Re: [Fed-Talk] Whoa Nelly
Re: [Fed-Talk] Whoa Nelly
- Subject: Re: [Fed-Talk] Whoa Nelly
- From: Dave Schroeder <email@hidden>
- Date: Wed, 05 Sep 2012 06:25:29 -0500
http://bits.blogs.nytimes.com/2012/09/04/hackers-claim-to-have-12-million-apple-device-records/
While the leaked identification numbers appeared to be real, security experts said the release posed little risk. They said that without more information on the devices’ owners — like e-mail addresses or date of birth — it would be hard for someone to use the numbers to do harm.
And the actual source of the file was not clear. The F.B.I. said in a statement that “at this time there is no evidence indicating that an F.B.I. laptop was compromised or that the F.B.I. either sought or obtained this data.”
The F.B.I. has been a frequent target of so-called hacktivists, hackers who attack for political causes rather than for profit. In February, Anonymous hackers intercepted a call between the bureau and Scotland Yard. But the frequency of such attacks tapered off after several members of Anonymous and a spinoff group, LulzSec, were arrested in March.
Apple’s unique device identifiers — known as U.D.I.D.’s — are 40-character strings of letters and numbers assigned to Apple devices. Last year, Aldo Cortesi, a New Zealand security researcher, demonstrated how in some cases U.D.I.D.’s could be used in combination with other data to connect devices to their owners’ online user names, e-mail addresses, locations and even Facebook profiles.
“A U.D.I.D. is just a jumble of digits,” said Jim Fenton, the chief security officer of OneID. “It is only powerful when it is aggregated with other information.”
[...] security experts said the file could have come from a number of places.
“There are a million ways this could have happened,” said Marcus Carey, a researcher at Rapid7. “Apple could have been breached. AT&T could have been breached. A video game maker could have been breached. The F.B.I. could have obtained the file while doing forensics on another data breach.”
---
http://www.latimes.com/business/la-fi-iphone-hackers-20120905,0,6453566.story
[...] the FBI disputed the allegation Tuesday, saying that "at this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."
If the FBI's denials prove correct, the agency may have been the victim of a clever hoax by the group known as AntiSec that spurred thousands of headlines around the Web and left readers wondering how and why the FBI could have gotten access to Apple customer records.
[...]
Most security experts said that the release of UDIDs into the wild in and of itself did not pose much of a privacy or security risk. It was no more harmful than a list of car VIN numbers, they said.
- Dave
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden