Entrepreneurial Leadership
- Submitted by: leorywalker
- Views: 681
- Category: Other
- Date Submitted: 04/21/2011 12:15 PM
- Pages: 8
- Report this Essay
iPad’s Security Breach
Zul-Jalaal Abdullah
Strayer University Shelby Oaks campus
Business Enterprise-508
April 21, 2011
Dr. Carolyn Tippett
Discuss Goatse Security firm possible objective when they hacked into AT&T’s Website. Here’s what happened: Goatse Security discovered a rather stupid vulnerability on the AT&T site that returned a customer email if a valid serial number for the
iPAD sim card was entered. (Arrington, 2010, para. 2). An invalid number returned nothing, a valid number returned a customer email address.
Goatse created a script and quickly downloaded 114,000 customer emails. It was then turned over to Gawker, after, they say, AT&T was notified and the vulnerability was closed (Arrington, 2010, para. 2).
Gawker published some of the data with the emails removed. Stated Goatse: “All data was gathered from a public web server with no password, accessible by anyone on the Internet.
There was no breach, intrusion, or penetration, by any means of the word.
”(Arrington, 2010, para. 2). AT&T is characterizing the incident as “unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service (Arrington, 2010, para. 3). ”We don’t see much hacking here, and we don’t see anything really malicious (Arrington, 2010, para. 3). AT&T was effectively publishing the information on the open Internet, and if there’s an FBI investigation, it should be focused on them, not Goatse. The fact is that Goatse was performing a public service by discovering and publishing the vulnerability – they made the Internet slightly safer by doing so.
I agree completely with their blog post responding to the AT&T letter. Unless additional facts come out suggesting that Goatse has used the information inappropriately, such as selling it, or has otherwise done some act hasn’t yet been alleged,...
Zul-Jalaal Abdullah
Strayer University Shelby Oaks campus
Business Enterprise-508
April 21, 2011
Dr. Carolyn Tippett
Discuss Goatse Security firm possible objective when they hacked into AT&T’s Website. Here’s what happened: Goatse Security discovered a rather stupid vulnerability on the AT&T site that returned a customer email if a valid serial number for the
iPAD sim card was entered. (Arrington, 2010, para. 2). An invalid number returned nothing, a valid number returned a customer email address.
Goatse created a script and quickly downloaded 114,000 customer emails. It was then turned over to Gawker, after, they say, AT&T was notified and the vulnerability was closed (Arrington, 2010, para. 2).
Gawker published some of the data with the emails removed. Stated Goatse: “All data was gathered from a public web server with no password, accessible by anyone on the Internet.
There was no breach, intrusion, or penetration, by any means of the word.
”(Arrington, 2010, para. 2). AT&T is characterizing the incident as “unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service (Arrington, 2010, para. 3). ”We don’t see much hacking here, and we don’t see anything really malicious (Arrington, 2010, para. 3). AT&T was effectively publishing the information on the open Internet, and if there’s an FBI investigation, it should be focused on them, not Goatse. The fact is that Goatse was performing a public service by discovering and publishing the vulnerability – they made the Internet slightly safer by doing so.
I agree completely with their blog post responding to the AT&T letter. Unless additional facts come out suggesting that Goatse has used the information inappropriately, such as selling it, or has otherwise done some act hasn’t yet been alleged,...