Apple Developer Website Hacked

For those of you with developer accounts, the site was hacked…

1202275-apple-hack-hacking-pirateI’ve had an Apple Developer account for about 3 years. Like all development account members, I use it to get access to Apple’s prerelease software to help with my development and testing efforts. I’m a hobby developer. I don’t develop things for sale.

The big problem with all of that is that I have a single email address or single Apple ID. Apple ties your Developer account to your Apple ID, and you log into the site with it. I knew the site was down and had been down for a few days, more than expected. Today, I was greeted with the following note from Apple

 

Apple Developer Website Update:

Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.

In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.

Awesome.

The site got hacked, and they can’t guarantee that my Apple ID and password, as well as my other personal information, weren’t compromised. That’s just terrific.

Well, this certainly isn’t the end of this one. You can bet that there will be additional fallout on the Apple side of the world for this. While I think it’s a good idea to completely change the system, part of the changes would be to NOT tie everything to my Apple ID, but to another user ID and password.

There will be more from me on this as the story develops. Please watch the Soft32 blog for additional updates.

Related Posts:

TweetDeck – Take complete command of your Twitter account

Take complete command of your Twitter account with this easy to use Windows app.

Social networking is huge and hot right now. If you active on any major social network, you’re likely active on more than one. Part of being social requires that you broadcast to as wide an audience as possible. This is why I like tools like TweetDeck. It’s a social networking tool for Windows.
TweetDeck is a social networking tool for both Facebook and Twitter. It shows you everything you want to see, all at once, so you can stay on top of the happenings within your social networks. Its social media dashboard helps you manage all of your Twitter and Facebook accounts. Like other Twitter apps, it interfaces with the Twitter API to allow users to send and receive tweets, view profiles as well as update and view your FB Status and Timeline.

TD07

TweetDeck changed from an Adobe AIR application to native apps for both Windows and Mac OS X. there’s a web version of TweetDeck for WebKit-based browsers. The app’s most drastic update dropped support for other social networks like LinkedIn, Google Buzz, Foursquare, and MySpace. Clearly missing still is support for Google+. TweetDeck is a decent app, and you can’t beat its price. However, earlier versions were clearly more popular with users; and it would be nice if it included support for a few other networks.

Download TweetDeck

Related Posts:

Kindle Fire Lacks (even BASIC) Purchase Controls

Let’s face it, despite what Amazon has to say, the Kindle Fire really just isn’t kid friendly…

I bought my wife a Kindle Fire for Christmas. After a couple of days hesitation with the device, she really got into it, and now, really likes it. Small, easy to carry and for her AND the kids to use, it’s become a standard in her daily gadget line up. In fact, neither her nor the kids have it far from them during the day. Clearly, a sign of a good purchase and gift decision on my part.

However, the tablet, and subsequently Amazon’s ecosystem, have a major flaw in them; and it’s one that you won’t even bump into unless you either have kids that share your Fire or you lose/misplace the device – it has absolutely NO purchase controls.

If you order the device directly from Amazon, the device comes in a clearly MARKED box and comes preactivated with links directly to your credit card and your account. Anyone smart enough to intercept the shipment will have the ability to purchase away inside of Amazon’s online store, with YOU responsible for all of the purchases.

Strike one – Pre-activation

The device itself doesn’t have any method, or way of either excluding your purchasing credentials/credit card info or even password protecting all purchases with your Amazon.com site password. If you have the device, again, you have direct access to your account, and as long as you have money in your debit account, available credit on your card, etc., anyone possessing the device can make all the purchases they want.

Strike two – Have device, can purchase

When I confronted Amazon with this HUGE security (and frankly, clearly common sense) hole, they let me know that Amazon addressed this by putting a password on Wi-Fi access, so if you wanted to prevent purchases, you could password protect the device’s ability to get online.

This made me to a double take; and really ticked me off.

Strike three – Failure to address the specific issue: Purchase control

I think Amazon wants to differentiate themselves in the tablet market by giving their users the clear ability to purchase anything and everything they would want or need on the Kindle Fire without having to enter a password. Really..?! Am I the only one who sees this huge security hole? I give them points for wanting this to be easy, but talk about your advanced identity theft tools..! Apparently, all I need to steal someone’s credit is not their credit card number, their social security number or any of their personal, private information. All I really need is their Kindle Fire.

Nice.

Let’s forget the real world scenario that I bumped into with my 4 year old ordering an entire season’s worth of Olivia, and that I just want to gate purchases on the device with the linked account’s Amazon password (which you see on every Apple iDevice in town, including the iPad). According to Amazon, this is unreasonable. It’s also something they are NOT going to address.

They’ve given users the ability to limit the use of Wi-Fi instead. You need Wi-Fi to make purchases. With Wi-Fi password protected, you can’t purchase new content. That’s true; but it also fails to address the problem. The Kindle Fire is a content streaming device.

Amazon Prime’s streaming service requires an internet connection. The Fire is a Wi-Fi only device, and in order to view/stream content that I’ve already purchased, Wi-Fi must be on. Effectively want Amazon is telling me is that I have to unlock Wi-Fi every time my child wants to view content that’s already been purchased…and once they are streaming content, I have to watch them watch it so that they don’t go looking for something else.

But, as I said, let’s forget this and the fact that its backwards.

The unlocked device represents a huge security hole. Amazon needs to address this with a software update and needs to require the account holder’s Amazon password for all purchases and not for Wi-Fi access. Until it does, Kindle Fire, and really ALL Kindle owners, need to be careful about where they store their Kindle, who has access to the device, and who is using it. You could find yourself the recipient of a HUGE content bill if your kids, or worse, a thief, happen to get a hold of your device and make unauthorized purchases.

NOTHING you can do, either on the web site or on the device, aside from crippling it, can prevent unauthorized purchases; and this is clearly documented by a number of different complaints and posts in Amazon’s own forums.

Related Posts:

Get in touch over email, IM, or a call with Google Talk

You know…Skype is the thing. It really is. The Jetson’s video-style chat is something that many people have been dreaming of as the standard M.O. for voice communications for the last 50 years. Now, thanks to the Internet and to those tools like Google Talk, it’s now possible; and it really doesn’t matter what platform you’re using. Google has a communications solution for you.

Unified communications is one of THE buzz words of the coming year. Google is doing its best to provide most everyone with the single best way to communication with family and friends and they are hoping that their Gmail and Google Talk combination are the key to that success.

With Google Talk, you can IM and voice chat with friends, family and just about anyone with a Gmail address or Google account.

With Talk’s text chat, you can send instant messages, make status updates, and transfer files. With voice chat, you get free PC to PC GLOBAL, long distance calling, and can hold an video conference with multiple parties all at once. All you need is Google Talk, a Gmail address and a web cam at each end point. Even if someone is missing a web cam, they can still participate either via audio only or one-way video

 

 

 

Read full review | Download Google Talk

Related Posts:

Facebook apps accidentally leaking access to third parties – change your Password now!

According to an investigation by Symantec, third parties (advertisers, analytic platforms, and other third parties), have accidentally had access to Facebook users’ accounts (profiles, pictures, chat,etc.) and also had the ability to post messages and mine personal information. However, these third-parties may not have realized their ability to access this information.

Facebook applications are Web applications that are integrated onto the Facebook platform. According to Facebook, 20 million Facebook applications are installed every day.

Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.

Access tokens are like ‘spare keys’ granted by you to the Facebook application. Applications can use these tokens or keys to perform certain actions on behalf of the user or to access the user’s profile. Each token or ‘spare key’ is associated with a select set of permissions, like reading your wall, accessing your friend’s profile, posting to your wall, etc.

Note: Symantec reported this issue to Facebook, who has taken corrective action to help eliminate this issue, however, Symantec advises Facebook users to change their passwords on Facebook in order protect their accounts from being mined.

Source: Symantec

Related Posts:

Your Google Mail, Calendar and News in one place with Gmail Notifier

Tired of checking your Gmail account? Have you more than one account? Well Gmail Notifier is the perfect solution for you and its free ! With more than 20,000 users world wide, including Google Apps users, Gmail Notifier is becoming increasingly popular.

Gmail Notifier not only will be provide you with notifications about your Gmail inbox, but it can also monitor the Google Calendar and Google News related to your account. At the moment the developer offers two versions of this program: a free one limited to only two Gmail accounts and a paid one with support for an unlimited number of Gmail accounts.

The program checks the accounts using IMAP or Atom protocols and will notify through popups. It can also mark read mails and it even gives you the possibility to reply and write new emails without the need to visit the Gmail web site. In case you are following too many accounts of you own, you can use different themes for each of them so that you can easily differentiate them.

Gmail Notifier Pro can also track your Google Calendar and your feeds in Google Reader, despite its minimalist nature. So instead of using all kinds of different Gmail websites and all the additional utilities for calendar and RSS feeds, use Gmail Notifier as it provides a viable alternative to these.

download Gmail Notifier

Related Posts:

How to protect your online identity

Following the security disaster of Sony’s PSNetwork, many gamers and online users have asked themselves what will be the future of the online transactions? What are the ways to counter such illegal attacks and how to protect your own identity? Tony Anscombe, ambassador of Free Products at AVG Technologies, proposed a basic guide for your online security:

  • first you should keep all of your accounts information on a handwritten document. Don’t save this document in your computer, and don’t use the same passwords for all accounts.
  • put aside and use a single pre-paid credit card for all your online transactions, don’t use an ATM card;
  • use Google alerts for any service that maintains your personal data;
  • in case of a hack attack, try to contact the company that’s been hit in order to receive further information and advises;
  • use a security freeze on your credit report;
  • use game cards for specific online games services;

Related Posts:

Yahoo! Mail Beta

Yahoo! Mail Beta is alive and kicking, and it invites us to a completely different email experience. New looks, new features, all differently structured than before to increase the user experience.

A new tabbed interface allows you to create a new email, browse folders, quickly find an email. There are twelve themes to choose from in case you wish to customize your email account.

The attachments’ maximum files’ size is still 25 Mb, however, you can download the app that will help you attach large files.

An important improvement is the increased speed as well as the integration with Facebook. Better spam protection is another improvement. Mobile versions are available for internet-enabled devices, including iPhone, iPad, and Android.

yahoo mail beta

 

yahoo mail beta - message

 

yahoo mail beta - contacts

 

yahoo mail beta - compose message

yahoo mail beta - compose email

Yahoo! Mail Beta works best with these browsers:
Internet Explorer 8, Firefox 3 and newer, Safari 4 and newer, and Chrome 5.

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook