If you haven’t heard yet … apparently the UDIDs of over a million Apple devices have been posted online. Worse is that the perpetrators are claiming that this is just a small subset of the data they pulled. The entire collection is supposedly around 12 million records and contains other sensitive information, including full names, cellphone numbers, and addresses of Apple customers. Supposedly the data was pulled from an FBI “cybersecurity” agent’s laptop using a Java vulnerability. This episode is a perfect example associated with the risks of government agencies collecting information like this. Yes, it may be necessary to do their job but they MUST be extremely careful that the information doesn’t get out there. We guess the big question is, “Can we trust them to properly protect the data they are collecting?”
So far the best coverage we found is over on the Naked Security blog where they detail some of the contents of the dump, including the name of agent, their disgust with the Republican party, and something about victims taking a pic of themselves with a shoe on their heads. Whatever… Next up is a good post on TheNextWeb.com with a form that you can use to see if your Apple devices are affected. And if you’re interested in getting the dump itself, head on over to Help Net Security where they link to the “starter” Pastbin post. From there it’s a bit of an adventure to get the actual file.
Update 9:00 PM: Since this morning there’s been several updates we’ve been tracking. Robert Graham of Errata Security contemplated how the FBI might have gotten pwned, rumors circulated that one of the effected devices being Obama’s, and the FBI formally announced it wasn’t one of their laptops. All in all not a bad day…
Although collecting data like this may be necessary to do their jobs, how can government agencies lower their risks of breaches like this occurring? Today’s post pic is from Naked Security. See ya!