You can't secure what you don't acknowledge.SM

Thursday, June 10, 2010

iPad "breach" - another sensationalistic Web flaw

NewsFactor has a nice piece on the recent AT&T iPad "breach" that tells the story of how a code on AT&T's site was cracked exposing email addresses of iPad users. So, some criminals gleaned some email addresses from a telecom provider...In the grand scheme of things: big deal.

I agree with Sophos' Paul Ducklin - I think this is being overblown...just like the sensationalism brought forth by my recent bit on CSRF.

Sure, it's an exploit and shame on AT&T for not finding it before someone else did. But, in the end, it's about priorities and level of exposure - you know, all that boring behind the scenes stuff that no one bothers to mention.

No comments:

Post a Comment