Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Data Security / Hackers Say iPad Is Still Vulnerable
iPad Still Vulnerable, Hackers Say in Refuting AT&T
iPad Still Vulnerable, Hackers Say in Refuting AT&T
By Barry Levine / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
The iPad could have more security flaws than the one found on AT&T's web site last week. In a posting Monday, hacker site Goatse Security said "all iPads are vulnerable" because of a weakness in Apple's Safari browser. The notice was in response to an e-mail sent to iPad owners this weekend by AT&T, in which the carrier apologized but blamed the incident on "malicious" hackers.

According to Goatse, a user could click a malicious link in the browser and the security hole could allow unauthorized access to the iPad. The site said Safari does not block off high-numbered, illegitimate ports, or communication channels. This, in combination with the browser's ability to automatically fulfill software requests, could spell trouble. Apple hasn't released a fix or a statement.

'Malicious,' Result of 'Great Effort'

The posting about Safari's vulnerability was a retort to AT&T's apology. Goatse brought attention last week to a vulnerability in the carrier's web site that allowed the acquisition of more than 100,000 iPad users' SIM card ID numbers and e-mail addresses.

In its e-mail sent Sunday, Dorothy Attwood, AT&T's senior vice president and chief privacy officer, called Goatse's hack "malicious" and the result of "great effort." She added that "unauthorized computer 'hackers' maliciously exploited a function designed to make your iPad log-in process faster." AT&T said it turned off the web-site feature that made the security breach possible.

Some observers have said AT&T should not be storing confidential information on a publicly accessible web site. The list of e-mail addresses included many high-profile individuals, including staff members in the U.S. Senate and House of Representatives, and employees at the Justice Department, NASA, Department of Homeland Security, The New York Times, Dow Jones, Viacom, Time Warner, and News Corp.

'No Breach, Intrusion or Penetration'

Goatse countered AT&T's e-mail by noting that the breach took only an hour. It charged that neither AT&T nor Apple were taking security seriously. The FBI has said it is investigating the breach.

Although AT&T accused Goatse of irresponsibly making the vulnerability public, the security site said it disclosed the threat only after the hole was closed and no longer a threat. It added that it retrieved all the confidential information from AT&T's public web server without a password and "there was no breach, intrusion or penetration."

Goatse said "this disclosure needed to be made," arguing that "iPad 3G users had the right to know that their e-mail addresses were potentially public knowledge so they could take steps to mitigate the issue," like changing their address.

Read more on: AT&T, Goatse Security, Apple, iPad, Safari
Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.