Linked by Thom Holwerda on Tue 28th Jun 2011 22:16 UTC
Apple With all the news about Anonymous, LulzSec, Anti-Sec, and so on, you'd almost forget there are more ethical hacking groups out there as well. One such group, YGN Ethical Hacker Group, informed Apple of several weaknesses in its developers website on April 25. Apple acknowledged the flaws, but so far, hasn't done anything about them. YGN Ethical Hacker Group has now stated they will fully disclose the vulnerabilities if Apple doesn't fix them in the coming few days.
Permalink for comment 479202
To read all comments associated with this story, please click here.
Bill Shooter of Bul
Member since:
2006-07-14

Dude, bad things can still happen with just a redirect: Phishing. Tricking people into giving them login credentials to sites that contain their financial information.

Let me be more explicit in the example:

1) You click a link that is clearly going to apple.com. Which you think is safe and will have apple related information.

2) The link contained a redirect url hidden at the end, you are instead redirected to apple.Mactunescentral.com a bad site run by bad people who don't like you or your dog FlufflyCakes.

3) The site apple.Mactunescentral.com looks like Apple's uh oh it warns you that your credit card info needs to be updated for your app store/itunes account.

4) You enter in your credit card.

5) Bad people use your creidt card. You later get a decline when trying to buy life saving medicine for fluffycakes. He dies.

The hackers killed your dog, man. Its got nothing to do with your os, just your browser and your lack of fully checking each and every URL and foolish faith in Apple's security reputation*.

*Note: Even if it is apple's site, don't give them your ccnumber. They also hate fluffycakes.

Reply Parent Score: 3