|
Title: ZOMG! iPad Security Leak is All Apple's Fault For Realz!!! Post by: HCK on June 10, 2010, 11:00:09 pm ZOMG! iPad Security Leak is All Apple's Fault For Realz!!!
Actually, no.But you know what? The screeching headline "Apple Screws Up" is guaranteed to get tons more clicks than the yawner "AT&T Screws Up."Let's take a look at the recent Gawker story with the headline "Apple's Worst Security Breach: 114,000 iPad Owners Exposed." We'll admit, we clicked on it just like everybody else. Apple products are known for being fairly secure, so this sounded like big news. And as we read down the length of the article about how Goatse Security, a hacker group that exposes flaws in various tech products, exploited a vulnerability in AT&T's network, we kept waiting to see where Apple was implicated. Yes, Goatse Security exploited a gaping security hole in AT&T's network (since closed) and targeted iPad users to grab fistfuls of integrated circuit card identifiers (ICC-ID), the numbers that identify their SIM cards, which are associated with the users' email addresses. Yes, many users of the Apple device, like users of many sites and services everywhere, foolishly chose to use their sensitive work emails, such as White House Chief of Staff Rahm Emanuel and many in the United States military, instead of a personal one. And that's it. That's the huge security breach. ICC-IDs, with which you can do practically nothing, and a harvested ton of poorly chosen emails to spam. And as we read along, again, we kept waiting to see where exactly Apple's fault was in all this. Image Source: GawkerGo on and read the article. There's no there there. Apple had no security breach. AT&T had a security breach which Goatse Security cleverly exploited to harvest data from iPad users. If they so desired, Goatse could quite likely have done the same with any mobile product that was on AT&T's network. They could have easily targeted AT&T's other smartphone offerings, such as their Blackberry or Palm-based devices. Instead, Goatse smartly chose the one name guaranteed to get attention and highlight the security issue, and it worked. Gawker merely followed their lead and wrote from a guilt-by-association angle.But a lot of this kind of online "journalism" isn't about informing readers – heck, a lot of print and television journalism (we might even say most) is no longer about informing the audience. Instead much online "journalism" is primarily concerned with hype and with clicks. Advertisers pay for impressions on how many readers show up on a certain page, so headlines and stories are geared towards landing those readers. For a similar case, consider how many stories featured the – gasp! – news that Steve Jobs couldn't get Wi-Fi to work at the iPhone 4 unveiling. How many readers would have clicked an article about Mark Hurd, CEO of Hewlett-Packard, having connectivity problems during a presentation? We're thinking that number might be way lower.It's the same story here. http://www.maclife.com/article/news/zomg_ipad_security_leak_all_apples_fault_realz |