[ISN] Hacker defends going public with AT&T's iPad data breach (Q&A)

From: InfoSec News <alerts_at_private>
Date: Fri, 11 Jun 2010 00:02:49 -0500 (CDT)
http://news.cnet.com/8301-27080_3-20007407-245.html

By Elinor Mills
InSecurity Complex
CNet News
June 10, 2010

A hacker involved with a highly publicized data breach is taking some 
flack, but he says he and his colleagues simply acted in the public's 
best interest.

AT&T was forced to scramble to fix a security hole in its Web site that 
exposed e-mail addresses of more than 100,000 iPad users this week. AT&T 
says it learned about the Web site flaw from an enterprise customer on 
Monday and that it was fixed on Tuesday. Goatse Security, the group that 
uncovered the security flaw, revealed the details to a blog site on 
Wednesday, touching off a media frenzy. The FBI now says it is 
investigating the breach, which exposed e-mail addresses of government 
officials and executives in media, finance, and technology, among 
others.

On Thursday, CNET talked to Escher Auernheimer, one of Goatse's main 
members and whose hacker name is "Weev," about the group and what 
motivates them.


Q: An AT&T spokesman says the group did not contact the company. Can you 
comment?

Auernheimer: We chose not to engage in a direct dialogue. We did not 
give details of the attack or the data to anyone until we verified that 
the hole was closed on their Web site on Tuesday. And we only gave it to 
Ryan Tate at Gawker Media because he agreed he would censor the ICCIDs 
and the e-mails so they couldn't be used to compromise anything. We did 
the best we could. But we did want not engage directly with AT&T in case 
they tried to serve us (an injunction) or something.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Thu Jun 10 2010 - 22:02:49 PDT

This archive was generated by hypermail 2.2.0 : Thu Jun 10 2010 - 22:06:33 PDT