Hacker of Macworld Obtains Free Platinum PassesA hacker claimed to get early-access to priceless speech of Steve Jobs at the Macworld Conference and Expo. People entitled for the priority access were VIPs and others who paid highly for it. The event's Web site had a security gap that helped hackers to obtain free 'platinum passes' that actually cost US $1,695, said a security professional. These passes were the top priced sold for Macworld that included the highly demanded priority seating for the keynote address that Jobs delivered on Tuesday. The speech was important because Jobs introduced Apple's new iPhone in it. The special discount codes available on the inadequately secured Macworld website made the hack possible, wrote Kurt Grutzmacher, a security professional based in Berkeley, Calif, on his blog. He wrote, the code was relatively easy to decipher that would allow a free platinum pass. Grutzmacher said it was very much obvious that no one would declare everything so that a client could gain access to something prohibited. He added the website owner should validate on the server more than the client and keep the keys confidential. Also, the key should not allow discounted access. Grutzmacher collected his free platinum pass on January 8, 2007 and reported the incident to IDG the next day. IDG World Expo was the organizer of Macworld that concluded on January 12, 2007. Grutzmacher wrote that the people at IDG assessed their logs and discovered that others also knew about the vulnerability and its exploit while he was the only one to report it. IDG World Expo neither confirmed nor denied the hack. Charlotte McCormack, spokeswoman for IDG said that the company had nothing to comment. The Registration Control Systems, the organization that dealt with the event's registration, passed all queries to IDG. The alleged hack on Macworld is a superb instance of security problems with Web 2.0 applications, said Billy Hoffman, a researcher at SPI Dynamics, a Web security specialist. Hoffman explained that IDG made its website more responsive by validating on the event-registering users' computer. For this it inserted a JavaScript code into the browser thereby revealing the manner of verifying the priority code and its use by the website. Related article: Hacker & Virus in MySpace » SPAMfighter News - 1/17/2007 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!