Ethically Hacked | TechSNAP 120

Ethically Hacked | TechSNAP 120

A huge amount of SIM cards are susceptible to an Over the Air attack, Allan’s got the details, Apple’s hacker outs himself, and the trouble with the Ubuntu forums!

Plus a batch of your questions, and much much more!

Thanks to:

Use our code tech249 to score .COM for $2.49!

Get private registration FOR FREE with a .COM! code: free5


Visit to save $25 off your device or service credits.


Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

Security Researcher Claims Apple Developer Website Hack

  • Apple\’s Developer Center first went offline last Thursday, and on Sunday, Apple revealed that it had been taken down as a precaution after a security breach. It is unclear who was responsible for the hacking, but a security researcher, Ibrahim Balic has suggested that he might be to blame for the outage.
  • The company added that critical developer data had not been compromised and that they were working day n’ night to fix the vulnerability and bring the site back online.
  • According to 9 to 5 Mac adds that, “In an email… Balic … is persistent in stating he did this for security research purposes and does not plan to use the information in any malicious manner.”
  • The comment comes from independent security researcher Ibrahim Balic, who claims that his effort was not intended to be malicious and that he reported his findings to Apple just hours before the developer site was taken down by the company.
  • Balic, who has reported 13 different bugs to Apple, originally discovered an iAd Workbench vulnerability on June 18 that allowed a request sent to the server to be manipulated. This security hole could be used to acquire the names and email addresses of iTunes users (even non-developers).
  • After finding the loophole, Balic wrote a Python script to harvest data from the vulnerability and then displayed it in a YouTube video, which may have put him on Apple\’s radar.
  • In addition to the iAd Workbench bug, Balic also discovered and submitted a report on a bug that caused the Dev Center site to be vulnerable to a stored XSS attack. While Balic says that it was possible to access user data by exploiting the Dev Center issue, he claims that he did not do so.
  • New Details Emerge on Security Researcher Potentially Responsible for Dev Center Outage s
  • Apple Outlines Plan for Bringing Developer Center Back Online
    Additional Coverage

Ubuntu Forums compromised

  • The forums were defaced and the database compromised
  • There were approximately 1.82 million registered accounts in the forum database
  • Attackers have access to each of these user\’s username, password and email address
  • The passwords were salted hashes, but by which algorithm was not made clear. Where these cryptographic hashes, or just md5(salt+md5(password)) or similar like some forum software?
  • If you were a registered user, and reused that password anywhere else, you are likely going to have a bad time
  • “Ubuntu One, Launchpad and other Ubuntu/Canonical services are NOT affected by the breach”
  • Timeline:
  • 2013-07-20 2011 UTC: Reports of defacement
  • 2013-07-20 2015 UTC: Site taken down, this splash page put in place while investigation continues.
  • 2013-07-21: we believe the root cause of the breach has been identified. We are currently reinstalling the forums software from scratch. No data (posts, private messages etc.) will be lost as part of this process.
  • 2013-07-22: work on reinstalling the forums continues.


TechSNAP Bitmessage: BM-GuGEaEtsqQjqgHRAfag5FW33Dy2KHUmZ

The enterprise-class Open Source LDAP server for Linux. It is hardened by real-world use, is full-featured, supports multi-master replication, and already handles many of the largest LDAP deployments in the world. The 389 Directory Server can be downloaded for free and set up in less than an hour using the graphical console.

Round Up:

Question? Comments? Contact us here!