Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AT&T Leaks Emails Addresses of 114,000 iPad Users

samzenpus posted more than 4 years ago | from the sieve-security dept.

Privacy 284

Hugh Pickens writes "Daily Tech reports that in what is one of the biggest leaks of email addresses in recent history, a group called Goatse Security has published the personal email addresses of 114,067 iPad 3G purchasers in what appears to be a legal fashion by querying a public interface that AT&T accidentally left exposed. Apparently AT&T left a script on its public website, which when handed an ICC-ID would respond back with the email address of the subscriber. This apparently was intended for an AJAX-style response inside AT&T's web apps. Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed. 'This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple,' writes Ryan Tate, adding that the leak is likely to unnerve customers thinking of buying iPads that connect to AT&T's cellular network. 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.' In a statement, AT&T says that the issue was escalated to the highest levels of the company and that it has essentially turned off the feature that provided the email addresses. 'We are continuing to investigate and will inform all customers whose email addresses and ICC IDS may have been obtained,' says AT&T. 'We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted.'"

Sorry! There are no comments related to the filter you selected.

Bad joke (5, Funny)

girlintraining (1395911) | more than 4 years ago | (#32519080)

Wait, the iPad suffered a leak? That's why you always buy pads with wings. (groan)

Re:Bad joke (1)

dotgain (630123) | more than 4 years ago | (#32519294)

Certainly this is stuff that matters, but News it ain't. Give another year and dropping a DVD full of records will probably be what passes for "viral campaign"

Re:Bad joke (5, Interesting)

Peach Rings (1782482) | more than 4 years ago | (#32519406)

It's going to become news when this hits the courts:

in what appears to be a legal fashion by querying a public interface

Since when [slashdot.org] does the interface being public [slashdot.org] have anything to do with whether accessing it is legal? The law makes statements about authorized and unauthorized access, not technically possible and technically impossible access. In all hacking crimes the system is happily serving up content exactly as built by the designers, but it's still a crime. In many cases, the system is even working as intended (no buffer overflows and the like) but if unauthorized access is obtained, it's still a crime.

Does anyone else remember this case [zdnet.co.uk] that was on slashdot some years ago? A computer security consultant was convicted in the UK for typing "/../../" after a URL and hitting enter. Obviously this destroyed his career.

This is the text of the law that convicted him.

a person is guilty of an offence if: he causes a computer to perform any function with intent to secure access to any program or data held in any computer and the access he intends to secure is unauthorised and he knows at the time when he causes the computer to perform the function that that is the case

Re:Bad joke (5, Insightful)

afidel (530433) | more than 4 years ago | (#32519440)

By not putting an access control mechanism on a data interface you are essentially granting everyone access. Whether the courts rule this way has nothing to do with the technical and practical realities of the situation.

Re:Bad joke (4, Insightful)

Moridineas (213502) | more than 4 years ago | (#32519492)

So if you forget to lock your house door or window, or a car door, or accidentally leave a window open, etc, it's ok for anybody to enter your house and look around?

Not a perfect analog at all as on the web such access can be committed easily and accidentally, but I think the point remains.

Re:Bad joke (2, Interesting)

icebraining (1313345) | more than 4 years ago | (#32519570)

So when you click on a link, are you sure the website allows you to access it?

Nobody "broke in" anything. They requested the service, the server gave it to them. I don't see any illegality here.

Re:Bad joke (3, Insightful)

Moridineas (213502) | more than 4 years ago | (#32519644)

That's exactly the problem.

Randomly searching directories for non-listed files? Is that a problem? What about typing "/private" to the end of a URL and finding something?

For instance with this story, it's not clear how the hacking group found the script in question. If it's not publicly listed is it a problem? The second it started returning what is obviously non-public information, is that a problem?

I completely agree that stumbling across something private on a public website is easy to do. But if the "stumbler" has to do a lot of work to stumble on the information...? (and I absolutely DON'T excuse AT&T for this leak either)

Re:Bad joke (3, Insightful)

icebraining (1313345) | more than 4 years ago | (#32519688)

Nothing of that should be illegal. Come on, you can set up basic authentication in Apache in five lines in .htaccess [cyberciti.biz] .

Any URL that doesn't require authentication should be fair game, imho. Anything less than that and we start going on a grey area and the 'net turns into a unsafe place where you can be illegal just by clicking a link.

Re:Bad joke (2, Insightful)

Albanach (527650) | more than 4 years ago | (#32519716)

Given they wrote a script to automatically generate SIM IDs which could then be passed to retrieve another email address, I suspect they were well aware that this was data they should not be accessing.

There was no need to retrieve over 100,000 addresses before notifying AT&T nor was there any need to share the security hole with others as was also done.

The leak shouldn't have been there, but the responsible thing to do upon discovery is report it, not exploit it.

Re:Bad joke (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32519606)

So if you forget to lock your house door or window, or a car door, or accidentally leave a window open, etc, it's ok for anybody to enter your house and look around?

Not a perfect analog at all as on the web such access can be committed easily and accidentally, but I think the point remains.

I usually just pass these type of posts by, but I must say that walking into someones house or climbing in a windows is totally, not even close to accessing a PUBLIC interface on a web site.
A house or a window is quite obvious that you don't belong, but come on, how are you supposed to know that a PUBLIC interface was NOT meant to be PUBLIC.

Give me a freaking break. The point is pointless.....

Re:Bad joke (2, Insightful)

biryokumaru (822262) | more than 4 years ago | (#32519760)

If you leave your doors open and your house gets robbed, the cops are going to laugh at you. Seriously.

Re:Bad joke (1)

debatem1 (1087307) | more than 4 years ago | (#32519762)

Analogies are why we can't have nice things. This gives a data provider the ability to make an innocently and legally undertaken action illegal after the action has been completed. I would suggest that we not extend powers we deny the government to AT&T.

Re:Bad joke (1)

aliquis (678370) | more than 4 years ago | (#32519502)

And how are you supposed to know you're unauthorized if it's out there in the open?

To make the good old car analogies:
* You ride a road and get caught because obviously you're not allowed to use THAT road, not that anyone told you so..
* You get a speed ticket for following the speed on the signs because they intended to put some others up last week but haven't got them up yet.

If you try to access /.. I can see how that claim holds, but for a function/webpage just lying around?

Pretty weak description, over here in Sweden we've got laws about how digitized/stored personal data should be handled instead. So if you fuck up and leak the data the problem is most likely not the one who happened to see or get the data but rather the idiot who let it happen.

Re:Bad joke (2, Funny)

aliquis (678370) | more than 4 years ago | (#32519564)

.. or well, scrap the later part, I'm trying to find what the law actually says over at datainspektionen but it's hard to find anything relevant to the security of storing or sharing the personal data. I don't wanna claim too much in case it's not true :/

Re:Bad joke (5, Informative)

aliquis (678370) | more than 4 years ago | (#32519670)

Personuppgiftslagen / personal data law [riksdagen.se]

Google translation (enhanced by hand ..)

Safety measures
31 The liable data manager must take appropriate technical and organizational measures to protect the personal data processed. These measures must achieve a level of security that is appropriate with regard to

a) the technical options available,
b) what it would cost to implement the actions;
c) the specific risks involved in the processing of personal data, and
d) how sensitive the treated personal information is.

When the liable data manager uses a personal data assistant, the liable data manager must ensure that the personal data assistant can implement the security measures required and ensure that the personal data assistant actually take those measures.

The regulatory authority may decide on security measures.

Re:Bad joke (3, Informative)

OrangeCatholic (1495411) | more than 4 years ago | (#32519574)

>A computer security consultant was convicted in the UK for typing "/../../" after a URL and hitting enter

Wow I just realized what that does.

That's about the lowest definition of "hacking" you can possibly have. It's more like basic literacy.

Re:Bad joke (1)

sharkey (16670) | more than 4 years ago | (#32519582)

The iPad is full of blue liquid?

Goatse Security (0)

Anonymous Coward | more than 4 years ago | (#32519082)

N/T

Re:Goatse Security (5, Funny)

SolidAltar (1268608) | more than 4 years ago | (#32519216)

The funniest part of this entire story is that news organizations are either completely clueless as to what Goatse is, or refuse to mention it.

But some people are going to google it anyway.

The person who leaked this is a true internet superhero.

Re:Goatse Security (5, Funny)

Titoxd (1116095) | more than 4 years ago | (#32519276)

Goatse Security: We will show you every gaping hole in your security!

Re:Goatse Security (5, Funny)

Anonymous Coward | more than 4 years ago | (#32519444)

Goatse Security: We will show you every gaping hole in your security!

"That guy who leaked 114,000 emails? What a big asshole!"

Re:Goatse Security (5, Funny)

cosm (1072588) | more than 4 years ago | (#32519362)

I willing to bet the writers / editors of the dailytech story knew exactly the wide open possibilities of this exploit's verbiage flexibility, FTA:

The title:

AT&T's Gaping Hole Exposes...

and

... before reporting this gaping hole to AT&T...

and this gem:

Apple CEO Steve Jobs surely won't rest until AT&T's gaping hole is filled

Goatse FTW.

MSNBC Investigates Goatse (1)

Tauto (1742564) | more than 4 years ago | (#32519728)

The group that hacked AT&T's Web servers is called Goatse, which has "previously...
http://www.msnbc.msn.com/id/37602751/ns/technology_and_science-tech_and_gadgets [msn.com]

They have, with an added layer of credibility, managed to propagate the danger to your Grandma in main-stream reporting.

I just hope Mat Lauer is wise enough not to look too deep.

Re:MSNBC Investigates Goatse (1, Funny)

Anonymous Coward | more than 4 years ago | (#32519758)

I just hope Matt Lauer is wise enough not to look too deep.

I see what you did there.

I just wish I could unsee it.

Ironic... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32519300)

It's ironic that a group known as Goatse Security would leak the email addresses of Apple fanbois, seeing as how Apple fanbois are all gay asshole stretchers or stretchees.

Re:Ironic... (0)

Anonymous Coward | more than 4 years ago | (#32519344)

That's not *ironic*, that's *appropriate*.

Re:Goatse Security (0, Informative)

Anonymous Coward | more than 4 years ago | (#32519494)

Apple users are used to having their anuses stretched open, both by Apple and by other men. It makes sense that Goatse Security would be the group to gain access to their personal information.

Goatse? Really? (5, Funny)

ewoods (108845) | more than 4 years ago | (#32519088)

Ok, "goatse" in a story, followed by a link... Is anyone really going to click it without hesitation?

Re:Goatse? Really? (3, Funny)

Anonymous Coward | more than 4 years ago | (#32519134)

What's even better is that the first 3 words of the headline are "AT&T's Gaping Hole".

Re:Goatse? Really? (2, Funny)

TinBromide (921574) | more than 4 years ago | (#32519172)

What's even better is that the first 3 words of the headline are "AT&T's Gaping Hole".

Well, I was rather amused by the fact that "Goatse" "Leaked" something from said "Gaping Hole," I suppose that if you spend all your time playing with your "gaping hole," then something is eventually going to leak.

Re:Goatse? Really? (4, Funny)

mavasplode (1808684) | more than 4 years ago | (#32519212)

FTA:

Apple CEO Steve Jobs surely won't rest until AT&T's gaping hole is filled,

nuff said

Re:Goatse? Really? (1)

dotgain (630123) | more than 4 years ago | (#32519306)

You jest, but I'm sure iPad owners would love nothing more than for Apple to open their wallet and contribute to AT&T getting a good walloping. I'm not a US citizen so I don't know if private prosecutions or whatever you might call them happens there.

Re:Goatse? Really? (2, Insightful)

afidel (530433) | more than 4 years ago | (#32519458)

Apple doesn't have to open their wallet, they simply have to end their exclusive agreement with AT&T when it expires next year, that will cost AT&T a couple billion a year which is more than any lawsuit could possibly extract from them.

Re:Goatse? Really? (1)

akanothing (1332641) | more than 4 years ago | (#32519146)

Yes, after seeing how impressive the scope of their work is, I can't wait to dive in and hire Goatse Security.

Re:Goatse? Really? (5, Informative)

Ethanol-fueled (1125189) | more than 4 years ago | (#32519150)

For those of you who don't get it, Goatse Security is a division of the great Gay Niggers Association of America.

I'm not fucking joking.

Additionally, this may be a Slashdot first: The GNAA first post is actually the article itself.

Re:Goatse? Really? (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32519220)

Troll? Fuck you, asshole.

Re:Goatse? Really? (0)

Anonymous Coward | more than 4 years ago | (#32519332)

At least he didn't do it AC?...

Re:Goatse? Really? (2, Insightful)

Ethanol-fueled (1125189) | more than 4 years ago | (#32519416)

No, that was me complaining about how I was modded troll.

But it turns out that my troll mods may have been deserved: I spelled it out like Gay Niggers Association of America instead of Gay Nigger Association of America, which is correct.

My bad, guys. Keep up the good work. I'd join your public affairs department if I weren't so damn busy these days...

Re:Goatse? Really? (0, Troll)

OrangeCatholic (1495411) | more than 4 years ago | (#32519594)

At least someone knows what a troll mod is. I doubt you were modded for the right reason.

Re:Goatse? Really? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32519252)

For those of you who don't get it, Goatse Security is a division of the great Gay Niggers Association of America.

Well they do good work.

http://www.gnaa.eu/

GNAA - Gay Nigger Association of America

GNAA leverages core skillsets and world-class team synergy through sodomy to provide clients worldwide with robust, scalable, modern turnkey implementations of flexible, personalized, cutting-edge Internet-enabled e-business application product suite e-solution architectures that accelerate response to customer and real-world market demands and reliably adapt to evolving technology needs, seamlessly and efficiently integrating and synchronizing with their existing legacy infrastructure, enhancing the e-readiness capabilities of their e-commerce production environments across the enterprise while giving them a critical competitive advantage and taking them to the next level.

Hmm.

Also from their About page.

P.S. If you think this site is racist, you need your head checked.

Re:Goatse? Really? (0)

Anonymous Coward | more than 4 years ago | (#32519340)

I'd never give the GNAA credit, but.. .they won this time.

I've never laughed this hard reading Slashdot in my entire life.

Re:Goatse? Really? (5, Informative)

morgan_greywolf (835522) | more than 4 years ago | (#32519652)

Ummmm...apparently, actually true [goatse.fr] . It really is a division of the GNAA. Makes me wonder how accurate this story is.

Re:Goatse? Really? (1)

gringofrijolero (1489395) | more than 4 years ago | (#32519510)

Could've been worse [youtube.com]

Re:Goatse? Really? (1)

dangitman (862676) | more than 4 years ago | (#32519736)

The name seems redundant. Why not just call themselves "Goat Security" which already contains "goatse." I guess goatse fans aren't known for their subtlety.

Doesn't Matter (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32519092)

The sad thing is - this won't affect Apple's image at all. Most the people with iPads couldn't care less... anyone with half a brain has a droid anyway.

Re:Doesn't Matter (-1, Flamebait)

PopeRatzo (965947) | more than 4 years ago | (#32519214)

The sad thing is - this won't affect Apple's image at all

Image? Are you kidding?

By tomorrow morning there will be a Wired Magazine article on how these leaked email addresses are just another indication of how superior and easy to use Apple products are. I mean, look how easily those fine folks at Goatse Security were able to collect those emails! It shows what can be done when you have the best, most innovative designers focusing on the end-user experience. It's all about the multi-touch!

The fact that probably none of this has to do with Apple won't slow down their desire to form a psychic ring of protection around Cupertino. It's a little-known fact that this protective reflex is triggered by any possibly negative media story about any company whose name begins with the letter "A". Just to be on the safe side.

Re:Doesn't Matter (5, Insightful)

Wyatt Earp (1029) | more than 4 years ago | (#32519260)

Since this was a flaw in AT&T's security, despite Gawker's attempt to make it Apple's fault, why the hell would or should it affect Apple's image?

From a source not being sued by Apple for theft

http://www.pcworld.com/businesscenter/article/198453/should_you_worry_about_the_ipad_3g_data_leak.html [pcworld.com]

Re:Doesn't Matter (2)

icebraining (1313345) | more than 4 years ago | (#32519614)

ince this was a flaw in AT&T's security, despite Gawker's attempt to make it Apple's fault, why the hell would or should it affect Apple's image?

From the summary: 'Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads.'

If I give you my car keys, and you give them to someone else, and that person steals it, you can't claim it's not your fault. You were responsible for those keys.

Re:Doesn't Matter (0, Flamebait)

Lord Kano (13027) | more than 4 years ago | (#32519668)

Since this was a flaw in AT&T's security, despite Gawker's attempt to make it Apple's fault, why the hell would or should it affect Apple's image?

Because Apple chose their exclusive partner poorly. If your business partner does something boneheaded like this, I'm going to think twice before I do any business with you.

LK

Re:Doesn't Matter (4, Insightful)

aesiamun (862627) | more than 4 years ago | (#32519236)

why would it affect Apple at all? This was an AT&T issue.

Re:Doesn't Matter (-1, Troll)

Peach Rings (1782482) | more than 4 years ago | (#32519302)

Did you even read the summary?

Re:Doesn't Matter (2)

Pharmboy (216950) | more than 4 years ago | (#32519476)

Did you even read the article?

Re:Doesn't Matter (2, Insightful)

Kitkoan (1719118) | more than 4 years ago | (#32519698)

why would it affect Apple at all? This was an AT&T issue.

I admit, I don't own an iPad so I might be slightly mistaken as to how this works but from the summery it mentions that Apple is the one that 'users, who must provide the company with their email addresses to activate their iPads' which indicates Apple is the wanting the email, not AT&T. Now if Apple wants the emails, why would if have a 3rd party (AT&T) hold on to this data and not just upload it all to their servers every few hours and delete the AT&T server of this information? Now, if Apple is the one who wants the emails then I'd view it to be more Apples fault for not being in more control over the information it is requesting from its customers.

Re:Doesn't Matter (2, Informative)

sootman (158191) | more than 4 years ago | (#32519782)

Was the summary tl;dr for you? And for everyone who modded you up?

Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads. [emphasis added]

You are more right than you know. (5, Funny)

tak amalak (55584) | more than 4 years ago | (#32519352)

anyone with half a brain has a droid anyway.

Couldn't have said it better myself.

Re:You are more right than you know. (1)

konohitowa (220547) | more than 4 years ago | (#32519372)

I was I had mod points. That was hilarious!

Re:You are more right than you know. (1)

matunos (1587263) | more than 4 years ago | (#32519822)

How is that new droid tablet? Oh, they don't have one yet?

Check the fanboyism at the door please.

Re:Doesn't Matter (-1, Troll)

afidel (530433) | more than 4 years ago | (#32519474)

We're looking at the ipad as a mobile Citrix receiver client, how does a Droid replace the ipad for this functionality (hint it doesn't). Fanboi's of all kinds annoy me.

Cough (2, Informative)

way2trivial (601132) | more than 4 years ago | (#32519524)

http://www.citrix.com/English/ps2/products/product.asp?contentID=1689163 [citrix.com]

"Citrix makes it easy to use enterprise applications, including Windows applications, on your iPhone, Blackberry, Android and Windows mobile devices on-demand."

Re:Cough (0, Troll)

afidel (530433) | more than 4 years ago | (#32519546)

Have you actually TRIED using a desktop app on a smartphone, doesn't work very well at all. The ipad is almost exactly the right size for a portable tablet which makes desktop UI apps usable.

Fixed? It already leaked! (0)

Anonymous Coward | more than 4 years ago | (#32519098)

From the BP school of leak fixage

Oops (1)

Zalgon 26 McGee (101431) | more than 4 years ago | (#32519112)

AT&T making a technical goof. That _is_ news.

Bad move, Apple (0, Troll)

DogDude (805747) | more than 4 years ago | (#32519120)

Apple's market for the i* just got destroyed. The risk that Apple took by partnering with AT&T has finally come and bit them in the ass. Dumb move, Apple.

Re:Bad move, Apple (2, Interesting)

Shadow Wrought (586631) | more than 4 years ago | (#32519202)

I sometimes wonder why Apple hasn't moved away from it's exclusive relationship with AT&T. I do wonder how Apple would spin if it were opened to other carriers and they all experienced the drop call issue?

Re:Bad move, Apple (4, Informative)

Red Flayer (890720) | more than 4 years ago | (#32519278)

I sometimes wonder why Apple hasn't moved away from it's exclusive relationship with AT&T.

Contractual obligations. Here [engadget.com] 's some info.

Basically, Apple signed a five-year deal in 2007 because they badly needed a carrier who was willing to sink many millions into the release.

Here's the thing that sucks for early adopters: If you bought in '07, you had to sign a two-year deal with AT&T. Par for the course for a phone the way we've got it structured in the US. But after your two years are up, you'd still be stuck with AT&T for another three years due to the 5-year deal they have with Apple. Either that, or jailbreak your phone, etc.

Practically, though, the extra three years are no big deal for the early adopters... surely most of them would move onto a new phone after two years, since they are early adopters.

Re:Bad move, Apple (4, Insightful)

Titoxd (1116095) | more than 4 years ago | (#32519218)

In the age of Facebook, I wouldn't be surprised that many people just flat out don't care.

Re:Bad move, Apple (-1, Flamebait)

SolidAltar (1268608) | more than 4 years ago | (#32519230)

>Apple's market for the i* just got destroyed.

Are you completely and totally retarded?

Goatse Security (2, Funny)

Anonymous Coward | more than 4 years ago | (#32519122)

Who is in charge of that? Ben Dover?

Re:Goatse Security (1)

BluBrick (1924) | more than 4 years ago | (#32519648)

Who is in charge of that? Ben Dover?

Close - it's a partnership with Phillip McAvity.

Stupid article (1)

JamesRing (1789222) | more than 4 years ago | (#32519136)

I love the tacky and insensitive image of the iPad disappearing down the massive sinkhole in Guatemala City. At least nobody is dead because some email addresses maybe got leaked.

Re:Stupid article (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32519454)

I love the tacky and insensitive image of the iPad disappearing down the massive sinkhole in Guatemala City. At least nobody is dead because some email addresses maybe got leaked.

I think you have sand in your vagina. I am so sorry that the rest of us don't share your emotional attachment to a natural disaster. People die every single day, so do you mourn for their deaths every moment of every day? Do you remove all joy from your life because bad things happen to somebody somewhere on the planet? No? Just this Guatamala City disaster is more important to you than all the rest, so it isn't about sanctity of life after all? Now then, do you need a douche to remove that sand?

In all seriousness, if you want to offset the death and suffering that occurs on this planet, enjoy your life and be a source and a model of joy and appreciation of life for others. That's a lot more effective than whining about an image.

Re:Stupid article (1)

uofitorn (804157) | more than 4 years ago | (#32519790)

Nobody was reported to have been killed by the sinkhole. Though the other floods and landslides are a different matter..

Oh well... (4, Insightful)

PopeRatzo (965947) | more than 4 years ago | (#32519138)

Accidents happen.

Does anyone think this will cost AT&T anything? Not when you've let the NSA use your phone system for illegal wiretaps.

That was the quid and things like this are the quo.

What is mail for again? and how it was sent? (1)

Ilgaz (86384) | more than 4 years ago | (#32519292)

I couldn't imagine why would a telco need user's mail address and how on earth trusts to the user entered mail address.

I also wonder if the infrastructure was using http or httpS for that communication, you know while collecting user mail addresses for some (??) reason.

You know what? It should be Apple to protest this massive leak at first place. Didn't they declare monopoly on location based advertising "to protect user privacy"? Eh, mail address in some organization named itself "goatse", anything worse could happen?

Re:What is mail for again? and how it was sent? (0)

Anonymous Coward | more than 4 years ago | (#32519392)

And that is why I have a couple of "spare" e-mail addresses...

And why I haven't bought any Apple products yet. I was going to buy an Imac, but that ideation is now on hold.

Thankfully, AT&T is not my wireless provider, either...

Will consumers actually care? (2, Insightful)

holophrastic (221104) | more than 4 years ago | (#32519170)

I'm not a consumer, and least of all a gadget one. I'm a business guy and I like business toys. And when I buy a business toy, I consider the brand and the source, and almost always pay more to get the better source -- especially when the product/service is otherwise identical.

But when have you seen a consumer choose to buy an iPad from a source that's $10 more expensive than another they've found? Anyone here have friends who choose to pay more? Anyone have friends who chose an iPad from not AT&T because they actually thought about the AT&T factor? I'd bet otherwise.

Goatse? Gaping Hole..? (1)

zardozap (1812430) | more than 4 years ago | (#32519186)

... In the articles title no less. Really. Sometimes you can't make this internet shit up.

Re:Goatse? Gaping Hole..? (1)

Psaakyrn (838406) | more than 4 years ago | (#32519490)

I'm guessing they named the company as such in hopes of getting a headline like this.

can't put the genie back in the bottle (1)

rastoboy29 (807168) | more than 4 years ago | (#32519196)

/me predicts ipad users being offered many, many ipad-relevant super deals in their email in the next few days.

I'm sure they won't mind!

Oh joy, another spam list... (2, Insightful)

beaverdownunder (1822050) | more than 4 years ago | (#32519198)

Besides revealing the e-mail addresses of a number of prominent PUBLIC figures (emphasis on the word PUBLIC) it's just another spam list. Whoopee...

Gawker Being Gawker (1, Insightful)

Saeed al-Sahaf (665390) | more than 4 years ago | (#32519222)

Gawker reports that it's possible that confidential information about every iPad 3G owner in the US has been exposed.

Is it? Is it really? Or is this just Gawker being Gawker and making things up? Emails, folks. That's it. Emails. You're on some public list alread, emails are not "confidential".

not every iPad owner (1)

feldsteins (313201) | more than 4 years ago | (#32519244)

Gawker doesn't suggest that "every iPad owner in the US" may have been exposed. It says every iPad 3G owner may have been exposed. I don't think that's splitting hairs, either, given the short time the 3G model has been available. Things are bad enough without making them seem worse.

Re:not every iPad owner (1)

robogun (466062) | more than 4 years ago | (#32519756)

At first I thought it said "all 114,000" Ipad owners. Because I don't see them around and there's no way they sold as many as they said they did.

No way. (2, Funny)

Anonymous Coward | more than 4 years ago | (#32519246)

The last thing that comes to my mind when I think goatse is security. That guy can't secure shit.
And trust me, I've thought about alot of things while viewing / thinking of goatse..And security was definitely the last because I read an article about it on some site.

Hunch (0)

Anonymous Coward | more than 4 years ago | (#32519248)

Just a hunch. I think this is round two, apple versus gawker media. My hunch is this is the lesser of two or more sploits they have against apple products, more or less telling them to back off the gizmodo iPhone lawsuit stuff.

GNAA back at it again (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#32519250)

Another brilliant success for the GNAA: http://www.gnaa.eu/
Also, slashdot took forever to get this story posted.

They have great benefits at Goatse Security (0)

Anonymous Coward | more than 4 years ago | (#32519286)

But the exit interview is tough to get through.

The trick is to relax.

Thank you... (4, Insightful)

xgadflyx (828530) | more than 4 years ago | (#32519342)

Thank you Slashdot for not running the sensationalist headline found on that other "tech" blog. Kudo's to you for calling it what it is - an AT&T security breach.

Why punish the users? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32519380)

I'm surprised nobody else has commented how offensive it is that the group that found the leak published the email addresses. By all means publish the fact of the breach, get pie on AT&T's face, but why punish the users? That's just mean.

Re:Why punish the users? (1)

BluBrick (1924) | more than 4 years ago | (#32519684)

I'm surprised nobody else has commented how offensive it is that the group that found the leak published the email addresses. By all means publish the fact of the breach, get pie on AT&T's face, but why punish the users? That's just mean.

Dude, they call themselves Goatse! With that in mind, I'm sure you can think of something more offensive than "sharing" a few thousand email addresses. Besides, I can imagine what might happen if the addresses were not leaked - ATT would invoke the "no harm, no foul" clause. This way, you can be sure they will be penalised for it.

This was a metaphorical bukkakke for Apple & A (0)

Anonymous Coward | more than 4 years ago | (#32519398)

I'm guessing most Apple fanbois won't mind the bukkakke. "Thank you Steve Jobs, sir! May I have another?"

Captcha = apostle. Classic!

Wild West Out THere (0)

Anonymous Coward | more than 4 years ago | (#32519402)

Anybody that gives companies their main email address is completely ignorant of the Internet and online security. I have several emails addresses set aside for providing to companies for online registration. I assume that these addresses will be leaked and treat them so. I even have a dedicated email account just for domain registration. I assume most slashdot reader do the same. Maybe the suits in government and business will learn a lesson from this. It's a wild west out there.

Smartphone Developers: Take Note (5, Insightful)

dancornell (95530) | more than 4 years ago | (#32519434)

This is certainly a high-profile breach, but not apparently immediately catastrophic. However, it does provide a number of lessons for organizations and developers building smartphone applications (iPhone, iPad, Android, Blackberry, Windows Mobile, etc) All of the issues with the AT&T/Apple infrastructure for the iPad are known web application security issues. Smartphone developers need to learn from the past or they are going to repeat the mistakes of web application and AJAX/RIA application developers.

I put together some more in-depth comments here:
4 Lessons From the AT&T/Apple Data Breach for Smartphone App Developers [denimgroup.com]

--Dan
@danielcornell

Coulda been worse... (1)

mad.frog (525085) | more than 4 years ago | (#32519554)

...just imagine how much worse it would have been if those iPads had Flash installed...

AT&T takes your privacy seriously! (1)

Beelzebud (1361137) | more than 4 years ago | (#32519622)

HAHAHAHAHAHAHAHAHA!

That is truly funny coming from the company that hosts NSA spy rooms.

In other news... (0)

Anonymous Coward | more than 4 years ago | (#32519742)

Google has been tracking our browsing habits and keeping the data all to itself... and the NSA, the FBI and the CIA.

Good (1)

rat7307 (218353) | more than 4 years ago | (#32519820)

Now we know who to block to avoid those douche "Sent from my iPad" email footers

I have taken to replying to ANY of these with a "Sent from my Combine Harvester" or similar thing back.

We don't care about your toy. And while we are at it, do you have to mention your iPad in every tweet and email? sheesh.

Sorry. Been a long day.

From the NSA to a wide open port (1)

AHuxley (892839) | more than 4 years ago | (#32519826)

Your telco just loves to help anyone that take the time to request your data in bulk.
You had MS Sidekick data loss, Amazon 1984 data removal, Room 641A, googles data collection, now ipad email gape.
Time to buy a Dell streak, install Ubuntu and float on the Canonical cloud.
You will be safe from all but SCO as you hunt for a teclo that takes customer security very seriously.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?