MacDailyNews Take: Gawker owns Gizmodo, which may or may not explain why Tate tries to claim that Apple has suffered an embarrassment when it was AT&T’s security that was breached.
Tate continues, “The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel’s information was compromised.”
MacDailyNews Take: Again, Gawker owns Gizmodo, which may or may not explain why Tate maladroitly drops in the non-sequitur about how an “Apple employee lost an iPhone prototype in a bar.” It may also explain his use of the word “lost” as opposed to “stolen and fenced.”
Tate continues, “It doesn’t stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed.”
“Goatse Security obtained its data through a script on AT&T’s website, accessible to anyone on the internet,” Tate reports. “When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application.”
Tate reports, “Exacerbating the situation is that AT&T has not yet notified customers of the breach, judging from the subscribers we and the security group contacted, despite being itself notified at least two days ago. It’s unclear of AT&T has notified Apple of the breach… Mobile security consultant and Nokia veteran Emmanuel Gadaix told us that while there have been “vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID… as far as I know, there are no vulnerability or exploit methods involving the ICC ID. Another expert, white hat GSM hacker and University of Virginia computer science PhD Karsten Nohl, told us that while text-message and voice security in mobile phones is weak “data connections are typically well encrypted… the disclosure of the ICC-ID has no direct security consequences.”
Full article here.
MacDailyNews Take: Yet another screw up by AT&T used by Gawker to smear Apple. Wholly unsurprising.
[Thanks to MacDailyNews Readers “Fred Mertz” and “Steve” for the heads up.]
My comment to the Gawker article was never posted. They post an obviously targeted libelous article against Apple, no doubt because of sour grapes over having their head handed to them at Gizmodo.
(Gawker owns Gizmodo!)
And then they censor the comments so that real user opinions don’t get through.
Gawker and Gizmodo have lost all journalistic credibility, and I hope their ulterior-based “news” will result in further valid legal troubles for them. They are playing with fire and likely only making things worse for themselves.
Good!
although it’s possible that confidential information about every iPad 3G owner in the U.S. has been exposed.”
WTF
I’m to stupid to know exactly what that means.So EVERYTHING someone did on their i-Pad can be tracked, with NO privicy? The e-mail name is known to hackers? So, someone can get their name, address, email name, and whatever else?
Will just giving a person a new email name totaly solve the problem? I don’t get it.
And guess what? What’s this got to do with MS. So, it was (is?) an i-Pad problem, not a Windows 7 problem? Someone needs to get kicked in the…. uhhh