Linked by Thom Holwerda on Tue 4th Sep 2012 09:00 UTC
Apple This could be big - although just how big remains unclear. "There you have. 1,000,001 Apple Devices UDIDs linking to their users and their APNS tokens. The original file contained around 12,000,000 devices. We decided a million would be enough to release. We trimmed out other personal data as, full names, cell numbers, addresses, zipcodes, etc." How did AntiSec get this data (they claim)? From an FBI laptop. Why an FBI laptop would have a file with personal information on 12 million iOS users, we don't know - especially since 10000 of them are Dutch/Belgian, and last I checked, those do not fall under FBI jurisdiction. Did the FBI obtain it from an application developer, or from Apple itself? Then again - 12 million users? From a single iOS developer? I find that hard to believe.
Thread beginning with comment 533919
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: A couple of things don't add up
by Radio on Wed 5th Sep 2012 11:03 UTC in reply to "A couple of things don't add up"
Radio
Member since:
2009-06-20

But do these guys actually have twelve million device IDs? I seriously doubt it. Show me the proof and then, if they actually do have proof, I might get worried about it.

Yeah, because it is vitally important to know if they have one or twelve million. I mean, one million is nothing, it's peanuts, right?

Really worth raising a red flag.

Reply Parent Score: 2

darknexus Member since:
2008-07-15

Ah, but itis worth raising a red flag because, you see, there is no proof they have those IDs and that casts doubt on whether the IDs they have published are even real. For someone who often claims to want full disclosure of information, you seem rather relaxed about having it here. As for me, I don't believe things until they're proven. They have twelve million IDs? Show us the proof or else realize that those of us who generally want solid facts won't believe the so-called IDs they did release. I understand that there are folks on here who will believe something like this so long as it's against a company they hate but, as for me, I prefer to stay neutral in the brand wars.

Reply Parent Score: 3

Radio Member since:
2009-06-20

Even if they don't have the whole twelve million, they already have a friggin' million; isn't that already important? Isn't that already a big proof?

You sound like a lawyer who would say "only one fingerprint of my client has been found on the weapon; all complete fingerprints of all the ten fingers should be there! Your proof is void!"

Seriously, it is worth more freaking out for the fact that there is one million UDID in the hands of Antisec and others, rather than discussing where are the other eleven million.

Edited 2012-09-05 13:58 UTC

Reply Parent Score: 3

Neolander Member since:
2010-03-08

"But do these guys actually have twelve million device IDs? I seriously doubt it. Show me the proof and then, if they actually do have proof, I might get worried about it."

Yeah, because it is vitally important to know if they have one or twelve million. I mean, one million is nothing, it's peanuts, right?

Really worth raising a red flag.

One privacy violation is a tragedy; a million is a statistic.

Edited 2012-09-05 15:03 UTC

Reply Parent Score: 3

Alfman Member since:
2011-01-28

1M or 12M, same thing. Either way it shows that the data wasn't sufficiently protected, which is what AntiSec set out to demonstrate. I understand the hatred towards the group, but whether we like them or not I think it does provide an incentive for companies to improve their security practices.

I'm willing to bet that more than half of us work at companies with lax security where the managers privately don't care for (or can't justify) working towards resolving security problems until AFTER they've been exploited. I still remember one response when I personally pressed the issue with a PM (paraphrased) "we get paid to add new feature, we don't get paid to fix the old ones". What disturbs me about it is that it's absolutely true, so we end up with data being vulnerable and no one wants to pay to fix it. Politicians make laws like HIPAA, but from where I'm sitting it hasn't made much of a difference on the ground level in IT.

Reply Parent Score: 3