Serverele iCloud accesate de hackeri?


Conform celor de la Wall Street Journal serverele Apple ar fi fost accesate de catre hackerii din grupul numit Anonymous si cateva zeci de username-uri impreuna cu parolele aferente ar fi fost compromise. Serverul accesat de catre cei de la Anonymous are legatura cu efectuarea sondajelor de opinie de catre companie si username-urile compromise ar apartine unor angajati ai companiei deci noi ca si utilizatori ar trebui sa nu fim afectati.

The hackers said in a statement posted to Twitter that they had accessed Apple’s systems due to a security flaw used in software used by the Cupertino, Calif.-based gadget maker and other companies. “But don’t worry,” the hackers said, “we are busy elsewhere.” A spokesman for Apple didn’t immediately respond to a request for comment. The posted information comes as part of a two-month campaign of digital heists targeting corporations including Sony Corp. and AT&T Inc., as well as government agencies such as the U.S. Senate, the Central Intelligence Agency and the Arizona Department of Public Safety.

Din pacate informatia importanta vine de la fostul grup LulzSec, care ar fi sustinut ca a reusit sa sparga sistemul iCloud a celor de la Apple. Ei sustin ca ar fi obtinut acces la sistemul unde Apple va tine datele propriilor utilizatori si de acolo au reusit sa mapeze intreaga retea de servere a companiei. Deocamdata nu se stie daca afirmatiile celor de la LulzSec sunt adevarate sau nu insa in momentul de fata un zvon este indeajuns de puternic pentru a genera neincredere intr-un sistem si asa vulnerabil la atacuri de acest gen.

Some weeks ago, we smashed into the iCloud with our heavy artillery Lulz Cannons and decided to switch to ninja mode. From our LFI entry point,we acquired command execution via local file inclusion of enemy flee. Apache vessel. We then found that the HTTPD had SSH auth keys, which let our ship SSH into other servers. See where this is going?We then switched to root ammunition rounds.And we rooted… and rooted… and rooted…After mapping their internal network and thoroughly pillaging all of their servers, we grabbed all their source code and database password which we proceeded to shift silently back to our storage deck.