[quote name="rjc999" url="/t/158582/apple-says-its-developer-site-was-hacked-but-that-sensitive-data-was-encrypted#post_2365124"]Did you miss the part where they were? If they weren't hacked, Apple would not have taken down the site. [/QUOTE]
Mhmm. Say, the Apple Store goes down a lot. You don't think...
[QUOTE]Apple said they cannot rule out that people's information had been taken...[/QUOTE]
Which is true of any access to any website for any purpose.
Apple said there was an intrusion, I received one of these E-mails myself, so they were hacked as far as the term goes. What they could not confirm was whether the intruder actually accessed any developer data, but regardless, personal data, including my name and home address, was compromised.
Hacking is like fragmentation or malware. All websites/companies get hacked just like all OS's have fragmentation or are subject to malware.
However, it's not black & white. You can have your website disrupted or you can have information stolen (perhaps only a few accounts or things like e-mails all the way up to hackers getting everything as if they had physical access to the server backups).
Nonetheless, this won't stop the trolls from proclaiming this was a serious breach and loss of information just like they claim that Android and iOS are somehow equal in terms of fragmentation or malware.
but regardless, personal data, including my name and home address, was compromised.
Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.
Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.
Similarly, it cannot be said that because you got a password reset e-mail that you were specifically affected.
Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.
I'm not saying the data was accessed, I'm saying its security was compromised.
But at what point is a intruder an intruder? The name suggests that he/she actually got in, now whether or not they were able to access any info is a different story. I see it as someone breaking into a house but upon getting in finds that all the valuables are stored in safes.
Agree. Their web services have been embarassingly bad, since the day of .mac, MobileMe and now iCloud. iCloud syncing works about 70% of the time for me, the rest, it just hangs when trying to upload a document. Siri, after 2 years, is still slow, when Google Now make you think your device is doing magic. And let's not talk about the horrendous download speed from the App Store. Some larger games (like Infinity Blade 2 @ 1.1GB) takes well over a hour to download on my 30Mbps connection.
Oh... and on the new Xcode... it's too flat, and may even be a bit... ugly???
OMG just shut up Nothing you are saying here is relevant to what's going on at all, and most of it is just your personal opinion based on nothing.
But at what point is a intruder an intruder? The name suggests that he/she actually got in, now whether or not they were able to access any info is a different story. I see it as someone breaking into a house but upon getting in finds that all the valuables are stored in safes.
I'll lay it out for you.
1) the site was hacked
2) the nature of the attack was an attempt to access developer's personal information.
3) at some point it was discovered, the big red button was pushed and everything was shut down
4) they are trying to figure out if any information was actually obtained.
Therefore both the title of this article and the phrasing of Apple's email statement are actually correct, and both agree with each other.
5) There is a missing "the" that should be the eighth word of the second sentence of Apple's statement, but I'm guessing whomever wrote it was a little stressed at the time.
Maybe they'll finally hire some excellent Web developers to manage their developer site and online tools. It's always been embarrassing bad compared to all other Apple products and resources. Throw $20 million/year at it and make it a world-class operation.
The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!
Why is the stock always the first thing people think of when it comes to assessing the importance of any issue? Is that the main reason why many here care about Apple?
Sorry to be picky, but the poorly constructed second sentence is shocking. Very un-Apple-like
The company really needs to hire a decent copy editor who vets stuff like this.
Can be easily fixed by replacing the comma in front of "however" to a semi-colon. Quite possibly just a typo. This type of message is likely vetted by a lawyer and not a copy editor.
Apparently, the "intruder" was a "security researcher".
Youtube Video
Edit : Ok I've removed the video because of a complaint from Gazoobee that it was publicity for this guy, even though the video will probably be in a ton of news articles and on Twitter this morning when tech journalists wake up. We will certainly hear more about the guy soon, considering the implications.
Now the video is still quoted in Gazoobee's post at the time of writing this...
Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.
Totally perfect response.
More perfect if they had distributed the message to the developers earlier.
Comments
Using HP machines Azure will never work 100% (or 99.9995% that is acceptable downtime) or be secure.
Apple should use their own Xserve/Unix servers. Not play around.....
Guess its the same old problem:
Old unpatched SSH SQL injection.
Mhmm. Say, the Apple Store goes down a lot. You don't think...
[QUOTE]Apple said they cannot rule out that people's information had been taken...[/QUOTE]
Which is true of any access to any website for any purpose.
[QUOTE]...lots of people...[/QUOTE]
I see one.
Apple said there was an intrusion, I received one of these E-mails myself, so they were hacked as far as the term goes. What they could not confirm was whether the intruder actually accessed any developer data, but regardless, personal data, including my name and home address, was compromised.
Hacking is like fragmentation or malware. All websites/companies get hacked just like all OS's have fragmentation or are subject to malware.
However, it's not black & white. You can have your website disrupted or you can have information stolen (perhaps only a few accounts or things like e-mails all the way up to hackers getting everything as if they had physical access to the server backups).
Nonetheless, this won't stop the trolls from proclaiming this was a serious breach and loss of information just like they claim that Android and iOS are somehow equal in terms of fragmentation or malware.
Quote:
Originally Posted by Epsyco
but regardless, personal data, including my name and home address, was compromised.
Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.
Similarly, it cannot be said that because you got a password reset e-mail that you were specifically affected.
Quote:
Originally Posted by EricTheHalfBee
Wrong. Apple said "some developers names, e-mails and addresses may have been accessed". You can't claim your name and address were accessed because you don't know.
I'm not saying the data was accessed, I'm saying its security was compromised.
Quote:
Originally Posted by Tallest Skil
Yes, because AppleInsider's article titles have always been 100% accurate, word for word representations of
1. reality
2. proper grammar
I don't need a period there. I don't need a temherte slaqî. I don't need any punctuation.
That's fine, anyway. It needed an overhaul; now they have an excuse to take it down all the way to do it!
Thats exactly what this was. It was an opportunity to take down the site lock stock and barrel and put up the new stuff.
But at what point is a intruder an intruder? The name suggests that he/she actually got in, now whether or not they were able to access any info is a different story. I see it as someone breaking into a house but upon getting in finds that all the valuables are stored in safes.
Quote:
Originally Posted by zoffdino
Agree. Their web services have been embarassingly bad, since the day of .mac, MobileMe and now iCloud. iCloud syncing works about 70% of the time for me, the rest, it just hangs when trying to upload a document. Siri, after 2 years, is still slow, when Google Now make you think your device is doing magic. And let's not talk about the horrendous download speed from the App Store. Some larger games (like Infinity Blade 2 @ 1.1GB) takes well over a hour to download on my 30Mbps connection.
Oh... and on the new Xcode... it's too flat, and may even be a bit... ugly???
OMG just shut up Nothing you are saying here is relevant to what's going on at all, and most of it is just your personal opinion based on nothing.
Quote:
Originally Posted by dasanman69
But at what point is a intruder an intruder? The name suggests that he/she actually got in, now whether or not they were able to access any info is a different story. I see it as someone breaking into a house but upon getting in finds that all the valuables are stored in safes.
I'll lay it out for you.
1) the site was hacked
2) the nature of the attack was an attempt to access developer's personal information.
3) at some point it was discovered, the big red button was pushed and everything was shut down
4) they are trying to figure out if any information was actually obtained.
Therefore both the title of this article and the phrasing of Apple's email statement are actually correct, and both agree with each other.
5) There is a missing "the" that should be the eighth word of the second sentence of Apple's statement, but I'm guessing whomever wrote it was a little stressed at the time.
http://www.datacenterknowledge.com/the-apple-data-center-faq-part-3/
His resume says, "I once criticized Apple's security on the Internet."
Quote:
Originally Posted by zoffdino
The breach is not too serious in my opinion. Namand email addreses of developers are not super sensitive information. But I expect Apple stock to tank on Monday. It goes down on good news, bad news, any news!
Why is the stock always the first thing people think of when it comes to assessing the importance of any issue? Is that the main reason why many here care about Apple?
Quote:
Originally Posted by EricTheHalfBee
Hacking is like fragmentation or malware. All websites/companies get hacked just like all OS's have fragmentation or are subject to malware.
No.
Please don't make up stuff if you don't understand something.
I'm immediately thinking "Samsung"
Quote:
Originally Posted by anantksundaram
Sorry to be picky, but the poorly constructed second sentence is shocking. Very un-Apple-like
The company really needs to hire a decent copy editor who vets stuff like this.
Can be easily fixed by replacing the comma in front of "however" to a semi-colon. Quite possibly just a typo. This type of message is likely vetted by a lawyer and not a copy editor.
Apparently, the "intruder" was a "security researcher".
Youtube Video
Edit : Ok I've removed the video because of a complaint from Gazoobee that it was publicity for this guy, even though the video will probably be in a ton of news articles and on Twitter this morning when tech journalists wake up. We will certainly hear more about the guy soon, considering the implications.
Now the video is still quoted in Gazoobee's post at the time of writing this...
Quote:
Originally Posted by charlituna
Yep. They didn't confirm being hacked but rather that someone tried. But they are informing folks just in case and acting under the assumption that if they isn't get in they might have gotten close enough to use what they have for a second attempt.
Totally perfect response.
More perfect if they had distributed the message to the developers earlier.