AT&T's Apology for Massive Security Breach

[brendano257]

[citation][nom]dxwarlock[/nom]great work, people point a a potential problem they are pointed out as being harmful.Next time I get a home inspection, and a fire hazard is found, I'm calling my inspector a potential arsonist for being able to notice it.Can AT&T or Apple do anything with 3rd parties that doesn't make them look like closed minded, egotistical idiots?[/citation]

I agree with points 1 and 2, however this has nothing to do with Apple, this is solely AT&T's problem. Although it IS an Apple product, Apple is not even mentioned the article once and has nothing to do with the security breach. Stop assuming Apple is to blame.

 

[skevil]

Looks like AT&T is shooting the messenger.

 

[skevil]

P.S., for all you confused about the word "goatse"--Google it.

 

[Guest]

Whether Goatse did the right thing or not, why are they the ones being tagged as "morons?" It's not like they're the ones who left the door to the email database wide open! So what if their response to AT&T's propoganda sounds like it was written by an 18 year old? That just means that an 18 year old moron was able to harvest 100,000+ high-value email addresses using just over an hours worth of script coding. Goatse are not the morons here, and AT&T is not the injured party.

 

[ordcestus]

[citation][nom]GoatseSecurity[/nom]Whether Goatse did the right thing or not, why are they the ones being tagged as "morons?" It's not like they're the ones who left the door to the email database wide open! So what if their response to AT&T's propoganda sounds like it was written by an 18 year old? That just means that an 18 year old moron was able to harvest 100,000+ high-value email addresses using just over an hours worth of script coding. Goatse are not the morons here, and AT&T is not the injured party.[/citation]
The issue is that Goatse apparently published the emails for all to see. that was exceptionally inappropriate. The behavior of the company makes them seem like they were out to get AT&T and for that they can and should be prosecuted as malicious hackers. Their ability with computers makes no difference but the company exhibits no professionalism with that letter and especially with their name now that i've researched it. Do you have some sort of connection with the company? because if you don't you really shouldn't use their name

 

[Guest]

You idiots saying they should go straight to AT&T, it's been done by non company groups. All it gets is a lawsuit and the same response.

Lawers are not tech savvy, these guys did the right thing. And screw apple.

 

[omnimodis78]

Got to love corporate PR responses "...Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence." - that means about as much as a $5 hooker telling you to rest assured there's no need for a condom. For a telecommunications compeny, AT&T seems to be lacking in many things, and if I were their customer (thankfully I am not), I would look elsewhere and use this breach of trust as a means to get out of a contract.

 

[zozzlhandler]

In a reputable security company (and I work for one) this behavior would get you fired. Security is built on trust, and obviously you can trust these guys as far as you can throw Manhattan.

You can't say exposing all that data made anyone more secure.

Notify AT&T, provide them with a demo if they request it, but grabbing customer data and using it to make a point? These guys should be sued out of existence, and if thats not possible they should be boycotted out of existence.

 

[Guest]

Obviously is AT&T's fault for not restricting the # of lookup requests per IP address.

 

[reasonablevoice]

[citation][nom]MetalPinhead[/nom]What a bunch of morons! Hey, I only shot you in the leg because you were about to walk out into oncoming traffic. You would have been run over! You should thank me for shooting you!For anyone who thinks this activity is acceptable, just think what would happen if "research companies" like this took YOUR identity for a joy ride. Rake up thousands of dollars in your name and then sent you a notice telling you "See, your identity can be stolen". You would not be thanking them which is why this action is considered illegal. Goatse Security needs to fire that idiot for his response and instead of being subversive about this mess they should agree to work with AT&T further (if they really cared about America). But hey, I guess there are limits to how much one (company) really cares.[/citation]

You sir are an idiot. They didn't take anyone's identity "for a ride" or "rack or thousands of dollars of debt". They found the flaw, informed a tech journalist and AT&T and now AT&T wants to make them look like the bad guy.
So check it out moron, if they were truly malicious they would never have told anyone and just tried to use the e-mails for a phishing scam involving AT&T account info or something else relevant. Not tell everyone about it so that the exploit gets patched.
Trust me, if a security researcher is finding the exploit hundreds of other more malicious people have discovered the exploit.
But hey, for some people ignorance is bliss.

 

[maestintaolius]

[citation][nom]skevil[/nom]P.S., for all you confused about the word "goatse"--Google it.[/citation]
Just don't do it at work.

 

[Mosswalker]

[citation][nom]ordcestus[/nom]Well if i understand it correctly. Goetse security found the adresses and then published them openly.It seems like it would be best for them to contact ATT/Apple, tell them of the flaw and then prove it with the addresses all with only disclosing to the public that a major security flaw was found, what it did, and then that it had been fixed.Assuming thats correct, Goatse security is in the wrong[/citation]

They never published the E-mails. They informed a reporter about they had done to make sure the word got out. They apparently destroyed the data after. Dont let the spin on it confuse you.

 

[ordcestus]

[citation][nom]Mosswalker[/nom]They never published the E-mails. They informed a reporter about they had done to make sure the word got out. They apparently destroyed the data after. Dont let the spin on it confuse you.[/citation]
well I've done some more research on exactly what happened and i think i'll withdraw my comments until the FBI finishes their investigation and figures out who is in fault. But i won't withdraw what i said about their professionalism which is unnacceptable. I won't use their services no matter how good they are because of that.

 

[Clintonio]

They didn't publish the emails.

Fuck, how fast does disinformation spread these days? Do people just read what they want to justify rants now?

 

[HappyBB]

Why did you choose to disclose such information to a 3rd party? You are wrong in the beginning and now you are trying to make yourself sound innocent.

 

[r3t4rd]

[citation][nom]sfshilo[/nom]You idiots saying they should go straight to AT&T, it's been done by non company groups. All it gets is a lawsuit and the same response.Lawers are not tech savvy, these guys did the right thing. And screw apple.[/citation]
Exactly. If Goatse would have just went to ATT and disclosed this, ATT would have just left it in the back burner for who knows how long. By doing what Goatse did and compromising ATT's security, Goatse forced ATT's hand and made ATT react. Next time if you find a hole in ATT's or where ever, try contacting ATT and telling them about it regardless. I betcha you will be ignored. Just look at such companies like Apple.

Example: Apple was informed of security risk day "X", a year and change goes by, finally Apple patches it. All the while mindless Apple Sheeps gets information stolen and accounts hacked into.