Anonymous Leaks 1M Apple Device UDIDs

← Back to Stories (view on slashdot.org)

Anonymous Leaks 1M Apple Device UDIDs

Posted by timothy on Tuesday September 4, 2012 @12:49AM from the don't-forget-the-one dept.

Orome1 writes "A file containing a million and one record sets containing Apple Unique Device Identifiers (UDIDs) and some other general information about the devices has been made available online by Anonymous hackers following an alleged breach of an FBI computer. 'During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java,' the hackers claim." Update: 09/04 13:44 GMT by T : A piece at SlashCloud points out that if the leak is genuine, this raises some sticky questions about privacy and security; in particular: "[H]ow did the agency obtain said information, and to what purpose? Why did all that personal data reside on the laptop of one special agent?"

190 of 282 comments (clear)

So is apple... by santax · 2012-09-04 00:51 · Score: 4, Interesting

Going to explain why they gave all the UID of their devices to the FBI?
1. Re:So is apple... by h4rr4r · 2012-09-04 00:56 · Score: 5, Insightful
  
  Why is that more likely?
  You think if the FBI asks Apple or AT&T won't cough up such a list?
2. Re:So is apple... by siddesu · 2012-09-04 00:57 · Score: 1
  
  He's gotta be as shrewd as one Mr. Manning. Are they using Android tablets to access customer databases at the Genius Bar?
3. Re:So is apple... by ATMAvatar · 2012-09-04 01:01 · Score: 5, Insightful
  
  Yes, that seems like the larger issue here. What purpose does the FBI Cyber Action team have with 12M Apple UUIDs (from TFA: of which only 1M was leaked so far)?
  This actually seems like a care of actual well-meaning hacktivism, as the purpose here is to inform users they are being tracked. It is only a matter of time before the remaining UUIDs are released. Unfortunately, most people have little more tech savvy than a newborn, so it is unlikely many people will even know how to compare their device to the list even if they care to do so.
  The best we can hope for is that more of them wake up to the large-scale surveillance being undertaken and the abuse of power it represents. I wish I could be optimistic, but I know better by now.
  
  --
  "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
4. Re:So is apple... by __aaltlg1547 · 2012-09-04 01:06 · Score: 3, Insightful
  
  From that comment I gather that you believe an anonymous person who claims to be a hacker who claims to have gotten what he claims is Apple UDIDs from what he claims was an FBI computer.
5. Re:So is apple... by Anonymous Coward · 2012-09-04 01:08 · Score: 2, Informative
  
  There's an Axis group of predatory software companies comprising of largely of Apple, Microsoft, Oracle and Facebook. with a few smaller companies used mostly as proxies. They cooperate with US government agencies in exchange for favorable treatment in courts and legislature.
  In this instance, the Facebook app on Apple's iOS was used to mine contact data from iPhone users.
6. Re:So is apple... by h4rr4r · 2012-09-04 01:16 · Score: 3, Insightful
  
  Oh please, all the big boys play this game. Any major firm is not going to do anything other than send a bill when any three letter agency asks for data. Nothing to do with favors, just typical amoral corporate behavior that we need to regulate against.
7. Re:So is apple... by gullil · 2012-09-04 01:16 · Score: 1
  
  Probably a Flashlight app
8. Re:So is apple... by h4rr4r · 2012-09-04 01:21 · Score: 1
  
  Not one bit.
  I dispute the fact that only a limited set of companies are doing this or that they gain favors by doing it. Big companies like telcos have nice simple request for data forms pre made, so long as they get paid they are more than happy to share any and all data.
9. Re:So is apple... by gandhi_2 · 2012-09-04 01:25 · Score: 3, Funny
  
  I'm more interested in why a high-budget outfit like the FBI is buying Vostros!
  
  --
  THL phish sticks
10. Re:So is apple... by Dan+East · 2012-09-04 01:26 · Score: 4, Insightful
  
  The problem is that although Anonymous does have a list of Apple IDs (which I doubt has been verified yet), they don't have hard evidence attributing them to an FBI source. We have to just take their word on that one, unless the FBI admits to the breach.
  
  --
  Better known as 318230.
11. Re:So is apple... by gandhi_2 · 2012-09-04 01:29 · Score: 3, Insightful
  
  We need government rules against a company cooperating with the government?
  On one hand you argue for regulation, which is more powerful government. On the other hand, you bemoan the government using any power.
  Companies and governments don't go to heaven. They don't act morally or amorally. They just do what is necessary to get thru the day.
  
  --
  THL phish sticks
12. Re:So is apple... by h4rr4r · 2012-09-04 01:37 · Score: 4, Insightful
  
  The fact that it is facebook?
  Facebook exists for basically this sort of thing. Tracking devices or not, anything you post to it you should consider public knowledge. Sure you have privacy settings, which do not apply to the three letter agencies. At some point they may not apply to anyone.
  I am not saying don't use it, but consider anything you say on facebook the same as printing it on a billboard.
13. Re:So is apple... by Anonymous Coward · 2012-09-04 01:39 · Score: 1
  
  Companies and governments don't go to heaven. They don't act morally or amorally. They just do what is necessary to get thru the day.
  Bullshit. Can't speak for government, but in business I see it from C-levels every day: how can we make more money from our customers without driving most of them away? There are some pretty fucken awful things done in the name of profit.
14. Re:So is apple... by v1 · 2012-09-04 01:49 · Score: 2
  
  UDID "Unique Device ID", Apple's way of tagging their devices.
  UUID "Universally Unique ID", a standard which would have done the job for all intents and purposes.
  I'd like someone with more specific expertise to follow up on this branch of the thread, but iirc one of those IDs is used to encrypt the data on the ipod/iphone, and is also used to encrypt the data backed up to the computer when synced, if you select to encrypt the backup. (itunes option)
  So, having a big database of these IDs is also potentially useful for extracting the information from a protected device or backup.
  If they have a database that contains names and product serial numbers with them, that probably makes their job much faster. Instead of having to try 12 million codes to see which one works on a phone they've just confiscated/borrowed, they may get lucky and find it in the db. If not, after spending the time (20 minutes? I have no clue) trying IDs until they find the right one, then your info gets added into the db for later faster retrieval. And identification I suppose too. But they don't need the IDs for that.
  I've also read recently that some LEA have access to special software or hardware that can be plugged into an idevice and download data without syncing. I don't know how much truth there is to this, and I don't know if the information downloaded is also decrypted at the same time. I assume those are using unpublished exploits or possibly back doors that apple provided them with.
  Could someone with more expertise in the use of those IDs please make additions/corrections to the above?
  
  --
  I work for the Department of Redundancy Department.
15. Re:So is apple... by AbRASiON · 2012-09-04 01:49 · Score: 1
  
  Don't quote me on this but I think the Vostro is one of the few laptops with a matte finish nowadays.
  So the remainder of the Apple (obviously) and Dell stock is pretty much defective by design. Thank the lord for the Vostro.
16. Re:So is apple... by h4rr4r · 2012-09-04 01:53 · Score: 2
  
  Yes, much like we have government rules limiting what the police can do.
  Regulation does not imply a more powerful government, it can be done with the same level of power it has now.
  No one goes to heaven, it does not exist. They act amorally, since that is what the people who make them up do.
17. Re:So is apple... by GNious · 2012-09-04 02:09 · Score: 4, Funny
  
  So Apple can now drag both the FBI and Anonymous to court over copyright infringement? Nice ...
  1 million UIDs, value at [price of iPad or iPhone], should be pretty nice income for Apple's legal department.
18. Re:So is apple... by icebraining · 2012-09-04 02:12 · Score: 2
  
  That's not how it works. Not for an individual, and not for a complex organization like a company or government. Regulations are not reducible to more/less powerful.
  There are separation of powers, multiple levels of checks and balances, etc, that do counteract such forces.
  For example, not that long ago a project by our government for installing a bunch of CCTVs was struck down by a different government commission that's responsible for protecting personal data.
  
  --
  Dilbert RSS feed
19. Re:So is apple... by ToastedRhino · 2012-09-04 02:17 · Score: 3, Informative
  
  Not sure why you think this. If you have access to an iPhone backup (encrypted or not) you almost certainly have access to the UDID already since backups are store (on OS X) in ~/Library/Application Support/MobileSync/Backup/[iPhone UDID]/[Actual Data]
  (It's similar on Windows in that it also includes the UDID in the folder name, but I don't know the full path off the top of my head.)
  Anyone getting to the actual data would be able to see the UDID in the folder name that contains the data.
  Also, let's not forget that before iOS 5 developers were able to use UDIDs as identifiers when apps were downloaded. So lots and lots of developers have this same information on lots and lots of users in databases of their own. In my mind, it seems pretty ridiculous to think that Apple would have given developers carte blanche to collect information that is an integral part of the phone's encryption protocol.
  That's not to say this isn't a privacy problem, but I don't think it could affect the strength of the encryption on or off the phone in any ways, shape, or form.
20. Re:So is apple... by dna_(c)(tm)(r) · 2012-09-04 02:27 · Score: 1
  
  I think you do not understand the separation of powers: legislative power (congress) would make a law prohibiting collecting arbitrary data about individual citizens without reason and companies to provide them that information without due process. Executive power (government) is not allowed to subvert that law.
21. Re:So is apple... by Sique · 2012-09-04 02:28 · Score: 4, Interesting
  
  Regulation does imply a more powerful goverment. If someone runs afoul the regulation, the government steps in and hands out punitive fees, prison time or exclusion from government contracts. This amounts to actively reign into formerly autonomous business processes or personal decisions.
  Each regulation gives the government more power. Before the regulation, the government had no right to interfere. Regulation gives the right to the government. And each additional regulation forces the government to actively administer the regulation, and thus to add governmental jobs.
  There is no point in regulation if there is no one to enforce it.
  
  --
  .sig: Sique *sigh*
22. Re:So is apple... by Anonymous Coward · 2012-09-04 02:29 · Score: 2, Insightful
  
  This is considered "insightful"? If Shavano had taken the 5 seconds required to verify that those UDID are, in fact, valid, he wouldn't be saying silly things like this.
  Sure, we have no idea of the source of this (FBI, Apple, random person with 1M+ harvested UDIDs, etc.), but it's trivial to verify that (at least a good part of the data) is valid.
  Maybe google for "Apple UDID deanonymize" and you'll get there.
23. Re:So is apple... by h4rr4r · 2012-09-04 02:37 · Score: 1
  
  Not true. Some regulation limits government, like police may not just search your house at random. This is the kind of thing I am proposing. The end result would just be such evidence could never be used in court and at that point existing administrative actions could be taken against those who collected it.
24. Re:So is apple... by Chab1549 · 2012-09-04 02:45 · Score: 1
  
  i believe the personal information was removed before leaking ....
25. Re:So is apple... by Rob+the+Bold · 2012-09-04 02:45 · Score: 4, Insightful
  
  I think you do not understand the separation of powers: legislative power (congress) would make a law prohibiting collecting arbitrary data about individual citizens without reason and companies to provide them that information without due process. Executive power (government) is not allowed to subvert that law.
  There isn't much bi-partisan common ground in the US. But on the subject of Congress being unwilling and/or unable to prevent the Executive Branch from violating laws in such areas as arrest, detention, search, seizure and privacy, the parties are of one mind. There are perhaps a handful of Senators and Representatives willing to speak up about it, but even they're too scared to actually point fingers and name names.
  
  --
  I am not a crackpot.
26. Re:So is apple... by Thing+I+am · 2012-09-04 02:53 · Score: 1
  
  Don't quote me on this but I think the Vostro is one of the few laptops with a matte finish nowadays. So the remainder of the Apple (obviously) and Dell stock is pretty much defective by design. Thank the lord for the Vostro.
  Quoted for future reference. Thank you for your cooperation, citizen.
  
  --
  That sucking sound you hear is my bandwidth.
27. Re:So is apple... by h4rr4r · 2012-09-04 02:57 · Score: 2
  
  Not at all. The walled garden merely means that any app needs to not be evil while being tested. This is trivial to do. If asked however Apple would cooperate.
  The normal facebook app yes, the one that comes packaged with so many android phones out of the box would not.
28. Re:So is apple... by cdrguru · 2012-09-04 03:12 · Score: 5, Informative
  
  The UDID is not related to encryption on iDevices. Knowing the UDID will not help unlock a device if you have it.
  The original function of the UDID was to allow stateless connections (like HTTP) to be able to coordinate sessions with the same device. Thus, you ask for something and cell data connection drops. The device connects back up and gets the response and everyone knows they are still talking to the same device. However, Apple has seen too many applications use this in inappropriate ways and has come out officially saying the API to retrieve it may be retired shortly.
  There are other ways to make sure you are talking to the same device consistently and one thing that Apple wants is multiple device transparency when one account is involved. So I can make a request on my iPhone and retrieve the results on my iPad as well as having 100% of the data shared between the devices. The UDID isn't conducive to that at all.
  So there are likely apps out there that have collected massive UDID databases... but have no idea what to do with the information. It is not externally visible. It could be used to do various types of tracking but mostly your app author isn't all that interested. I have no idea what the FBI might do with a database of maybe 1% of the iDevices out there but it isn't all that useful.
  Forensic software for iDevices exists and much of it will work on locked devices. It will not decrypt otherwise encrypted data that is stored by applications in an encrypted form, but that is actually pretty rare. And again, having the UDID before you plug the device in is of no value and once you do plug it in, you have the UDID. So if an iPhone is confiscated by some law enforcement agency, they probably have access to the "right" software for dumping out the contents of the phone. Completely. If they are really up on things, they may have a portable device which will image the phone in minutes in the field. Your ability with an iPhone or Android phone to keep things out of law enforcement hands is (today) approximately zero. This was not previously the case but all the latest high-end cell phone forensic tools handle iDevices just fine.
  An encrypted Blackberry remains a device that cannot be successfully examined - I believe you can get an image from the device but it is encrypted at a level that makes cracking the encryption unlikely. Once the device has been imaged, I believe trying selected passwords is possible without the "10 wrong guesses wipes the device" problem. But still, for the most part an encrypted Blackberry is secure. Any Blackberry device can be encrypted, BIS or BES, but it is sufficiently troublesome that only people required to do so - because of a BES profile - are going to do it. You can bet government Blackberries are set with the profile requiring encryption. The encryption is part of the device locking which then requires a password (text) to unlock and access the device.
29. Re:So is apple... by ISoldat53 · 2012-09-04 03:16 · Score: 3, Insightful
  
  From the article I read the laptop was owned by the agent not the FBI which raises a whole pant load of other questions.
30. Re:So is apple... by medcalf · 2012-09-04 03:21 · Score: 1
  
  You seem to be asking government to protect you from government.
  
  --
  -- Two men say they're Jesus. One of them must be wrong. - Dire Straits
31. Re:So is apple... by medcalf · 2012-09-04 03:23 · Score: 1
  
  Have you been paying ANY attention the last 4 years? The last 40? Of course the executive can subvert the law with impunity.
  
  --
  -- Two men say they're Jesus. One of them must be wrong. - Dire Straits
32. Re:So is apple... by gnasher719 · 2012-09-04 03:28 · Score: 1
  
  Going to explain why they gave all the UID of their devices to the FBI?
  Considering that we were talking about UDIDs here, and UDIDs are something totally different than UUIDs or GUIDs, any post referring to UIDs should never be marked as "interesting", but "imbecile".
33. Re:So is apple... by blogan · 2012-09-04 03:30 · Score: 1
  
  So much for the walled garden, huh?
34. Re:So is apple... by Hatta · 2012-09-04 03:32 · Score: 1
  
  That's exactly what the Bill of Rights was intended to do.
  
  --
  Give me Classic Slashdot or give me death!
35. Re:So is apple... by gnasher719 · 2012-09-04 03:34 · Score: 3, Informative
  
  I'd like someone with more specific expertise to follow up on this branch of the thread, but iirc one of those IDs is used to encrypt the data on the ipod/iphone, and is also used to encrypt the data backed up to the computer when synced, if you select to encrypt the backup. (itunes option)
  That's nonsense. Every iOS device has a Unique Device Identifier (UDID), which is used to identify the device and nothing else. Some idiot programmers used it to identify users, which is totally stupid because when you sell a used iOS device, the UDID stays with the device.
  
  UUIDs (Universally Unique Identifiers) on the other hand are created repeatedly. A well-written app that wants to keep track of one user of that app will generate a UUID and store it in the app's preferences. 100 different apps on the same iOS device will create 100 different UUIDs. The good thing for privacy is that you cannot use UUIDs to gather information about a user, because the same UUID will only come up in one context.
  
  Neither are used to encrypt information on an iOS device. (An application _could_ use a UUID that it created to encrypt information, but that would be information coming from that one application).
36. Re:So is apple... by mcgrew · 2012-09-04 03:39 · Score: 1
  
  No one goes to heaven, it does not exist.
  Your hypothesis is untestable, yet you are certain it's true? There's a bit of a logical disconnect there, you can't see it?
  
  --
  Free Martian Whores!
37. Re:So is apple... by JBMcB · 2012-09-04 03:42 · Score: 1
  
  Probably not.
  http://en.wikipedia.org/wiki/National_security_letter
  
  --
  My Other Computer Is A Data General Nova III.
38. Re:So is apple... by dna_(c)(tm)(r) · 2012-09-04 03:48 · Score: 1
  
  Have you been paying ANY attention the last 4 years? The last 40? Of course the executive can subvert the law with impunity.
  I have. But viewing it from this side of the Atlantic pond, I think gandhi_2 is not the only one that does not understand the importance of separation of powers. I suppose a two party system is only marginally better than a one party system, people in the three powers are bound to come from one or the other background or identify with one or the other party. Freedom and democracy lose.
  You do know even the Romans implemented separation of powers?
  Mind you, on this side of aforementioned pond, we have our own problems besides the Euro...
39. Re:So is apple... by shiftless · 2012-09-04 03:49 · Score: 1
  
  Yes, and it failed, predictably. (As was predicted.)
40. Re:So is apple... by Anonymous Coward · 2012-09-04 04:04 · Score: 1
  
  The problem is that although Anonymous does have a list of Apple IDs (which I doubt has been verified yet), they don't have hard evidence attributing them to an FBI source. We have to just take their word on that one, unless the FBI admits to the breach.
  Well,
  Apple can either say, we have lousy security and anonymous got that list from us.
  The FBI forced us to give the list and they lost it.
  So there's a chance Apple will force the FBI's hand in this.
41. Re:So is apple... by BoberFett · 2012-09-04 04:07 · Score: 2
  
  The police aren't really regulated. In theory they are, but all they have to do is claim it's part of the War on Drugs or War on Terror and they're free to do whatever they want.
42. Re:So is apple... by toriver · 2012-09-04 04:12 · Score: 1
  
  Certainty is in the eye of the beholder. How many of the people unable to disprove the existence of unicorns bother with leaving out hay for them in cold winters? They simply assume unicorns do not exist - maybe even going to the extent of saying they do not exist...
43. Re:So is apple... by scorp1us · 2012-09-04 04:28 · Score: 1
  
  You're assuming they were given. It's much better to assume that if 12M were there, and they've sold voer 100M iOS devices world wide, that they were collected.
  Which raises a better question. How were they collected?
  
  --
  Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
44. Re:So is apple... by BlueStrat · 2012-09-04 04:29 · Score: 5, Funny
  
  From the article I read the laptop was owned by the agent not the FBI which raises a whole pant load of other questions.
  No, it's actually quite simple.
  The agent was in the process of collecting data, etc for the purpose of starting his own FBI.
  With blackjack.
  And hookers.
  But the Secret Service got mad because blackjack & hookers were their gig, and so they hacked this FBI agent's computer and released the data to Anonymous.
  The SS doesn't want to have their agents blow into town only to find all the blackjack and hookers are already booked solid by these new-FBI agents.
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
45. Re:So is apple... by lister+king+of+smeg · 2012-09-04 04:30 · Score: 1
  
  the non removable facebook app on my android tablet is simply a shortcut to the mobile version of their web site so the spying is done on their servers not my device at least.
  
  --
  ---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
46. Re:So is apple... by dthx1138 · 2012-09-04 04:34 · Score: 1
  
  Minor correction: the FBI is part of the judicial branch, not executive.
  
  Though to be fair, in the past (such as the warrantless wiretapping program under Bush) the executive branch has directed the Justice department to do things that contradict previously passed legislation (see FISA).
  
  --
  I just found the box to change my sig. Um.... [timeless witticism].
47. Re:So is apple... by bennomatic · 2012-09-04 04:37 · Score: 2
  
  The UDID is not related to encryption on iDevices.
  That's not entirely true. If you're a developer (or a tester for a developer), your phone's UDID is used in the certificate signing process when doing ad hoc distribution of an app. If the app is not signed for your device, you can't run it. I know that signing and encryption aren't exactly the same thing, but in this context, they're definitely related.
  
  But yes, for most users, I believe your statement holds true.
  
  --
  The CB App. What's your 20?
48. Re:So is apple... by tlhIngan · 2012-09-04 04:40 · Score: 1
  
  Going to explain why they gave all the UID of their devices to the FBI?
  It's not neessarily Apple that gave it to them - that sort of information seems to be available to developers for various reasons (UDID definitely, but others are related to push notifications).
  It could very well be some developer gave them the database, or some analytics company like Flurry or AdMob or other service provided it as well.
49. Re:So is apple... by Phusion · 2012-09-04 04:46 · Score: 1
  
  Oh, it's been verified.
  
  --
  640k ought to be enough for anyone.
50. Re:So is apple... by anagama · 2012-09-04 04:48 · Score: 4, Interesting
  
  And then there is the judicial branch, which rolls over and asks the Feds to scratch its tummy at any mention of the State Secrets Doctrine.
  There's a whole sordid history to the State Secrets Doctrine involving the deaths of three geeks in a military plane in the 50s and the Air Force covering up its negligence by claiming it would harm national security if an accident report was released. Decades later that accident report was declassified and showed nothing of any national security import -- just some lousy maintenance on the plane and failure to make manufacturer recommended upgrades. Had the widows been allowed to have it, they would have likely done well at trial. Anyway, keeping it secret enabled the Air Force to short change the widows by settling the case cheap.
  http://www.thisamericanlife.org/radio-archives/episode/383/origin-story?act=2#play
  Oh yeah, and Obama is the worst offender in applying the state secrets doctrine. Just search for obama state secrets doctrine --- the examples are ridiculously numerous for one who promised openness in government.
  
  --
  What changed under Obama? Nothing Good
51. Re:So is apple... by medcalf · 2012-09-04 05:07 · Score: 1
  
  I'm a big believer in separation of powers (though the Consul system was horrid once Rome was more than a city-state), but the only way a republic works is for different offices to be chosen by different methods. We in the US have reduced all of our methods to popular vote of the whole, and that's not been very useful. I'd say that's a far worse system defect than even the two-party system, which is bad enough if your concern is limiting the ability of government to screw you over.
  
  --
  -- Two men say they're Jesus. One of them must be wrong. - Dire Straits
52. Re:So is apple... by h4rr4r · 2012-09-04 05:08 · Score: 1
  
  I have yet to see evidence pointing to any other possibility. Do you also believe in leprechauns or unicorns?
  I am not certain it is true, it just appears to be so far.
53. Re:So is apple... by ToastedRhino · 2012-09-04 05:09 · Score: 5, Informative
  
  What in the world are you even talking about? They didn't log "GPS Coordinates" and the logs that people did get all upset about that contained information about cell tower locations were stored on you phone and in the backups on your computer. That's not exactly "publicly accessible."
  And you're confused about the ad thing. You can turn off location (GPS) based ads right on the device. Just to to Settings --> Location Services --> System Services and toggle "Location-Based iAds" to Off. You DO have to go to a website to opt out of interest-based ads from iAd, but this is no different than any other ad company.
  And you are aware that iOS has supported complex passwords (i.e., any combination of letters, numbers, and special characters that you'd like) since iOS 4.0 which came out in June of 2010, right?
  So basically not a single thing that you said is true.
54. Re:So is apple... by thetoadwarrior · 2012-09-04 05:39 · Score: 1
  
  I think it's safe to say any commercial OS (at least in the US) has given the US government access to your system in some way and the government is no doubt busy trying to sneak backdoors into Linux distros or apps as well.
55. Re:So is apple... by jason.sweet · 2012-09-04 05:42 · Score: 1
  
  the FBI has a covert spying app in the app store.
  Fucking birds!
56. Re:So is apple... by butchersong · 2012-09-04 06:18 · Score: 1
  
  The constitution does not enumerate rights the government grants to the people. It enumerates rights the people grant the government. The Bill of Rights was not the government doing or creating anything for the people. It was the people saying something like "ok government is inherently evil but we need some sort of government so we're creating you with ONLY these powers".
57. Re:So is apple... by blackraven14250 · 2012-09-04 06:22 · Score: 1
  
  Then they'd lose in court - they can't just bust into your house, even using the war on drugs as an excuse, and have the evidence be admissible at trial.
58. Re:So is apple... by keytoe · 2012-09-04 06:35 · Score: 1
  
  The original function of the UDID was to allow stateless connections (like HTTP) to be able to coordinate sessions with the same device.
  I can't speak for the veracity of your statement, but from my experience the UDID is primarily used by Apple to enforce the code signing and distribution processes.
  In order to develop on a physical device, there is a provisioning song and dance you must go through involving certificates and the UDID. If you're lucky, this happens by magic in xcode these days. If not, you get to scream at xcode and fiddle with a web site. God help you if you happen to be on more than one development team (ie, have more than one developer certificate).
  You also need the UDID of any testers you have in order to generate ad-hoc distribution builds.
  I believe the UDID is also used for enterprise in-house distribution, but I'm not 100% sure on this one.
  
  --
  Culture is more than commerce
59. Re:So is apple... by BoberFett · 2012-09-04 06:57 · Score: 2
  
  Lose in court? The point is not whether they win or lose. It's about keeping people in line. Look at recent stories where the US government seized websites, servers, etc. Shut down businesses. A year later, they quietly drop the case. Lives have been ruined, companies closed. What then? Sue the US government? Good luck with that. Do you really want to spend your entire life for the next several years trying to sue the government?
  Sorry to shatter your view of the world, but there's no accountability in government.
60. Re:So is apple... by Mike+Buddha · 2012-09-04 07:04 · Score: 1
  
  Yes, America is a Hell pit of tyranny and despotism. Yes, it's so bad here, blah blah blah.
  
  --
  by Mike Buddha -- Someday the mountain might get him, but the law never will.
61. Re:So is apple... by Provocateur · 2012-09-04 07:18 · Score: 1
  
  You know, there just *might* be an app for that.
  
  --
  WARNING: Smartphones have side effects--most of them undocumented.
62. Re:So is apple... by downhole · 2012-09-04 08:14 · Score: 1, Insightful
  
  I wouldn't exactly call it amoral corporate behavior. These companies all are publicly traded, and their primary obligation is to preserve and increase shareholder value. Standing up to the Government has no relation to their actual primary goals and is usually in opposition to them. When a company gets that big, they have a lot to lose, and the Government has hundreds of ways to arrange for them to lose it all. Think they're going to stand up to them and jeopardize shareholder value for the sake of someone who will be called a mobster, drug dealer, or terrorist? And regulate against? Do you really expect that the Government is ever going to punish a corporation for agreeing to give data to it, no matter what laws get passed?
  I'm not thrilled about it or anything, but that's the way the world works. If you're going to do anything that might be legally iffy, you're better off assuming that every major and even medium-sized corporation will give the Government anything it asks for on a silver platter.
  
  --
  I don't reply to ACs
63. Re:So is apple... by DarwinSurvivor · 2012-09-04 09:11 · Score: 1
  
  Well, if Phusion says it's true, then it MUST be true!
64. Re:So is apple... by BlueStrat · 2012-09-04 09:11 · Score: 1
  
  Wow.
  40% Informative
  30% Funny
  30% Underrated
  "Funny" I was going for.
  "Underrated" I can understand and appreciate.
  But "Informative"???
  I'm not sure if I should be amused, amazed, impressed, or depressed here, or some combination of all four! LOL!
  But, thank you ladies and germs! :)
  Strat
  
  --
  Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
65. Re:So is apple... by cheesybagel · 2012-09-04 09:34 · Score: 1
  
  SAP develops database software and MySQL used to be a Swedish company. Quite often the answer to "Why there isn't an European company doing X" in the IT sector is that it either existed at a point and got bankrupt or that it got bought.
66. Re:So is apple... by Woeful+Countenance · 2012-09-04 09:38 · Score: 1
  
  Minor correction: the FBI is part of the judicial branch, not executive.
  You fail US civics. The FBI is an agency within the US Department of Justice, which is a cabinet-level department of the Executive Branch.
67. Re:So is apple... by mcwop · 2012-09-04 10:24 · Score: 1
  
  Probably the emoticons app.
  
  --
  "I don't think it's selfish, to eat defenseless shellfish." -NOFX
68. Re:So is apple... by cavreader · 2012-09-04 10:54 · Score: 1
  
  Why is nobody asking questions about how and where the data actually originated? Is any story like this automatically considered 100% truthful just because the portrayed "villain" is a government agency or large corporation? The group releasing this information would have had to identify the FBI employee that was supposedly storing this information and the FBI employee had to have a specific security flaw to enable the theft. The flaw was described as the latest Java atomic array exploit but that exploit is not universal on every machine that happens to be running Java. Like mpst exploits there needs to be several configuration and usage patterns to utilize an exploit. Even drive by web exploits require specific user to actually visit a particular website There are a lot of questions and the group releasing the information have their own motivations that have absolutely nothing to do with hacktivism and more to do with actively trolling as many systems as possible looking for any exploitable flaw so they can show the world how smart they are and blaming an organization that just happens to be in the business of catching and prosecuting members of their little hackers club. The data could be as advertised but there are quite a few questions that need to be answered to shore up the credibility. The FBI has come out a specifically stated they have no proof of a breach and this would be pretty easy to verify by checking the machine of the FBI employee that was named. Denying the breech is risky in the extreme because you never know if some of the information stolen can be proven to be factual.
69. Re:So is apple... by 10101001+10101001 · 2012-09-04 11:22 · Score: 1
  
  Regulation does imply a more powerful goverment. If someone runs afoul the regulation, the government steps in and hands out punitive fees, prison time or exclusion from government contracts. This amounts to actively reign into formerly autonomous business processes or personal decisions.
  Really? How about this: a new branch of government called Corruption Reclamation. They can do DEA-style forfeitures of government employee (that includes the newly created branch, Supreme Court judges, the President, members of Congress, State Governors, etc, all the way down to clerical workers in some tiny 100 person town) property on the charge of corruption (meanwhile the current court system would still have criminal capacity over corruption to watch over Corruption Reclamation). You think that'd create a more powerful government? I'm pretty sure that'd lead to crippling infighting and a general inability to act. After all, isn't supposed that the basis for the three-part Federal system or the President/Congress opposite party gridlock strategy?
  
  --
  Eurohacker European paranoia, gun rights, and h
70. Re:So is apple... by snemarch · 2012-09-04 11:31 · Score: 1
  
  An encrypted Blackberry remains a device that cannot be successfully examined - I believe you can get an image from the device but it is encrypted at a level that makes cracking the encryption unlikely.
  I wonder if that's true, given that BlackBerry maker Research in Motion agrees to hand over its encryption keys to India. I do realize that this is traffic encryption keys, which are likely different from device storage keys... but it still does make one wonder.
  
  --
  Coffee-driven development.
71. Re:So is apple... by shutdown+-p+now · 2012-09-04 17:44 · Score: 1
  
  By your argument, the Bill of Rights is completely worthless, since it's all limitations on government power.
72. Re:So is apple... by ToastedRhino · 2012-09-04 18:43 · Score: 1
  
  I almost hate myself for responding to this, but
  I'm not defending iAds, I'm saying that the commenter I responded to was wrong. Those are different things.
  Also, Android (read the other major player in smartphone OSes and therefore the most reasonable thing to be comparing iOS to) didn't support alphanumeric passwords until version 2.2 in, wait for it, 2010.
  I think I am looking at it objectively.
73. Re:So is apple... by rtb61 · 2012-09-04 21:31 · Score: 1
  
  Well doubting Thomas here's a better story which even gives a hint where it occurred http://www.ibtimes.co.uk/articles/380372/20120904/antisec-anonymous-fbi-data-breach-apple-udids.htm. and if you want to see his recruitment spiel http://www.youtube.com/watch?v=aiY2oGEEYb4. See, you too can become a FBI security leak. I wonder what else they got and didn't mention. It sure to make Supervisor Special Agent Christopher K. Stangl brain burn for the next few months trying to figure out. Could you imagine the ribbing this particular FBI nugget is going to get in the office over the next few years, ouch.
  
  --
  Chaos - everything, everywhere, everywhen
74. Re:So is apple... by Wovel · 2012-09-05 00:30 · Score: 1
  
  There are plenty of Apple developers that have UDIDs and User Names. I think the most likely culprits are Facebook and Google. They both would have at least 12 million records. They both also have a tendency to hand data over to the government.
75. Re:So is apple... by Guignol · 2012-09-05 00:42 · Score: 1
  
  Do you have any proof on which you could sustain this belief of yours that Apple does not use children to build with enormous margins those desirable appliances that are designed to steal people's privacy and to sell it to the FBI ?
  
  ' was just trying to guess what was going to be the next AC's weird 'I put less and less related words in your mouth and question you about it' :)
  
  You seem to be a very patient person, congrats ;)
76. Re:So is apple... by mcgrew · 2012-09-05 03:13 · Score: 1
  
  Unicorns don't eat hay, they live in the ocean.
  
  --
  Free Martian Whores!
77. Re:So is apple... by Uberbah · 2012-09-05 03:38 · Score: 1
  
  Pedantry that doesn't refute the parent's statement. The 1st Amendment is meant to protect our freedom of speech and assembly from government interference. The 4th Amendment is meant to protect us from unreasonable searches & seizures.
  etc.
78. Re:So is apple... by mcgrew · 2012-09-05 04:07 · Score: 1
  
  Do you also believe in leprechauns or unicorns?
  They found Leprechan fossils in Indonesia, and Unicorns live in the Arctic Ocean. I didn't used to believe in either one.
  "There is more in heaven and earth than dreamed of in your philosophy, Horatio."
  
  --
  Free Martian Whores!
79. Re:So is apple... by bhiestand · 2012-09-05 06:49 · Score: 1
  
  Lose in court? The point is not whether they win or lose. It's about keeping people in line. Look at recent stories where the US government seized websites, servers, etc. Shut down businesses. A year later, they quietly drop the case. Lives have been ruined, companies closed. What then? Sue the US government? Good luck with that. Do you really want to spend your entire life for the next several years trying to sue the government?
  Sorry to shatter your view of the world, but there's no accountability in government.
  I see your point, but there is a ton of accountability in government. You think nobody would be fired if the cops destroyed a nativity scene at a prominent church?
  The problem is that there is only accountability on issues voters care about. And voters couldn't care less about these issues.
  
  --
  SWM seeks new sig for a brief fling
80. Re:So is apple... by h4rr4r · 2012-09-05 07:44 · Score: 2
  
  Unicorns do not live in the artic ocean. Vikings used to hell narwhal tusks to suckers who thought unicorns existed though.
  Homo floresiensis is not a Leprechaun, just another hominid. A leprechaun would have a pot of gold at the end of a rainbow and would be from Ireland not indonesia. Be amazed by reality, not try to make it appear that myths are anything more.
  The amazing thing is that every atom in your body came from a star that exploded. And, the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics:
  You are all stardust.
  You couldnâ(TM)t be here if stars hadnâ(TM)t exploded, because the elements â" the carbon, nitrogen, oxygen, iron, all the things that matter for evolution â" werenâ(TM)t created at the beginning of time. They were created in the nuclear furnaces of stars, and the only way they could get into your body is if those stars were kind enough to explode. So, forget Jesus. The stars died so that you could be here today.
81. Re:So is apple... by Shark · 2012-09-05 12:31 · Score: 1
  
  "how can we make more money from our customers without driving most of them away?"
  For the big guys, the answer typically reads: "Have the government (who has a monopoly on force) force them out of that money and give us a cut."
  This happens typicall through regulations, grants and bailouts: They'll force you to buy a product, prevent you from buying a competing one or just hand the money they cofiscated from you directly over.
  
  --
  Mind the frickin' laser...
82. Re:So is apple... by Shark · 2012-09-05 12:50 · Score: 1
  
  The Bill of Rights (and Constitution) is not what I'd call regulation. It is the supreme law of the land and meant to bind the government itself. The mistake most people make is assume that the power of law (sovereingty) lies in the government. It does not, force of law is rooted in the people of the United States.
  Yes, it is a guideline by which the government should be kept in check... But that is by *you* the people of the United states. You've let it grow into a monster and now most of you just cower in fear of it thinking they can't do anything about or even worse, assume it's someone else's job. It's your job, it's your government, it's your country. Take what authority you can muster and change it. Sure you likely won't become president, but you don't have to. What you have to do is do everything you can and don't answer 'nothing' because that's bullshit.
  
  --
  Mind the frickin' laser...
83. Re:So is apple... by mcgrew · 2012-09-06 01:26 · Score: 1
  
  Just as manatees are "sea cows", narwals are "sea unicorns." How do you know that the Homo floresiensis didn't have a pot of gold buried under a rainbow? Maybe they immigrated to Indonesia from Ireland!
  I fully agree about the poetry of physics.
  
  --
  Free Martian Whores!
Re:A shocking discovery by dskzero · 2012-09-04 01:01 · Score: 1

wat

--
Oblivion Awaits
udid by watice · 2012-09-04 01:05 · Score: 5, Interesting

UDID's aren't allowed to be used by apple anymore. Well maybe not disallowed but strongly discouraged, & depreciated in ios5, as far as I can tell.
1. Re:udid by superflippy · 2012-09-04 02:36 · Score: 1
  
  So is there anything you need to do just in case your device is on the list? Upgrade to iOS6 if you can, I'd assume.
  For older devices that can't upgrade (thinking of my original AppleTV here), is there any risk? Is it likely someone would use your UDID to simulate being you so they can jailbreak their devices?
  
  --
  Your fantasies contain the seeds of important concepts.
2. Re:udid by afidel · 2012-09-04 03:00 · Score: 1
  
  Yes, they're likely just to be only used internally as the seed to the encryption algorithm. That's the most plausible reason for the FBI to have the list, so that they can plug the UDID into a key generator that will decrypt the phone. How else do you think those LEO phone crackers work in minutes.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
I give this stunt one thumb up the A** by museumpeace · 2012-09-04 01:05 · Score: 1

I am now looking for my device IDs in that list...a drag. But how oblivious is the typical iPhone customer to just how naked they are? I salute the hackers for giving the fascist bureau of iDevices and their lackies a big black eye.

--
SLASHDOT: news for people who can't concentrate on work or have no life at all and got tired of yelling back at the TV.
And the use of a UDID? by Anonymous Coward · 2012-09-04 01:07 · Score: 1

So what can you do with an Apple UDID?
1. Re:And the use of a UDID? by O('_')O_Bush · 2012-09-04 01:15 · Score: 3, Informative
  
  A lot of apps use it, and with one, you could spoof requests using a simulator. It isn't a secure form of identity, but at least a good way to troll.
  
  --
  while(1) attack(People.Sandy);
2. Re:And the use of a UDID? by vlm · 2012-09-04 01:17 · Score: 5, Informative
  
  So what can you do with an Apple UDID?
  Yeah that's a good question. As to what a UDID is:
  http://theiphonewiki.com/wiki/index.php?title=UDID
  UDID = SHA1(serial + IMEI + wifiMac + bluetoothMac)
  So its not much more than a checksum of the serial num and the various RF ids. So given 5 pieces of information, the UDID is what amounts to a checksum of the other 4 parts proving that row of the database has no errors.
  What it is, does not superficially seem to help much with what they do with it, but maybe it helps a little in isolating what it isn't (it isn't, for example, the itunes CC number for the account, or the owners SS number, so there's no point discussing those type of issues)
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
3. Re:And the use of a UDID? by ed1park · 2012-09-04 01:45 · Score: 1
  
  Doesn't seem that far fetched that it could be a single column from a larger database referencing oodles of more data allowing one to spy on and track any individual at anytime using such a device.
4. Re:And the use of a UDID? by jittles · 2012-09-04 02:16 · Score: 1
  
  It depends on the applications you use. They could certainly jailbreak a device and then write some custom code that returns your UDID for the device UDID. Then they could spy on your communications through certain applications that use UDID to identify an account. Not many applications do that, especially since the UDID is deprecated in iOS5, but some do. Otherwise, I can't think of anything else that this allows the FBI (or a criminal) to do.
5. Re:And the use of a UDID? by Anonymous Coward · 2012-09-04 02:36 · Score: 1
  
  Lots of things.
  Like... I don't know... going to https://api.openfeint.com/users/for_device.xml?udid=XXX (replacing XXX with the UDID you want to get info on) and getting nice information like the games the person is playing or their profile picture (and you used to be also able to get Facebook account, GPS coordinates, etc.). This is just an example. But google for "Apple UDID deanonymize" and you'll find more examples.
  Yes, the UDID is just a checksum/hash (as pointed out by someone who replied to you). But when you have lots of APIs using UDID for cross-referencing to uniquely identify someone (or, worse, as an authentication token), bad things are bound to happen once those UDIDs get leaked.
6. Re:And the use of a UDID? by Qzukk · 2012-09-04 02:42 · Score: 1
  
  The UDID is used by developers to provision an app for a phone so it can be installed without going through the app store (see here.)
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
7. Re:And the use of a UDID? by jittles · 2012-09-04 03:01 · Score: 1
  
  Yes, that I am aware of. However, I am unsure as to how that would be used for nefarious purposes. If you were to install the TestFlight app, or some equivalent and then lie about your UDID I suppose you could download apps that you aren't authorized to use. But I don't see much use in that for the FBI or hackers. I suppose a hacker may do something like that just to say he did so, but I would think they would much rather compromise the site that does the provisioning?
8. Re:And the use of a UDID? by vlm · 2012-09-04 06:09 · Score: 1
  
  Right, and in the details of some articles and in the pastebin I read of the actual data release, they specify stuff like "home address" which would be pretty handy.
  However, all the PR journalist stuff is trumpeting the "UDID" above all else. Probably because they have no idea what it is?
  
  --
  "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
9. Re:And the use of a UDID? by keytoe · 2012-09-04 06:46 · Score: 1
  
  So what can you do with an Apple UDID?
  This is a copy/paste from a comment I made further up the thread, but seemed like it belonged here:
  
  The UDID is primarily used by Apple to enforce the code signing and distribution processes.
  In order to develop on a physical device, there is a provisioning song and dance you must go through involving certificates and the UDID. If you're lucky, this happens by magic in xcode these days. If not, you get to scream at xcode and fiddle with a web site. God help you if you happen to be on more than one development team (ie, have more than one developer certificate).
  You also need the UDID of any testers you have in order to generate ad-hoc distribution builds.
  I believe the UDID is also used for enterprise in-house distribution, but I'm not 100% sure on this one.
  
  So, what can you do with it? It allows you to track a device across application boundaries. As pointed out elsewhere, this isn't exactly the same as tracking a user, but it's pretty close. Close enough for most marketing purposes, and certainly close enough for the difference to be lost on management when discussing said marketing opportunities.
  Also noted above, it looks like Apple is actively trying to prevent apps from doing this. The vibe I get is that in general, Apple is trying to lock down any user tracking to an individual application - or suite of apps if they are set up to share (ie, two apps from the same developer can share data).
  I guess you could also add them to your testing pool - but you're limited to 100 devices, so probably not worth it. I doubt the feedback would be helpful :)
  
  --
  Culture is more than commerce
10. Re:And the use of a UDID? by Altus · 2012-09-04 16:45 · Score: 1
  
  The apps you download with the false UUID wouldn't even work for you aincetheywould be signed for the wrong device.
  
  --
  "In America, first you get the sugar, then you get the power, then you get the women..." -H. Simpson
Dear Georg Orwell... by syngularyx · 2012-09-04 01:07 · Score: 1

1984 is now but we pretend it's not the case!
1. Re:Dear Georg Orwell... by syngularyx · 2012-09-04 01:08 · Score: 1
  
  ... George!
Test if yours is on the list here: by Luxusleben · 2012-09-04 01:07 · Score: 1

http://kimosabe.net/test.html
1. Re:Test if yours is on the list here: by Lehk228 · 2012-09-04 01:16 · Score: 2
  
  disappointing, i expected the page to reply "it's compromised now"
  
  kind of like those password security checkers "not secure: reason: you typed it into a random site on the internet"
  
  --
  Snowden and Manning are heroes.
Re:How to lose friends and not infuence anyone by Anonymous Coward · 2012-09-04 01:08 · Score: 1

Sony is for rich people and gamers. Apple is for hipsters. None of those are geeks in my book.
Re:How to lose friends and not infuence anyone by Anonymous Coward · 2012-09-04 01:08 · Score: 1

Would geeks really be using Apple devices?
Re:How to lose friends and not infuence anyone by jbernardo · 2012-09-04 01:08 · Score: 2, Insightful

geeks? I see no geeks there, why would geeks using fashion accessories instead of smartphones or using devices made by a company who likes to install rootkits on their users machines?
catchy job title by Anonymous Coward · 2012-09-04 01:14 · Score: 5, Funny

> Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team
This guy must have business cards 2 feet wide.
1. Re:catchy job title by fustakrakich · 2012-09-04 02:41 · Score: 1
  
  Billy Rosewood - Deputy Director of Operations for Joint Systems Interdepartmental Operational Command (DDO-JSIOC)
  
  --
  “He’s not deformed, he’s just drunk!”
2. Re:catchy job title by steelfood · 2012-09-04 04:29 · Score: 1
  
  Not if it's shortened to S.H.I.E.L.D.
  
  --
  "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
3. Re:catchy job title by ThatsNotPudding · 2012-09-04 05:16 · Score: 1
  
  > Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team
  
  This guy must have business cards 2 feet wide.
  And an honorary Microsoft mid-level executive just by title length.
4. Re:catchy job title by TubeSteak · 2012-09-04 09:44 · Score: 1
  
  You must know nothing about government.
  His card looks like this: SSA Christopher K. Stangl from FBI RCAT & NY FBI OERT
  They probably have a bar game where everyone throws their card into a hat and the agent with the most acronyms gets free drinks all night.
  
  --
  [Fuck Beta]
  o0t!
FS by Altanar · 2012-09-04 01:16 · Score: 5, Funny

Eh, if the FBI wants to know where I am at all times, they can follow me on Foursquare like everyone else.
1. Re:FS by madhatter256 · 2012-09-04 02:17 · Score: 2
  
  It is the execution of the list that would result in bad things. Fortunately, the government doesn't have the gusto to use a list in the ways you describe...
  Except for republican and democratic campaign coordinators... that's real fucking scary...
  
  --
  Previewing comments are for sissies!
2. Re:FS by KhabaLox · 2012-09-04 04:53 · Score: 1
  
  Except for republican and democratic campaign coordinators... that's real fucking scary...
  I've been fielding spam calls from my university, veteran's groups, the police, all asking for a handout. I think I can handle the D/RNC.
  
  --
  Ceci n'est pas un sig.
Re:How to lose friends and not infuence anyone by O('_')O_Bush · 2012-09-04 01:19 · Score: 1

I'm seeing a lot of posts like these, so I'm thinking there is something wrong with the groupthink's reading comprehension. He said geeks from those respective companies, not geek users. He means, release personal information of the engineers and other technical people designing/building/testing these devices. They will be fighting as hard as anyone, but from the inside.

--
while(1) attack(People.Sandy);
Re:How to lose friends and not infuence anyone by h4rr4r · 2012-09-04 01:19 · Score: 5, Informative

Linus Torvalds used a macbook pro with linux last I checked. Is he not a geek?
Apple bless you by Anonymous Coward · 2012-09-04 01:28 · Score: 1

It's obviously a product of Apple innovation. Apple know better than us what features are good and which one are bad. Those criticizing Apple have obviously low IQ or are too old to adapt to the innovative idevice future. Once more, Apple shows the way forward to the future. Apple be praised.
Let's ignore... by craznar · 2012-09-04 01:30 · Score: 1, Insightful

... the possibility that the FBI was doing its job.
The only possibilities here are that the FBI or Apple are in the wrong, there is NO possibility that criminals did something wrong.
Remember that simple rule... the FBI and Apple sometimes make mistakes, therefore they are ALWAYS responsible for things. /groan

--
EMail: 0110001101100010010000000110001101110010 0110000101111010011011100110000101110010 0010111001100011011011110110
1. Re:Let's ignore... by RMingin · 2012-09-04 01:39 · Score: 2, Interesting
  
  Ok, yes yes, the crazy mugger (cracker) was clearly in the wrong. That does leave the question of why an unconnected, shady character (the FBI) was walking around with everyone's paychecks (Apple info for which the FBI has no clearly demonstrated need).
  Nobody is declaring Anonymous innocent, but why the HELL does the FBI need a list of UDIDs? Are they tracking TERRISTS via their iPhones now, or is it more likely that the FBI just likes reading your mail, watching you in the shower, and knowing all your passwords?
  
  --
  The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
2. Re:Let's ignore... by craznar · 2012-09-04 02:28 · Score: 3, Insightful
  
  So - why does a cop car need a million bucks worth of Heroin in their boot ?
  One option is - they nabbed a criminal.
  
  --
  EMail: 0110001101100010010000000110001101110010 0110000101111010011011100110000101110010 0010111001100011011011110110
3. Re:Let's ignore... by h4rr4r · 2012-09-04 02:48 · Score: 2
  
  There are 1 million terrorist or criminal iPhone users?
  Does that not seem high?
4. Re:Let's ignore... by shiftless · 2012-09-04 03:53 · Score: 1
  
  Talk about using a counter-example which proves the point. The War on Drugs is just as evil (if not more so) than the FBI spying on people.
5. Re:Let's ignore... by ewieling · 2012-09-04 04:01 · Score: 1
  
  Another option is they are corrupt cops and are selling it.
  
  --
  I really shouldn't have used someone else's email address for this account.
6. Re:Let's ignore... by wvmarle · 2012-09-04 07:47 · Score: 1
  
  Any time the police have a large haul they will issue a press release bragging about it. There appears no such thing from the FBI in this case.
All your UUIDs are belong to us by GeekWithAKnife · 2012-09-04 01:34 · Score: 2

Seriously, does anyone really think this is not commonplace? If the government is doing this behind the scenes just imagine what Facebook does with the data you willingly sign over to it. This is just the tip of the iceberg. Sure it's not suppose to happen, sure it's wrong, sure no one agreed to it and it needs to be corrected...but if something can be abused, it will be.

--
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
1. Re:All your UUIDs are belong to us by Bob+the+Super+Hamste · 2012-09-04 02:03 · Score: 1
  
  This is why facebook only knows that I like to cook random food stuff. Seriously that is type of data I would trust facebook with or any random company or government agency. By the way some of my more recent postings are of:
  Soda bread
  Pork schnitzel in the style of Vienna
  Sweet Potato Pie
  German chocolate cake
  Home made ravioli (stuffed with bison, venison, beef, 3 cheeses, and spinach) in creme sauce
  Beef and Guinness stew
  Bacon wrapped venison roast slow cooked and smoked in my barbeque
  Spicy chili
  7 bean casserole
  Bison Porter house (it is the size of a dinner plate)
  Garlic soup
  
  --
  Time to offend someone
2. Re:All your UUIDs are belong to us by Anonymous Coward · 2012-09-04 02:14 · Score: 2, Funny
  
  Those health insurance premiums... increased lately?
3. Re:All your UUIDs are belong to us by Bob+the+Super+Hamste · 2012-09-04 02:44 · Score: 1
  
  Given the crap in the prepackaged processed food most Americans eat even eating what I cook would still be orders of magnitude better for you so my health insurance premiums should be going down. Besides the only things that would be considered bad for you would be the German chocolate cake or sweet potato pie again both of which don't contain any heavily processed ingredients. Even the schnitzel isn't that bad for you unless you are eating it all the time, and the bacon wrapped venison roast probably still has less fat than the crappy beef roasts at the grocery store
  
  --
  Time to offend someone
Only USA Apple ID's or others by Anonymous Coward · 2012-09-04 01:36 · Score: 2, Interesting

Was the leak only for USA ID numbers, or are we talking major criminal action in foreign countries here?
It's always tempting to think the USA is the world police, but Apple do not have immunity from foreign courts if they've been handing over data like that.
1. Re:Only USA Apple ID's or others by Chab1549 · 2012-09-04 02:48 · Score: 1
  
  there has been confirmation from users that the IDs are not only US ids
Re:How to lose friends and not infuence anyone by jbernardo · 2012-09-04 01:47 · Score: 1

Doh... Know you say that, I went and re-read his post and I agree, I misunderstood. He mentioned getting the details on geeks working at Sony and at Apple, not geeks buying devices from these two companies.
So which application? by nweaver · 2012-09-04 01:59 · Score: 3, Interesting

It sounds like this is a dump of data from an application vendor to the FBI: Apps have (in the past) used UUID for identification, and the push-notification tokens also suggest application, not apple, as the source.
So which application is responsible?

--
Test your net with Netalyzr
1. Re:So which application? by FFOMelchior · 2012-09-04 02:21 · Score: 1
  
  Maybe the FBI was attempting to investigate the mafia -- and must've gotten that mixed up with Mafia Wars?
2. Re:So which application? by BillHop · 2012-09-04 02:22 · Score: 1
  
  Perhaps that Furious Birds clone that promises a hand grenade for each level mastered?
3. Re:So which application? by Anubis+IV · 2012-09-04 03:53 · Score: 5, Interesting
  
  The current theory (as mentioned by Marco Arment) is that it may be from AllClear ID's iOS app, given that AllClear officially joined the NCFTA in the second week of March. Since the leaked file's name had NCFTA in it, it's pretty clear that it came from the NCFTA, and it would make sense that AllClear would have started providing some data prior to when they actually announced they had joined, so that may explain (but certainly not justify) why someone had something like that on their desktop on the week of the attack.
  If AllClear is indeed the source, that would be some rather delightful irony, given that they would be directly responsible for causing more damage to their customers than they will ever likely prevent.
  Also, if AllClear sounds familiar, it may be because they were the the company providing a year of free identity theft protection to Sony customers after the hacks last year that compromised millions of PSN accounts.
4. Re:So which application? by sortadan · 2012-09-04 06:52 · Score: 1
  
  Amazing if true. Would square with the million user UDIDs that a popular app is the collection source. I was thinking maybe a jailbreak app like cydia, but this is much more scandalous.
5. Re:So which application? by Dan+East · 2012-09-04 12:27 · Score: 1
  
  From your link:
  
  Update: AllClear ID sent a statement saying they do not collect UDIDs and are not affiliated with the NCFTA, for whatever it’s worth.
  
  --
  Better known as 318230.
6. Re:So which application? by Anubis+IV · 2012-09-04 16:54 · Score: 1
  
  Interesting (and many thanks for the update), but denying an affiliation with the NCFTA seems odd after making an announcement of a partnership just a few months ago. It definitely has me wondering what's up. The FBI also issued a statement earlier, claiming they were not aware of any evidence that the alleged theft had occurred, which was a nice non-denial. It's all just kinda odd.
Re:How to lose friends and not infuence anyone by h4rr4r · 2012-09-04 02:00 · Score: 1

Permitted?
How can they do anything about it?
I have linux running on a macbook air and I have seen android on a 3GS.
Re:My Reaction by icebraining · 2012-09-04 02:01 · Score: 3, Informative

And you're a nice example.

It's because the average IQ is about 100.
It's not "about" 100. It is 100, because that's how they are designed.

When modern IQ tests are devised, the mean (average) score within an age group is set to 100

--
Dilbert RSS feed
Everything is in place for Big Brother to step in by dna_(c)(tm)(r) · 2012-09-04 02:18 · Score: 4, Interesting

Review the permissions of the app. It can read and write contact information and it can take pictures and video, access phone state and identity, determine your location and record audio. At any time. Anybody actually read 1984? But at least Android tells you about it.
In a self followup, push notification token... by nweaver · 2012-09-04 02:22 · Score: 1

If one finds a phone which is in the list, is there a way to find out which application is associated with the push notification token? If so, this would help identify the application vendor responsible for dumping this data onto the FBI.

--
Test your net with Netalyzr
"... on the laptop of one special agent?" Har har. by walter_f · 2012-09-04 02:27 · Score: 4, Insightful

"Why did all that personal data reside on the laptop of one special agent?"
Probably it didn't and doesn't.
Reside on the laptop of *just one* special agent, that is.
Whenever one of these special agents gets something particular from the boss, all the others want that, too.
Re:How to lose friends and not infuence anyone by Viol8 · 2012-09-04 02:33 · Score: 1

Whoooosh.....
Hereâ(TM)s how to check if your Apple device by cirrus_minor · 2012-09-04 02:35 · Score: 1

Hereâ(TM)s how to check if your Apple device UDID has been compromised by the AntiSec leak http://goo.gl/GJC2qï

--
http://cirrusminor.info
Re: All your UUIDs... recipes are belong to us by walter_f · 2012-09-04 02:36 · Score: 1

I'll go for the home made bison and cheese stuffed ravioli, thank you.
As to the garlic soup, don't bother.
Relations between humans tend to be difficult enough even w/o garlic. ;-)
Re:Everything is in place for Big Brother to step by h4rr4r · 2012-09-04 02:49 · Score: 3

Install CM or an app that lets you block permissions you do not like. You will need to root of course.
OMG: HolyShit Batman... by ElitistWhiner · 2012-09-04 02:52 · Score: 1

Calm down, everyone with an Apple device, there's more than one Dark Knight with a laptop. You don't see your UDID, you're on another laptop darkly. Each device has GPS, a mic, front-facing camera and wireless connection for your safety.
Re:How to lose friends and not infuence anyone by Anonymous Coward · 2012-09-04 03:02 · Score: 1

I didn't know that Apple permitted their hardware to run linux.
Linux runs on anything and everything out there, That's the genius of Open Source Linux developers, They are unstoppable, Nothing gets in their way.
Re:My Reaction by fisted · 2012-09-04 03:02 · Score: 1

You're an even better example, since even if it is exactly 100, there's nothing wrong with saying 'about 100'. It would only be wrong the other way around.

Thanks for playing

--
CLI paste? paste.pr0.tips!
Maybe you should learn about technology... by Brannon · 2012-09-04 03:05 · Score: 1, Insightful

if you are going to post to a tech site. There are plenty of beginner sites out there, this one is for people who know basic technical info like "You can put any OS you want on a MacBook".
Solved question by gmuslera · 2012-09-04 03:19 · Score: 3, Interesting

I suppose that anonymous getting access to FBI computers (and making it public) answers the old question of who watches the watchers.
Re:Everything is in place for Big Brother to step by History's+Coming+To · 2012-09-04 03:20 · Score: 2

The single greatest threat to privacy worldwide is users who don't read the stuff above "I agree" or "Authorize App".

--
Please consider this account deleted, I just can't be bothered with the spam anymore.
Ok, this is weird... by Yvanhoe · 2012-09-04 03:23 · Score: 1

That a mainstream news outlet (like CNN) would discover that leak suddenly and act all surprised would be ridiculous, given that the general public ought to know, 11 years after 9/11, how privacy has been dismantled by intelligence agencies.

But slashdot? How is anyone surprised? Haven't we seen the news about the official spyware installed on all iPhone (yes and a lot of Android phones too)? Aren't we ranting all day long about the circulation of privacy data without overseeing?

There is one thing that ought to outrage us more than usual : the fact that this data was not securely stored. But the lack of privacy... well, where is the news?

--
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Is this geographically limited? by rapiddescent · 2012-09-04 03:24 · Score: 1

Just completed an entirely unscientific look at the data - I checked the UDID's of the iPads we have registered here (at a large financial company in the UK) and none are in the list. Given that this is 1m of 12m records, what ratio is 12m of the total population size for iphones and ipads?
i.e. if I checked 20 UDIDs, none of the came up, can we say that (allbeit with a low degree of confidence) the sample does not include UK registered devices? is it just USA registered devices? has anyone outside of the USA seen their iPad/iPhone on the list?
1. Re:Is this geographically limited? by scorp1us · 2012-09-04 03:51 · Score: 1
  
  I'm still trying to decode the file, and my iphone is in my desk at home, off. So I'll have to look later.
  But it makes no sense for the FBI to have UK UUIDs. FBI only operates in a domestic capacity. The CIA would be the ones to have UK UUIDs.
  
  --
  Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
2. Re:Is this geographically limited? by u38cg · 2012-09-04 08:40 · Score: 2
  
  Making some sweeping assumptions about the dataset, you have X~Bin(1/12,20); fire up R:
  
  > dbinom(0,20,1/12) [1] 0.1754805
  
  So no, you're not in the clear with any confidence, though you are more likely than not.
  
  --
  [FUCK BETA]
Carrier IQ (EOT) by Anonymous Coward · 2012-09-04 03:36 · Score: 1

Carrier IQ (EOT)
ugh. what's with this third-person BS? by sootman · 2012-09-04 03:41 · Score: 2

"A piece at SlashCloud points out...."
Jeez. You mean "Us, standing over there." Why pretend it's an unrelated entity?

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Re:My Reaction by shiftless · 2012-09-04 03:46 · Score: 1

For certain values of two, sure.
How to decode the file? by scorp1us · 2012-09-04 03:49 · Score: 1

It looks base64 but not quite. But I did only try a portion of the file.
Help?

--
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Re:How to lose friends and not infuence anyone by pegdhcp · 2012-09-04 03:52 · Score: 1

Who asked a permission to run any software on a device bought and paid for?
You might not have permission (especialy for Apple) to run a software you obtained a license to, on each hardware you wanted to do so. You cannot run iOS image you have lifted of your iPhone on a Nokia or God forbid, on a Samsung. However when you buy a hardware (and assuming it is not a Ferrari), you can run any software on it. You can use it as a door-stop if you like. Thus if like to do so and able to do so, you can run Android, or Linux on a Macbook.
Re:Isn't this illegal? by shiftless · 2012-09-04 03:57 · Score: 1

If it is, how are you going to stop them?
Re:My Reaction by Anonymous Coward · 2012-09-04 04:17 · Score: 1

It's not "about" 100. It is 100, because that's how they are designed.
No, it is about 100. It requires constant recalibration to keep it at 100 since IQ test results constantly rise. It is also a statistical measure: you use a sample size to calibrate your test and then give the test to the general population. The averages between the two aren't going to be exactly the same.

And you're a nice example.
Is it a nice example of a lack of critical thinking skills, general ignorance, or kneejerk reactions?
Re:LOLOLOL by Ash-Fox · 2012-09-04 04:22 · Score: 3, Insightful

Serves you right, walled garden sheep. My computers can only be identified with serials that you'll need root access to read, and they never leave the computer.
That's okay, we already know you are 1153867, we don't need computer serials to identify you.

--
Change is certain; progress is not obligatory.
Re:My Reaction by DVega · 2012-09-04 04:23 · Score: 5, Informative

When the IQ tests were created, they did not evaluate every single individual, just a small sample. So it is fair to say that the average IQ of the population is near 100, but not exactly 100.

--
MOD THE CHILD UP!
Re:Isn't this illegal? by Ash-Fox · 2012-09-04 04:25 · Score: 1

If it is, how are you going to stop them?
He has a plan, that's why he posted as AC.

--
Change is certain; progress is not obligatory.
Re: All your UUIDs... recipes are belong to us by Bob+the+Super+Hamste · 2012-09-04 04:34 · Score: 1

The garlic soup (knoblauchcremesuppe or garlic cream soup) actually doesn't have as pungent of a flavor or smell as one would assume. The cooking of it and the cream/milk dramatically cut the power of the garlic. I had it first when in Vienna and besides if both of you have had it neither of you notices the smell. The garlic cream soup is less pungent than french onion soup so you can use that as a guide.

--
Time to offend someone
Re:My Reaction by icebraining · 2012-09-04 04:46 · Score: 1

I'm not a compiler. I can perfectly understand what the AC meant, even if he was technically correct.

--
Dilbert RSS feed
Re:My Reaction by micheas · 2012-09-04 05:01 · Score: 1

Depending on if you are using algebraic addition or not. 2 + 2 = 0 could also work.
You are allowed to change the rules if it makes solving the problem easier. It is one of the cool features of an artificial language like mathematics.

--
Work bio at MMWD
Re:My Reaction by fisted · 2012-09-04 05:04 · Score: 1

I'm no compiler either, but what you said doesn't make any sense whatsoever

--
CLI paste? paste.pr0.tips!
Automation - why use real stupidity when you can by bussdriver · 2012-09-04 05:22 · Score: 1

have a machine do it quicker!
Spam filters are not so bright but they are doing something SIMPLE compared with what the insurance companies WILL someday try to employ. The success rate can be quite low and still make it highly profitable to deploy.
Your profile can be impacted by things that make no sense; you might simply TALK about food or talk about failing to lose weight and even though you may be quoting somebody else the machine will adjust your rank. Also, just like the simplistic MIT student project, the info about your "friends" on facebook can be used to determine things with better than chance odds-- like if you are not openly gay the student project claimed to be able to guess that with high accuracy based on your friends. You have a lot of fat unhealthy friends??
Since insurance KNOWS YOUR HEALTH by your medical bills; your friends and family you spend time with may also have insurance plans with the same company and that can be used against you as well. (They can already use your family against you.) Outside the company there are privacy laws I'm sure they can circumvent using a credit-rating like health score or something that summarizes without technically disclosing private information. This is less important today because insurance companies are so good at legally screwing their customers out of the insurance coverage they paid for.... plug 1 hole and they'll find another.

--
Democracy Now! - uncensored, anti-establishment news
Has Anyone Actually Downloaded The File? by r0wan · 2012-09-04 05:42 · Score: 1

You know...to see if it contains the reported information?

Figured I'd ask before doing so myself...

--
If you're not outraged, you're not paying attention.
Re:Hereâ(TM)s how to check if your Apple devi by thetoadwarrior · 2012-09-04 05:43 · Score: 1

If them having your UDID is a big deal then who the hell is going to just submit to to a random web page?
Re:I said dont mess with the Chinese by thetoadwarrior · 2012-09-04 05:44 · Score: 1

Samsung aren't Chinese, you idiot.
Re:Everything is in place for Big Brother to step by samkass · 2012-09-04 06:53 · Score: 1

Review the permissions of the app. It can read and write contact information and it can take pictures and video, access phone state and identity, determine your location and record audio. At any time. Anybody actually read 1984? But at least Android tells you about it.
And iOS 6 lets you block the permissions you don't want it to have... you can turn on/off photos, contacts, etc., independently.

--
E pluribus unum
Vostro is a reasonable machine by Chirs · 2012-09-04 07:08 · Score: 1

I got an i3 Vostro 14" a couple years ago. It's my personal home machine, has held up well, and was one of the least expensive comparable machines with HDMI out at the time of its release. And it has a matte screen. Oh, it also came with a year of next-business-day on-site warranty service, which the consumer-series ones don't.
It's not quite as heavy-duty as a Latitude (and doesn't support a dock), but its more compact.
doesn't explain why it's on his laptop by Chirs · 2012-09-04 07:09 · Score: 2

Any evidence should have gone to the lab, not onto a laptop.
Re:My Reaction by highphilosopher · 2012-09-04 07:17 · Score: 1

From one not-so-Anonymous Coward to another...
Quit being so stereotypical. "Everyone" doesn't think that way. And I have to clue how many 50/60 years old people you've met, so I'm sure I don't know how many of them were proud and arrogant. That being said, as a 30 something who had a slight taste of the end of an era the you totally missed apparently, show some fucking respect. If those 50/60 year old people hadn't spent their time organizing punch cards, you probably wouldn't be playing Worlds of Warcraft today.
To put it simply, "GET OFF MY LAWN!"
If it's from Apple, why not more? by SuperKendall · 2012-09-04 07:45 · Score: 1

Going to explain why they gave all the UID of their devices to the FBI?
It could be Apple that handed them over, but if so why only 12 million devices? There are now hundreds of millions of iOS devices in the wild so what makes that 12 million special?
Who and Why are huge questions here. None of my devices were listed, some quite old - so it's not just some old device list. What was happening there?
It could also easily be a list from someone like Facebook or Twitter, who would have been in a position with widely used apps to collect UDID & name/address info.
I wonder if this is related to Apple stopping apps from being able to make use of the UUID...

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Not anymore... by SuperKendall · 2012-09-04 07:51 · Score: 1

A lot of apps use it
Starting around the beginning of the year (March I think) Apple stopped accepting applications that collected the UUID. Most apps now do not make use of it, at least anything updated frequently.
In iOS 6 the call to get the UUID is gone.
It would depend on the app if the UDID was of any use in spoofing a user. Mostly anything that would have an account would make the user log in, not rely on the UDID for authentication.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Occam's Razor by cshbell · 2012-09-04 08:24 · Score: 1

So is Apple going to explain why they gave all the UDID of their devices to the FBI?
I know everybody's racing to see conspiracy here -- and that may well end up being the case -- but there might be a simpler explanation for how the FBI got these: From sniffing open WiFi hotspots.
It's possible that the Bureau, perhaps in cahoots with other three-letter agencies, exploited an undisclosed bug that produced the UDID (the technical composition of which is well documented). If so, it wouldn't be any great feat of science to sniff common open-air networks at places like Starbucks, airports, hotels. That's how I'd do it.
Re: All your UUIDs... recipes are belong to us by chartreuse · 2012-09-04 09:38 · Score: 1

What do you make home-made bison out of? Baco-Bits, cat hair and soy?
Re:LOLOLOL by GameboyRMH · 2012-09-04 10:08 · Score: 1

Except they'd then have to also hack all the retailers between Foxconn (or another manufacturer in the case of almost all my computers) and myself.

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
except QWest by decora · 2012-09-04 13:18 · Score: 1

they told the NSA to gtfo and rtfc (read the fine Constitution) , you can read all about it.
Re:My Reaction by Kalriath · 2012-09-04 22:36 · Score: 1

Coworkers? Read your forums lately?

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:Everything is in place for Big Brother to step by Kalriath · 2012-09-04 22:38 · Score: 1

Except when the app in question is baked into the OS like Twitter and Facebook nowadays. Are you sure you're the one in control then?

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:Let's not stand for it... by Revotron · 2012-09-05 01:44 · Score: 1

Direct most of that anger to app developers who gather that information and store it on their poorly-secured servers. That's probably where the FBI (or more likely AntiSec) got all the information from.
FBI security is fine... by ToddInSF · 2012-09-05 05:32 · Score: 1

Why would the FBI give a crap about the privacy of the American public ?