apple news/media reports

12/05/2007, 5:30pm, EST

Wednesday, December 5th

'Hack' prank angers developers, bloggers

What began as an unidentified cracker allegedly defacing Apple 'fanboi' sites last month has turned out to be nothing more than a prank. A cracker calling himself 'malcor' claimed responsibility for defacing GlennWolsey.com on November 17th, and similarly took credit for defacing MacApper.com just a few days later. After another alleged 'hack,' which resulted in the defacing both AppleMatters.com and iPhoneMatters.com, the hosting company of those sites immediately pulled the pages and initiated an investigation which brought the farce to light.

Site administrators involved initially claimed the hacks were due to a vulnerability in the open source content management system called 'Wordpress,' which spurred developers of that project to frantically search for potential security holes in their source code.

In the case of GlenWolsey.com, which is hosted by Media Temple and runs Wordpress, both the host and the site designer were apparently unaware that Mr. Wolsey had given control of his site to a third-party. During an investigation however the host and designer discovered the truth of the matter, but unfortunately failed to notify developers looking into potential Wordpress vulnerabilities. Email requests sent to Media Temple were ignored, according to open source software developer Ty Jang, while Mr. Wolsey suggested that an investigation was underway.

Several days later MacApper.com was defaced, and site owner Miles Evans wrote that his site was also compromised via a Wordpress vulnerability.

Again, the parties involved remained silent, according to Jang, and allowed the situation to escalate both within the Apple and open source developer community.

"Around this time, a Norwegian blog and a few others began posting the results of their initial investigation and suggested the involvement of macheist.com," Jang told MacNN.

It was only after the hosting company of AppleMatters.com and iPhoneMatters.com posted the results of its own investigation that the truth behind the alleged 'hacks' shown through. Site owner Hadley Stern hastily apologized for the hoax, admitting that he was contacted by the Macheist team to take part.

"I wasn't doing it for traffic, or fame, just for fun," Stern wrote. "Of course in the process I let down the readers of this site, and the web hosting provider, and the maker of the excellent CMS the site uses."

The owners of MacApper.com, MacHeist.com, and GlennWolsey.com (apologies linked) also admitted to the prank within 24 hours of Stern's apology.

Several well-known Apple bloggers shunned the stunt, with one even suggesting that all Mac users boycott MacHeist.com.

"There are quite a few people questioning the sincerity of any apologies as is quite likely that a significant amount of money was exchanged between those involved," Jang said.

Mr. Jang says he participates in the development and support of a variety of open source content management systems and Web forums in his spare time. The prank was, to put it lightly, not amusing to him and his fellow developers.

"I do not believe that any of us with experience developing online software are naive enough to believe our code is un-susceptible to some form of a hack. That being said, within the open source community, we spend a considerable amount of time checking, debugging and validating code before releasing it to the user community," Jang said. "Much of this is done in our free time for no monetary gain. The fact that the above-mentioned people have the audacity to publicly disrespect our hard work, in the name of profit, is infuriating."


Filed under: Apple, security, software, developer

, , 9comments, del.icio.us, slashdot, digg


9 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
AppleMatters
0
12/05, 5:47pm, EST
I'm confused how AppleMatters and iPhoneMatters play into the story. Were they actually hacked/defaced, or were they part of the publicity stunt along with the other three sites?
jimothy
Fresh-Faced Recruit
Join Date:Sep 2000
Status:Offline
Re: AppleMatters
0
12/05, 5:54pm, EST
To answer my own question, AppleMatters was also part of this odd stunt. Here is its apology page:

http://www.applematters.com/index.php/section/comments/a-bad-pr-stunt/

I couldn't find the same page for iPhoneMatters, but its reasonable to conclude it was also a party in the hoax.

What a bizarre idea. I don't really know what they hoped to accomplish with this. Even if it was never revealed to be a hoax, what could they have hoped to gained from this stunt? If anything, I'd feel unsure about visiting and, especially, registering as a user at a site that had been "hacked." Truly bizarre.

jimothy
Fresh-Faced Recruit
Join Date:Sep 2000
Status:Offline
re: macapper
0
12/05, 7:27pm, EST
The sad thing in the case of MacApper was that not even their staff was told. The owner knew, and maybe one other administrator knew, but none of the contributers or other admins were let in on the act before-hand or after the fact. Many even defended the site before the apology went public, not knowing that they were lying to their users. The first their staff found out was when Miles made his post to the public apologizing. Sheesh.
Guest
tempest in a teapot
0
12/05, 7:49pm, EST
'nuff said
zenwave
Fresh-Faced Recruit
Join Date:Feb 2004
Status:Offline
assholes
0
12/05, 9:23pm, EST
Doofuses.
robttwo
Fresh-Faced Recruit
Join Date:Nov 2005
Status:Offline
Get Over It
0
12/06, 5:21am, EST
Fair enough it was a stupid stunt, but sweet bejesus, "The fact that the above-mentioned people have the audacity to publicly disrespect our hard work, in the name of profit, is infuriating."

Get over it man! It was a joke that went bad.
Guest
re: get over it
0
12/06, 9:08am, EST
That's pretty big of you. And if you were in Jang's shoes, pouring over codes looking for bugs for a couple of days, without pay, then found out it was all a hoax, you would just slap your knees and laugh along with the rest of... nobody.
sluxx
Fresh-Faced Recruit
Join Date:Aug 2002
Status:Offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Autokredit im Vergleich - Here is some car credit information for our Germany visitors.
Turn your laptop into CASH: Sell us your used laptop. Working or not. Get money FAST. Instant online quote. Shipping is FREE.

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

PowerBookMedic will fix any Powerbook, iBook, iPod: We offer Parts, Hard Drives, Superdrives, Ram Upgrades & Repairs all backed up w/ our 1YR Warranty!

PowerBookMedic will fix any Powerbook, iBook, iPod: We offer Parts, Hard Drives, Superdrives, Ram Upgrades & Repairs all backed up w/ our 1YR Warranty!

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

Sony Entry-Level Data Projectors With HDMI!: Universally Seen As The Perfect Choice For Education & Business. Bright, Stylish, Easy To Use!

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.