Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

iPad Owners Exposed

Published: 2010-06-10
Last Updated: 2010-06-10 16:26:50 UTC
by Deborah Hale (Version: 1)
0 comment(s)

Some of you may have seen the article about an iPad security breach.  Some of the information floating around is leading readers to believe that it is an
iPhone software problem.  It is not, the issue is with a web application not the iPhone or iPad software. 

http://www.sophos.com/blogs/duck/g/2010/06/10/apples-worst-security-breach/

"Apparently, the breach was the result of a web application vulnerability on an AT&T site. This allowed a malcontent to guess
at an AT&T SIM card identifier (the so-called ICC-ID) and – if the ICC-ID was issued to an iPad – to use it to retrieve the email address
of the iTunes account associated with the device."

The fact that this happened is bad, however the amount of incorrect information circulating the Net is even worse.  For the whole story see the
Sophos blog.

Another take on the situation:

http://www.wired.com/threatlevel/

Deb Hale Long Lines, LLC

0 comment(s)
Diary Archives