“Incredibly sloppy security at one of Apple’s key suppliers exposed some of Cupertino’s most closely guarded secrets to anybody who could conduct a simple Google search,” Leander Kahney reports for Cult of Mac. “For months, one of Quanta Computer‘s internal databases could be accessed using usernames and a default password published in a PowerPoint presentation easily found on the Web.”
“The path to Quanta’s database started last September when, on the eve of the big Apple Watch launch event, an anonymous Reddit user posted drawings and details of the super-secret device,” Kahney reports. “The images showed a chunky square housing in two different sizes. Up to this point, no definitive leaks had occurred, and the Apple community was skeptical. It didn’t look like an Apple device. But the leak turned out to be true, and predicted many details revealed by Apple the following day.”
“The information was gleaned from photographs of one of Quanta’s internal PowerPoint presentations. The document is not the only one floating around online, either: Several other confidential Quanta documents have been published online, and at least one gives details and login information for an internal Quanta database containing detailed schematics that appear to show other upcoming Apple products,” Kahney reports. “The details can be found with a simple Google search.”
Read more in the full article here.
Wow, I hope someone plugs this leak soon.
Sloppy security. That’s what they are calling it? It sounds like a purposeful leak, weather Apple wanted it to happen or not. AKA corporate espionage.
whether
As I chatter on about below, plain old blundering, often willful blundering, cannot be underestimated.
It would not be the first time that rumors which did not seem credible turned out to be true and rumors which seemed credible turned out to be false. Makes one wonder.
Cult of Mac, DigiTimes, The Onion; I don’t know which one is the most honest.
“Incredibly sloppy security at one of Apple’s key suppliers exposed some of Cupertino’s most closely guarded secrets to anybody who could conduct a simple Google search,” : Well at least it is still secure enough to keep analysts and jouranalysts out.
Understanding computer security, as with understanding computer networking, is convoluted, complicated and rarely intuitive. Most people don’t want to have to bother with this stuff and they don’t. The consequences have been blatantly evident for well over a year now.
I think the detailed history of the Target security hack is going to be considered classic. They invested time and money to prevent being hacked, got hacked anyway, knew they’d been hacked, turned away and ignored it, it swiftly ballooned into an all out catastrophe beyond human comprehension. Then Target lied their butts off about the entire situation and tried to scapegoat it on magnetic stripe cards, which had NOTHING to do with it. Willful ignorance followed by deceitful obfuscation. The customers are the huge losers.
In the case here, Apple the customer is the huge loser.
This is exactly what happened at Target. This is exactly what happened at Home Depot. The main company’s servers were not directly vulnerable. But their suppliers were hackable. If you work for a company that has suppliers (if you have any sort of supply chain) and you have secrets you want to protect, you better make sure your suppliers are on top of their game. You might also want to have a pre-nup with your suppliers that if your secrets are stolen as a result of their breaches, not only are they spanked until their ischial tuberosities are exposed and bloody, but they own you $100 million.