Apple restores key parts of dev site after attack
Eight days after taking site offline, resurrects important sections, including dev centers and downloads
Computerworld - Apple on Friday restored key sections of its developer website, including the download center, more than a week after it took the portal offline.
By late Friday, the iOS, Mac and Safari Dev Centers were again operational, as were areas dedicated to software downloads, digital certificates and Apple's bug-reporting system.
About half the site remained offline, however, including the developer-to-developer discussion forums.
The restoration of the iOS, Mac and Safari Dev Centers, along with Software Downloads, gave developers access to programming tools and the pre-release builds of iOS 7 and OS X Mavericks, the mobile and desktop operating systems Apple will upgrade this fall.
Apple took the developer website down on July 18, but did not reveal the cause until Sunday, July 22, when it confirmed "an intruder attempted to secure personal information of our registered developers from our developer website."
The company said that "sensitive personal information" had been encrypted, and was not at risk, but it would not rule out that some developers' names, email addresses and mailing addresses had been stolen. Apple has not identified the attacker or attackers, or how they gained access to the site.
A self-described consultant named Ibrahim Balic claimed responsibility, but asserted he had been researching vulnerabilities in Apple's online services when he uncovered a bug and reported it to the company. According to Balic's timeline, Apple shuttered the site shortly after he reported the vulnerability. By his own admission, Balic had continued to collect developers' personal information even after he flagged the flaw.
Some have questioned Balic's confession, pointing out that none of the email addresses he supposedly swept from Apple's site can be linked to actual accounts, implying that Balic mis-represented his exploit.
On Wednesday, Apple emailed all its developers, telling them that it planned to restore the website in stages, and that it had created a new status page showing the operational standing of the domain's services.
At the time, Apple also pledged to overhaul the developer portal to harden the website against future attacks.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
- Apple unveils minor bumps to MacBook Pro laptops
- Feds arrest Florida man who allegedly conned Apple out of $309K
- Yosemite's traffic share triples after public beta debuts
- Apple hasn't exhausted its supply of Yosemite betas
- 13 pieces of advice for Yosemite beta testers
- The other Apple economy: $2B in devices on eBay
- Apple sends users scrambling for OS X Yosemite
- Long replacement cycle drags down iPad sales
- Apple unwraps OS X Yosemite public beta Thursday
- Apple grows Mac sales by 18% on the back of the MacBook Air
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts