Apple account hijacks spread to developers
Posted by Daniel Fleshbourne on 24 July 2008 - 11:36 · 23 comments & 6707 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(11 replies)
#1 Posted by ENiGmA on 24 Jul 2008 - 12:35
- As expected, as Apple grabs more market share, the hijacks will continue to rise as well. "Pooh."
-
#1.1 Posted by
markjensen on 24 Jul 2008 - 12:57
- Did you read more than the title?
This is like me hijacking your Neowin account. Or your eBay or Amazon.com account. -
#1.2 Posted by necrosis on 24 Jul 2008 - 13:07
- Hijacking your Neowin account? Last time I checked you couldent buy a crap load of stuff with that one.
Amazon.com is a better example. -
#1.3 Posted by markjensen on 24 Jul 2008 - 13:11
- (necrosis said @ #1.2)Hijacking your Neowin account? Last time I checked you couldent buy a crap load of stuff with that one.The point being, someone's login account was compromised. It has nothing to do with OSX's marketshare.
Amazon.com is a better example. -
#1.4 Posted by darkpuma on 24 Jul 2008 - 17:01
- (markjensen said @ #1.3)(necrosis said @ #1.2)Hijacking your Neowin account? Last time I checked you couldent buy a crap load of stuff with that one.The point being, someone's login account was compromised. It has nothing to do with OSX's marketshare.
Amazon.com is a better example.
More than one person's, and not just login, actual account, which can be used to purchase stuff. Like a credit card or cell phone getting stolen. What if there is a vulnerability somewhere that allows the information to be stolen? This is possibly a big deal. Refer to integrity's comment (#5).
And yes, it does have to do with their marketshare, in part. More popularity something has, the more people that will target it.
Not that i care at all, i've never used itunes, just thought i'd put my 2 cents on the table. -
#1.5 Posted by markjensen on 24 Jul 2008 - 17:30
- Fine. Because Apple is selling more iPods and Macbooks, the whole company's products are now more vulnerable, and because people get their iTunes accounts hacked (social engineering, identity theft from outside sources) this is proof.
Gotcha. -
#1.6 Posted by Faisal Islam on 24 Jul 2008 - 17:56
- lolz...lets welcome offline banking again. no way..hehehehe
now apple is looser like MS -
#1.7 Posted by Gilly on 24 Jul 2008 - 22:33
- (markjensen said @ #1.5)Fine. Because Apple is selling more iPods and Macbooks, the whole company's products are now more vulnerable, and because people get their iTunes accounts hacked (social engineering, identity theft from outside sources) this is proof.
Gotcha.
Well to be fair, the more iPods and Macs Apple sell, then the more iTunes users there'll be - and so the more potential iTunes store accounts there'll be to hijack in the first place. -
#1.8 Posted by Laser_iCE on 25 Jul 2008 - 05:18
- (markjensen said @ #1.5)Fine. Because Apple is selling more iPods and Macbooks, the whole company's products are now more vulnerable, and because people get their iTunes accounts hacked (social engineering, identity theft from outside sources) this is proof.
Gotcha.
You seriously don't get it? This has always been a huge factor (note: not reason) for why Internet Explorer and Windows are constantly being exploited -- because their market share is so large. Regardless of the coding or what Microsoft are done, the operating system or software with the most users is going to attract more hackers/crackers because there are more victims. What the original post was getting at, is that if it were a smaller site, such as a russian mp3 site, obviously it wouldn't have been targetted, but since the influx of newbies (note: people who haven't used technology often or never before) due to the popularity of the iPod/Phone, there's more of a chance that these people aren't security conscious. Think next time you reply. -
#1.9 Posted by markjensen on 25 Jul 2008 - 11:44
- (Laser_iCE said @ #1.
You seriously don't get it? This has always been a huge factor (note: not reason) for why Internet Explorer and Windows are constantly being exploited -- because their market share is so large. Regardless of the coding or what Microsoft are done, the operating system or software with the most users is going to attract more hackers/crackers because there are more victims. What the original post was getting at, is that if it were a smaller site, such as a russian mp3 site, obviously it wouldn't have been targetted, but since the influx of newbies (note: people who haven't used technology often or never before) due to the popularity of the iPod/Phone, there's more of a chance that these people aren't security conscious. Think next time you reply.Let me put forth to you why Windows and IE have historically been exploited. Win 9x: No security. No account separation. Any login gets full system access. WinXP: Some security. No firewall by default until SP2. Still crappy default user permissions, as first user (and many times only user account on many people's PCs) was ADMIN.
Compare the above to what Linux and Apple were doing by default at the time. User separation. Need to authorize 'up' to make system changes because users run with less permissions.
Vista has really come around and changed things for Microsoft. Vista is what XP should have been, security-wise.
In the end, a bigger target just means a bigger target. The exploits come from poor security practices (for example, the iTunes site accepting minimal account information, allowing someone who had their identity lifted from someplace else to claim the account and charge to it). Can you see that? It isn't marketshare that made that happen. It was poor practices. Just like Win9x and XP. Just like iTunes. -
#1.10 Posted by Laser_iCE on 25 Jul 2008 - 17:16
- (markjensen said @ #1.9)(Laser_iCE said @ #1.You seriously don't get it? This has always been a huge factor (note: not reason) for why Internet Explorer and Windows are constantly being exploited -- because their market share is so large. Regardless of the coding or what Microsoft are done, the operating system or software with the most users is going to attract more hackers/crackers because there are more victims. What the original post was getting at, is that if it were a smaller site, such as a russian mp3 site, obviously it wouldn't have been targetted, but since the influx of newbies (note: people who haven't used technology often or never before) due to the popularity of the iPod/Phone, there's more of a chance that these people aren't security conscious. Think next time you reply.Let me put forth to you why Windows and IE have historically been exploited. Win 9x: No security. No account separation. Any login gets full system access. WinXP: Some security. No firewall by default until SP2. Still crappy default user permissions, as first user (and many times only user account on many people's PCs) was ADMIN.
Compare the above to what Linux and Apple were doing by default at the time. User separation. Need to authorize 'up' to make system changes because users run with less permissions.
Vista has really come around and changed things for Microsoft. Vista is what XP should have been, security-wise.
In the end, a bigger target just means a bigger target. The exploits come from poor security practices (for example, the iTunes site accepting minimal account information, allowing someone who had their identity lifted from someplace else to claim the account and charge to it). Can you see that? It isn't marketshare that made that happen. It was poor practices. Just like Win9x and XP. Just like iTunes.
Agreed. Each go hand in hand, though. -
#1.11 Posted by +/ -Razorfold on 29 Jul 2008 - 10:23
- (markjensen said @ #1.9)(Laser_iCE said @ #1.You seriously don't get it? This has always been a huge factor (note: not reason) for why Internet Explorer and Windows are constantly being exploited -- because their market share is so large. Regardless of the coding or what Microsoft are done, the operating system or software with the most users is going to attract more hackers/crackers because there are more victims. What the original post was getting at, is that if it were a smaller site, such as a russian mp3 site, obviously it wouldn't have been targetted, but since the influx of newbies (note: people who haven't used technology often or never before) due to the popularity of the iPod/Phone, there's more of a chance that these people aren't security conscious. Think next time you reply.Let me put forth to you why Windows and IE have historically been exploited. Win 9x: No security. No account separation. Any login gets full system access. WinXP: Some security. No firewall by default until SP2. Still crappy default user permissions, as first user (and many times only user account on many people's PCs) was ADMIN.
Compare the above to what Linux and Apple were doing by default at the time. User separation. Need to authorize 'up' to make system changes because users run with less permissions.
Vista has really come around and changed things for Microsoft. Vista is what XP should have been, security-wise.
In the end, a bigger target just means a bigger target. The exploits come from poor security practices (for example, the iTunes site accepting minimal account information, allowing someone who had their identity lifted from someplace else to claim the account and charge to it). Can you see that? It isn't marketshare that made that happen. It was poor practices. Just like Win9x and XP. Just like iTunes.
Point is...even if mac and linux had EXACTLY the same security as windows. There would be more windows exploits, a LOT more...and that was exactly what the original post was getting at.
And yes they both go hand in hand.
-
(1 reply)
#2 Posted by TruckWEB on 24 Jul 2008 - 13:08
- Again, so much for security... Will we ever have something secure on the Web?
-
#2.1 Posted by +the evn show on 24 Jul 2008 - 14:28
- Security is a like money: how much do you have?, it is not like being pregenant: yes or no?
As long as the idea that security is a binary property, you'll find it to be insufficient in most cases.
Last edited by the evn show on 24 Jul 2008 - 17:18
-
#3 Posted by +Shadrack on 24 Jul 2008 - 15:03
- Hmmm.... makes me wonder if my iTunes account that I haven't used in over a year still has my credit card info saved. The convenience of saving such info is really great, but it sure does make me nervous. Some places require that you save your CC with them.
A better idea, have the user enter the last 4 digits of the CC number for every transaction.
-
(2 replies)
#4 Posted by techbeck on 24 Jul 2008 - 16:38
- This is to be expected as Apple increases their sales in all areas. And no, I am not talking about OSX. But think about it, Apple sales have been increasing and now you hear more about them so it makes sense the company as a whole will be targeted more and more. I am willing to bet the iTunes accounts are the first of many things Apple will have to deal with soon. Welcome to the world of MS Apple!...hehe
-
#4.1 Posted by hotdog963al on 24 Jul 2008 - 22:16
- Oh please, do you really think some members of the hacker scene doesn't know about Apple yet?
-
#4.2 Posted by techbeck on 25 Jul 2008 - 17:48
- (hotdog963al said @ #4.1)Oh please, do you really think some members of the hacker scene doesn't know about Apple yet?
Did I say anything about hackers not knowing about Apple? Stop putting words in my mouth and use your brain for once in your life. Its common sense that hackers will nail systems with Windows a hell of a lot more than Apple. All organizations use Windows based computers (or most do). Do you really think hackers will hack systems running Apple or even Linux when they don't even come close to the market share Windows has? Apple is the easiest system to hack and if hackers wanted to, they would hack Apple systems all day long. And yes, it has been proven that and Apple system can be hacked in under 2 minutes.
As Apple systems become more and more popular, they will have the same problems as Windows...or at least start having more people hack them and expose their security flaws and the flaws of 3rd party Apple software.
A lot of people are getting in to a false sense of security using a Mac. I dont know how many times I hear "Mac is better because it doesnt get viruses", or "I have a Mac, I dont need antivirus protection", or "I don't get spyware because I have a Mac". There is going to come a day where people are going to get hit hard with using a Mac. With all the identity theft and hacking going around these days, its only a matter of time.
-
(2 replies)
#5 Posted by integrity on 24 Jul 2008 - 16:53
- I hate it when people try to play down something they're so fanboy'd for.
It's about to time to cut the cheese here. -
#5.1 Posted by Hell-In-A-Handbasket on 24 Jul 2008 - 19:14
- and your reason for making this more then it is ?
majority of those who play the fanboy card are those that have no other excuses
you know Xbox Live / Hotmail accounts have been hijacked since their inception right ? and you can purchase goods using both as Hotmail is tied with personal info INLCUDING CC info if you have purchased anything related to MS.
MS still has my CC info from when Asheron's Call was new, saved to my Hotmail/msn info
same for Albany Beta, OneCare Beta, and everyother beta i have been in. -
#5.2 Posted by +/ -Razorfold on 29 Jul 2008 - 10:26
- (Hell-In-A-Handbasket said @ #5.1)and your reason for making this more then it is ?
majority of those who play the fanboy card are those that have no other excuses
you know Xbox Live / Hotmail accounts have been hijacked since their inception right ? and you can purchase goods using both as Hotmail is tied with personal info INLCUDING CC info if you have purchased anything related to MS.
MS still has my CC info from when Asheron's Call was new, saved to my Hotmail/msn info
same for Albany Beta, OneCare Beta, and everyother beta i have been in.
Yes but you cant just BUY something else by clicking 1 button. You still have to login, then enter your credit card AGAIN.
Itunes you can set it up to never EVER ask for your credit card details when purchasing something, and a lot of people do that.
Rather interesting you mention Betas, because I've been a beta tester for a large number of microsoft products including one care, including xp, including xp sp2, including vista etc and they dont ask me for ANY credit card information. You must be someone special...yeh right...
-
#6 Posted by Landlocked on 24 Jul 2008 - 21:00
- I wonder if Apple still has to pay royalties on songs that were essentially stolen? Should record labels continue to suffer loss (I know, boo-hoo) because online security wasn't adequate?
-
#7 Posted by anthonyspt on 25 Jul 2008 - 03:05
- Apple has only been good at security through obscurity. PERIOD.
Apple is not a security company, and even as a computer and OS company, knows very little about security in comparison to a lot of companies that have or have 'had to' make security their life.
Even with OS X piggy backing on solid BSD foundations, it is at the original BSD layers that serious security ends in OS X, and in terms of implementation there is lot outside the BSD APIs in OS X, from the Apple kernel modifications and Apple drivers all the way up to the GUI and Aqua.
Has anyone actually looked at the security patches and even non-patch security issues for even Leopard 10.5?
Leopard alone has a 20 to 1 ratio of security issues over Windows Vista, and Vista was released almost a year before Leopard. Even a 'tie' in security would be a failure on Apple's part with Leopard being a year newer, but when you see a 20 to 1 rate, OS X and Apple have a LONG way to go in terms of security outside of 'obscurity'...
Apple has too many fail points in the iTunes service, from known hacker holes in the OS X servers, to holes in the Safari browser features to holes in the iTunes client applications to holes in the Web Scripting to holes, and the list goes on and on.
Reg reader Andrew McAuley discovered that his iTunes account was hijacked after 150 unauthorised transactions, each valued at $42, appeared on his debit card bill. McAuley, a Brit who lives in the US, noticed the attack after he checked his bank account on 11 July. "I tried to log in to my [iTunes] account and was unable. Seems someone had changed the login to a different name completely," he explained.
When he contacted iTunes support McAuley was told his account had been taken over by an "unknown fraudster" and that this was the subject of an ongoing investigation. Apple has suspended the account.