[funsec] Apple's worst security breach: 114, 000 iPad owners exposed

Nick FitzGerald nick at virus-l.demon.co.uk
Thu Jun 10 19:55:16 CDT 2010

Joel Esler wrote:

> My only problem with the article is the inaccuracy of the headline. 
> Gawker is known for their sensationalism.  Frustratingly awesome. 

My only problem with your commentary on this is the inaccuracy of your 
use of the word "inaccuracy".

Although technically "inaccurate" means only "not accurate", due to the 
tendency of (simpler) humans to conceive "accuracy" as a binary state 
(akin to true/false), common use of "inaccurate" tends to have a strong 
connotation of "false", and even "wrong" (with all its connotations).  
(Should we be surprised that Wikitionary suffers this misperception, 
unlike the professionally maintained dictionaries I checked?)

You would have been more accurate (now, how can that be a meaningful 
utterance for something that ostensibly has binary state?) to have 

   My only problem with the article is the less than fully accurate
   headline.  Gawker is known for their sensationalism.  ...

Of course, that is not quite as sensationalistic as strongly connoting 
that Gawker was wrong...

True, their headline was not fully accurate.

But do you really not think that Apple must at least partly carry the 
can for this?

After all, it was Apple that decided to make 3G iPads available in the 
US (and Canada I presume) via an exclusive deal with AT&T.  If the 
devices were available across any 3G network, Apple's customers would 
have had to choose their carrier, and thus only those who chose AT&T (a 
presumably small number from what I've heard of that network's 
coverage, reliability and service) would have been exposed by this lack 
of security smarts at AT&T (well, we have to speculate and as you seem 
to be into sensationalism, let me assume that none of the other 3G 
networks are run by such security dullards as those at AT&T).

Of course, the real reason behind Apple's choice of AT&T had nothing to 
do with "providing the most consistent user experience" and all that 
touchy-feely mush the fanboiz lap up, but had everything to do with 
making the device "more exclusive" and keeping the price rather on the 
high side (i.e. it was about making profits for Apple, and presumably 
the fixed-term service contracts had something to do with making 
profits for AT&T).

So, I have no sympathy for Apple being socked with the full blame for 
something like this.  If Apple really cared about its reputedly ever so 
valuable customers, Apple would have made sure that it was not teaming 
with a security-challenged carrier and thus inflicting that carrier's 
low standards on Apple's "valuable customers".  (And arguably it would 
have made the device network agnostic to provide its ever so valuable 
customers the best range of choice to get the device and carrier deal 
that suited them...)

Apple is at least as guilty in this as AT&T, because from a great deal 
of pre-existing commentary on the quality of AT&T's service in general, 
and from its direct past experince with the iPhone fiasco, it seems 
that Apple should have been more than aware of the potential for brand 
spoilage by partnering with AT&T.

So, to label this anything other than a failure by Apple, and worse to 
only focus on AT&T's role in this (I'm not saying that Joel did this -- 
just that some are), is actually aiding and abetting Apple, maintaining 
the Jobs/fanboi circle-jerk that "everything Apple is perfect".


Nick FitzGerald

More information about the funsec mailing list