Why I’ll never have an iPad, or iPhone: Apple’s security just sucks.

‘Brute force’ script snatched iPad e-mail addresses: The harvesting of over 100,000 iPad 3G owners’ e-mail addresses was not a hack or a classic data breach, but a brute force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday. According to New York-based Praetorian Security Group, which obtained a copy of the PHP script used to scrape e-mail addresses from AT&T’s servers, the attack succeeded because the mobile carrier used poorly-designed software. A nine-person hacking group known as Goatse Security claimed responsibility for the script, which amassed 114,000 e-mail addresses. “There’s no hack, no infiltration, and no breach, just a really poorly-designed Web application that returns e-mail address when ICC-ID is passed to it,” Praetorian said in a late Wednesday entry on its security blog. An ICC-ID (Integrated Circuit Card Identifier) is the unique number assigned to each SIM card. … AT&T has turned off access to the feature Tuesday…. It also said that only e-mail addresses linked to each ICC-ID, not financial information or other personal data has been snatched from its servers. [Date: 10 June 2010; Source: http://www.computerworld.com/s/article/9177921/]

About The Pissed Off Tree Rat

http://pissedofftreerat.com/
This entry was posted in General and tagged , , , . Bookmark the permalink.

Leave a comment, or the Zombies will eat you........

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s