Researcher claims responsibility for security breach at Apple Developer website

The researcher says he was able to obtain names and email addresses of users and claims he reported the flaw to Apple

By Lucian Constantin, IDG News Service |  Security

Some people on Twitter and in comments on other websites criticized Balic's decision to download over 100,000 user details and the subsequent exposure of the now-removed YouTube video.

"I continued taking [information] to see how deep I could go," the researcher said Tuesday via email. "I wanted to be heard. I'm not hacking and I didn't do it for bad purposes."

"There has been a lot of debate about the ethical aspects in bug hunting," said Bogdan Botezatu, a senior e-threat analyst at security firm Bitdefender, Tuesday via email. "While penetration testing proves often to be extremely profitable in the long run for both customers and companies, they also have a downside: whenever pen testing is done on production servers, you run the risk of breaking things and taking the respective infrastructure out of business causing more harm than good."

In addition, downloading 100,000 records is overkill for a proof of concept attack and exposes much more users than necessary, Botezatu said.

While the main page of the Apple developer site is currently accessible, the member area still displays Apple's downtime announcement and so are the company's iOS Dev Center, Mac Dev Center and Safari Dev Center websites. Apple said that it is completely overhauling its developer systems.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness