[新聞] 蘋果開發者網站疑似遭入侵

看板MAC (蘋果Mac)作者Debian (Debian)時間12年前 (2013/07/23 02:55)推噓1(1推 0噓 1→)

留言2則, 2人參與討論串1/1

http://news.cnet.com/8301-13579_3-57594804-37/researcher-apple-developer-site -hack-i-meant-no-harm/ Ibrahim Balic thinks he may be the intruder identified by Apple in an attack against its developer site but says he had no malicious intent. Apple reported Sunday that an "intruder" tried to gain access to developer data last week, prompting the company to take down its Developer Center Web site. The general developer Web site is accessible as always, but the actual Developer Center sites for iOS and OS X remain offline. No names have been revealed in the alleged security breach, but security researcher Ibrahim Balic pinned the blame on himself, claiming that he was merely trying to alert Apple to several vulnerabilities that he discovered on the site. In a lengthy comment to a TechCrunch story posted on Sunday, Balic identified himself as a security researcher who consults for different firms and has started doing research on Apple. In his investigation, he said he found 13 bugs on the Developer site, which he reported to Apple through its bug-reporting site. One of the bugs apparently provided him with access to user data, which he said he immediately reported to Apple. Four hours after he filed his report, he said, the Developer Center shut down. Balic has since attempted to e-mail Apple but has yet to receive a response, he said. In his comment, Balic said that he didn't conduct the research to hurt people and did not try to publish or share the user data with anyone else. He also stressed that he reported the bugs to Apple before he attempted to see if he could get the actual data. CNET has contacted Apple for comment and will update the story if the company responds. Balic's full comment and a video he posted on YouTube appear below: My name is ibrahim Balic, I am a security researcher. You can also search my name from Facebook's Whitehat List. I do private consulting for particular firms. Recently I have started doing research on Apple inc. In total I have found 13 bugs and have reported through http://bugreport.apple.com. The bugs are all reported one by one and Apple was informed. I gave details to Apple as much as I can and I've also added screenshots. One of those bugs have provided me access to users details etc. I immediately reported this to Apple. I have taken 73 users details (all apple inc workers only) and prove them as an example. 4 hours later from my final report Apple developer portal gas closed down and you know it still is. I have emailed and asked if I am putting them in any difficulty so that I can give a break to my research. I have not gotten any respond to this... I have been waiting since then for them to contact me, and today I'm reading news saying that they have been attacked and hacked. In some of the media news I watch/read that whether legal authorities were involved in its investigation of the hack. I'm not feeling very happy with what I read and a bit irritated, as I did not done this research to harm or damage. I didn't attempt to publish or have not shared this situation with anybody else. My aim was to report bugs and collect the datas for the porpoise of seeing how deep I can go within this scope. I have over 100.000+ users details and Apple is informed about this. I didn't attempt to get the datas first and report then, instead I have reported first. I do not want my name to be in blacklist, please search on this situation. I'm keeping all the evidences, emails and images also I have the records of bugs that I made through Apple bug-report. 似乎是上星期發生的事情，不過這星期才有媒體報導出來，看起來似乎是資安人員做的測試，而不是hacker，不過看來這個蟲是需要重視的，不然對開發者而言似乎沒有隱私的保障。看了這個網站下面的回應： http://www.loopinsight.com/2013/07/21/apple-comments-on-developer-site-hack/ 似乎遇到的開發者不少。 -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 111.243.1.100 ※ 編輯: Debian 來自: 111.243.1.100 (07/23 02:55)