Slashdot Mirror

← Back to Stories (view on slashdot.org)

iTunes Music Store Hole Discovered, Patched

Posted by pudge on from the mmmmm-free-music dept.

prockcore writes "A vulnerability has been found in Apple's iTunes Music Store. The flaw enabled hackers to hijack other people's accounts by knowing only their email address, and download music with it. Apple has patched the hole."

6 of 26 comments (clear)

  1. Well by aphex2000 · · Score: 4, Funny

    Now we know where those huge amounts of downloads are coming from :)

  2. MSTunes by jolshefsky · · Score: 5, Funny

    Just wait until Microsoft copies this service.

    --
    --- Jason Olshefsky

    Karma: Poser (mostly affected by adding this line long after everyone else did)

  3. Stupid error. by BoomerSooner · · Score: 4, Insightful

    How does something as simple as not passing authentication objects/info to the browser get past Apple's QA? Session Objects, Cookies and Hidden form fields are never secure from the user. Amazing this still happens.

    Ah, it feels like 1996 again.

    1. Re:Stupid error. by 2sleep2type · · Score: 5, Interesting
      I agree this is a really stupid mistake.

      However in my experience of developing applications for a lot of 'big name' organisations. The QA, testing and other checking people have no idea of the issues let alone an understanding of how to really 'break' an application.

      My general experience is if I don't QA my own work, as long as it's functionally correct no one else will question it.

      It's scary, one of the many reasons I'm very careful when I check my credit card bill

    2. Re:Stupid error. by MobyDisk · · Score: 4, Insightful

      I've never seen an organization that had QA done by technical persons. But this type of stuff is out of the realm of QA. QA did there job by verifying that the functionality worked as described. But this wasn't a QC mistake, this was a design flaw. The design describes where the data comes from and where it is stored.

  4. Go work in banking, the military or any other high by BoomerSooner · · Score: 4, Insightful

    risk area, where if you and QA don't catch something like this, you're fired.

    It makes you code better knowing screwing up could cost you your job. Although in situations like that you usually get more realistic development schedules compared to the corporate schedule of get it done now. (Or at least that's what I've experienced.)