is a gimmick, it's part of the store and there's nothing wrong with 'gimmicks'. This is about Apple selling more music, nothing more.
post #23 of 137
Quote:
Originally Posted by AppleInsider View Post

Ping has already been involved in a minor controversy as well, as the site suggested it offered Facebook connectivity when it first launched, only for the feature to be inactive. Reports have indicated that is because Facebook blocked API access to Ping after the company failed to reach an agreement with Apple, as the website demanded "onerous terms" from the iTunes maker, Chief Executive Steve Jobs said.

This sort of thing seems to be getting more and more common with Apple. They seem to announce their stuff long before any partners have signed up. Newspapers and magazines are another example. We heard all about how every magazine would be available and how Apple was going to change the whole industry, but the reality is VERY different.

Now Apple announces Facebook functionality before any deal is cut, while at the same time trying to use a public statment by the CEO to vilify Facebook and make them into some sort of greedy bad guys. That sort of negotiation tactic is nasty and amateurish.

This sort of sleazy tactic is far beneath Apple.
post #24 of 137
Quote:
Originally Posted by chronster View Post

It's me. I'm the spammer. I just really need to get rid of this generic viagra at ultra l0w price$

you must be tortured with blunt spoons!
post #25 of 137
Quote:
Originally Posted by storneo View Post

That's like asking "if they knew the computer software was going to get hacked, why didn't they deal with it proactively". It's an inevitable fact. You deal with it as it comes. And it will probably always need to be patched at some point.

But computer software IS dealt with proactively to protect users against hackers. Security is baked-in, from the ground up.

Or not.
post #26 of 137
Quote:
Originally Posted by Newtron View Post

This sort of thing seems to be getting more and more common with Apple. They seem to announce their stuff long before any partners have signed up. Newspapers and magazines are another example. We heard all about how every magazine would be available and how Apple was going to change the whole industry, but the reality is VERY different.

Now Apple announces Facebook functionality before any deal is cut, while at the same time trying to use a public statment by the CEO to vilify Facebook and make them into some sort of greedy bad guys. That sort of negotiation tactic is nasty and amateurish.

This sort of sleazy tactic is far beneath Apple.

Nope, apple don't announce anything far in advance - rumours sites do.

The fact that the facebook thing went so far and was made public suggests that something went wrong at the eleventh hour - it's nothing to do with sleazy tactics and serves only to embarrass Apple. The icons, the functionality would not have been there and tested unless facebook were on board.

On another note, there's nothing at all to stop Apple using the Facebook developer API to introduce 'share' and 'like' buttons on this service as any other commercial service interacting with facebook.
post #27 of 137
Quote:
Originally Posted by Blackintosh View Post

Apple has always had their head in their butt when it comes to security. They have gotten away with this by being a niche market. One day they are going to get bitten so badly it's gonna really hurt.

But this is what you get when you can't partner with existing services and you have such a huge ego you feel you can do everything better yourself. Right Steve?


Losing Google as a partner is likely to hurt them badly in the end. Apple needs search. They got nothing now. They can't do it by themselves, given that they have been trying for years and have yet to implement anything reasonable even in the App Store.

Crawling to Microsoft for Bing is pathetic.
post #28 of 137
Quote:
Originally Posted by Blackintosh View Post

Apple has always had their head in their butt when it comes to security. They have gotten away with this by being a niche market. One day they are going to get bitten so badly it's gonna really hurt.

But this is what you get when you can't partner with existing services and you have such a huge ego you feel you can do everything better yourself. Right Steve?

Total BS, Apple always had excellent security measures in all their devices. It's close to impossible to hack into a Mac without getting physical access prior to your hack attempts.
bb
Reply
bb
Reply
post #29 of 137
Quote:
Originally Posted by Newtron View Post

But computer software IS dealt with proactively to protect users against hackers. Security is baked-in, from the ground up.

Or not.

As new hacks are developed, they can only be dealt with after the event. That's sort of common sense. You do all you can do pro-actively before release and deal with issues as they arise.

Unless you've got a crystal ball?
post #30 of 137
Quote:
Originally Posted by Newtron View Post

Losing Google as a partner is likely to hurt them badly in the end. Apple needs search. They got nothing now. They can't do it by themselves, given that they have been trying for years and have yet to implement anything reasonable even in the App Store.

Crawling to Microsoft for Bing is pathetic.

Yes they have, they've got google, bing and any other search provider you can list- it's all there in google. Providing alternatives is good for the consumer.

Google need apple as much as the inverse. Google betrayed apple and deserve a big slap.

Anyone has the right to release a new technology, or to provide alternatives to existing products and services. To sit on the board of a company obtaining useful inside information and then go into competition with them is frankly despicable. I don't see Apple entering the search market?
post #31 of 137
Quote:
Originally Posted by chronster View Post

It's me. I'm the spammer. I just really need to get rid of this generic viagra at ultra l0w price$

But you're making it hard for yourself. Your prices are too stiff.
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
Believe nothing, no matter where you heard it, not even if I have said it, if it does not agree with your own reason and your own common sense.
Buddha
Reply
post #32 of 137
Quote:
Originally Posted by Futuristic View Post

Actually, it makes sense that Apple is restricting their "social media" concept to iTunes. They're not trying to be another FaceBooka community for anyone and everyone. It's a "niche" community of music lovers and fans (and perhapshopefullyeventually, book and movie lovers as well). If they open it up to "any browser at any time", they run into all sorts of issues regarding security, browser compatibility, hardware compatibility, etc. If it's kept in the iTunes fold, then there's the assurance that if iTunes works on the user's computer, then Ping will work as well.


So you are saying that the lack of browser accessibility is a feature?

Wow.
post #33 of 137
Quote:
Originally Posted by nkhm View Post

As new hacks are developed, they can only be dealt with after the event. That's sort of common sense. You do all you can do pro-actively before release and deal with issues as they arise.

Unless you've got a crystal ball?

The problem with this logic is that it requires a level of protection to begin with to make the new hack develop. If there is no security to begin with, then even the oldest of old attacks will work.

If Apple had no protection to begin with, then the spammers would only need to dig into their already ample closet of spam programs and go at it. If Apple had installed a good deal of spam protection/user flagging from day one, then it would force the spammers to create something new.
\Apple has always had competition. It's just been in its blind spot.
Reply
\Apple has always had competition. It's just been in its blind spot.
Reply
post #34 of 137
Quote:
Originally Posted by Newtron View Post

So you are saying that the lack of browser accessibility is a feature?

Wow.

Nope, something that's missing isn't a 'feature'. Something that's missing is nothing, not included, not a part of the product or service and not needed for it to function as required. Ping is a part of the iTunes store, it requires iTunes.
post #35 of 137
Quote:
Originally Posted by nkhm View Post


Additionally, Apple approached Facebook, so they didn't try to go it alone...

Seemingly, they approached Facebook with an unacceptable offer. Steve already said that Apple was unwilling to pay enough to inspire Facebook to do the deal.
post #36 of 137
Quote:
Originally Posted by AsianBob View Post

The problem with this logic is that it requires a level of protection to begin with to make the new hack develop. If there is no security to begin with, then even the oldest of old attacks will work.

If Apple had no protection to begin with, then the spammers would only need to dig into their already ample closet of spam programs and go at it. If Apple had installed a good deal of spam protection/user flagging from day one, then it would force the spammers to create something new.

So you're suggesting that Apple released this with no protection at all in place? That seems a little far fetched.

I've got more levels of spam protection on my servers than I can list - I still get spam.

The company that produce a system that 100% eradicates all spam will be very, very rich very quickly.

The protection you're talking about doesn't exist yet, so how could it be put in place?

EDIT No doubt the usual filtering will now be added to - lists of IP addresses, server, domains, key strings etc. etc.
post #37 of 137
Quote:
Originally Posted by Newtron View Post

Seemingly, they approached Facebook with an unacceptable offer. Steve already said that Apple was unwilling to pay enough to inspire Facebook to do the deal.

Nope, "seemingly" facebook asked for too much in return, according to "speculation" in the media. We don't know. But the point is, they didn't try to go it alone, there were discussions with Facebook - so your original statement is moot. Apple has made no public statement regarding this issue.
post #38 of 137
Quote:
Originally Posted by nkhm View Post

The icons, the functionality would not have been there and tested unless facebook were on board.



Recent events suggest otherwise.
post #39 of 137
Quote:
Originally Posted by Newtron View Post

Recent events suggest otherwise.

Nope, they don't. What's your logic?
post #40 of 137
Quote:
Originally Posted by nkhm View Post

As new hacks are developed, they can only be dealt with after the event. That's sort of common sense. You do all you can do pro-actively before release and deal with issues as they arise.

Unless you've got a crystal ball?



Are spammers posting to public message boards a "new hack"?

Did Apple "do all you can do pro-actively before release"?
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPod + iTunes + AppleTV
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Ping, Apple's music social network, already plagued with spammers