Digital Spy

Search Digital Spy
 

DS Forums

 
 

Apple hacked - iOS Beta 4 might not appear today


Reply
Thread Tools Search this Thread
Old 22-07-2013, 13:51
JasonWatkins
Forum Member
 
Join Date: Mar 2003
Posts: 41,068

The developer centre specifically

http://www.macrumors.com/2013/07/21/...ve-been-taken/

Read a comment from someone wondering if the loophole allowing iOS7 to be installed on non account holding phones will be closed. Hope not - don't really want to fart around downgrading again now 7 is working so well
JasonWatkins is offline Follow this poster on Twitter   Reply With Quote
Please sign in or register to remove this advertisement.
Old 22-07-2013, 15:15
Mr. Cool
Inactive Member
 
Join Date: Dec 2011
Posts: 1,482
Funny how Apple fans aren't crying foul about this yet a 'signing problem' on Google Play gained lot of traction from them (and was quickly patched).

Apple however kept this fairly large vulnerability quiet for a few days. Which doesn't look good.
Mr. Cool is offline   Reply With Quote
Old 22-07-2013, 15:36
-GONZO-
Forum Member
 
Join Date: Dec 2005
Location: Kent
Posts: 8,014
Funny how Apple fans aren't crying foul about this yet a 'signing problem' on Google Play gained lot of traction from them (and was quickly patched).

Apple however kept this fairly large vulnerability quiet for a few days. Which doesn't look good.
Is there really much to shout about considering its only supposed to be devs that should have access to iOS7 anyway, and the advise given is not to use your main iPhone/iPad while its in beta.
If iOS7 was officially out in to the wild for all then yeah I would most certainly say its much more of an issue to be shouted about.
-GONZO- is offline   Reply With Quote
Old 22-07-2013, 16:00
tdenson
Forum Member
 
Join Date: Aug 2005
Posts: 3,080
Funny how Apple fans aren't crying foul about this yet a 'signing problem' on Google Play gained lot of traction from them (and was quickly patched).

Apple however kept this fairly large vulnerability quiet for a few days. Which doesn't look good.
The Google problem you refer to was regarding a released product which is a somewhat different order of magnitude.
However, having said that, I was a bit surprised that as a developer it was only this morning I received an email from Apple saying it had been down since last Thursday. Typical Apple tight lippedness.
I was also a bit surprised it took all of 4 hours for the Android gloaters to come out of the woodwork
tdenson is offline   Reply With Quote
Old 22-07-2013, 16:22
grumpyoldbat
Forum Member
 
Join Date: Apr 2008
Posts: 3,502
It's a much larger problem for devs who are trying to provision devices for testing. The portal has been down since mid last week, and I know of at least 2 devs who are being delayed on their projects as a result. Hopefully it can get resolved quickly, but a portal rebuild (as mentioned in Apple's email to developers) isn't likely to be a quick job!
grumpyoldbat is offline   Reply With Quote
Old 22-07-2013, 16:57
Thine Wonk
Forum Member
 
Join Date: Mar 2009
Posts: 10,679
First the Ubuntu developer forum and now Apple, both in the space of days.
Thine Wonk is offline   Reply With Quote
Old 22-07-2013, 18:39
The Lord Lucan
Forum Member
 
Join Date: Apr 2005
Location: Scotland
Posts: 3,951
Two things that are good from this. Apple has separate systems and much is encrypted and they are going to start from ground up. Sucks for Devs a little.. I have had to delay a project but it's not a big issue and Apple have been great since they actually announced it.

It seems the biggest group of people that will cry about this are the fake devs that shouldn't even be on iOS7, let alone getting timely updates!

It is not of the same scale of that with Androids recent security issues nor an in the wild security flaw on consumers actual phones.
The Lord Lucan is offline   Reply With Quote
Old 22-07-2013, 19:18
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
Apple however kept this fairly large vulnerability quiet for a few days.
Takes a good few days working out hot to market it.


They leave little to chance, apart from their servers that is.
The wobbly spin looks good.
And they will now know more about the hacker security researcher than that guy even knows about himself.

Seems quite strange how they never spoke to him. Was he one of many?
alanwarwic is offline   Reply With Quote
Old 22-07-2013, 20:49
The Lord Lucan
Forum Member
 
Join Date: Apr 2005
Location: Scotland
Posts: 3,951
Quiet? Pretty much knew about it within 48 hours. Sony when it was hacked took ages to confirm.
Best not to announce whilst you're working out what is going on, working out which systems you can trust and where it all started from.
The Lord Lucan is offline   Reply With Quote
Old 22-07-2013, 21:33
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
So what exactly have they announced?
Suitably vague, they even left that guy waiting expecting to be arrested. Hero to intruder in one single email.

Obviously with servers turned off from Thursday it became a tad hard to stay silent come Monday.

And did they tell a very big porkie about the 'unknown hackers' or was the London security guy just one of many criminal hackers prior?

See what I mean about the confusion? Even the good guys end up the enemy.
alanwarwic is offline   Reply With Quote
Old 22-07-2013, 21:34
The Lord Lucan
Forum Member
 
Join Date: Apr 2005
Location: Scotland
Posts: 3,951
Also Beta 4 was unlikely to come out today as later versions tend to be over 3 weeks.
The Lord Lucan is offline   Reply With Quote
Old 22-07-2013, 22:12
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
Also, the use of the word 'intruder' was par the course for Apple.

Clever use of words meant the press would end up praising Apple for its defense systems in reaction to the hackers.
Yet in fact Apple did not use that more malicious term hacker nor claim any pro active defense.

Someone could do a great short drama on all those separate 13 security filings and the days after.
alanwarwic is offline   Reply With Quote
Old 22-07-2013, 22:36
The Lord Lucan
Forum Member
 
Join Date: Apr 2005
Location: Scotland
Posts: 3,951
Are you an actual developer?
The Lord Lucan is offline   Reply With Quote
Old 23-07-2013, 07:29
kidspud
Forum Member
 
Join Date: May 2010
Posts: 5,343
Also, the use of the word 'intruder' was par the course for Apple.

Clever use of words meant the press would end up praising Apple for its defense systems in reaction to the hackers.
Yet in fact Apple did not use that more malicious term hacker nor claim any pro active defense.

Someone could do a great short drama on all those separate 13 security filings and the days after.
I think you should do the drama. You are very good at trying to create it
kidspud is offline   Reply With Quote
Old 23-07-2013, 09:46
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
I think you should do the drama. You are very good at trying to create it
Has the intruder been arrested yet? With the story, if true they ensured he went from would be hero to zero near instantaneously.

Was he close to going into hiding or to the Ecuador embassy?.
The sense of panic setting in may have been quite extraordinary..

He should have known how it works with Apple. The very same happend to Charlie Miller.
"The obvious implication: don't search for security vulnerabilities in Apple products, and if you do find them, keep them to yourself."
http://www.techdirt.com/blog/wireles...eveloper.shtml
alanwarwic is offline   Reply With Quote
Old 23-07-2013, 10:38
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
And another thing.

It went down Thursday for 'maintenance'.
They as likely expected a quick fix, but after a few days realizing they do not quite know what they doing they went on Plan B.

And do they yet know what they are doing? Seemingly not as the site is still down.
alanwarwic is offline   Reply With Quote
Old 23-07-2013, 10:38
-GONZO-
Forum Member
 
Join Date: Dec 2005
Location: Kent
Posts: 8,014

He should have known how it works with Apple. The very same happend to Charlie Miller.
"The obvious implication: don't search for security vulnerabilities in Apple products, and if you do find them, keep them to yourself."
http://www.techdirt.com/blog/wireles...eveloper.shtml
Then if you read further down it does kind of make sense as to why the action was taken.
This is not at all the proper implication. Miller, the author, was not removed from the developer program for finding and reporting the bug. He was removed for knowingly creating and uploading an application to the App Store that *exploited* the bug! The application was sitting in the App Store for over a month.

Although unlikely, someone else could have downloaded the app, found the vulnerability and maliciously exploited it.

He broke the rules to which he agreed when signing up to the developer program. He was removed from the program as a result of that.

The true "obvious implication" to draw from this is: If you find a vulnerability report it through the appropriate means, create something that demonstrates the exploitation (if you so desire) but don't upload the app you know breaks the rules to the App Store.
-GONZO- is offline   Reply With Quote
Old 23-07-2013, 10:44
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
Yeh, Charlie proved the concept.

That is what people do. Often an angry 6 months later when they see a bug unfixed


CM went off to work for Twitter. Quite obviously Apple had no need for a ''more real' security expert.
alanwarwic is offline   Reply With Quote
Old 23-07-2013, 11:01
kidspud
Forum Member
 
Join Date: May 2010
Posts: 5,343
Then if you read further down it does kind of make sense as to why the action was taken.
You are missing the point, alanwarwic is after drama, not reality.
kidspud is offline   Reply With Quote
Old 23-07-2013, 13:25
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
Quiet? Pretty much knew about it within 48 hours. Sony when it was hacked took ages to confirm.
Best not to announce whilst you're working out what is going on, working out which systems you can trust and where it all started from.
36 hours.

http://www.huffingtonpost.com/2013/0...n_3634843.html

Do you fully believe they would have told us anything at all if they had got it back running?

Still down with that infuriating 'back soon' showing BTW
alanwarwic is offline   Reply With Quote
Old 23-07-2013, 15:07
The Lord Lucan
Forum Member
 
Join Date: Apr 2005
Location: Scotland
Posts: 3,951
Alan: Are you a dev.. does this actually affect you?

If so you'd be getting update emails..

So much drama..

Cannot expect them to announce it straight away, nor just reboot the servers and carry on. They overhauling security as well as implementing upgrades they were planning for later in the summer. This will take time.

Remember the Sony hack knocking all customers offline.. this isn't that. Remember the Android vulnerability on millions of phones... this isn't that.

It only affects Devs and iO7 Beta 4 has not been delayed because of it. They even managed to launch a Mavericks Dev P4 update last night so not really an issue bar devs with ongoing projects like myself.

Do you have an ongoing project that this is causing a problem Alan? If not then it's daft that you are even commenting.
The Lord Lucan is offline   Reply With Quote
Old 23-07-2013, 15:15
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: Researchington
Posts: 24,763
Come on, do you not even find the reality even a bit amusing?

Normally you can do or bodge a fix within hours.
Instead they have resorted to turning the conversation away from not quite knowing what they are doing.

Their longest outage in history, and being Apple, it makes it difficult for a developer to pass comment.
alanwarwic is offline   Reply With Quote
Old 23-07-2013, 15:30
IslandNiles
Forum Member
 
Join Date: Apr 2005
Posts: 12,876
Come on, do you not even find the reality even a bit amusing?

Normally you can do or bodge a fix within hours.
Instead they have resorted to turning the conversation away from not quite knowing what they are doing.

Their longest outage in history, and being Apple, it makes it difficult for a developer to pass comment.
I wish someone had told Sony that when they took PSN offline for 24 days.
IslandNiles is offline   Reply With Quote
Old 23-07-2013, 15:41
The Lord Lucan
Forum Member
 
Join Date: Apr 2005
Location: Scotland
Posts: 3,951
Hardly the longest outage they have had yet. NDA doesn't cover wether you are or not a dev and it hasn't stopped you talking about 7 before LOL (nor me.)

Also again.. how is it affecting users?

http://www.apple.com/support/systemstatus/
The Lord Lucan is offline   Reply With Quote
Old 23-07-2013, 15:47
kidspud
Forum Member
 
Join Date: May 2010
Posts: 5,343
Come on, do you not even find the reality even a bit amusing?

Normally you can do or bodge a fix within hours.
Instead they have resorted to turning the conversation away from not quite knowing what they are doing
.

Their longest outage in history, and being Apple, it makes it difficult for a developer to pass comment.
So you are saying that taking time to fix a serious security problem is "resorted to turning the conversation away from not quite knowing what they are doing". This becomes funnier by the minute
kidspud is offline   Reply With Quote
 
Reply



Thread Tools Search this Thread
Search this Thread:

Advanced Search

 
Forum Jump


All times are GMT. The time now is 05:03.