Ping, Apple's music social network, already plagued with spammers

Posted:
in iPod + iTunes + AppleTV edited January 2014
Spammers have wasted no time in flocking to Apple's new music-related social media service integrated within iTunes 10, Ping, which does not feature any protective filtering measures.



Security firm Sophos noted on its blog this week that Ping has been "drowning in scams and spams" since it launched on Wednesday. Since Ping does not feature spam or URL filtering, some have flooded the profiles of popular artists like Katy Perry.



Most of the spam, appropriately, is offering users Apple products, with links claiming to offer free iPhones and other devices in exchange for filling out a survey.



"If half as many free iPads, iPhones and iPods were being given away as Ping comments might lead you to believe, there will be no reason to bother with going to an Apple Store," wrote Chester Wisniewski, security expert with Sophos. "But if you actually want an Apple device, my advice is to go out and buy one, as filling out surveys will likely only end in tears."



While spam appears to be coming through regularly, Apple does prevent profile pictures from being uploaded without approval. The report noted that it is "quite easy" to create bogus accounts for Ping, because no credit card information is required.



Ping has already been involved in a minor controversy as well, as the site suggested it offered Facebook connectivity when it first launched, only for the feature to be inactive. Reports have indicated that is because Facebook blocked API access to Ping after the company failed to reach an agreement with Apple, as the website demanded "onerous terms" from the iTunes maker, Chief Executive Steve Jobs said.







While Ping is susceptible to spammers, iTunes 10 does pack a number of important security features. Sophos noted that the latest update patches 13 separate vulnerabilities in the WebKit components used to render the media suite for Mac and Windows.



Apple introduced Ping at its iPod-centric keynote on Wednesday. On Ping, users can "follow" artists and friends, and iTunes will populate a customized top 10 list that represents what those people are downloading. The service also allows users to see what local concerts are coming, and inform their friends that they will be attending.



The appeal to spammers is easy to see: Ping is open to over 160 million customers that already have active iTunes accounts with credit cards, a fact that Jobs noted Wednesday during his presentation.
«134567

Comments

  • Reply 1 of 140
    This was totally expected and as the service grows, I suspect Apple will adjust accordingly.
  • Reply 2 of 140
    Quote:
    Originally Posted by ghostface147 View Post


    This was totally expected and as the service grows, I suspect Apple will adjust accordingly.



    If this was "totally expected," then why wasn't the issue dealt with proactively?
  • Reply 3 of 140
    Quote:
    Originally Posted by smerch View Post


    If this was "totally expected," then why wasn't the issue dealt with proactively?



    That's like asking "if they knew the computer software was going to get hacked, why didn't they deal with it proactively". It's an inevitable fact. You deal with it as it comes. And it will probably always need to be patched at some point.
  • Reply 4 of 140
    Quote:
    Originally Posted by storneo View Post


    That's like asking "if they knew the computer software was going to get hacked, why didn't they deal with it proactively". It's an inevitable fact. You deal with it as it comes. And it will probably always need to be patched at some point.



    No, it's nothing like that.
  • Reply 5 of 140
    antkm1antkm1 Posts: 1,441member
    I just have to laugh; too funny. Welcome to social media Apple!
  • Reply 6 of 140
    Just what we need, another opportunity for spammers.

    I haven't even upgraded to iTunes 10, but I'm just hoping you can avoid even having Ping.
  • Reply 7 of 140
    God I hate spammers...
  • Reply 8 of 140
    they can claim almost huge amount of growth in active users in only 2 days!!! (lol)



    on a side note, i would think Apple would have set up a system to stop this by now
  • Reply 9 of 140
    Quote:
    Originally Posted by old-wiz View Post


    Just what we need, another opportunity for spammers.

    I haven't even upgraded to iTunes 10, but I'm just hoping you can avoid even having Ping.



    You have to activate it from within iTunes, it is not automatically on when you upgrate to

    v10. Thank God.
  • Reply 10 of 140
    Apple has always had their head in their butt when it comes to security. They have gotten away with this by being a niche market. One day they are going to get bitten so badly it's gonna really hurt.



    But this is what you get when you can't partner with existing services and you have such a huge ego you feel you can do everything better yourself. Right Steve?
  • Reply 11 of 140
    Social media through an iTunes application is not all that useful, it must be accessable from any browser at anytime. I guess we have to wait for cloud iTunes then.
  • Reply 12 of 140
    There's a special place in Hell reserved for spammers.
  • Reply 13 of 140
    nkhmnkhm Posts: 928member
    Has anyone here received any spam on Ping?



    No one follows me that I don't want, I only follow artists I'm interested in. No spam here.



    Plagued? After 48 hours?! More FUD from a "security" company trying to boost their profile/revenue.
  • Reply 14 of 140
    Quote:
    Originally Posted by Blackintosh View Post


    Apple has always had their head in their butt when it comes to security. They have gotten away with this by being a niche market. One day they are going to get bitten so badly it's gonna really hurt.



    one day, SJ is gonna be working and someone is going to tell them that PC (a mac is indeed a Personal Computer) just got hacked, and that all upgrade plans are now released online (in 3 months, we add a flash to itouch, then hm a third camera to iphone, then decide to make the ipod nano go back to its 2nd/3rd gen form, add the bottoms back on and call it revolutionary, ewtc)



    on that note, it is really true that Apple is going to spend money on security, maybe they will also bump up there R&D depatment's burget up, to look for a way to make everyone use iOS and move away from OSX to make it cheaper (the last part, was a joke)
  • Reply 15 of 140
    nkhmnkhm Posts: 928member
    Quote:
    Originally Posted by bloggerblog View Post


    Social media through an iTunes application is not all that useful, it must be accessable from any browser at anytime. I guess we have to wait for cloud iTunes then.



    Why must it?
  • Reply 16 of 140
    nkhmnkhm Posts: 928member
    Quote:
    Originally Posted by old-wiz View Post


    Just what we need, another opportunity for spammers.

    I haven't even upgraded to iTunes 10, but I'm just hoping you can avoid even having Ping.



    Yes, it's entirely opt-in. And for the record - no spam here. Feel more secure on here than Facebook and know exactly who can see me.
  • Reply 17 of 140
    Quote:
    Originally Posted by storneo View Post


    That's like asking "if they knew the computer software was going to get hacked, why didn't they deal with it proactively". It's an inevitable fact. You deal with it as it comes. And it will probably always need to be patched at some point.



    Nice fantasy world you live in. So if you own a car do you just drive it until it stops working then take it into the repair shop so they can completely replace the seized engine, or do you proactively take it to a mechanic or dealer for regular oil changes & other maintenance in order to avoid that outcome?



    If it's an inevitable fact that a service like Ping is going to become a spammer haven then Apple should have designed it from day 1 to address that issue. Things like automated filtering/deletion of spammy submissions, an easy way for users to report spammy posts/links that can automatically flag/hide posts for review, limiting the amount of posts a user/account can make in a period of time, ensuring that a user/account isn't posting the same (or very identical) message multiple times, etc. should have been built into Ping from the very beginning.



    There's been decades worth of research on identifying and dealing with spam in e-mail, blog postings, forums like this one, chat systems (IRC, AIM) etc. that Apple could have easily used as a base to build upon when adding anti-spam support into Ping. It appears that either they didn't at all or they didn't do it effectively.
  • Reply 18 of 140
    Quote:
    Originally Posted by nkhm View Post


    Has anyone here received any spam on Ping?



    No one follows me that I don't want, I only follow artists I'm interested in. No spam here.



    Plagued? After 48 hours?! More FUD from a "security" company trying to boost their profile/revenue.



    Quote:
    Originally Posted by nkhm View Post


    Yes, it's entirely opt-in. And for the record - no spam here. Feel more secure on here than Facebook and know exactly who can see me.



    Just remember that you =/= world.



    And why does 48 hours seem so impossible? If it is as easy to create a fake Ping user as the report says, then spammers can easily create a program that does it repeatedly and automatically.



    Spammers have been around for a long time and 48 hours is way more time than they need to bog down a system.
  • Reply 19 of 140
    Quote:
    Originally Posted by bloggerblog View Post


    Social media through an iTunes application is not all that useful, it must be accessable from any browser at anytime. I guess we have to wait for cloud iTunes then.



    Actually, it makes sense that Apple is restricting their "social media" concept to iTunes. They're not trying to be another FaceBook?a community for anyone and everyone. It's a "niche" community of music lovers and fans (and perhaps?hopefully?eventually, book and movie lovers as well). If they open it up to "any browser at any time", they run into all sorts of issues regarding security, browser compatibility, hardware compatibility, etc. If it's kept in the iTunes fold, then there's the assurance that if iTunes works on the user's computer, then Ping will work as well.
  • Reply 20 of 140
    Quote:
    Originally Posted by nkhm View Post


    Why must it?



    So you can correspond and communicate anytime (internet cafe cell-phone etc), otherwise it's just a gimmik.
Sign In or Register to comment.