On Thu, 10 Jun 2010, David Harley wrote: > OTOH: > > Apple's worst security breach, or a great big hyperbole? > http://www.sophos.com/blogs/duck/g/2010/06/10/apples-worst-security-breach/
An issue I haven't seen discussed publically yet is that this just created a nice spear phishing list of targets. Fake apple updates? Malware? Everyone knows Macs can't get malware <g> so recipients' guard might be down and they could be induced to click. hey also might be reading from Windows at work, particularly the .mil and corp execs. Thats a pretty rich list to be going after with targetted malware email attacks. So I fall somewhere in the "yes, this really is a big deal," and don't mind Gawker blasting it out public like this. I don't think it undermines the message of data security. -Dave D > > -- > David Harley BA CISSP FBCS CITP > ESET Research Fellow > > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Juha-Matti Laurio > > Sent: 10 June 2010 11:34 > > To: [email protected] > > Subject: [funsec] Apple's worst security breach: 114, 000 > > iPad owners exposed > > > > "Apple has suffered another embarrassment. A security breach > > has exposed iPad owners including dozens of CEOs, military > > officials, and top politicians. > > They-and every other buyer of the cellular-enabled > > tablet-could be vulnerable to spam marketing and malicious hacking. > > > > The breach, which comes just weeks after an Apple employee > > lost an iPhone prototype in a bar, > > exposed the most exclusive email list on the planet, a > > collection of early-adopter iPad 3G subscribers that includes > > thousands of A-listers in finance, > > politics and media, from New York Times Co. CEO Janet > > Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein > > to Mayor Michael Bloomberg. It even appears that White House > > Chief of Staff Rahm Emanuel's information was compromised." > > > > http://gawker.com/5559346/apples-worst-security-breach-114000- > > ipad-owners-exposed?skyline=true&s=i > > > > Juha-Matti > > > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > +------------------------- + Dave Dennis + Seattle, WA + Speakeasy, Inc. + [email protected] + http://www.speakeasy.net +------------------------- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
