Website responsible for Apple and Facebook breaches reportedly discovered

Posted:
in General Discussion edited January 2014
Following Apple's Tuesday announcement that it was hacked by the same group of attackers who compromised Facebook systems late last week, it now appears that the website responsible for hosting the malware has been discovered.

Editor's Note: The website named below should not be visited as its code may still be compromised. It should also be noted that the site has not yet been proven to be the culprit.

iPhoneDevSdk


Citing sources close to the Facebook hacking investigation, AllThingsD reports that iPhoneDevSdk, a site frequented by developers and employees from major tech firms as well as anyone interested in developing for the iPhone, was likely the website that affected users working for Apple and Facebook. The source guesses that malicious code was inserted into the website's HTML and made its way onto affected computers througha Java zero day flaw.

Most notably, Apple on Tuesday and Facebook on Friday revealed that a limited number of computers on their respective networks had been affected by malware installed maliciously through a Java zero day exploit.

Unlike targeted attacks, the purported iPhoneDevSdk method is called a "watering hole" attack, a name derived from the centralized and popular nature of the site which many people visit. The recent Twitter debacle, where over 250,000 accounts were potentially compromised due to the exploit, is also thought to be tied to the website's apparent breach.

?Everyone knows about spearfishing now,? said Facebook's Chief Security Officer Joe Sullivan. ?But being able to target a site on the internet ? it?s a really interesting idea that you could target people from there. You don?t have to get someone to open the email or click on the link.?

While the number of systems compromised remains unknown, the site in question is a popular destination for organizations interested in mobile development for the iPhone platform.

In response to the breach, Apple quickly released an update to Java for OS X that not only patches the previous exploit, but removes the Java web applet for added protection.

Comments

  • Reply 1 of 19


    "The community for the iPhone developer community has been brought to you by an annual grant from the Department of Redundancy Department who provides money to bring this community to you yearly. And by site hits like yours. Thank you."

  • Reply 2 of 19
    The site had been compromised many times before. Several years ago Google had detected malware and was blocking the site.
  • Reply 3 of 19
    O.o
  • Reply 4 of 19
    The site iPhoneDevSdk.com is down and show a gig image with the phrase:

    Maintenance Mode
    The site is currently undergoing maintenance.
  • Reply 5 of 19
    payecopayeco Posts: 580member


    Why does anyone even keep the Java browser plugin enabled in this day and age?

  • Reply 6 of 19

    Quote:

    Originally Posted by payeco View Post


    Why does anyone even keep the Java browser plugin enabled in this day and age?



     


    Because some web application still require it.  For example, On eBay if you want to generate a shipping label and send it to label printer, you have to have Java enabled, 

  • Reply 7 of 19

    Quote:

    Originally Posted by payeco View Post


    Why does anyone even keep the Java browser plugin enabled in this day and age?



     


    Real Estate industry and other such industries use it.

  • Reply 8 of 19
    auxioauxio Posts: 2,717member

    Quote:

    Originally Posted by payeco View Post


    Why does anyone even keep the Java browser plugin enabled in this day and age?



     


    HTML5 as a cross-platform web app replacement for Java still isn't mature enough in many ways.  It's great for dynamic webpage creation (e.g. Facebook), not so great for low level stuff (e.g. networking and controlling devices).  One can argue all they want that companies should just create native apps (I do too), but money is ultimately what decides that argument in most cases.

  • Reply 9 of 19
    payecopayeco Posts: 580member


    When your intellectual property starts getting stolen via corporate espionage by the Chinese having someone recode your web apps in another language (or making them native) starts to look cheap. Not to mention all the national security implications.

  • Reply 10 of 19
    MacProMacPro Posts: 19,718member
    Real Estate industry and other such industries use it.

    Here in central west Florida the MLS is like something out of the last century (IE only) so I am not surprised to hear that. :no:

    Edit: Of course it is something out of the last century ... silly me :)
  • Reply 11 of 19
    solipsismxsolipsismx Posts: 19,566member
    Here in central west Florida the MLS is like something out of the last century (IE only) so I am not surprised to hear that. :no:

    Edit: Of course it is something out of the last century ... silly me :)

    Century 21 is quite ironic.
  • Reply 12 of 19
    lkrupplkrupp Posts: 10,557member

    Quote:

    Originally Posted by payeco View Post


    Why does anyone even keep the Java browser plugin enabled in this day and age?



     


    That's like asking why Flash is still around. Both are vectors for malware yet here they are. People are still bitching about why they can't have Flash on their iOS devices, and Java too. 

  • Reply 13 of 19

    Quote:

    Originally Posted by payeco View Post


    Why does anyone even keep the Java browser plugin enabled in this day and age?



    Ask Cisco, Dell, just about every tech giant out there who refuses to update their web GUI to modern standards & instead chooses to go with the same old horribly ugly & slow Java interface.  


     


    First clue it's time to hire new UI developers, they tell you Java is the way to go.  There is a distinct reason us Network Admins still primarily work in CLI, the GUIs all look like they were created in the early 90s.


     


    With all the recent exploits in Java I'm wondering how it is that Google hasn't long known about these security holes, they are after all fairly intimately familiar with Java.  If Google is finding these flaws & patching kudos to them, but why aren't they sharing?  Oh wait, cause they're in bed with the Chinese government, that's right. ;p

  • Reply 14 of 19

    Quote:

    Originally Posted by lkrupp View Post


     


    That's like asking why Flash is still around. Both are vectors for malware yet here they are. People are still bitching about why they can't have Flash on their iOS devices, and Java too. 



    I don't think people are complaining about that much these days, just java/flash developers & Google loving tech blogs.  The fandroids like to make everyone believe that iOS users can't access most of the web or do anything useful because of these limitations but the reality is the percentage of people actually negatively impacted by lack of flash or java on iOS is like .00099%.  Most of the web that matters to anyone has already been converted to work with iOS or they have an app for that.


     


    Flash is dead, Java looks to be headed that way.  I say it's about time.

  • Reply 15 of 19
    antkm1antkm1 Posts: 1,441member

    Quote:

    Originally Posted by hezetation View Post


     


    With all the recent exploits in Java I'm wondering how it is that Google hasn't long known about these security holes, they are after all fairly intimately familiar with Java.  If Google is finding these flaws & patching kudos to them, but why aren't they sharing?  Oh wait, cause they're in bed with the Chinese government, that's right. ;p



    If they were in bed with the Chinese Gov.  Why would the Chinese Gov. block so much of what google does?

  • Reply 16 of 19


    Originally Posted by antkm1 View Post

    If they were in bed with the Chinese Gov.  Why would the Chinese Gov. block so much of what google does?


     


    Same reason the Chinese government blocks so much else from everyone else with whom they do business. image

  • Reply 17 of 19
    gatorguygatorguy Posts: 24,176member

    Quote:

    Originally Posted by antkm1 View Post


    If they were in bed with the Chinese Gov.  Why would the Chinese Gov. block so much of what google does?



    It was meant as a joke. It's obvious Google and China have had their tussles.

  • Reply 18 of 19
    Safari warned me about the malware on that site months ago. I emailed them, and got no reply. I've not been back to them in ages, since every time I went, I was warned again.
  • Reply 19 of 19

    Quote:

    Originally Posted by darkpaw View Post



    Safari warned me about the malware on that site months ago. I emailed them, and got no reply. I've not been back to them in ages, since every time I went, I was warned again.


     


    A search in Twitter for the (apparently now-disused) @iPhoneDevSDK account (from Daring Fireball's redirect - https://twitter.com/iPhoneDevSDK) reveals conversations other concerned users had with the account holder several months ago (scroll down the tweets to November 15) about Google blacklisting the site as a source of malware.


     


    In the 2 or 3 conversations I read the admin appeared quite complacently relaxed in responding ("Yup, we're aware") - to the situation and had taken steps to redress it, and claimed that Google was simply taking its time (i.e. slow) in changing the listings...


     


    I suppose this type of heads-up is par for the course in an admin's daily work, but hey, the warning signs were there all along...

Sign In or Register to comment.