Apple restores developer site taken offline after attack

Gregg Keizer
29 July, 2013
View more articles fromthe author

Apple late on Friday restored key sections of its developer website, including the download centre, more than a week after it took the portal offline.

By Friday evening, the iOS, Mac and Safari Dev Centres were again operational, as were areas dedicated to software downloads, digital certificates and Apple’s bug-reporting system.

About half the site remained offline, however, including the developer-to-developer discussion forums.

The restoration of the iOS, Mac and Safari Dev Centres, along with Software Downloads, gave developers access to programming tools and the prerelease builds of iOS 7 and OS X Mavericks, the mobile and desktop operating systems Apple will upgrade this spring.

Apple took the developer website down on 18 July, but did not reveal the cause until Sunday 22 July, when it confirmed ”an intruder attempted to secure personal information of our registered developers from our developer website”.

Investigating data loss

The company said that “sensitive personal information” had been encrypted, and was not at risk, but it would not rule out that some developers’ names, email addresses and mailing addresses had been stolen. Apple has not identified the attacker or attackers, or how they gained access to the site.

A self-described consultant named Ibrahim Balic claimed responsibility, but asserted he had been researching vulnerabilities in Apple’s online services when he uncovered a bug and reported it to the company. According to Balic’s timeline, Apple shuttered the site shortly after he reported the vulnerability. By his own admission, Balic had continued to collect developers’ personal information even after he flagged the flaw.

Some have questioned Balic’s confession, pointing out that none of the email addresses he supposedly swept from Apple’s site can be linked to actual accounts, implying that Balic misrepresented his exploit.

On Wednesday, Apple emailed all its developers, telling them that it planned to restore the website in stages, and that it had created a new status page showing the operational standing of the domain’s services.

At the time, Apple also pledged to overhaul the developer portal to harden the website against future attacks.

by Gregg Keizer, Computerworld

Leave a Comment

Please keep your comments friendly on the topic.

Contact us