douglas_goodall

Q: Why is the Apple Mac Developer portal down, and for how long?

I cannot access the Mac Developer resources this morning.

 

With a company as advannced as Apple, I would expect them to be able to roll out web updates

seamlessly.

 

I don't like being out in the cold.

 

I want to download the Mavericks Beta.

Posted on Jul 18, 2013 9:15 AM

Close

Q: Why is the Apple Mac Developer portal down, and for how long?

  • All replies
  • Helpful answers

first Previous Page 16 of 40 last Next
  • by fiyahstudios,

    fiyahstudios fiyahstudios Jul 22, 2013 8:48 AM in response to douglas_goodall
    Level 1 (0 points)
    Jul 22, 2013 8:48 AM in response to douglas_goodall

    Has anyone heard anything about a time frame?  It is all just a guess right now about when it will be back?

  • by Jason Olson3,

    Jason Olson3 Jason Olson3 Jul 22, 2013 8:55 AM in response to fiyahstudios
    Level 1 (0 points)
    Jul 22, 2013 8:55 AM in response to fiyahstudios

    The problem is when you think you have been hacked you cannot trust anything.  You have to burn down your whole enviroment, and rebuild.  This can take a LONG time.  I bet the server guys have been putting in some amazing hours. 

     

    Then not only do they have to prove that the enviroment is back up, but they also have to test and patch the way the hacker (or researcher) got in.

  • by amiram,

    amiram amiram Jul 22, 2013 8:57 AM in response to douglas_goodall
    Level 1 (0 points)
    Jul 22, 2013 8:57 AM in response to douglas_goodall

    I just talked to Apple developer support on the phone and they said that they don't have any time frame. I asked them to please change the word "soon" to somehting else, I told them that this is quite insulting. I believe that this is something that they can manage.

  • by K T,

    K T K T Jul 22, 2013 9:16 AM in response to amiram
    Level 7 (23,844 points)
    Publishing
    Jul 22, 2013 9:16 AM in response to amiram
    I told them that this is quite insulting

     

     

    Don't take it personally

     

    Apple doesn't have any idea because they are waiting on the vendor, who also has no idea, if for no other reason than they are prohibited from making claims that may turn out to be false - things will recover when they recover. The verbiage 'soon' is crafted by the legal teams who could care less if someone feels insulted, sorry. The legal teams only allow public-facing verbiage that speaks in generalities in these types of situations.That text is just boilerplate and not intended to reflect any sort of reality, responsibility or reaction to anything but a legal position. Little else matters to Apple right now.

  • by etresoft,

    etresoft etresoft Jul 22, 2013 9:20 AM in response to K T
    Level 7 (29,051 points)
    Jul 22, 2013 9:20 AM in response to K T

    K T wrote:

     

    Whenever the dev centers come back, I'd expect Apple to force devs to change their password(s) first thing. The process should be straightforward and for anyone wishing to act now, please see this User Tip:

     

    How To Change Your Apple ID/Password(s)

    Passwords are handled by the AppleID servers. Those servers were not involved. The hacker in question was able to do something to circumvent those authentication servers and query the stale copy of developer data that Apple keeps (or probably kept, past tense) on the developer site. If you have ever changed your Apple ID before, you would have noticed that you had to manually contact Apple developer support to get it to recognize your new e-mail address.

     

    Everything else, including certificates, is encrypted.

     

    If anyone has bothered to watch the video (which seems to be gone now), you would see that he used some web service, authorized with his own Apple ID, and included a hashkey that was able to return information about other developers.

     

    What Apple has to do now is strip out that stale copy of developer information and do that interaction correctly, the way it should have been done in the first place. Instead of keeping a stale copy, the developer systems will have to interact more with the AppleID servers to query a developer's current e-mail address. Considering that Apple recently rolled out two-factor authentication, that is going to take some work.

  • by K T,

    K T K T Jul 22, 2013 9:31 AM in response to etresoft
    Level 7 (23,844 points)
    Publishing
    Jul 22, 2013 9:31 AM in response to etresoft

    Perhaps - we'll see if a password or ID change is mandated when it all comes back. Right now, I'm advocating better safe than sorry

     

    Good point too about the recent move to two-factor authentication.

  • by etresoft,

    etresoft etresoft Jul 22, 2013 9:32 AM in response to K T
    Level 7 (29,051 points)
    Jul 22, 2013 9:32 AM in response to K T

    K T wrote:

     

    Perhaps - we'll see if a password or ID change is mandated when it all comes back. Right now, I'm advocating better safe than sorry

    When it all comes back, that may be necessary. But I stronly advise that people wait for Apple's instructions before changing any passwords. There is some nebulous linkage between the developer site and AppleIDs that is in the process of being changed at this very minute. If anyone starts mucking around with developer AppleIDs right now, I suspect they will need additional support later on to get their accounts working again.

     

    As annoying as it is for all developers to be waiting on Apple, it is much more annoying to be a lone developer waiting on Apple's support.

  • by K T,

    K T K T Jul 22, 2013 9:40 AM in response to etresoft
    Level 7 (23,844 points)
    Publishing
    Jul 22, 2013 9:40 AM in response to etresoft

    All sound points, except that if the IDs are involved and are used across iTunes, etc. there is may be more harm in waiting when it can be done now. I'd rather deal with bringing up one facet later than risking them all now. Each dev needs to decide for themselves if they want to sit on the fence and wait or be proactive and defend now.

     

    Even if the IDs aren't _directly_ know to have been compromised, I'd expect pw resets to be part of Apple's eventual risk management posture overall.

  • by amiram,

    amiram amiram Jul 22, 2013 9:47 AM in response to K T
    Level 1 (0 points)
    Jul 22, 2013 9:47 AM in response to K T

    If Apple is indeed going to tie the developers' portal to the AppleID servers and get rid of a stale copy, then changing the password shouldn't pose any problem even if an upgrade is currently going on - it should only be a matter of code, not of data.

     

    What you should do though is probably to check your iTunes purchase history to make sure nobody purchased a copy of Angry Birds or Lady Gaga using your account.

  • by douglas_goodall,

    douglas_goodall douglas_goodall Jul 22, 2013 9:48 AM in response to K T
    Level 1 (8 points)
    Jul 22, 2013 9:48 AM in response to K T

    This is a question that could be answered rather easily by Apple.

     

    A million plus developers changing their passwords an extra time,

    in the middle of all this either helps or hurts their effort.

     

    Douglas

  • by K T,

    K T K T Jul 22, 2013 9:52 AM in response to douglas_goodall
    Level 7 (23,844 points)
    Publishing
    Jul 22, 2013 9:52 AM in response to douglas_goodall

    I'd prefer to think of it as spreading the changes out rather than everyone trying to reset at once later when/if a notice hits.

     

    And if changing your Apple ID pw will bring down the house, there are bigger issues - best to know now while things are in flux than have false starts spead out over time. If it was an issue now, Apple would say so.

  • by teacup775,

    teacup775 teacup775 Jul 22, 2013 9:58 AM in response to K T
    Level 1 (14 points)
    Jul 22, 2013 9:58 AM in response to K T

    While that's true, it's a toss up. Do it now and take a chance of headaches or wait and do it a little while after the site is back up.

     

    Unfortunately, this attack opens up phishing opportunities. Somebody can phish about resetting a password and there'll be some number of takers.

  • by walkthemoon,

    walkthemoon walkthemoon Jul 22, 2013 11:22 AM in response to douglas_goodall
    Level 1 (10 points)
    Jul 22, 2013 11:22 AM in response to douglas_goodall

    Before this incedent, whith escalated in Apple updating and upgrading thier security, rumores was about iOS 7 Beta 4 would be relised today. Yeap., checking air update all the day...

  • by stuartsoft,

    stuartsoft stuartsoft Jul 22, 2013 10:17 PM in response to douglas_goodall
    Level 1 (0 points)
    Jul 22, 2013 10:17 PM in response to douglas_goodall

    Cult of Mac wrote an article about Ibrahim Balic. Apparently the security flaw had something to do with the iAd network.

    http://bit.ly/12ZMgI9

  • by TattooedMac,

    TattooedMac TattooedMac Jul 22, 2013 11:26 PM in response to stuartsoft
    Level 1 (0 points)
    Jul 22, 2013 11:26 PM in response to stuartsoft

    And here is his Twitter if anyone wants to send him a msg telling him, because of him, some Devs are losing $ because their Apps cant be downloaded, because they cant renew their membership, but then again, it brings me back to why wait until the last day to renew your membership ??

    But im sure he is happy for his 15 mins of fame as every tech site/blog wants to chat with him now.

     

    Anyways Ibrahim Balic = @ibrahimbalic

     

    Video is here now - http://d.pr/fCmB

     

    Poor bloke didnt sleep for 5 days after reporting it to Apple because he didnt get a reply from them, or T-Shirts or Caps or any presents at all, like he did from FB LMFAO

first Previous Page 16 of 40 last Next