- Jan 15, 2013
- 12,182
- 35
- 91
Does this mean a new phone announcement?
coming from Apple, that's a fairly extensive answer. I'm surprised they didn't just offer 2-factor authentication and call it a day.Apple Developer Website Update
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, were completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
TM and copyright © 2013 Apple Inc. 1 Infinite Loop, MS 96-DM, Cupertino, CA 95014.
All Rights Reserved / Privacy Policy / My Apple ID
Apple revealed late yesterday that its Developer Center had been forced out of action by "an intruder"—but a researcher has provided evidence to confirm that the downtime was a result of his identification of a security vulnerability.
Apple claimed in a statement that an intruder had attempted to steal personal information about registered developers from the site. But Ibrahim Balic, a security researcher from the UK, claims that he recently found 13 bugs within the website's system which allowed him to secure data from more than 100,000 users.
He claims to have approached Apple with details from 73 user accounts—all Apple employees—to illustrate the flaw, offering to help them fix things. Balic claims Apple's response was to shut down the Developer Center. That happened Tuesday; Apple only issued a statement Sunday.
It certainly seems that Balic's claims match up with events in terms of timing and data collection. Balic himself claims to be “a bit irritated” that Apple has publicly announced the situation as a security breach rather than a constructive piece of research—and it remains to be seen what Apple will do about his involvement. It is, at least, comforting to know that the data isn't being used maliciously.
There are claims the data IS being used maliciously...
coming from Apple, that's a fairly extensive answer. I'm surprised they didn't just offer 2-factor authentication and call it a day.
Hi there,
My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook's Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc.
In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I've also added screenshots.
One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example.
4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this... I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I'm not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first.
I do not want my name to be in blacklist, please search on this situation. I'm keeping all the evidences, emails and images also I have the records of bugs that I made through Apple bug-report.
By Apple? That's to be expected. *rimshot*
No but seriously - you have a link for that? I'm lazy.
We apologize for the significant inconvenience caused by our developer website downtime. We've been working around the clock to overhaul our developer systems, update our server software, and rebuild our entire database. While we complete the work to bring our systems back online, we want to share the latest with you.
We plan to roll out our updated systems, starting with Certificates, Identifiers & Profiles, Apple Developer Forums, Bug Reporter, pre-release developer libraries, and videos first. Next, we will restore software downloads, so that the latest betas of iOS 7, Xcode 5, and OS X Mavericks will once again be available to program members. We'll then bring the remaining systems online. To keep you up to date on our progress, we've created a status page to display the availability of our systems.
If your program membership is set to expire during this period, it will be extended and your app will remain on the App Store. If you have any other concerns about your account, please contact us.
Thank you for your continued patience.