The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© 2018 AFPAustralia teen breaches Apple's secure network
By Josh Edelson SYDNEY©2024 GPlusMedia Inc.
The requested article has expired, and is no longer available. Any related articles, and user comments are shown below.
© 2018 AFP
10 Comments
Login to comment
Richard Henderson
The big question, how was he able to get to the core and operate there for a year before being discovered?
Strangerland
What are 'secure files'? Does that mean they were encrypted (secured) or were they files that were supposed to be secure, and obviously weren't?
theFu
Fixed it for you. Hint - If a teen can get in over the internet or dial up, it isn't a secured network, Apple.
At Apple's request, authorities did not disclose details regarding the
methods the teenager used to hack into its secure servers, though
investigators said his ways "worked flawlessly" until the company
Probably an XSS attack. Something that any web-developer should prevent for the last 15 yrs. There's a well-know Top 10 List in the industry for things to avoid. https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet
Strangerland
There’s nothing to indicate what kind of attack it was.
Belrick
Apple's should give him a job!
gogogo
There is no way to get a serial number from a computer over the internet. Apple must have placed a file like malware to steal the info like a honeypot
albaleo
That may be true for basic internet protocols such as http, but if he was able to join Apple's internal network, I think it's possible to retrieve a lot more information about connected devices. I don't whether that would include serial numbers.
lostrune2
Lol, that's his mistake right there! Should had named it "dicks dicks dicks" instead - imagine the raid team would see that folder and just think… "Not my job"
inkochi
They probably will.
If not, the FBI will, after they have finished 'talking' to him.
Or the Chinese or Russians
theFu
Actually, there is, but it depends on the browser's help. When we allow java to run, it is possible to perform network queries on the end-user's system... like doing an arp to get the MAC address, which is supposed to be unique in the world. Since Apple is the most likely vendor for any Apple sale, they would just need to look up in their sales records the MAC to person cross ref. Professionals know to modify their MAC or use other techniques to hide better.
There are other methods to figure out identities of end-users accessing a server, how else would google, facebook, twitter, insta-whatever, verizon, AT&T, Comcast, Cox, and all their advertising "partners" be able to trace each of us on the internet? Your computer is fairly unique in the world - https://panopticlick.eff.org/ will show you using simple tests. This method doesn't use java. My results:
There are about 25M people in Australia now, so fewer than 13 other people have a similar "fingerprint." With just 13 people to check, it wouldn't take long to figure out who is most likely.
And not using a VPN or TOR is just dumb.
So I hear.