Most novice programmers seldom see the necessity of drawing a flowchart - Rodney Zaks - Programming the Z80
|
|
|
Ipad users exposed by AT&T security breach
US MOBILE NETWORK AT&T has admitted that a security blunder in its system exposed the email addresses of apparently more than 100,000 users of Apple's Ipad.
The security breach could make shedloads of Ipad users vulnerable to attack. The disclosure of private data only affected iPad users who signed up for AT&T's 3G wireless Internet service.
The problem was caused by Ipad punters having to sign up to AT&T's mobile network service. An AT&T website gathered users' email addresses to enable them to login, based on unique codes contained in the SIM cards.
However a hacker group, Goatse Security discovered a weakness and managed to trick AT&T's website into coughing up more than 114,000 e-mail addresses. Some of the email addresses included famous media personalities and government officials.
Goatse Security told the Associated Press that the group contacted AT&T and waited until the vulnerability was fixed before going public with the information.
AT&T denies this and said that the problem was fixed after it had a call from a business customer. It said it will notify all Ipad users whose e-mail addresses may have been accessed.
The hack does cause some problems for Apple and its Ipad. Although the hackers only got a person's email address, they know that the person receiving the email is an Ipad user and an AT&T customer and would expect to receive email from Apple and AT&T about their accounts.
This means that hackers might be able to trick users into opening emails that plant tailor made malicious software on their Ipads.
Apple has refused to comment, effectively implying that it is all AT&T's problem. µ
Share this:
Share
nobody spotted "goatse security"? And here I was thinking I was read the inquirer.
...pretty much. Yes, on several sites. Different passwords, mostly. For several that don't much matter, it's... I'll say "powergen-italia", which it isn't.
Would another news website award me a FAIL icon for doing that?
@dan
spot on.
Actually, Robert, considering that your e-mail address is your username for a lot of services, and a lot of people use the username portion of their e-mail address as their username for other services, I'd say it's a big deal. Having a list of usernames is halfway home to breaking into any given password-based service. Now all you need is a dictionary list and you can start systematically checking those usernames/addresses against all sorts of sites.
Once again, problem is *allowed* by unlimited tries against a password system. (In this case, semi-random names.) Boy, did I get a wrong impression from movies of the 80's where computers had intrusion detection to alert on such multiple attempts.
By the way, some BIG names were snagged by this, though don't know that any have been bothered.
1. Sending e-mail.
2. Receiving e-mail.
3. HAVING an e-mail account, a name, and an Internet provider. (robert.carnegie@fictitious-example.com)
(It's an uncommon name, but there are at least half a dozen of us. If you're John Smith, you're spammed five seconds after someone registered the domain.)
4. Having an unsecured wireless network that reaches out to the street when Google Street View drives by. Until recently. So they claim.
Your e-mail address isn't a great secret.
What doesn't expose your e-mail address...
1. Having the word "spam" or "nospam" in your actual address. Some researcher noticed that you get filtered out of evil e-mail lists. It isn't worth the bad guys' trouble to figure it out.
2. Apparently .mil users are pretty safe too. (Same guy.)
"Ipad users exposed by AT&T security breach"
So they were caught with their pants down?
I suppose the guys who did this (being known as goatse) and the connotations their name invokes would see this title as a little ironic :)