Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The FBI has confirmed it is investigating the iPad security breach that led to the collection of the email addresses of over 114,000 users.Yesterday Goatse Security announced that it had exploited a flaw in AT&T's security protocols that allowed them to harvest data on 114,067 iPad 3G owners. These included the White House chief of staff, New York major Michael Bloomberg and numerous senior people in the military, media and commerce."The FBI is aware of these possible computer intrusions and has opened an investigation," Katherine Schweit, an FBI spokeswoman, told the Wall Street Journal.Ms. Schweit said the FBI opened the investigation today but it will not comment on what it is looking at. "It's very early in the investigation," she said.Meanwhile security researchers at Praetorian Prefect have published the full exploit code used in the attack. The flaw is a simple one they said, which required no actual hacking.“An e-mail address gets returned in the successful iterations (active ICCID) and parsed,” said the company in a blog posting.“There’s no hack, no infiltration, and no breach, just a really poorly designed web application that returns e-mail address when ICCID is passed to it.”AT&T said in a statement that the function on its web site that allowed the emails to vbe collected had now been altered to fix the problem.“This issue was escalated to the highest levels of the company and was corrected by Tuesday, and we have essentially turned off the feature that provided the e-mail addresses,” AT&T said in a statement.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.