The hacker group Anonymous has broken into one of Apple's servers, but that statement sounds a lot worse than it actually is for Apple customers. First off, the infiltrated server appears to be one that Apple used to process technical support follow-up surveys. And the hack itself only managed to reveal 27 internal Apple user names and passwords: No customer data seems to have been compromised in the attack.
Anonymous posted the results of its hack to Pastebin, and Apple has responded by taking the affected server offline.
"Apple could be target, too. But don't worry, we are busy elsewhere," reads a message posted to the official Anonymous Twitter account.
If the user name and password dump of the mysql database on the Apple machine looks familiar, it's because it could be the result of a similar style of hack often used by former hacker group Lulzsec. While we don't have confirmation on the exact methods used to breach Apple's server, a common SQL injection attack—recently named the Web's most dangerous security vulnerability in a report issued by the Department of Homeland Security–could very well have been the attack vector used in Anonymous' hack.
While circumstantial, evidence for the possibility of an SQL injection includes the simple fact that all of Lulzsec's members officially joined up with Anonymous following Lulzsec's public disbanding last week. Lulzsec used SQL injections to pilfer information from Sony Pictures and PBS, as well as the Web site of the Mosman Council in Sydney, Australia.
There's been no further word or activity based on Lulzsec's former claims that it had broken into Apple's iCloud service–a far more compelling hack than the seemingly random Anonymous dump of a survey server.
"After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database passwords, which we proceeded to shift silently back to our storage deck," wrote Lulzsec representatives in a Pastebin file describing the alleged iCloud hack.
Apple has not issued a comment regarding the Anonymous hack or the alleged Lulzsec iCloud hack.
0 comments:
Post a Comment