Skip to comments.App Store, Hacked. (Updated: iTunes Accounts too.)
Posted on 07/04/2010 7:02:00 PM PDT by PugetSoundSoldier
Two iPhone App developers have spotted what appears to be a hacking of the App store rankings by a rogue developer. The rankings in the books category of the US iTunes store features 40 out of 50 apps by the same app developer, Thuat Nguyen.
Whats more concerning is that it seems individuals iTunes accounts have been hacked to make mass purchases of that one developers apps.
(Excerpt) Read more at thenextweb.com ...
This story was reported many hours ago on Apple sites. You’re late to the party.
What are you? An apple hater or a non-Apple product lover?
I'm willing to bet this is real, and that Apple will admit to it eventually, but not immediately.
>>> Even when I prove my case, they will refuse to recant their charges of liar and FUD spreader.
Broken clocks are occasionally right and blind squirrels stumble upon nuts.
Fanboys, of all stripes, tend to be blind to the failings of their chosen gods. They're not just bowing to Apple -- Microsoft doesn't attract them like before Vista, but I'm sure you remember the guys for whom Microsoft could do no wrong, and for whom everybody else was full of sh*t. Apple fanboys make me crazy, but no crazier than Windows fanboys did in their day.
> I must admit, I am surprised Swordmaker didnt burst in with a FUD charge first, as has happened every other time, even when my posts are completely accurate and truthful. Perhaps hes learning that just because I post something that he thinks is negative towards Apple, it does not make it false.
Spoken like a gentleman. :) (Obscure Monty Python ref.)
> As a few other FReepers have posted above, iTunes accounts have been hacked before, and apparently are being hacked again.
Yep, I think it's pretty clear somebody figured out a way to game the system and clean money from other people's accounts.
This has the aspect of yet another black eye for Apple, and it's totally their own, not AT&T's or anybody else's baby.
It also seems, the more I read on it, that this has been around for quite some time as a problem (not new today, anyway).
See posts 8 and 13, above, at least for the iTunes breaches. I’m sure we’ll see the TNW article backed up, there’s already quite a bit of talk on other tech sites like slashdot.
See posts 41 and 43; perhaps now you understand why I wear their insults as a badge of honor... Even when 100% correct I must be wrong, or at least 2nd place.
Who ever said that?
The only thing I know of that sounds like that is the claim that there are no self-replicating viruses "in the wild" for OS-X. That is, all known malware for OS-X requires operator cooperation ("Please download and execute this code"), or physical access to the machine (in which case all bets are off for -any- product).
I personally do not know of any self-replicating viruses for OS-X, so you may have seen me make that claim for OS-X's security.
But to say that anybody claims "that there has never been a security breach of any Apple product" is really out there. They must not know about Mac OS 9 and prior. If you can come up with an FR post where somebody wrote that statement, I'll join you in your derision of them.
That's a promise, Puget.
I'll ping Swordmaker to this comment, since being the Apple thread master, he may know of someone who made such a claim.
“I’m willing to bet this is real, and that Apple will admit to it eventually, but not immediately.”
I’m sure they were stunned to find that your account never had as much in it as they had been reporting to you, but in a few weeks they will update your account with the new lower value.
Looks like the Slashdot post is also based on TNW's blog post.
If this is the result of a hack of iTunes itself (somebody busted iTunes security), then it's very bad for Apple. OTOH, if somebody got a bunch of iTunes account credentials some other way than through iTunes (say, through a separate phishing campaign), it's still not good but the headline "iTunes hacked" is not longer quite accurate.
I'll be interested to see which way it ends up.
HAHA!! LOL. Good one.
It’s OK, I’ve saved Swordmaker the hassle. RachelFaith (hi sweetie!) swore up and down that Apple systems and Apple iOS and OSX were invulnerable because they’re written differently, and both Swordmaker and RachelFaith insisted that while there could be malware out there, it’s never been an issue because malware just doesn’t exist in the wild.
I can provide the earlier threads, too... BTW, my contention over this obvious impossibility is what earned me the titles of GD EVIL LIAR, sinner, and vile spreader of FUD (among others), and apparently the enmity of the Mac List forever...
I opened an iTune account, and within a week, Amex was calling me, asking why I was buying $1,700 worth of services from a South American company. iTune account closed, Amex account cleansed from top to bottom.
Yeah Itunes is really not secure at all. I only download the free apps from Itunes which don’t require a credit card at all. I would never put in a credit card into Itunes
I got to say I thought it was just another phishing issue, but reading the comments by peeople on that thread make you realize Apple really dropped the ball.
1) Since apple is known to have the “dumb” user base they have always babied thier users, so they should have had a system in place to detect such fraud and alert thier users.
2) We don’t know if it only phishing that is causing this. Either way apple could have done more and should have done more to prevent this type of widespread hack.
3) Apple will suffer the same fate as Microsoft as they are the big boy on music/app store. Now they will see what it means to be secure. NO more security by obscurity (or minority). This is the bigtime and now we see what it gets you. Apple has a long way to go to catch up on security and we are just now finding this out.
Wow it’s that bad.
I think Apple will learn the hard way. Witness the arrogance of Steve “you’re holding it wrong” Jobs. As problems continue to pile up, they’ll either collapse completely, or have to seriously re-evaluate everything from the top (Jobs) to the bottom (Genius Bar) in terms of how they consider the customer.
You remember the attacks I took for daring to claim that Apple was just about the bucks, they could care less about the customer as long as they made their money. Well, we’re seeing my claim to be true, and Apple is starting to pay the price for it.
Microsoft - as much as people love to hate them - at least keep the customer in mind when developing new tools. From maintaining backwards compatibility for their end-users, to providing best-in-class tools and supporting multiple development environments for those who create content.
Apple has a LONG, hard road ahead of them!
Ok... no need to provide those earlier threads, I know the ones you mean. I read some, not all, of the comments in those threads. Made me ill, to be honest, and I bailed after a while. But I got the gist of them.
>> That's impossible, we've all been told time and again there has never been a security breach of any Apple product "in the wild"...;)
"Never" and "any" are absolutes.
> If you can come up with an FR post where somebody wrote that statement, I'll join you in your derision of them. That's a promise, Puget.
Well, if RachelFaith said "never" a breach of "any" Apple product, then (sorry, Rachel) I must join Puget in saying, "You don't know what the hell you're talking about", because prior to Mac OS-X, the earlier Mac OS was riddled with security issues. It was as bad as Windows was until XP-SP2 (in general).
In addition, there certainly have been security issues in OS-X, and I imagine there are issues in iOS, which are regularly addressed by Apple in their security updates. Of course there are. No software is without issues.
"Invulnerable" is an awfully powerful word, and it's another absolute. Absolutes are difficult. Damned difficult. The only software I know of that is invulnerable is trivial, and can be demonstrated to be invulnerable because it does not contain a large number of paths and inputs. Certainly no operating system worth doing anything with is invulnerable.
So my opinion is that anyone who claims that an operating system (like Windows, OS-X, iOS, Linux, Android, even BSD Unix) is "invulnerable", clearly is not speaking of actual software. They are talking about something else. Or else they know nothing about actual software.
I can't speak to the "they're written differently" aspect without going back and figuring out what the heck was being talked about, which I'd rather not do. But having been writing software for 40 years (yes, since 1970), I'll observe that the code that executes does not have any knowledge of "how it was written" -- it's just code, and does not execute differently because it was written top-down vs. bottom-up, or in C vs. Pascal, or whatever. The bits don't carry their history.
Of course, the software design process makes a difference in how the software is written, and can improve or weaken its security. But there are lots of ways to write good code, and lots more ways to write bad code. Apple does not have a corner on the "good code" market.
So, Rachel, my FRiend, did you really say that? If not, what did you really say?
Anyway, I guess it's time to reconsider my account with Apple. I don't much like the idea that somebody can go charging to my card without my say-so.
Tools, yes! Products, no...
I work with Microsoft's tools every day. They're generally great, and well worth the price. I couldn't live without my MSDN subscription. I don't know of any other software vendor who comes even close.
OTOH, a lot of the time, I look at Microsoft's products, the things they develop with those tools, and I wonder "What in hell's name were they thinking???" Often I have to sadly conclude that they were not thinking at all.
But we're drifting off-topic... ;-)
Ignoring the implied ad hominems in your comments, I have yet to see many of your comments that met the criteria of "completely accurate and truthful." Most that I have seen have been misleading, misrepresenting, blown out of proportion, out of date, often ignorant, personally insulting, generally abusive to all Apple users, mistaken, often petty, and frequently just wrong, especially when you put words in my mouth I never saidabsurd straw man statementsso you can easily knock them down.
Contrast those other posts to this post. Whether this is a serious issue or a minority squeaky hinge complaint, I have no idea. It is, however worthy of warning potential victims early and an easy thing to for them to check and watch for. As soon as I saw your ping, I notified the members of the list. They needed the warning. Thank you!
That being said, there is nothing about Apple's App Store or iTunes Store or how they handle transactions that differentiates them from any other large online retailer in how they handle transactions, especially for intangibles, that would give them any edge on security. Apple has never claimed that. These stores are just as susceptible as Amazon, eBay, or any other that does business on the web to being victims of internet fraudsters.
Snarky made-up assumptions, like driftdivers, about "bottom lines" and anecdotal claims of refusals to make refunds, fly in the face of other reports from national ratings organizations such as Consumers Reports giving Apple the highest ratings in customer service and satisfaction, based on time-tested consumer surveying techniques. Companies don't get those kind of ratings by screwing customers at every opportunity just to assure a healthy "bottom line." I'd say one would have to discount the anecdotal claims.
I think this will turn out to be the result of a successful Phishing expedition. But until it shakes out, it's better to be safe and watch your account. Remember, Apple will never send you an email asking you to click on a link to provide your account information. . . Or ask you to reconfirm your credit card info from an email. If you receive such a request. It's a phishing attempt to steal your ID.
Sunday July 04, 2010 06:06 PM EST; Category: iPhone
Written by Arnold Kim
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.