Apple's security experiences another iFail

Fruity cargo-cult Apple might be pinning its future on the cloud, but its attitude to security might sink the whole thing.

It is starting to look like Apple’s iTunes store has been hacked. Apple knows about it but is adopting its standard position of denying that it is happening while frantically trying to fix it.

Last Wednesday, people started getting billed by iTunes for stuff they had not bought. Mostly this was credits for Sega’s “Kingdom Conquest” which could then be laundered into real money.

Since then, nearly every victim had a gift card balance on their account, and others have reported that their credit card and/or payment information had been removed from their account.

This activity indicates that Apple knows about the attacks and is trying to stop more money being stolen.

It is definitely Apple’s problem. Someone has done a Sony on them and has got enough details to bill people for products.

Apple’s official response is the traditional “say nothing”. After all only Microsoft suffers from security problems, Apple security is so brilliant you do not need a virus checker.

Of course this is not the right attitude for any sane company. Sony has found itself hauled before a Senate committee for not telling its users about the hack sooner.

Fortunately for Jobs’ Mob the tame Apple press has not reported that it might be suffering from a hack equal to the Sony one and has kept a lid on things.

Apple needs to re-assure people quickly as it has just announced that iTunes is going on the cloud.

Given that Apple’s faith based security system has failed every test so far, god knows what will happen when all iTunes personal details are put onto the cloud.

We would have thought that it would be worth any hacker having a crack at, particularly since Apple take so long to patch software.  

The last couple of weeks Apple has been dealing with a malware attack.  We say dealing with, it took a month to fix and then the malware writers just upgraded the software to by-pass Apple’s fix.  

In the real world this would have all been fixed in a day by an AV software update. Now, imagine that attitude played out on a cloud based system and you have a recipe for disaster.