johnnymanson

iPad Exploited

18 posts in this topic

Something was bound to happen sooner or later, and there will be more security flaws in the device itself. However, the headline, "Apple's Worst Security Breach: 114,000 iPad Owners Exposed"; should possibly read, "AT&T Website Flaw Puts iPad Owners at Risk". Apple has very little if anything to do with the ways AT&T designed the back-end functions of their web-sites. Apple will probably demand AT&T use more secure practices in the future. Of course, that's all my opinion and nothing more.

0

Share this post


Link to post
Share on other sites

Poorly written article which is obviously biased trying to blame Apple for this. I'm not going to defend everything that Apple does, but the article doesn't even mention the details until half way down the page and until then it's all about how Apple fucked up. When you finally get to how it was done, it's all at&t's fault for having an insecure website.

0

Share this post


Link to post
Share on other sites

Just saw this on the Drudgereport.

http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed

Looks like AT&T provided an easy method to obtain iPad user information. What effect (if any) does the group think this will have on the general public's perception that Apple is "unhackable?"

I actually think that the "Apple is unhackable" meme is FUD from people who do not like Apple. Part of my job involves supporting mac clients and mac servers. Nobody in the organization or surrounding community thinks that Apple hardware is unhackable. Obviously, judging by the amount of jail broken iPhones, people are cognizant that Apple hardware is hackable. Most folks I know have the realistic opinion that they are slightly more secure because there are less real-world exploits that are taken advantage of in terms of Apple hardware.

Some people waste a lot of time on the apple-haters vs. apple-fan-boys thing. It detracts from real discussion like... Why doesn't Apple speed up their security patch cycle?

Now, about this article, it's just a web app exploit. Doesn't have anything to do with Apple hardware. Every cell has an ICC-ID and every provider tracks that information.

0

Share this post


Link to post
Share on other sites

Something was bound to happen sooner or later, and there will be more security flaws in the device itself. However, the headline, "Apple's Worst Security Breach: 114,000 iPad Owners Exposed"; should possibly read, "AT&T Website Flaw Puts iPad Owners at Risk". Apple has very little if anything to do with the ways AT&T designed the back-end functions of their web-sites. Apple will probably demand AT&T use more secure practices in the future. Of course, that's all my opinion and nothing more.

http://security.goatse.fr/

Weev and those niggers from the GNNAC are up to it again.

Good job guys :D

Edited by Afterm4th
0

Share this post


Link to post
Share on other sites

if anyone cares weev got raided and they found cocaine and LSD when they did for this hack :(

0

Share this post


Link to post
Share on other sites

rule #1 of combining drugs and things which attract attention. Never have more around than you cant drop/eat in a emergency situation. Even if you are so fubar they have to take you to hospital while you loose that rabbit in the headlights look :D

Can they still prosecute you for drugs when theyre inside you???

0

Share this post


Link to post
Share on other sites

rule #1 of combining drugs and things which attract attention. Never have more around than you cant drop/eat in a emergency situation. Even if you are so fubar they have to take you to hospital while you loose that rabbit in the headlights look :D

Can they still prosecute you for drugs when theyre inside you???

I dont know weev THAT well, but I think i know him well enough to say that there were too many drugs to eat all at once HEH!

0

Share this post


Link to post
Share on other sites

Can they still prosecute you for drugs when theyre inside you???

I think they can get you for tampering/destruction of evidence

Edited by emwav
0

Share this post


Link to post
Share on other sites

Now, about this article, it's just a web app exploit. Doesn't have anything to do with Apple hardware. Every cell has an ICC-ID and every provider tracks that information.

it does have to do with apple software though, mostly their app store or w.e. its called i.e. if it was like windows mobile where you can just download programs and install them, you dont broadcast to their special database that you downloaded w.e. program and to charge w.e. account storing all your information, no you just use http/ftp to grab it and install it, no information like that is exchanged at all. if they didnt have an app store like that there would be no exploit like that. as for apple being secure they arent, its only because no one tries. i mean they were executing shell scripts from text messages id have to say that says it all. then again thats what happens when you use cloud computing to do some trivial thing like install programs, and download songs, everybody knows what you do.

0

Share this post


Link to post
Share on other sites

[ve to do with apple software though, mostly their app store or w.e. its called i.e. if it was like windows mobile where you can just download programs and install them, you dont broadcast to their special database that you downloaded w.e. program and to charge w.e. account storing all your information, no you just use http/ftp to grab it and install it, no information like that is exchanged at all. if they didnt have an app store like that there would be no exploit like that. as for apple being secure they arent, its only because no one tries. i mean they were executing shell scripts from text messages id have to say that says it all. then again thats what happens when you use cloud computing to do some trivial thing like install programs, and download songs, everybody knows what you do.

This has very little to do with selling software. AT&T, like other providers, tracks ICC-IDs.

As an aside, the quality and access controls related to the store are not necessarily a bad thing. Cuts down on bad/dangerous applications, cuts down on fraud and most importantly simplifies the process of installing and maintaining applications.

Lastly, I'm assuming people heard about Android doing a remote wipe of an app from the Android store. Now, lets hear the same critics attack the Android store. GO!...

0

Share this post


Link to post
Share on other sites

Something was bound to happen sooner or later, and there will be more security flaws in the device itself. However, the headline, "Apple's Worst Security Breach: 114,000 iPad Owners Exposed"; should possibly read, "AT&T Website Flaw Puts iPad Owners at Risk". Apple has very little if anything to do with the ways AT&T designed the back-end functions of their web-sites. Apple will probably demand AT&T use more secure practices in the future. Of course, that's all my opinion and nothing more.

http://security.goatse.fr/

Weev and those niggers from the GNNAC are up to it again.

Good job guys :D

http://www.babelation.com/content/programmer-detained-after-fbi-search

Lol I was chattin with Kyle about this before the raid took place, the impression I got was that there was no suspicion of any sort of Raid for a public disclosure of the security vuln.

Apparently if you can retrieve gov email addys from service providers thats an automatic raid ticket these days. A little heavy handed too on the part of the gov.

The exploit sort of reminds me of how easy it is to get ISP customer info from Broad band provider websites. Ie guess /enter an address and retrieve a current customer's address as confirmation.

Some ISP sites will even spit more information back out at you, and its even easier to get names for addresses through other sites etc.

Plenty of sites (not just ATT / Apple ) spit out "private" data just by inputing certain identifier information.

0

Share this post


Link to post
Share on other sites

What noob is writing that "critics view"?

I mean, saying he was busted for drugs?

Police reportedly seized less than half a gram of cocaine, one

suspected Ecstasy pill, one oxycodone pill and 19 tabs of

suspected LSD

that is such a minimal amount of drugs. Without the 19 tabs, that is just shit that can be found on the floor in anyone's house. One oxy, one X and 1/2 gram of coke? What kind of fun is that?? Imagine the fucking FBI bothering with that? Dummies.

edit: nevermind, just saw this on "full disclosure".

Just a couple of little bitches.

edit again: Regarding earlier posts about not having more drugs than you can eat in a pinch - considering the dosage of most LSD tabs, eating 19 will be all sorts of fucked up, but it may be relatively safe, all things considered.

Edited by decoder
0

Share this post


Link to post
Share on other sites

What noob is writing that "critics view"?

I mean, saying he was busted for drugs?

Police reportedly seized less than half a gram of cocaine, one

suspected Ecstasy pill, one oxycodone pill and 19 tabs of

suspected LSD

that is such a minimal amount of drugs. Without the 19 tabs, that is just shit that can be found on the floor in anyone's house. One oxy, one X and 1/2 gram of coke? What kind of fun is that?? Imagine the fucking FBI bothering with that? Dummies.

edit: nevermind, just saw this on "full disclosure".

Just a couple of little bitches.

edit again: Regarding earlier posts about not having more drugs than you can eat in a pinch - considering the dosage of most LSD tabs, eating 19 will be all sorts of fucked up, but it may be relatively safe, all things considered.

Be very carefull as to what you believe on the FD mailing list. That link you posted could very well be a spoofed post...

My personal thoughts:

Drugs are awesome

hacking is awesome

weev is a cool guy even tho he does stupid shit and can be really retarded (yes weev, you are fucking retarded.)

0

Share this post


Link to post
Share on other sites

Be very carefull as to what you believe on the FD mailing list. That link you posted could very well be a spoofed post...

Unless the entire FD list is a spoof, those people are totals morons - in a bad way.

I don't know weev at all, but from what I can tell, if he is a retard, it's in a good way. But either way, I wish him well if the feds are trying to fuck him. Even if he is a "criminal" the feds will always be much bigger criminals any day of the week. And anything involving AT&T is almost certainly fraud. There really aren't any bigger scumbags on the planet, and they have a good amount of competition.

0

Share this post


Link to post
Share on other sites

Be very carefull as to what you believe on the FD mailing list. That link you posted could very well be a spoofed post...

Unless the entire FD list is a spoof, those people are totals morons - in a bad way.

I don't know weev at all, but from what I can tell, if he is a retard, it's in a good way. But either way, I wish him well if the feds are trying to fuck him. Even if he is a "criminal" the feds will always be much bigger criminals any day of the week. And anything involving AT&T is almost certainly fraud. There really aren't any bigger scumbags on the planet, and they have a good amount of competition.

I agree 110%.

BTW that post was done when i was pretty drunk. The reason why I say weev is retarded is because he should have hid his drug stash a bit better. You shouldnt do high profile hacks like that unless you are prepared to be raided.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now