Friday, June 11, 2010

VERITAS: FUMBLE - WHO'S LOOKING AT YOUR iPAD?

This week's perspective from Joe Chidley:

Ok, so maybe Apple’s iPad really is the saviour of all media. One can only hope. But its path to world domination did not exactly get a boost this week from AT&T, the exclusive telecom service provider for iPad users. A group of French hackers calling itself Goatse Security discovered and exploited a vulnerability in AT&T’s website that allowed them to see the “ICC ID’s” (whatever those are) of tens of thousands of iPad owners, including a few high-profile members of the military, New York Mayor Michael Bloomberg, film mogul Harvey Weinstein and White House Chief of Staff Rahm Emanuel. (Unintended consequence: free celeb endorsement for the iPad.) AT&T responded swiftly to the report of the breach, first published in Gawker.com: it said it fixed the problem within hours of finding out about it from a customer, and apologized to iPad customers. Fair enough. But then it made a point to emphasize that the only things hackers could derive from ICC IDs were email addresses, no passwords or other personal information. That might have been a step too far. By implying that the damage was limited, AT&T gave reporters a step upon which to talk about all the bad things hackers could actually do with the IDs. And so the story was extended. The lesson: when you’re caught making an error, fix it, apologize for it, but avoid being seen to downplay it - don’t tell the victim how unworried he or she should be. So reluctantly, we award a fumble to AT&T. Meanwhile, the FBI is investigating the security breach, which serves the would-be do-gooders (who seem more interested in notoriety than security) right. Fumble to Goatse too.

No comments: