Last Thursday Apple’s developer site suddenly went offline. Apple announced the interruption was attributable to an “intruder” who was attempting to access the personal information Apple’s developers. So who was responsible for the downtime? A Turkish security researcher named Ibrahim Balic thinks he might be the cause. He caused a stir this week with the release of a YouTube video explaining exactly what security holes he reported to Apple, and what went wrong.
Now iMore has published an interview with Balic in which he aims to shed more light on exactly what happened, the methods he used to test the developer center’s security, and his thoughts on Apple’s response.
Balic found an exploit not directly in the Developer Center, but in Apple’s iAd Workbench, which allows users to build targeted iAds. By giving iAd a single piece of user information, Balic was able to retrieve a user’s full name, username, and email address. Once the exploit was discovered, Balic created a script to generate random users to see if Apple’s servers would send back a match for the names in what he says was an attempt to test how serious the bug was.
He reported the bug to Apple and the rest is (unconfirmed) history.
It’s a fascinating interview that gives a hard look at what might have gone down this past Thursday. Of course we don’t know for sure since Apple hasn’t commented. But if you’re wondering what happened with the Developer Center last week, head over to iMore for the rest of the story.
Ibrahim Balic talks Dev Center downtime with iMore originally appeared on TUAW – The Unofficial Apple Weblog on Wed, 24 Jul 2013 18:00:00 EST. Please see our terms for use of feeds.