iPad is here!

MartinLogan Audio Owners Forum

Help Support MartinLogan Audio Owners Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

That was a great video, thanks for it!

Jeff thank you for the review! It was very open minded and thorough. I am still on the fence, but your review is making me lean towards buying one. I own an iPhone and absolutely love it.
 
http://gawker.com/5559346/



Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They—and every other buyer of the cellular-enabled tablet—could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple employee lost an iPhone prototype in a bar, exposed the most exclusive email list on the planet, a collection of early-adopter iPad 3G subscribers that includes thousands of A-listers in finance, politics and media, from New York Times Co. CEO Janet Robinson to Diane Sawyer of ABC News to film mogul Harvey Weinstein to Mayor Michael Bloomberg. It even appears that White House Chief of Staff Rahm Emanuel's information was compromised.

It doesn't stop there. According to the data we were given by the web security group that exploited vulnerabilities on the AT&T network, we believe 114,000 user accounts have been compromised, although it's possible that confidential information about every iPad 3G owner in the U.S. has been exposed. We contacted Apple for comment but have yet to hear back. We also reached out to AT&T for comment. [Update: AT&T has confirmed the breach; an update appears below.] A call to Rahm Emanuel's office at the White House has not been returned.

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

The specific information exposed in the breach included subscribers' email addresses, coupled with an associated ID used to authenticate the subscriber on AT&T's network, known as the ICC-ID. ICC-ID stands for integrated circuit card identifier and is used to identify the SIM cards that associate a mobile device with a particular subscriber.

AT&T closed the security hole in recent days, but the victims have been unaware, until now. For a device that has been shipping for barely two months, and in its cellular configuration for barely one, the compromise is a rattling development. The slip up appears to be AT&T's fault at the moment, and it will complicate the company's already fraught relationship with Apple.

Although the security vulnerability was confined to AT&T servers, Apple bears responsibility for ensuring the privacy of its users, who must provide the company with their email addresses to activate their iPads. This is particularly the case given that U.S. iPad 3G customers have no choice in mobile carriers — AT&T has an exclusive lock, at least for now. Given the lock-in and the tight coupling of the iPad with AT&T's cellular data network, Apple has a pronounced responsibility to patrol the network vendors it chooses to align and share customer data with.

In addition to complicating the AT&T-Apple relationship, the breach will also likely unnerve customers thinking of buying iPads that connect to AT&T's cellular network. And it will do so at a pivotal moment, with the iPad 3G early in its sales cycle. Brisk sales for the original wi-fi iPad had promised to turn the 3G model into a similar profit machine. But further questions about AT&T, already widely ridiculed for its bad service, are going to make people think twice about spending up to $830 and $25 per month on the iPad 3G.
Breach details: Who did it, and how

Apple's Worst Security Breach: 114,000 iPad Owners ExposedThe subscriber data was obtained by a group calling itself Goatse Security. Though the group is steeped in off-the-wall, 4chan-style internet culture—its name is a reference to a famous gross-out Web picture—it has previously highlighted real security vulnerabilities in the Firefox and Safari Web browsers, and attracted media attention for finding what it said were flaws in Amazon's community ratings system.

Goatse Security obtained its data through a script on AT&T's website, accessible to anyone on the internet. When provided with an ICC-ID as part of an HTTP request, the script would return the associated email address, in what was apparently intended to be an AJAX-style response within a Web application. The security researchers were able to guess a large swath of ICC IDs by looking at known iPad 3G ICC IDs, some of which are shown in pictures posted by gadget enthusiasts to Flickr and other internet sites, and which can also be obtained through friendly associates who own iPads and are willing to share their information, available within the iPad "Settings" application.

To make AT&T's servers respond, the security group merely had to send an iPad-style "User agent" header in their Web request. Such headers identify users' browser types to websites.

The group wrote a PHP script to automate the harvesting of data. Since a member of the group tells us the script was shared with third-parties prior to AT&T closing the security hole, it's not known exactly whose hands the exploit fell into and what those people did with the names they obtained. A member tells us it's likely many accounts beyond the 114,000 have been compromised.

Goatse Security notified AT&T of the breach and the security hole was closed.

We were able to establish the authenticity of Goatse Security's data through two people who were listed among the 114,000 names. We sent these people the ICC ID contained in the document—and associated with the person's iPad 3G account—and asked them to verify in an iPad control panel that this was the correct ICC ID. It was.
Victims: Some big names

Then we began poring through the 114,067 entries and were stunned at the names we found. The iPad 3G, released less than two months ago, has clearly been snapped up by an elite array of early adopters.

Within the military, we saw several devices registered to the domain of DARPA, the advanced research division of the Department of Defense, along with the major service branches. To wit: One affected individual was William Eldredge, who "commands the largest operational B-1 [strategic bomber] group in the U.S. Air Force."


In the media and entertainment industries, affected accounts belonged to top executives at the New York Times Company, Dow Jones, Condé Nast, Viacom, Time Warner, News Corporation, HBO and Hearst.


Within the tech industry, accounts were compromised at Google, Amazon, Microsoft and AOL, among others. In finance, accounts belonged to companies from Goldman Sachs to JP Morgan to Citigroup to Morgan Stanley, along with dozens of venture capital and private equity firms.

In government, affected accounts included a GMail user who appears to be Rahm Emanuel and staffers in the Senate, House of Representatives, Department of Justice, NASA, Department of Homeland Security, FAA, FCC, and National Institute of Health, among others. Dozens of employees of the federal court system also appeared on the list.
Ramifications

There are no doubt other high-profile subscribers caught up in the security lapse, along with ordinary users who now have reason to worry that AT&T might expose more of their iPad data to hackers.

At the very least, AT&T exposed a very large and valuable cache of email addresses, VIP and otherwise. This is going to hurt the telecommunications company's already poor image with iPhone and iPad customers, and complicate its very profitable relationship with Apple. Exacerbating the situation is that AT&T has not yet notified customers of the breach, judging from the subscribers we and the security group contacted, despite being itself notified at least two days ago. It's unclear if AT&T has notified Apple of the breach.

Then there's the question of whether any damage can be done using the ICC IDs. The Goatse Security member who contacted us was concerned that recent holes discovered in the GSM cell phone standard mean that it might be possible to spoof a device on the network or even intercept traffic using the ICC ID. Two other security experts we contacted were less confident in that assessment. Mobile security consultant and Nokia veteran Emmanuel Gadaix told us that while there have been "vulnerabilities in GSM crypto discovered over the years, none of them involve the ICC ID... as far as I know, there are no vulnerability or exploit methods involving the ICC ID."

Another expert, white hat GSM hacker and University of Virginia computer science PhD Karsten Nohl, told us that while text-message and voice security in mobile phones is weak "data connections are typically well encrypted... the disclosure of the ICC-ID has no direct security consequences."

But that didn't mean he thinks AT&T is off the hook:

It's horrendous how customer data, specifically e-mail addresses, are negligently leaked by a large telco provider.

We suspect many AT&T customers will agree.

Update: The New York Times has emailed all staff suggesting they "turn off your access to the 3G network on your iPad until further notice" while the newspaper's engineers and security staff investigate the issue.

Update x2: AT&T sent us a statement apologizing for the breach and downplaying the impact:

"AT&T was informed by a business customer on Monday of the potential exposure of their iPad ICC IDS. The only information that can be derived from the ICC IDS is the e-mail address attached to that device.

This issue was escalated to the highest levels of the company and was corrected by Tuesday; and we have essentially turned off the feature that provided the e-mail addresses.

The person or group who discovered this gap did not contact AT&T.

We are continuing to investigate and will inform all customers whose e-mail addresses and ICC IDS may have been obtained.

We take customer privacy very seriously and while we have fixed this problem, we apologize to our customers who were impacted."
 
I'll get on the wagon with the next version. There seem to be a number of innovations with theiPhone 4 that should make it to the iPad.

I use my laptop for a lot of "heavy" programming, project grading and research. The iPad can't and shouldn't replace that. Rather, I see it as an ideal "Cloud" device. We are now experimenting to see how well we can use it to do "real" work remotely. I think it will do the job.

I would like to see a pen feature. To me not having Flash is not a big deal. I updated to 64 bit machines and the 64 bit version of IE doesn't have Flash capability. I don't miss it much and I have always been leery of Flash implementations since it is not a secure language and a sloppy programer (of which there are too many) could leave your computer at risk.
 
Last edited:
Actually, I'm typing this on my iPad.
I used to take my MacBook Air to work so I could read PDF magazines and ebooks on the train. Even with the svelte MBA, it was awkward using it on the train.
The iPad is really sweet for this and for me, worth the price of admission. I'm actually reading a lot more now.

At home, I have a PS3 & Wii which I never use. Downloaded some iPad games and am having a blast. For light surfing, reading, entertainment, movies, email and generally as a media consumption machine, it fulfills my needs nicely. I can actually type as fast on the iPad as I can on my Macs.

To each their own. The iPad has definitely found a place in my life even with an iPhone, MacBook and an HP Netbook (now my music server) and a Mac Mini.
 
Last edited:
Mickey,

You hit the nail on the head perfectly, now that I have the iPad I'm reading a lot more as well...

Personally, I don't care if it does anymore than that along with a little web surfing and Facebook.
 
There's nothing on my iPad that would be useful to anyone...

You just might be surprised. When you are taking pictures you focus on your main subject while trying to avoid including extraneous "stuff". When you get to your studio, do you find that some of that "stuff" is still in the frame? Well it is the same when you use a computer that is connected to the net. Cookies follow you around. Amazon's Kindle books has to be able to recognize your computer for downloads and Amazon has to have some records of your payments.

Certain types of programming languages (scripting, flash, C and others) when coupled with sloppy programmers have serious security issues. And there are many sloppy and naive programmers around. It is kind of like the number of people that use point and shoot cameras. Great pictures; NO :eek:
 
You lot are so fickle. One year ago (Feb 2009) you were telling me that I didn't understand the screen technology of the Kindle and you would never want to read anything on a LCD/backlit screen.

Now Apple does it it makes the Kindle look pretty much like rubbish, right?

Think of the environment before you keep shelling out for these plastic, toxic junky gadgets.
 
I like my ipad. I interact with customer face to face, but have a general need to share computer screens with them at various points. Now, I use my ipad which is much less cumbersome. Now, we are working on a way to let customers digitally sign contracts with their finger. Copies will be sent to their e-mail.

The ipad is changing the way we interact with the world. It is changing the world. If you think it is just another dumb product like the original iphone, you are in for a big surprise.

Things I like that are new to Ipad

-live weather radars
-multiple push e-mail
-I can make simple drawings with a finger and e-mail them avoiding pencil and paper
-convenient to sit on the couch and surf the internet
-incredible battery life
-truly portable-I can stand up and use it without fatiguing my arm

Apple sold 1 million ipads in the first 29 days!

Dominick
 
Back
Top