Apple restores key parts of dev site after attack
Eight days after taking site offline, resurrects important sections, including dev centers and downloads
Computerworld - Apple on Friday restored key sections of its developer website, including the download center, more than a week after it took the portal offline.
By late Friday, the iOS, Mac and Safari Dev Centers were again operational, as were areas dedicated to software downloads, digital certificates and Apple's bug-reporting system.
About half the site remained offline, however, including the developer-to-developer discussion forums.
The restoration of the iOS, Mac and Safari Dev Centers, along with Software Downloads, gave developers access to programming tools and the pre-release builds of iOS 7 and OS X Mavericks, the mobile and desktop operating systems Apple will upgrade this fall.
Apple took the developer website down on July 18, but did not reveal the cause until Sunday, July 22, when it confirmed "an intruder attempted to secure personal information of our registered developers from our developer website."
The company said that "sensitive personal information" had been encrypted, and was not at risk, but it would not rule out that some developers' names, email addresses and mailing addresses had been stolen. Apple has not identified the attacker or attackers, or how they gained access to the site.
A self-described consultant named Ibrahim Balic claimed responsibility, but asserted he had been researching vulnerabilities in Apple's online services when he uncovered a bug and reported it to the company. According to Balic's timeline, Apple shuttered the site shortly after he reported the vulnerability. By his own admission, Balic had continued to collect developers' personal information even after he flagged the flaw.
Some have questioned Balic's confession, pointing out that none of the email addresses he supposedly swept from Apple's site can be linked to actual accounts, implying that Balic mis-represented his exploit.
On Wednesday, Apple emailed all its developers, telling them that it planned to restore the website in stages, and that it had created a new status page showing the operational standing of the domain's services.
At the time, Apple also pledged to overhaul the developer portal to harden the website against future attacks.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
- Hands on: Apple's Mac Pro is the fastest Mac ever
- Apple CFO to retire in September after he cashes in $53M stock award
- Apple's CarPlay to spark mobile apps war in your car
- Apple retires Snow Leopard from support, leaves 1 in 5 Macs vulnerable to attacks
- Apple patches critical 'gotofail' bug with Mavericks update
- Why Apple needs a $700 MacBook Air
- Apple takes top spot in brand value computation
- Apple gets a patent for health-monitoring ear buds
- Apple shifts to hardware-first TV strategy with revamped set-top box
- iTunes is almost as big a biz as OEM Windows
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Who's afraid of the big (data) bad wolf? Survive the big data storm by getting ahead of integration and governance functional requirements This paper provides a detailed review of the best practices clients should consider before embarking on their big data integration projects.
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cybercrime and Hacking White Papers | Webcasts