funsec mailing list archives
Re: Apple's worst security breach: 114, 000 iPad owners exposed
From: Rich Kulawiec <rsk () gsp org>
Date: Sun, 27 Jun 2010 14:28:50 -0400
On Sun, Jun 13, 2010 at 11:19:16AM +1200, Nick FitzGerald wrote:
Most security professionals I've either asked directly about this or with whom it's come up some way or other in conversation (admittedly not a large proportion of all such folk I know), _do_ exactly that. And at least some "more normal" folk I know (i.e. not security professionals) do this too. There are a number of reasons, but commonly having a single "well protected" (by the privacy policies of those companies they trust to share the address with) address is the reason (the other one is tracking who sell, etc addresses and these folk use a separate address for each company/entity that they share contact details with).
I've done this for a very long time. Sometimes the individually-supplied addresses are rather obviously mine; sometimes they're not. And I keep very careful records of which addresses were given to whom. I've also trained some other people to do the same. Sometimes it's very interesting to note that an address given only to A turns up in B's hands...or B's, C's, D's, E's, etc. hands in some instances. There have been any number of fascinating little case studies demonstrating that data is either being sold or stolen or otherwise leaked from numerous operations (some of which predictably claim that this is impossible and that those reporting same must be mistaken, incompetent, senile or lying). For instance, United Airlines has been observed leaking addresses to Brazilian spammers. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Apple's worst security breach: 114, 000 iPad owners exposed, (continued)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Dave Paris (Jun 10)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Dave Dennis (Jun 10)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Joel Esler (Jun 10)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Nick FitzGerald (Jun 10)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Joel Esler (Jun 11)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Dan Kaminsky (Jun 11)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Joel Esler (Jun 11)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Randal T. Rioux (Jun 11)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Nick FitzGerald (Jun 12)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Joel Esler (Jun 13)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Rich Kulawiec (Jun 27)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Jeffrey Walton (Jun 27)
- Re: Apple's worst security breach: 114, 000 iPad owners exposed Joel Esler (Jun 10)