I don't buy that he's related to the phishing e-mails. I've received Apple phishing e-mails before. I'll bet that all the other scammers see this as a great opportunity to catch some people off guard as many would be worried.
(apparently email addresses are not considered sensitive).
When they use term 'sensitive' they refer to information someone can't easily get by another means
People give out their email addresses all the time. Unlike say your password, credit card info etc
so i guess hackers can do anything if they just say they are security researchers he had no authority to be there so he should not have been there. Do not tamper with other peoples stuff unless authorized is the first rule for security research.
He should have reported the first issue and stopped. Seeing how deep he could go is hacker mentality. I see an arrest in his future. This has not been a small impact to Apple or the developers.
If the guy in the AT&T iPad hacking case was charged and convicted, I don't know how the same standard doesn't apply to this supposed "security researcher".
so i guess hackers can do anything if they just say they are security researchers he had no authority to be there so he should not have been there. Do not tamper with other peoples stuff unless authorized is the first rule for security research.
If you check his email it looks like he's just moonlighting cause doing online market research and advertising isn't going so well
Most of your responses are typical responses that I would expect from Apple the company. Don't thank the guy for exploiting all these security holes. Vilify him! Should he have posted the youtube video before going straight to Apple? probably not. But, God forbid someone with actual evil intent stole all the user data and did something worse with it.
This is eerily similar to the guy a while back that snuck in malware to the app store to prove it could be done and had his developer license revoked. At this point, why would anyone WANT to help Apple avoid their security blunders?
All you misinformed and self-righteous people need to understand what he did is and will always be accepted by the computer science and cryptography community as ethical and legal. There is such a thing as whitehat hacking, where someone does penetration testing on a company/website to see how vulnerable it is against real, malicious hackers. If he had simply hacked the Dev website without taking any proof of sensitive information, then Apple would have most likely down-played this situation as some minor breach with no loss of sensitive material. As for all of you calling for him to be sued, you are what's wrong with America today.
According to the hacker news website below, the reason he went public was because of the way Apple worded their notice that "... an intruder attempted to secure personal information ..."
Apparently he would've preferred if Apple had said something more like, "we were alerted of a possible vulnerability", since he purposely told them about it without having any nefarious intentions.
Quote:
"A UK based security researcher, Ibrahim Balic claims that he reported 13 Vulnerabilities in Apple system, highlighting a hole that could left data from the Developer Center exposed.
For proof of concept, he demonstrated the hack on his own 73 employees while reporting to Apple security team. Though he admits that he was able to hack more than 100,000 users, but he did not hack the system for malicious purposes.
Security researcher is not happy with Apple's Statement, that cited an attempted security breach as the reason for the developer site outage."
<span style="line-height:1.231;">According to the hacker news website below, the reason he went public was because of the way Apple worded their notice that </span>
<span style="line-height:1.231;">"... an intruder attempted to secure personal information ..." </span>
Apparently he would've preferred if Apple had said something more like, "we were alerted of a possible vulnerability", since he purposely told them about it without having any nefarious intentions.
OK but these are all just his claims at this point, right? Has Apple confirmed any of this?
All you misinformed and self-righteous people need to understand what he did is and will always be accepted by the computer science and cryptography community as ethical and legal. There is such a thing as whitehat hacking, where someone does penetration testing on a company/website to see how vulnerable it is against real, malicious hackers. If he had simply hacked the Dev website without taking any proof of sensitive information, then Apple would have most likely down-played this situation as some minor breach with no loss of sensitive material. As for all of you calling for him to be sued, you are what's wrong with America today.
U mean,there is nothing wrong that he utubed the real info ?
I wish people would stop trying to shoot the messenger. In all probability if he were malevolent, we would hear nothing from him. There are always phishing attacks directed at Apple developers which should universally fail. On the other hand this event should allow the minions to do all the things they've wanted and needed to do to improve security.
In any case note that unlike other breaches all sensitive information was encrypted (according to Apple) so it seems this would only help enable phishing attacks which are already prevalent. Except for Apple developers this is just a PR issue. Of course since billions go to developers it is newsworthy but we will see how effective Apple's security has been and how agile the response is.
Comments
Sue his sorry ass. Some people have zero common sense. He deserves whatever comes his way.
I don't buy that he's related to the phishing e-mails. I've received Apple phishing e-mails before. I'll bet that all the other scammers see this as a great opportunity to catch some people off guard as many would be worried.
When they use term 'sensitive' they refer to information someone can't easily get by another means
People give out their email addresses all the time. Unlike say your password, credit card info etc
He should have reported the first issue and stopped. Seeing how deep he could go is hacker mentality. I see an arrest in his future. This has not been a small impact to Apple or the developers.
If the guy in the AT&T iPad hacking case was charged and convicted, I don't know how the same standard doesn't apply to this supposed "security researcher".
Quote:
Originally Posted by charlituna
Quote:
Originally Posted by KDarling
(apparently email addresses are not considered sensitive).
When they use term 'sensative' they refer to information someone can't easily get by another means
People give out their email addresses all the time. Unlike say your password, credit card info etc
Please don't feed the trolls.
If you check his email it looks like he's just moonlighting cause doing online market research and advertising isn't going so well
Quote:
Originally Posted by JollyPaul
Everyone should have a sense of porpoise in life. So long and thanks for all the fish.
+1. Douglas will be chortling in his grave.
Don't thank the guy for exploiting all these security holes. Vilify him! Should he have posted the youtube video before going straight to Apple? probably not. But, God forbid someone with actual evil intent stole all the user data and did something worse with it.
This is eerily similar to the guy a while back that snuck in malware to the app store to prove it could be done and had his developer license revoked. At this point, why would anyone WANT to help Apple avoid their security blunders?
Quote:
Originally Posted by GTR
Sue him.
No ifs, ands, or buts.
Yes, because I am sure the amount Apple can receive from him in relation to its attorney fees are worthwhile.
For what it's worth...
According to the hacker news website below, the reason he went public was because of the way Apple worded their notice that "... an intruder attempted to secure personal information ..."
Apparently he would've preferred if Apple had said something more like, "we were alerted of a possible vulnerability", since he purposely told them about it without having any nefarious intentions.
Quote:
"A UK based security researcher, Ibrahim Balic claims that he reported 13 Vulnerabilities in Apple system, highlighting a hole that could left data from the Developer Center exposed.
For proof of concept, he demonstrated the hack on his own 73 employees while reporting to Apple security team. Though he admits that he was able to hack more than 100,000 users, but he did not hack the system for malicious purposes.
Security researcher is not happy with Apple's Statement, that cited an attempted security breach as the reason for the developer site outage."
http://thehackernews.com/2013/07/apples-developer-center-offline-for-32.html
OK but these are all just his claims at this point, right? Has Apple confirmed any of this?
Quote:
Originally Posted by monstrosity
What an idiot!
If all idiots had the talent to do something similar ...
He wanted to make a name for himself... uh.. I think it worked.
His strategy was flawed, if he wanted Apple to appreciate his abilities.
In any case note that unlike other breaches all sensitive information was encrypted (according to Apple) so it seems this would only help enable phishing attacks which are already prevalent. Except for Apple developers this is just a PR issue. Of course since billions go to developers it is newsworthy but we will see how effective Apple's security has been and how agile the response is.
https://news.ycombinator.com/item?id=6080620