Is this the video that brought down the Apple Developer Center?

Is this the video that brought down the Apple Developer Center?

Summary: Security researcher Ibrahim Balic discovered 13 flaws in Apple servers and reported them. Here's the video he made of his exploits then promptly removed.

Is this the video that brought down the Apple Developer Center? Jason O'Grady

If you missed it, the video that Ibrahim Balic made (since removed) demonstrating the flaw that he discovered in the Apple's iAd Workbench has been re-posted (embed below). Balic claims that the vulnerability he discovered was the impetus for the company's removal of the Apple Developer Center portal.

In the video Balic demonstrates the flaw that allowed him to scrape 100,000 names and email addresses from the iAd Workbench tool, which isn't the most concerning issue. Balic submitted a total of 13 issues to Apple via its bug reporting tool, 12 of them were XSS (cross-site scripting) vulnerabilities in various Apple Services (including the Developer portal) which had the potential to expose user details

Although his motives are unclear, Balic presumably removed the video because it shows actual user names and email addresses. For his part, Balic claims his efforts weren't malicious and that he told Apple about the flaws via official channels. According to TechCrunch:

Balic swears up and down that he’s not a malicious hacker. Rather, he claims to be just a security buff who stumbled upon a way to access gobs of Apple user data, tried to warn the company about it, and made a (now private) video highlighting the security flaw in question when Apple wouldn’t respond.

Apple hasn't responded to questions about the outage (outside of the statement below) and the Developer Center has been down since Thursday, July 18, 2013.

Apple Developer Center maintenance message - Jason O'Grady

Does the video help or hurt his case?

Topics: Apple, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It sure hurts apple

    osx is deeply flawed by design and cannot even be secured by apple.
    • Re: It sure hurts apple

      Tell me again how this has anything to do with osx? Where is osx involved in this article? osx isn't getting hacked in this article.... Apple's website got "hacked" (loose term), but not their OS. Keep your Microsh*t fanboyism comments to yourself.
    • Apple's web site does not run on OS X

      As such, this comment has no relevance to the article.
      • Well that's humiliating

        apple doesn't even trust the security of their own OS to host a simple website.

        Folks, you heard it here: not even apple can recomend osx.
        • As a server OS? No they don't recommend it, they even discontinued it

          I know you can't get your head around it, but some operating systems aren't suited for some tasks, as they aren't designed for it. You would not run an Apache farm on QNX or Android, and you wouldn't run a laptop on IBM's OS/390. It is entirely right and appropriate that some operating systems service only specific ranges of the computer marketplace.

          Even Apple's beefiest workstation, the Pro, is meant at most as a file server and a video editing workstation.

          Now Darwin is BSD based, and you probably could make a server out of it, but nobody seems interested, not even Apple.
          • Again, humiliating

            Up until very recently, apple charged a fortune for osx server.

            Did something happen between then and now that made osx server completely useless or was osx server ALWAYS completely useless and apple just lied about it?

            Of course apple lied about it.

            What else is apple lying about?
          • Don't feed the troll

            Just makes them troll harder...
          • Why waste your time anyway?

            Laraine Anne Barker
          • The server market just doesn't interest Apple

            it doesn't relate to a world of iPods, then iPhones, then tablets.

            Now, is there anything about OS X that makes it particularly unsuitable as a server? No, of course not - it is basically BSD under the hood, which as a UNIX is capable of hosting the daemons that serve mail, web, etc. with little more required than to run the makefile.

            But if they don't want to make servers, so what? Google doesn't sell a Server OS. Neither does Adobe. That neither do is not to the discredit of either company. Why should it be mandatory that Apple do so? I just don't get it.
  • Hacked from a Windows machine!

    HAHAHA Apple is no more secure than any other platform - They are just better at telling everyone how secure they are.
    • Re: Hacked from a Windows machine!

      Apple's website was hacked, not their OS. I've never once heard them saying their websites are the most secure...... Get a life, troll. HAHAHAHA
      • Calm down.

        As much as I dislike the trolls, the website was in-fact, hacked.

        Let them have their fun.

        Even if they're wrong, the flaw was still an obvious one.
  • whatever

    That guy did not act very smart.

    He surely can't prove he did not disclose the data to the various three letter acronyms, and no doubt has go it deep trouble. Nothing to do with Apple, but our resident jenny18 clone might find food in this 'news'.
  • That is what happens when a company

    has a server product but doesn't know a lot about servers. Apple just needs to stick to the simple consumer devices such as ipad and iphone.
  • Yeah, but marketing has almost always trumped quality

    Back in the days of mainframes it was universally accepted by anyone in the know that IBM did not have the best product - by far. But look at what they accomplished, simply through better marketing - and perhaps some questionable business practices.

    Sound familiar?
    • What product are we talking about

      the Apple Developer Program? Because that is the only "product" at issue in this article, unless I missed something.
  • WOW!

    Apple is hacked! Nevermind. Absolutely impossible. When exactly did Apple say their site CAN NOT BE HACKED???? In the reality of today everything can be hacked. Every site. Every system. I don't believe there is at least one people here who doesn't know it. So, what is this 'Apple hacked, how can it be, if Apple says there're so secured' means? No more ,than one more stupid attempt to blame Apple in something else? Guys, you're not in your mind. NOT Apple's OS is hacked, but Apple's site. Interesting, why don't you remember that not so many time ago Facebook and Ubuntu Forums were suffering from the same thing? And, let's recall the time, when the Windows code was published on the Internet. No one is secured. No one can defend itself perfect. The bigger company,the bigger is risk. Guys, turn on your logics!!!
    Maria Davidenko