Our definitions of bundled and locked are different, I guess. It wasn't my intention to rush to AT&T's defense; they are stupid and got busted. My original reason for commenting was the statement that Apple was to blame for using AT&T. (I don't think I overstated that, but I respect that you do.) Apple has a lot of faults, but this isn't one of them. This is AT&T's problem and nobody else's. The only relatively positive thing I was saying about AT&T is that I don't think they are alone in the potentially-exposing-confidential-data department. My only reason for mentioning GSM was in the context of "this is why the service is not available on Verizon, Sprint, et al".
________________________________ From: Micheal Espinola Jr [mailto:[email protected]] Sent: Thursday, June 10, 2010 2:37 PM To: NT System Admin Issues Subject: Re: AT&T/iPad security breach Its "bundled" in that you must use AT&T. They come together in the US. Its locked. I'm not picking on AT&T specifically, and Im not sure why you are rushing to thier defense. I would pick on whoever the provider is, and whoever chose them. yea, yea, CDMA, GSM... I was a VoiceStream GSM customer long before they were bought by Cingular and lastly AT&T. But this is not an excuse. AT&T has been burned on thier UserAgent schenegans in the past - so this instance is not excusable. Goatse did nothing inovative here. They reused old data about AT&T mobile device practices. -- ME2 On Thu, Jun 10, 2010 at 11:27 AM, Mayo, Bill <[email protected]> wrote: It is not a bundled service. The iPad uses a "standard" Micro-SIM card slot, into which you can place a Micro-SIM card from any provider that will allow you to do so. In the United States (not the only country in the world), the only provider to provide a plan for this device is AT&T. Unlike the iPhone, I have heard nothing to suggest this is an exclusive agreement in the U.S.; it is more a problem that most U.S. providers use CDMA instead of GSM. It is true that Apple chose GSM to the exclusion of CDMA. As far as why they chose AT&T in the first place, it is pretty well documented that AT&T was the only provider that would play ball with them (i.e. releasing some of their control over the handset). To reiterate, though, it is not a bundled service. You can buy a cellular-enabled iPad with no service. Even if you choose to use AT&T's service, it is month to month. And, if you live anywhere in the world other than the US, there are lots of providers that support Micro-SIM and GSM--it's merely a question of whether or not they choose to offer the service. Finally, from what I understand about this breach, the problem was that the attacker was able to predict the ICC-IDs and were then able to send that data to a poorly written web page hosted by AT&T. There is nothing there that suggests to me that they couldn't have used similar techniques to find out info on nearly anyone that had an AT&T data (or maybe even voice) plan. And who's to say that they didn't? They may just be keeping that in their back pocket. While this is a bad thing, it is not uncommon, and the amount of data exposed is relatively modest at least. If you think Verizon or any other provider is immune to having a crappy programmer or lax security somewhere, you will inevitably be disappointed. It's kind of like BP right now. They are being exposed for poor practices and possible negligence on many fronts presently, and they deserve everything they get. However, if anyone thinks that every other oil company isn't doing the same thing, they are naive. ________________________________ From: Micheal Espinola Jr [mailto:[email protected]] Sent: Thursday, June 10, 2010 2:05 PM To: NT System Admin Issues Subject: Re: AT&T/iPad security breach Its a boundled service. I'm not saying that they should be held specifically accountable - but they share some level of fault here. Assign blame or not, there is a fault for them in who they chose as thier service provider. Bill, I think your suggestion is backwards, and no, I dont think its fair for it to work that way. But if Apple relies on inadequate service/etc, then yes, I think they are accountable to a degree. -- ME2 On Thu, Jun 10, 2010 at 10:49 AM, Mayo, Bill <[email protected]> wrote: By that rationale, everyone that offers a phone for AT&T is guilty of a security lapse. That would be, well, everybody, right? ________________________________ From: Micheal Espinola Jr [mailto:[email protected]] Sent: Thursday, June 10, 2010 1:40 PM To: NT System Admin Issues Subject: Re: AT&T/iPad security breach Good question, but both really... It appears to be an AT&T breach, but as you know it specifically effects the iPad. But, I beleive Apple fails here as well for he provider that they chose to host thier equipment and services with. -- ME2 On Thu, Jun 10, 2010 at 10:24 AM, Rod Trent <[email protected]> wrote: iPad or AT&T? From: Micheal Espinola Jr [mailto:[email protected]] Sent: Thursday, June 10, 2010 1:20 PM To: NT System Admin Issues Subject: Re: AT&T/iPad security breach No doubt. It was pre-destined to be a major target. -- ME2 On Thu, Jun 10, 2010 at 10:01 AM, Don Guyer <[email protected]> wrote: Only a matter of time, no shock there. Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 [email protected] From: Micheal Espinola Jr [mailto:[email protected]] Sent: Thursday, June 10, 2010 12:57 PM To: NT System Admin Issues Subject: AT&T/iPad security breach http://www.google.com/search?q=ipad+security+breach -- ME2 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
