Re: Apple's worst security breach: 114, 000 iPad owners exposed

[Dave Dennis <dmd () speakeasy org>]

On Thu, 10 Jun 2010, David Harley wrote:

> OTOH:
>
> Apple's worst security breach, or a great big hyperbole?
> http://www.sophos.com/blogs/duck/g/2010/06/10/apples-worst-security-breach/

An issue I haven't seen discussed publically yet is that this just created a
nice spear phishing list of targets.  Fake apple updates?  Malware?  Everyone
knows Macs can't get malware <g> so recipients' guard might be down and they
could be induced to click.  hey also might be reading from Windows at work,
particularly the .mil and corp execs.  Thats a pretty rich list to be going
after with targetted malware email attacks.

So I fall somewhere in the "yes, this really is a big deal," and don't mind
Gawker blasting it out public like this.  I don't think it undermines the
message of data security.


-Dave D

> --
> David Harley BA CISSP FBCS CITP
> ESET Research Fellow
>
>
>
> > -----Original Message-----
> > From: funsec-bounces () linuxbox org
> > [mailto:funsec-bounces () linuxbox org] On Behalf Of Juha-Matti Laurio
> > Sent: 10 June 2010 11:34
> > To: funsec () linuxbox org
> > Subject: [funsec] Apple's worst security breach: 114, 000
> > iPad owners exposed
> >
> > "Apple has suffered another embarrassment. A security breach
> > has exposed iPad owners including dozens of CEOs, military
> > officials, and top politicians.
> > They-and every other buyer of the cellular-enabled
> > tablet-could be vulnerable to spam marketing and malicious hacking.
> >
> > The breach, which comes just weeks after an Apple employee
> > lost an iPhone prototype in a bar,
> > exposed the most exclusive email list on the planet, a
> > collection of early-adopter iPad 3G subscribers that includes
> > thousands of A-listers in finance,
> > politics and media, from New York Times Co. CEO Janet
> > Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein
> > to Mayor Michael Bloomberg. It even appears that White House
> > Chief of Staff Rahm Emanuel's information was compromised."
> >
> > http://gawker.com/5559346/apples-worst-security-breach-114000-
> > ipad-owners-exposed?skyline=true&s=i
> >
> > Juha-Matti
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

+-------------------------
+ Dave Dennis
+ Seattle, WA
+ Speakeasy, Inc.
+ dmd () speakeasy net
+ http://www.speakeasy.net
+-------------------------
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.