Must Read: No niche for iPad: Why I returned mine

Topic: Security

Apple: Holy Grail for hackers?

Summary: Hackers have posted a document that allegedly has user names and passwords for an Apple server. The find, posted via the AntiSec hacking campaign, appears to be a warning that Apple "could be a target too."

Larry Dignan

By for Between the Lines |

Hackers have posted a document that allegedly has user names and passwords for an Apple server. The find, posted via the AntiSec hacking campaign, appears to be a warning that Apple "could be a target too."

The bigger picture here is that Apple will become an increasing target for these hacker groups if the company provides the right trigger. Apple could represent the Holy Grail for malicious hackers given its stash of iTunes customer data. If Sony, AT&T and the CIA can bring hackers headlines just imagine what Apple could do.

According to the Wall Street Journal, AntiSec includes hackers from Anonymous and the now-decommissioned LulzSec. ZDNet's Jason O'Grady noted that 9to5 Mac considers the document posted by AntiSec to be relatively benign.

That take looks to be roughly correct, but there's a warning embedded here. Hackers apparently are too "busy elsewhere" to mess with Apple, but that doesn't mean the company is bulletproof. One trigger---something that may annoy hackers---could set off a larger attack.

Apple hasn't commented yet and probably won't. Today Anti-Sec claims a technical support server. It's not a big deal yet. The big question is whether Apple's more valuable servers---iTunes and iCloud---will become targets.

Topics: Security, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

62 comments
Log in or register to join the discussion

  • Apple, their sites, their applications and their OSes

    Have sieve-like security. Nothing new, except for the fact that they now have become a big enough target.

    BTW what ID*** developer keeps a <u>root</u> password in cleartext in a database anyway? Any passwords in cleartext is bad. But root?

    How inept can you get?
    honeymonster
    Reply Vote

    • WebObjects yet to be hacked; no such case, so iTunes data for now is safe

      @honeymonster
      DDERSSS
      Reply Vote

      • WebObjects haven't ever been hacked.

        @DeRSSS
        Probably.
        woulddie4apple
        Reply Vote

      • WebObjects are deprecated, legacy

        @DeRSSS
        Per Apple you should not use WO any more. If iTunes are based on WO I hope they are migrating away!
        honeymonster
        Reply Vote

      • Per Apple WO is perfectly fine; it was removed from end-user OS to slim ...

        @DeRSSS: ... down the size of distributive. But, of course, anyone can download it and use latest version however, they like. And iTunes is run on WebObjects.
        DDERSSS
        Reply Vote

      • I have to agree with DeRSSS

        WebObjects are not deprecated or legacy. He states with CERTAINTY that they were only removed from end-user OS to slim down the size of the download. The fact that it was also removed from Mac OS X Server in no way neuters that argument.
        http://www.apple.com/server/macosx/docs/Web_Tech_Admin_v10.6.pdf

        "WebObjects: Support for WebObjects is removed with Mac OS X v10.6"

        Also, I wouldn't worry too much that the official URL for webobjects ( http://www.apple.com/webobjects/ ) redirects you to ( http://developer.apple.com/legacy/mac/library/navigation/index.html?filter=webobjects ) with the following wording
        "Mac OS X Developer Library ? Legacy
        The Mac OS X Developer Library ? Legacy contains documents that are not applicable for current product development. Some of these documents describe older programming techniques that are no longer recommended. Other documents describe older features, interfaces, and programming techniques that are no longer supported. This information is available to help you maintain and update older code bases."

        I'm sure that doesn't mean that this is legacy. I also wouldn't worry too much that WebObjects hasn't been updated in almost 3 years. That actually just proves how ROCK SOLID this platform is!! No updates in 3 years just proves that there have been no bugs to fix in 3 years. YEAH!!
        woulddie4apple
        Reply Vote

      • @woulddie4apple: ROFL

        @woulddie4apple

        In a nutshell:

        WebObjects were removed from the end-user OS.

        Jed iDeveloper: <i>It was taking up space. Trust the force (waving hand)</i>

        WebObjects were removed from the server version of OS X

        Jed iDeveloper: <i>It was taking up space. You can download it. The master knows best. (waving hand)</i>

        WebObjects hasn't seen an update since 2008.

        Jed iDeveloper: <i>It was already perfect by 2008. Never needed another update (waving hand)</i>

        Java - on which WebObjects are built - is removed from OS X.

        Jed iDeveloper: <i>Java was evil. The master knows best. WebObjects are fine (waving hand)</i>

        Apple has ceased Java development on OS X and has handed over the remains to the community graveyard.

        Jed iDeveloper: <i>Java was evil, but WebObjects are fine. Trust be magic (waving hand)</i>

        WebObjects links are now redirected to a page with <b>LEGACY</b> printed in large letters.

        Jed iDeveloper: <i>You are following the links wrong. (waving hand)</i>

        The WebObjects tutorial page now displays a popup message stating the LEGACY status: <i>"Important: The information in this document is obsolete and should not be used for new development. Links to downloads and other resources may no longer be valid."</i>

        Jed iDeveloper: <i>The master will soon magically revolutionize WebObjects (waving hand)</i>

        Both the popup and text prominently on the page warn anyone reading it that <i>"... Legacy contains documents that are not applicable for current product development. Some of these documents describe older programming techniques that are no longer recommended."</i>

        Jed iDeveloper: <i>You are reading it wrong. The master knows best (waving hand), WebObjects are magical (waving hand), WebObjects are about the revolutionize the web (waving hand) (waving hand) (waving hand)</i>
        honeymonster
        Reply Vote

      • Apple held WebObjects developer conference two days ago

        @honeymonster: ... and with themselves running on WebObjects, it is not depreciated. Apple releases statements through its developers site if certain technology is depreciated, and it never did it about WebObjects. Linking and forwarding matter is irrelevant.
        DDERSSS
        Reply Vote

      • WebObjects are dead. Pushing up daisies. Ex-objects

        @DeRSSS <br>That conference <u>was not an Apple conference</u>. It was a hotel-lobby get together organized by some (like you) who refuse to accept that WebObjects are dead.<br><br>For christ sake, read the documentation for WebObjects on Apples site. It says LEGACY all over the place and Apple recommend that you do not use it for new development. Step out of the RDF sometimes, will ya?

        It sounds like you have a heavy career investment in WebObjects. Advice: Learn something new. You are in denial. Snap out of it and move on.
        honeymonster
        Reply Vote

      • It is Apple's confernece; stop being in denial and learn something new

        @honeymonster
        DDERSSS
        Reply Vote

      • Are you referring to the WOWODC 2011

        @DeRSSS <br>http://www.wocommunity.org/wowodc11/index.html

        No Apple in sight. WebObjects are deprecated. Abandoned. <b>Legacy</b>!

        The proof is here:
        http://www.apple.com/webobjects
        (hint: The url redirects to a page with this disclaimer: "<i>The <b>Mac OS X Developer Library ? Legacy</b> contains documents that are not applicable for current product development.</i>")

        Are all Apple developers as much in denial as you? Poor Apple.

        Your Cupertino overlord has let you down. Now, get over it.<br><br>If you are so sure that WebObjects are current an alive then you should have no problem linking to the overview article, tutorial, articles etc.<br><br>If you are so sure that Apple just hosted a conference on WebObjects then you should have no problem linking to the page with the fruity logo.

        I'm done here.
        honeymonster
        Reply Vote

      • I checked it out: you are right WOWODC is not done by Apple, but this does

        @honeymonster: mean that the product is deprecated -- there is no such information (forward to page with archive does not mean that the product is deprecated).

        Support page does not tell anything about deprecation either:
        http://www.apple.com/support/webobjects/

        And, since WebObjects is used to run iTunes Music/App/Book store, it is obviously not deprecated.
        DDERSSS
        Reply Vote

      • Ok, once more

        @DeRSSS

        <i>Support page does not tell anything about deprecation either:
        http://www.apple.com/support/webobjects/
        </i>

        Ok. Then click the <i>specifications</i> link. You know <i>specifications</i> like in the authoritative source on the technology.
        1) Where does that link take you?
        2) What is the title of that page?
        3) What does the first (and only) paragraph tell you?
        4) How dense can an iFanboi be?
        honeymonster
        Reply Vote

      • Link reference does not equal to deprecation of WebObjects at all

        @honeymonster: the fact that WebObject run iTunes tells us that it is alive and well. Support page does not tell anything about deprecation either.
        DDERSSS
        Reply Vote

      • RE: Apple: Holy Grail for hackers?

        @DeRSSS WebObjects? Really? That's the security everyone is banking on? It took me five seconds to pull up ten exploits on Google relating to WebObjects.
        Str0b0
        Reply Vote

      • RE: Apple: Holy Grail for hackers?

        @DeRSSS Anything can get hacked at anytime, nothing is safe it's just a matter of time or luck.

        My works computer was hacked when I was actually in the middle of searching for <a href="http://www.vibrationplatereviews.net/medicarn-series300-vibration-plate-review/"><font color="#000000">vibration plates</font></a> or something to help with my fitness. Still don't know really what happened, just that it was more annoying than expensive.
        toby juggles
        Reply Vote

    • Right. Because when they had 22 million credit card

      numbers, they were too small to be worth the effort. But, hey, now that they have a tech support server....
      fr_gough
      Reply Vote

      • RE: Apple: Holy Grail for hackers?

        @fr_gough ROFL! Good point.
        lelandhendrix@...
        Reply Vote

      • RE: Apple: Holy Grail for hackers?

        @fr_gough when i was staying at <A HREF="http://www.globalgrasshopper.com/travel/ten-cool-and-unusual-hotels-in-new-york/">cool hotels New York</A> i got to see some cool stuff but never this serious
        monstertricks
        Reply Vote

    • RE: Apple: Holy Grail for hackers?

      @honeymonster Better yet, why would you keep your root password in a database even hashed?
      snoop0x7b
      Reply Vote
CNET Join | Log In | Privacy | Cookies Close