Various sources have covered
the story of a security breach in AT&T's website that exposed the personal information of numerous iPad 3G customers. According to these reports, some 114,000 user accounts were compromised, including those of CEOs, military officials, and top politicians. AT&T then issued an apology letter to those affected by the breach, saying that, “Unauthorized computer ‘hackers’ maliciously exploited a function designed to make your iPad log-in process faster.”
Even though some now believe the problem might actually be more serious than originally believed (in that there are chances that confidential information of most iPad 3G owners in the U.S. has been exposed), the hackers who exploited a hole in the wireless operator's website are now disgruntled at having been characterized as 'malicious' by AT&T.
“So, AT&T calls us malicious in their letter to their customers. I think this calls for a statement to clear the air,” a post at the Goatse Security blog
reads. “AT&T had plenty of time to inform the public before our disclosure,” the Goatse blogger begins the plea. “It was not done. Post-patch, disclosure should be immediate– within the hour. Days afterward is not acceptable. It is theoretically possible that in the span of a day (particularly after a hole was closed) that a criminal organization might decide to use an old dataset to exploit users before the users could be enlightened about the vulnerability,” he explains.
“Even in this disclosure, which I feel they would not have made if we hadn’t publicized this vulnerability, AT&T is being dishonest about the potential for harm,” the blogger continues to stress. He reveals that, although AT&T claimed the person responsible for finding the bug had gone “to great efforts” to do so, “The finder of the AT&T email leak spent just over a single hour of labor total (not counting the time the script ran with no human intervention) to scrape the 114,000 emails.” He concludes by saying, “When we disclosed this, we did it as a service to our nation.”
Find us on Google+
No user comments yet.
Be the first to express your opinion!
