Apple servers hacked by Anonymous
According to Anonymous' twitter account, the hacking group used a SQL injection exploit to pull down the usernames and passwords of several accounts from an Apple-run server (abs.apple.com). The passwords appear encrypted so there is little threat that others can abuse this account information. It's more a blow to the company's reputation. The hackers implied they could do more if they wanted, but told the company and the public not to worry as they "are busy elsewhere."
Share
Categories
According to Anonymous' twitter account, the hacking group used a SQL injection exploit to pull down the usernames and passwords of...
Add a Comment
Eric LaRue
Anonymous was better off when they were targeting the Church of Scientology. Why can't they find another worthy target? Like, say, the Republican party?
July 07 2011 at 1:30 PM Report abuse Permalink rate up rate down Reply"busy elsewhere" = "we hit a dead end and rather than admit it, we're going home and taking our ball with us."
The server they hit smells like a honeypot to me.
Once you hack you've hacked. The claim they could have done more is hot air, there was no more to do. If they could have done more they would have.
Weffle runners. I'm glad I left that scene when I did, which was a very long long time ago.
Even though I am a dog, I'm pretty sure the first sentence should read "an SQL" instead of "a SQL".
July 04 2011 at 3:46 PM Report abuse Permalink rate up rate down ReplyWrong, this is correct, if you read it as "SEE-QWELL", instead of "S. Q. L.".
July 04 2011 at 5:18 PM Report abuse Permalink rate up rate down ReplyAnonymous is boring
July 04 2011 at 3:13 PM Report abuse Permalink +2 rate up rate down Reply"The passwords appear encrypted so there is little threat that others can abuse this account information."
Since when is this true? A decent machine can brute force a hash in anywhere from a few seconds to a few hours. Anything less than eight characters might as well be in plain text.
If your hashed password leaks, assume it compromised. The only thing having a strong 10+ character password grants you is that most likely nobody is going to waste the hours of CPU cycles cracking it when there are hundreds of idiots with "password" or "monkey" they can unlock in seconds. If there is reason for a particular account to be targeted, then it's only a matter of time.
Wearing those nice running shoes doesn't mean you can outrun the bear. It just helps you outrun your friends.
----------
(I realize the threat is small in this case as it's just a few passwords that will likely be changed before any real abuse occurs, but I felt the wording of the article might be a bit misleading to some concerning the amount of security afforded by the hashed form of a password being leaked)
What is the honest point! Seriously.
July 04 2011 at 1:33 PM Report abuse Permalink +3 rate up rate down Replycan someone please arrest these kids and put them away for longer than 2 months?
July 04 2011 at 1:27 PM Report abuse Permalink +3 rate up rate down Reply
Mabhatter
They'll have to send in Foxconn's "accident" crew!
July 04 2011 at 9:42 PM Report abuse Permalink rate up rate down ReplyDeals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Targus Truss Case for iPad and iPad 2 for $15 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
15 Comments