AT&T's Apology for Massive Security Breach

[JMcEntegart]

AT&T sent out emails to all iPad 3G users apologizing for a recent security breach uncovered by Goatse Security. The email called those who uncovered the vulnerability 'malicious' and Goatse Security wasn't at all happy with that.

AT&T's Apology for Massive Security Breach : Read more

 

[square965]

Goatse security?... sounds like an awesome company.

 

[dxwarlock]

great work, people point a a potential problem they are pointed out as being harmful.

Next time I get a home inspection, and a fire hazard is found, I'm calling my inspector a potential arsonist for being able to notice it.

Can AT&T or Apple do anything with 3rd parties that doesn't make them look like closed minded, egotistical idiots?

 

[Guest]

whats RBN?

 

[Guest]

"Given the high profile names included on the list of emails, the FBI said Thursday that it had opened an investigation into the breach, calling it a potential cyberthreat."

I guess it wouldn't have been a cyberthreat and FBI worthy if it wouldn't have affected "high profile" people.

 

[ordcestus]

Well if i understand it correctly. Goetse security found the adresses and then published them openly.
It seems like it would be best for them to contact ATT/Apple, tell them of the flaw and then prove it with the addresses all with only disclosing to the public that a major security flaw was found, what it did, and then that it had been fixed.
Assuming thats correct, Goatse security is in the wrong

 

[restatement3dofted]

Goatse Security? Really? Would be hard to take them seriously on name alone.

 

[gtvr]

ordcestus - I had the same thought. A professional white hat security company would work that way - unless there is more to the story we're missing. You'd probably see less profanity in the response, as well.

 

[udprod]

Goatse security? >_>

 

[chickenhoagie]

[citation][nom]square965[/nom]Goatse security?... sounds like an awesome company.[/citation]
hahahaha...you and I, with our sick twisted minds

 

[restatement3dofted]

[citation][nom]The Article[/nom]Goatse Security identified a massive hole in AT&T's system...[/citation]

Goatse Security discovered the gaping hole in AT&T's system, did they?

 

[TomD_1]

[citation][nom]square965[/nom]Goatse security?... sounds like an awesome company.[/citation]

I wonder who on earth thought that was a good name for a company

 

[bv90andy]

^^ what he said. There was no need to publish e-mails.

 

[captainnochords]

[citation]Goatse Security discovered the gaping hole in AT&T's system, did they?[/citation]

Brilliant.

 

[ordcestus]

[citation][nom]gtvr[/nom]ordcestus - I had the same thought. A professional white hat security company would work that way - unless there is more to the story we're missing. You'd probably see less profanity in the response, as well.[/citation]
yeah the response sounds like it was written by a college student with a temper. Probably just a kid getting his jollies breaking into computer systems under the veil of legitamacy.

 

[hixbot]

If Goatse didn't want to appear malicious, they should have contacted AT&T directly. Instead they shared the info with god knows who, and it wasn't until a third party notified AT&T that it was able to be patched. IMHO, that makes Goatse malicious.

 

[Guest]

What a bunch of morons! Hey, I only shot you in the leg because you were about to walk out into oncoming traffic. You would have been run over! You should thank me for shooting you!

For anyone who thinks this activity is acceptable, just think what would happen if "research companies" like this took YOUR identity for a joy ride. Rake up thousands of dollars in your name and then sent you a notice telling you "See, your identity can be stolen". You would not be thanking them which is why this action is considered illegal.

Goatse Security needs to fire that idiot for his response and instead of being subversive about this mess they should agree to work with AT&T further (if they really cared about America). But hey, I guess there are limits to how much one (company) really cares.

 

[unrealpinky]

[citation][nom]lilsanta[/nom]whats RBN?[/citation]
Russian Business Network.

http/en.wikipedia.org/wiki/Russian_Business_Network

AT&T has never been a company that I would admire from its history of illegal wiretaps and handing over account information to RIAA and US Copright Group. This is just par for the course.

 

[maydaynomore]

I don't get it. whats so funny about the name? Goatse... Goat as in the animal Goat? What am I missing?

 

[Shez]

The article doesn't make clear a very important issue in this.

Did Goatse "share details of the security breach with third parties"? Which would make it seem malicious indeed.

OR

Did Goatse "disclosed only to a single journalist and destroyed the data afterward"? At which point they do seem like they did a service to AT&T