Gadgetory

what's up everyone jon rettinger here late this afternoon gawker media reported on a huge iPad security breach that is going to affect probably you and I think most definitely going affected me as well so I wanted to share with you guys to let you know what you can do and at least you know what you may be a victim of so let's go ahead and get started here I've got some notes in front of you seen you look down a little bit so today Gawker revealed that a group of hackers from the group goatse which may sound very familiar to some of you for for naughty reasons goatee security were recently able to completely breach ATT servers and get some confidential information on a significant amount of a teensy ipad 3g owners which is huge and certainly a number of growing and growing on a daily basis ATT is patched up the issue and pet dep't security systems and they've been informed of his existence by the goatse security folks that was already after always confidential information such as email addresses personal information estimated 104 outside 114,000 ipad 3g users including top-level government officials high-ranking military officers and fortune 500 ceos including everyday people like you and me we're also exposed so i want to read you guys a bit from Gawker gets a bit technical but it's important to understand what happened so when provided with an icc ID is part of an HTTP request the script essentially when you were trying to activate your ipad 3g descriptive return the associated email address and what was it apparently indeed to be an ajax I'll response within a web application security researchers were able to guess a large swath of IC IDs by looking at known ipad 3g icc IDs some of which are shown in pictures and posted by gadget enthusiasts to flickr and other internet sites which can also be obtained through friendly associates whose ipads they're willing to share with friends and available information within the ipad and in the settings application to make 18 theory respond the security group we had to send an iPad style user agent header to the web request such headed identify users browser types of the websites so serve to continue the web group to sort of get installous information wrote a PHP script to automate harvesting the data it's a member of the group tells us a script we shared third parties prior to 18th d clothing security gold it's not known exactly whose hands fell and whose hands are most guilty and his exploit and who got their hands on exploit as well they also tell us that it's likely accounts or maybe we'll beyond 114,000 that have been compromised AT&T and apple have been reached out for comment but really they haven't responded yet this is a huge and egregious breach of security so to sort of break down all of that mumbo jumbo when you get an ipad 3g you go ahead and activate it for the first time you have to put your personal information sign up at information is set to through at Apple to ATT servers to verify the account then it gets sent back with actually a thumbs up go ahead and turn on the 3g data on this device such as hackers were able to do was smooth that and get that information everything that you said when you signed up for ipad 3g so for all you out there who've just got a Wi-Fi version it looks like you not only saved 100 bucks but also save some personal information getting out there i have a 3g model and odds are my informations most definitely compromised something I'm definitely not happy about so i'm very curious what you guys think about this where is the fault line is it 18 t is apple ultimately i think this does lie with apple AT&T just validates the information at Apple sends them apples responsibility to make sure the information is secure and encrypted she's extremely disappointing and you guys want to get this ups like you guys know immediately what's going on if you're looking to get a new ipad 3g you're going to be okay security holes already been fixed with those of us that got it on launch day earlier you're in a world of potential hurt nothing's been reported on whether not suspecting international 3g owners or if it's just us and i want to let you guys know this as soon that could anyway i'm jon rettinger protecting a buffalo and i'll see you the next video bye bye