“It’s now been almost three full days. I don’t know anything about their infrastructure, but for a web service to be down this long with so little communication, most ‘maintenance’ or migration theories become very unlikely.” Downtime is normally just part of life, but three full days? There’s something going on.
I’m betting a severe security breach, accounts and/or certificates stolen, etc.
three fulldays off for a giant like apple means something really, really bad.
Not only does this speak volumes about the security of anything you store in the cloud, but even if you encrypt your stuff, reliability could be an issue. Thus, I don’t really feel comfortable using the cloud as a primary storage source, even if the stuff I’m saving there isn’t of a sensitive nature. For me, the cloud is definitely NOT the future, though I suppose as more and more stuff gets moved there, we’ll all be dragged kicking and screaming.
If it is that, then I just hope Apple take a break from their “no comments” rule and properly inform their users (though the time to do that would have been 3 days ago, when any such breach was discovered)
Edited 2013-07-21 22:52 UTC
Straight from the horses mouth…..
Apple Developer Website Update
Last Thursday, an intruder attempted to secure personal information of our registered developers from our developer website. Sensitive personal information was encrypted and cannot be accessed, however, we have not been able to rule out the possibility that some developers’ names, mailing addresses, and/or email addresses may have been accessed. In the spirit of transparency, we want to inform you of the issue. We took the site down immediately on Thursday and have been working around the clock since then.
In order to prevent a security threat like this from happening again, we’re completely overhauling our developer systems, updating our server software, and rebuilding our entire database. We apologize for the significant inconvenience that our downtime has caused you and we expect to have the developer website up again soon.
I’m actually quite impressed. Not only have they been open about the breach (given that they’re normally a very secretive company), but they’ve also done the correct thing by taking the portal offline while they properly investigate and resolve the issue. Many others wouldn’t be that responsible.
Edited 2013-07-21 23:21 UTC
3 days is not really open, more like reluctantly and because of outside pressure. Look at how Ubuntu dealt with the leak yesterday, that’s open.
Fair point.
Its open for Apple
AFAIK, Canonical IS NOT A Quoted Company on the NYSE etc.
Apple inc is and that brings a whole different set of financial responsibilities.
What may have applied to Canonical may not apply to Apple.
For one thing, people are more likely to sue Apple than Canonical simply because Apple have more money in the bank.
That said, I can’t see why it could not have been brought back up with ALL Logins disabled.
Perhaps you got it backwards? Apple’s status as a publicly traded corporation means they should have been far quicker and forthcoming in relying news about this incident.
And that has relevance how? Regardless what kind of companies Canonical and Apples are, they still have the same responsibilities.
Edited 2013-07-23 14:57 UTC
According to this, California state law requires companies to disclose security breaches, so they (Apple) probably didn’t have any choice; http://en.wikipedia.org/wiki/Security_breach_notification_laws
Edited 2013-07-22 01:13 UTC
The hack appears to have been done by grey hat, Ibrahim Balic
http://fyre.it/tjlVmC.4
http://thenextweb.com/apple/2013/07/22/researcher-claims-he-told-ap…