Hacker group AntiSec released a file of a million and one UDIDs, which are unique IDs for iPhone, iPad, and iPod Touch devices. It claims to have hacked it off an FBI computer via a Java vulnerability.
The hacker group AntiSec released a file of a million and one UDIDs--unique device identifiers--which it claims to have hacked it off an FBI computer via a Java vulnerability. UDIDs are unique IDs for iPhone, iPad and iPod Touch devices. Apple and the developers of any apps you install gain access to this string.
The group's Pastebin posting claims that the stolen list was taken from the notebook computer of FBI Supervisor special agent Christopher K. Stangl's computer in March 2012 using a Java AtomicReferenceArray vulnerability. The purloined file was named "NCFTA_iOS_devices_intel.csv" and contained UDIDs for 12,367,232 iOS devices, although not all of them with full personal information. AntiSec chose to disclose only the smaller number of UDIDs.
The "NCFTA" part of the file name might stand for the National Cyber-Forensics & Training Alliance, which defines itself as an alliance of SMEs (subject matter experts) in industry, academia, and government with broad goals for addressing computer security threats. The relevance of "Intel" in the file name is tough to figure; no iOS devices run on Intel processors, so perhaps it's just short for "intelligence."
The file allegedly included other personal information, such as "...full names, cell numbers, addresses, zipcodes, etc" but the group stripped those out of the list.
The potential for privacy problems via UDID disclosure is an old issue. Normally, app distributors get the UDID of a device when that device installs an app, and Apple already has begun to restrict access to them in favor of less-problematic methods.
Although many reports indicate that the disclosed UDIDs are valid, there has been no official recognition by the government that they were the source of the data, nor has there been any explanation of why the FBI would have such a file.
For instructions on determining the UDID of your own iPhone, iPad, or iPod Touch, see WhatsMyUDID.com.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.