iPad still has a major browser vulnerability, says group behind AT&T security breach
By Vlad Savov 
posted June 15th 2010 5:43AM
posted June 15th 2010 5:43AM
You know that tiny little security snafu that allowed over a hundred thousand iPad users' email addresses out? The one that the FBI felt compelled to investigate? Well, Goatse Security -- the group that discovered that particular hole (stop laughing) -- isn't best pleased to be described as malicious by AT&T's response to the matter, and has requited with its own missive to the world. Letting us know that the breach in question took "a single hour of labor," the GS crew argues that AT&T is glossing over the fact it neglected to address the threat promptly and is using the hackers' (supposedly altruistic) efforts at identifying bugs as a scapegoat. As illustration, they remind us that the iPad is still wide open to hijacking thanks to a bug in the mobile version of Safari. Identified back in March, this exploit allows hackers to jack in via unprotected ports, and although it was fixed on the desktop that same month, the mobile browser remains delicately poised for a backdoor entry -- should malevolent forces decide to utilize it. This casts quite the unfavorable light on Apple as well, with both corporations seemingly failing to communicate problematic news with their users in a timely manner.
@malexandria1 Yeah, they CAN be hacked. But it's not common by any means.
I threw my iPad against the wall a couple of times last night because I'm frustrated with how shitty it is and it's inability to Sync to my Macbook without first corrupting files. I will admit, I'm impressed the damn thing didn't break. I'm ready to just take a hammer to it, that's how much I LOATHE this device. And the fact that I convinced myself to get it again, even though I had already returned one for the same issues. It's a fucking $800 doorstop!
@malexandria1 .. So you threw a $800 piece of equipment against a wall because it didn't work for you. Perhaps you could have returned it or put it on eBay where Apple products have very good resale value.
Because it sounds like either (a) you're lying or (b) you need to seek professional help.
@taligent Why do fanboys always assume someone is lying? I mean really??? Yes, I do need help and I would have taken the freaking thing back if I didn't go over the 14 day Apple return day. I already returned the piece of junk once. I despise eBay and don't trust selling things on the internet so I'm not even going to waste my time with that - although, maybe it's gotten better. So without any viable options, yes I'm PISSED that this thing DOESN'T work properly! I'm just irrational that way....
@malexandria1 And it DOESN'T work with my MACBOOK. That's the real kick in the teeth!
@malexandria1
Craigslist my friend
@malexandria1 Problem exists between iPad and chair...
If you didn't think to try any means of getting your money back via eBay, Craigslist, selling it to a friend or family member, I mean really ANYthing... you deserve to eat that $800 loss. I'd sure as hell give something a try to get my $800 back. Doesn't take an Apple fanboy to see that.
Good catch by the Goat people. Hopefully Apple will release an update very soon.
"delicately poised for a backdoor entry" - Just like Goatste himself...
Heh.
They're either bluffing, or just being stupid by telling Apple of their secret weapon.
iOS 4 will have an update, assuming Apple doesn't update the Safari app sooner, even if it's for the first time.
The last thing Apple wants is more bad publicity. I doubt they'll let that go any farther.
Magic Unicorn taken from behind by Goatse.
Wide open unicorn seen wallowing in the brush after a visit by Goatse.
But see this is all part of Apples strategy to sell new iPads. We just can't seem to fix this 3 month old device but we're coming out with a more magical one next month. Current owners get a 5% discount on a new unit as long as it wasn't taken out of the original packaging.
Anal sex.
There, I said it.
Makes me wonder if, perhaps, there was too much talk of how "magical" the iPad is, and everyone at Apple just assumed it has some kind of unbreakable spell of protection cast on it by Wizard Jobs? That's pretty much the only excuse I can see for not fixing a security hole in one of the hottest pieces of consumer electronics in existence right now - well, either the whole "magical" assumption, or Apple is full of incompetent assclowns. Either way... Either way...
I tell ya, you ATT & Apple fanboys must have gaping a-holes by now.
Am I the only one who realizes this wasn't really a security hole in Safari but just a stupid mistake by some web developer. They took advantage of the AJAX suggest function built into the system. The developer just wasn't smart enough not to put it on the email box. It most likely could've been used on any browser with the same security risk go to Google and do a a search. The suggestions you get are the same. I'm not even sure the hackers did something illegal by obtaining those email addresses. Is it illegal for me to see someone's previous search grouped by popularity on Google?
Backdoor entry. Must be a feature that Jobs insisted on.
Your shit smells Uncle Steve...thats all i have to say!!
Apple should hire goatse security.
Shhhhh. Don't tell anyone about the hole.
How else is Apple's strategy of protection via obscurity supposed to work!
Heh heh heh.
Engadget said "hole".
snicker.
Guess clickjacking isn't being addressed? ;-)
Did someone say Opera?