We’re Awarding Goatse Security A Crunchie Award For Public Service

This iPad security breach story from last week continues to spin way out of control, and in our opinion fingers are being pointed in the wrong direction. The FBI is investigating the incident, and a few hours ago AT&T finally communicated with customers to tell them about the breach (I’ve reprinted the AT&T email below).

Here’s what happened: Goatse Security discovered a rather stupid vulnerability on the AT&T site that returned a customer email if a valid serial number for the iPAD SIm card was entered. An invalid number returned nothing, a valid number returned a customer email address. Goatse created a script and quickly downloaded 114,000 customer emails. They then turned all that over to Gawker, after, they say, AT&T was notified and the vulnerability was closed. Gawker published some of the data with the emails removed. Says Goatse: “All data was gathered from a public webserver with no password, accessible by anyone on the Internet. There was no breach, intrusion, or penetration, by any means of the word.”

This post is tagged: address, AT&T, breach, card, control, Customer, customer emails, direction, Email, fbi, fingers, Gawker, Goatse, Headline, incident, intrusion, iPad, nothing, number, Opinion, penetration, script, security, security breach, serial, sim, sim card, site, Story, valid serial number, Vulnerability, way, webserver, week, wrong direction