App Store, Hacked. (Updated: iTunes Accounts too.)

The Next Web ^ | July 4th, 2010 | Zee

[aMorePerfectUnion]

“I’d say that Apple and Android are copying HTC TouchFLO

Well, PSS, of course you would. :-)

If Apple invented a way to produce fresh drinking water
from rocks, you would likely be first in line to tell
us that:

1. Water has been here forever!
2. Apple didn’t invent it!
3. Deep well water is far, far better.
4. Apple is copying the taste of well water!
5. Apple’s market share of fresh water is tiny!
6. Only “apple fanbois” drink it.
7. Not every kind of rock works with their process.
8. Microsoft’s water software (MS Water) is superior and works with all legacy water softening systems.
9. Post articles stating that if you are waterboarded with
Apple Rock Water, you can drown!

and on and on.

But hey, Chet99 has his pitbulls, Alex Murphy has his
reporting of Virgin Mary apparitions and you Puget have
your Apple FUD. I like you all.

Though I still like most pitbulls, I revere Mary as the
Bible teaches, and I use Apple products, but don’t worship
Apple...

best to you,
ampu

[dayglored]

> Exactly. For example, I have a windows homeserver on the Interent for years and not one hack or virus has attacked it. And that device truly does sit on the Internet (well sort of)...I redirect the ports I want open to it, but it is accesible from the Internet.

The server you describe is situated like most I have -- behind a firewall that blocks all but those "ports [you] want open to it", which is good basic security.

In my case, I open 22 (SSH/SCP/SFTP), and 80/443 if I have a webserver running on it. SSH is configured for RSA public key authentication -- plain password auth is disabled. It's been a very stable and robust network for many years. And as you say...

> Is it a guarantee it won’t be hacked....no but so far it hasn’t failed me. That doesn’t mean I can say it’s impossible to hack though...

Main thing (after a good firewall) is to keep current on OS patches. All OS software has flaws and vulnerabilities, and as each is discovered and fixed, it only makes sense to stay up-to-date.

> ... and that’s where the macbots really drive me crazy when they claim or imply that macs can’t be hacked.

Ignoring your epithet (you needn't use a term like "macbots", you could say "Apple fanatics", which conveys the same message without the slur), I'll agree that a number of Apple fans fail to distinguish between a) hasn't been hacked, and b) cannot be hacked.

I have often posted on this forum comments along the lines of, "So where are the Mac self-replicating viruses? Every piece of malware known for OS-X requires the operator to allow it into the system (human engineering). Where are the ones like the Windows viruses, which attack the operating system instead of the user?"

In that regard, I stand with those who say, "OS-X has not been hacked. OS-X users have been hacked."

(And of course there are the really wacky competition hacks that require physical access to the machine, or require that you remove the RAM chips and super-cool them to read the bits out with special tools. C'mon.)

But I do not stand with those who say, "OS-X cannot be hacked. It is invulnerable." They are misinformed, and/or misguided. They are (IMO) right up there with people who fall in love and declare to the world, "This love will last forever!" Well, maybe it will. Maybe it won't. But you can't say until it's been done.

I'm speaking here of exploits in the wild, that are more than laboratory curiosities -- viruses that successfully self-replicate in the wild. (No user cooperation required.)

OS-X has been essentially free of such hacks for close to a decade, during which time Windows' security improved from abysmal (WinNT4/Win2K) to respectable (WinXP-SP2), and most recently to pretty damn solid (Win7). I expect that Win7 will be able to stand alongside OS-X in terms of "no new wild successful self-replicating exploits" within a year.

At that point, Win7 can start its "successful-exploit-free" clock running, as OS-X did around 2001. So which OS will last longer without any new successful wild self-replicating exploits? I don't know. If I had to bet I'd bet on OS-X, because it's based on BSD Unix. But to be honest, that's only 60/40.

Meanwhile, the tiny minority of *IXes (Unix, Linux) keep chugging along quietly in the background... ;-)

[PugetSoundSoldier]

Hey, HTC introduced TouchFLO a good 2 months before Apple ever shipped their first iPhone. HTC simply got to the market first, and created the whole “finger-touch based” UI.

Enjoy your iPhone, protect your account, and ingore the ratings in the App store (since they can get gamed, too)!

[for-q-clinton]

Apple didn’t invent the phone or the interface to it they just put it all together very well and then marketed it extremely well.

Trying to give Apple the sole credit for their phone is like Windows claiming credit for the GUI interface.

[dayglored]

> If Apple invented a way to produce fresh drinking water from rocks, ...

Funniest post (#101) of the day, IMO.

Points for poking fun creatively, without being nasty about it. I bet that Puget, even though the target of the poke, got a laugh out of it. :-)

[PugetSoundSoldier]

Oh, I did! ampu and I have often on the same and different sides of issues many times before, but that was just politics and religion, nothing important like cell phones...:)

A gentleman he is, however!

[for-q-clinton]

And if Apple polished a turd you’d be first in line to praise it and defend it against all the naysayers telling you it’s still crap.

see what I did there.

[aMorePerfectUnion]

“Apple didn’t invent the phone or the interface to it they just put it all together very well and then marketed it extremely well.

I don’t disagree. I like the final project.

[aMorePerfectUnion]

“And if Apple polished a turd you’d be first in line to praise it and defend it against all the naysayers telling you it’s still crap.

It would have to have a better user interface than my
current “process”, no touch screen, gestures, or
face to fact video chat...

ampu

[Chet 99]

chuckle..

[dangerdoc]

I bought my Mac about 18 months ago.

All I can say is that it is a computer. I traded one set of challenges for another. I wish you well with your computer purchase.

[aMorePerfectUnion]

“I bought my Mac about 18 months ago.

“All I can say is that it is a computer. I traded one set of challenges for another. I wish you well with your computer purchase.

I bought my first MacBook Pro laptop 20 months ago. It’s
been great. My wife will give up her windows desktop for
a MacBook Pro laptop this week.

This means the last Windows box will leave our home.
For that, I’m thankful.

Hope you meet your challenges.

[for-q-clinton]

Pug is a Goddammable outright manipulative insulting dehumanizing liar of the worst order

Really? Really?

I don't understand all this hate just because he points out issues with Apple products.

[for-q-clinton]

Until such a time as: The Operating systems within the various Mac worlds, iOS, OSX et al, are in fact, actually breached to the same significant degree as is, are, were, and any other verb you see fit to use, windows and droid OS’s

Win7 hasn't been breached. So I guess it's all the same.

[PugetSoundSoldier]

Hi Rachel,

Are you denying that you said:

So, what you are doing is pushing the LIE that such human errors in self installing a bad and unofficial app is the same as a self executing user unaware VIRUS form of Malware.

The iPhone and Mac OSX has NO SUCH VULNERABILITY. The way the code is written makes it IMPOSSIBLE to occur.

You still want to stick with that, the claim that it is IMPOSSIBLE for the iPhone or Mac OSX to get a self-executing virus? That it has NO SUCH VULNERABILITY?

I already know that Swordmaker will refuse to correct you (probably because he doesn't want to "insult" a fellow Mac fanatic), but here's the truth, dear:

You're wrong.

You see, everything but the most simple "Hello World!" program is subject to attack (and even that may be, via the standard C libraries). EVERYTHING has holes and attack vectors. And chances are, iOS and OSX are already compromised, but done so in a very careful way. The best virus/trojan is the one you don't know about, and it quietly does its work in the background.

Remember Nicolas Seriot's paper that details exactly how to create - and install - malware for the iPhone, and do it in such a way that Apple CANNOT stop it? This uses an attack vector that's been around since the beginning for the iPhone, but was just now revealed at a black-hat conference (meaning it's been known for a few years, and they're done using it). And you - nor Apple, nor anyone save the black-hat community - know how many phones have been compromised by it.

It's why OSX now includes anti-malware built in to the OS. Because too many of the Mac faithful wrongfully believe it can never happen (IMPOSSIBLE!) to them, and Apple realizes it can, so they added it in anyway.

But the truth - that apparently has you so upset with me to add all those wonderfully new insults and labels - is that NO operating system is invulnerable, can never be affected. That's the truth, that's the reality. That includes Windows 7, that includes Linux, that includes OSX, and every flavor of BSD out there.

[PugetSoundSoldier]

Sounds like it was an “interesting” post from her... Too bad I missed it before it got pulled. I wonder who reported it?

[RachelFaith]

I am denying that you know how to read, expound, clarify or comprehend. Because, I have and do so here and now, yet again, present the FULL case not the single and isolated non contextual twists you pursue for your own self entertainment. So, listen up, last call.

When I discuss INVULNERABILITY I am NOT discussing the technical means. I am NOT discussing the code level access points. I am NOT in any way trying to make the point that it MIGHT NEVER be done somehow, someway, under any and every conceivable contrivance. Nor does ANY SANE person, attempt to do so when discussing anything. The subject matter does not matter.

If we discuss Salad Dressing, and I say this dressing is PERFECT. I am NOT meaning, and no sane person takes it to mean “The molecular composition of this substance is without chemical or electron error in any atomic configuration”. SO STOP IT! Seriously, especially when I have said... Uhm, You are taking this too far and off the original topic about how wonderful the cooks are at this restaurant. No one is suggesting the cooks are gods. Just they make a very good salad.

Then, for even MORE INSANITY, instead of taking that very simple statement, and very simple clarification, you grab straws and spin for the gold claiming “Oh Now I see, so you admit these cooks make HORRID SALAD and know they can’t really make a PERFECT salad after all. Ha Ha Ha, You are so wrong....

Do you see this game yet? Really? When someone says something, and you take it wrong, intentionally or in ignorance, and they correct it, clarify it, and restate it, and you then attack them for being wrong the first time, it is YOU who are behaving in an irrational manner.

So, again, when YOU STARTED by saying iPhone is EQUAL IN RISK to Droid, and further, did not retract it, but expounded saying OSX was also equal to Windows, in quantitative terms of risk and viruses, et al, and I pointed out that you were far in error and that comparatively, which is what YOU were doing, I stated that Mac was INVULNERABLE. Yes, I meant it.

C O M P A R I T I V E L Y Speaking !!

Relative to YOUR POINT!!

Under the context in which YOU began with YOUR LIE.

Which you have used every since to deflect from your LIES.

STOP!

STOP STOP STOP!

Let’s further, but not for the first time, so this is not new, go over the point. Droid is totally open and iPhone is totally closed. Droid has had THOUSANDS, (posted link on previous thread) of actual bad app issues in the real world, effecting perhaps millions of users and for which they offer and sell anti virus software. Documented posted neutral third party web stats. Thanks.

iPhone, outside of the few FUD attempts, which all seem to be minor production issues, NOT VIRAL or APP issues... this last fishing expedition is too knew to fully evaluate, let’s see what becomes of this, has had NO SUCH .... here it comes... COMPARABLE issues.

Thus, YOU are wrong in the actual real world claims that iPhone has JUST AS MANY virus issues as Droid. Your claim is directly, totally and without mincing words... FALSE.

My claim, that comparatively speaking, for ALL of the many and not technically singular reasons given, being that NO widespread issues are prevalent, that Mac is INVULNERABLE.

And I always close with, UNTIL and UNLESS, an actual set of such widespread issues develop, and until and unless the solution to said not yet occurring problems becomes the introduction of, and proliferation of, third party anti virus software, then the systems are NOT AT ALL EQUAL IN RISK. And you remain wrong and I remain right.

All your technotheories aside. Until they ARE equal, they are by definition NOT equal. And thus, until actually breached, INVULNERABLE.

Good day.

[itsahoot]

When you say "out of the box OS", do you mean you don't apply updates and patches?

No I always install official updates, usually a day or two after I see if any one had any problems. That said, I never have the problems that many report, probably because I no longer have the perverted notion that I need ever hack and the latest 2000 programs that have been made available. I am just too old to want to mess with it. Like I said my wife's iPad is probably more that I really need.

The again I just installed an 8 TB Drobo on my iMac, so I don't throw anything away. That in itself is a little sick. I have every email I ever sent or received.

[RightOnTheLeftCoast]

Tempest in a tea-pot:

http://www.macrumors.com/2010/07/06/apple-responds-regarding-app-store-sales-ranking-fraud/

Apple Responds Regarding App Store Sales Ranking Fraud

Tuesday July 06, 2010 12:59 PM EST
Written by Eric Slivka

Engadget reports that Apple has issued a statement on strange App Store rankings over the weekend that saw one Vietnamese developer grab nearly all of the top 50 positions in the App Store's Books category. While initial reports wondered if the App Store itself may have been hacked, in actuality it appears that a relatively small number of iTunes Store accounts compromised through other means were used to purchase the applications to drive their increase in ranking.

According to the statement released by Apple, the developer in question has been removed from the App Store for violation of the developer terms. The company also reminds users who have had their iTunes Store accounts or credit card numbers compromised to contact their financial institutions to request chargebacks and to change their passwords. Apple's statement reads:

The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.

Developers do not receive any iTunes confidential customer data when an app is downloaded.

If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.With over 100 million iTunes Store accounts, it is inevitable that some number of accounts will be compromised through any of a variety of reasons, from random guessing of passwords to social engineering tactics such as phishing. A concerted effort could easily gather information for a very small proportion of accounts, but still offer the ability to affect rankings in low-traffic App Store categories such as Books.