Apple’s developer site is still down following a very public hacking attack by Ibrahim Balic last week, in which he downloaded over 100,000 developers’ private contact information. But Balic finally has what he wanted all along: recognition from Apple for his efforts.
Balic said he found 13 bugs in Apple software and only penetrated the company’s developer website as a proof of concept to show Apple how vulnerable it was after Apple failed to respond to his initial bug reports.
Now, Balic says he’s happy to finally have gotten a response from Apple — and he seems to want to lay the matter to rest:
Finally I got the expected response from Apple, I’m happy now. I do not want people to provoke this matter. pic.twitter.com/IEGgeNX6F4
From VentureBeatCustomers don’t just get irritated when you screw up cross-channel personalization. They jump ship. Find out how to save your bacon on this free research-based webinar with Insight’s Andrew Jones.
— ibrahim BALİÇ (@ibrahimbalic) July 23, 2013
Apple’s response looks fairly automated, and barely qualifies as a response. It simply notes that a security analyst has reviewed Balic’s bug reports and that Apple is investigating the issues. Interestingly, the message is dated July 22, despite the fact that Apple took the site down last week and informed developers on Sunday, July 21.
I would expect some more substantive response from Apple, likely when the company brings its developer website back up. Hopefully for Balic that response will not come in the form of a legal charge, but it would not be unlike Apple to pursue the hacking and theft of personal data in a court of law, even in Balic’s native Turkey.
Typically, Apple — and all companies — prefer to settle security and privacy matters quietly, without public scrutiny. Security researchers, however, often find they can’t get companies’ attention without going public.
At least this email is some sort of confirmation that Balic provided Apple a level of public service by disclosing the vulnerabilities.
Which brings up the real question:
What kind of hacker uses Outlook as his email client?