ibrahimbalic
Latest
Ibrahim Balic talks Dev Center downtime with iMore
Last Thursday, Apple's developer site suddenly went offline. Apple announced the interruption was attributable to an "intruder" who was attempting to access the personal information of Apple's developers. So who was responsible for the downtime? A Turkish security researcher named Ibrahim Balic thinks he might be the cause. He caused a stir this week with the release of a YouTube video explaining exactly what security holes he reported to Apple, and what went wrong. Now iMore has published an interview with Balic in which he aims to shed more light on exactly what happened, the methods he used to test the Developer Center's security and his thoughts on Apple's response. Balic found an exploit not directly in the Developer Center, but in Apple's iAd Workbench, which allows users to build targeted iAds. By giving iAd a single piece of user information, Balic was able to retrieve a user's full name, username and email address. Once the exploit was discovered, Balic created a script to generate random users to see if Apple's servers would send back a match for the names in what he says was an attempt to test how serious the bug was. He reported the bug to Apple and the rest is (unconfirmed) history. It's a fascinating interview that gives a hard look at what might have gone down this past Thursday. Of course we don't know for sure since Apple hasn't commented. But if you're wondering what happened with the Developer Center last week, head over to iMore for the rest of the story.
Turkish security researcher claims responsibility for Apple dev center hack
When Apple's developer portal went down Thursday, there were a lot of questions left unanswered. One of the more notable was, just who was responsible for this attack on the premiere destinations for iOS and OS X developers? Turkish security researcher Ibrahim Balic is claiming he was behind the hack, but it wasn't his intention to cause any harm. Balic says that he reported the vulnerability to the proper Cupertino authorities but, for whatever reason, his efforts didn't end there. He actually exploited the security flaw he had discovered, which gave him access to the names, email and mailing addresses associated with developer accounts. In total he discovered 13 bugs, at least one of which he demonstrated in a YouTube video, that appeared to show him accessing a list of developer names and user IDs. That clip has since been pulled, as Balic was concerned about some of the information displayed on the screen. However, in a tweet he asserted that sharing the confidential data was essential to prove his point about the severity of the vulnerability. The researcher does insist that his actions were legal and ethical. He told the Guardian that he only accessed developer account data in an effort to discover just how deep the rabbit hole went as part of a penetration test and will delete all of the data he collected. He claims that immediately after reporting his findings to Cupertino the dev center was shutdown, but that he never received a follow up from someone at the company. Instead there was simply an announcement of an attack, without any correspondance between Balic and Apple. So far Apple has not responded to our request for comment, and has neither confirmed nor denied Balic's account of events.
