Apple Developer site hack: doubts cast on Turkish hacker's claims

Apple's developer portal was taken offline on Thursday 18 July. Photograph: Saeed Khan/AFP/Getty Images

A Guardian investigation has cast doubt on claims by a UK-based Turkish researcher that he hacked into Apple's Developer portal, which has been offline for more than a week.

Ibrahim Balic, who describes himself as a security consultant, claimed on Sunday that he had discovered a number of weaknesses in the site at developer.apple.com which allowed him to grab email addresses of registered developers.

Apple took its developer portal offline on Thursday 18 July. On Sunday itemailed developers warning that the site had been hacked and that some of their details might have been stolen. It has not given any more details of how the hack was carried out.

In all, Balic said he had been able to grab the details of 100,000 people registered on the site, and that he included 73 of them in a bug report to Apple. He claimed that he exploited a cross-site scripting (XSS) bug in the site, and noted 13 issues in a bug report to Apple between 16 and 20 July.

However XSS attacks generally require the attacker — which in this case would be Balic — to "infect" a page, in this case Apple's, with a malicious piece of Javascript or HTML which would then be used to extract data from a visiting user. If Balic's claim is correct, he seems to have used the XSS exploits against his own system.

Balic offered to provide proof of his hack by sharing some details of the file with the Guardian, and provided the emails for 19 people; the Guardian also extracted another 10 from an email Balic put on YouTube in which he apparently showed how he hacked the site. (He has since made the video private.)

But attempts by the Guardian two days ago to contact 29 of the group whose details Balic claims to have acquired found that seven of the emails bounced — because the email is no longer operational — and not a single one of the others has responded to a request to say whether they are registered with Apple. Nor could any of the emails or names be discovered online — which would be unusual for any active developer.

Many of the emails also belong to defunct services such as Freeserve, Demon and SBC Global — which makes it unlikely that they would have signed up as developers, as that only became possible in 2008.

Graham Cluley, an independent security consultant, commented: "Many of the names and email addresses either don't look like they would belong to Apple developers, or appear to have left no footprints anywhere else on the net." Of the set of 10 emails which appeared in the video, he said: "It's almost as though these are long-discarded ghost email addresses from years ago or have been used by Balic in his video for reasons best known to himself."

Balic told iMore that the user information that he showed in a video came not from an exploit against a developer portal, but from Apple's iAd Workbench, for targeting advertising campaigns to users. He said that a malformed web request to those servers containing just a first name or last name meant he could get more data — including a full name, username and email address for those users.

He then said that he wrote a script that generated "random" users to get more account information wherever there was a match of some sort, and used that to acquire the user details.

Balic did not respond to a request by the Guardian to explain why the emails he had apparently collected were defunct or apparently inoperational.

Apple refused to comment on the method used to hack into its site. It would not comment on whether it has called in law enforcement over the hack, or whether it has identified any suspects.

Even if the hack was not carried out by Balic, Apple has still been the target of a significant attack. However, standard iTunes Store and App Store accounts belonging to non-developers have not been affected.

The increasing delay in bringing its developer portal back online may also create problems for Apple in its preparation for the launch of iOS 7, the updated version of its iPhone and iPad software. It released the third beta for the software on 8 July, and has generally aimed for a fortnightly cycle of releases. That would imply that the fourth beta should have been released last Monday 22 July – although a year ago there was a three-week delay, from 16 July to 6 August, between the releases of the third and fourth betas for iOS 6, the current iPhone software.

The company meanwhile has set up a new "system status" page, which on Friday morning showed that only two of its 15 developer systems — for updating apps, and reporting bugs — are online.

Spain train driver held 'for reckless manslaughter'

Train driver Francisco Jose Garzon Amo was injured in the accident

Continue reading the main story

Spain crash

• What happened
• Possible causes
• In pictures
• Eyewitnesses: 'Chaos'

The driver of a train that derailed in Spain killing 78 people has been accused of "reckless manslaughter", the interior minister has said.

Jorge Fernandez Diaz said Francisco Jose Garzon Amo, who was slightly hurt in Wednesday's accident, had been taken to a police station.

Mr Garzon is suspected of driving too fast on a bend. Reports say the train was travelling at more than double the speed limit at the time of the crash.

He has refused to answer questions.

At least 130 people were taken to hospital after the accident near the north-western city of Santiago de Compostela.

Thirty-two people were seriously injured, including children.

People from several nationalities were among the wounded, including five Americans and one Briton. One American was among the dead.

PM Mariano Rajoy, who hails from the city of the crash, declared three days of official mourning on Thursday.

Continue reading the main story

• Trackside camera shows train derailWatch
• Passengers describe crashWatch
• Carriages reveal horrorWatch
• 'Saddest anniversary' - PMWatch
• 'There were people lying everywhere'Watch
• Driver 'admitted to going too fast'Watch

Experienced driver

A judge was due to interview Mr Garzon Amo on Sunday, the interior minister said.

"He has been detained for the alleged crimes of reckless manslaughter", Mr Fernandez Diaz said.

"There are reasonable grounds to consider that he may have been responsible for what happened, which must be established by a judge and the investigation."

The driver had been under police surveillance in hospital since the accident but he was discharged on Saturday and taken to a police station.

Video posted online appears to show the moment the train derailed, from the trackside

Police said Mr Garzon Amo had refused to answer their questions while he was in medical care.

State rail operator Renfe said the train came off the tracks about 3 or 4km (2-2.5 miles) from Santiago de Compostela station at 20:41 local time (18:41 GMT) on Wednesday.

The accident occurred on the express route between the capital, Madrid, and the port city of Ferrol on the Galician coast, with 218 passengers on board and four crew.

Footage captured by a security camera shows the train crashing as it hurtled round a bend.

The train's data recording "black box" is with the judge in charge of the investigation.

Continue reading the main story

Spanish train crashes

• August 2006: Inter-city train derails in Villada, in the province of Palencia, killing six people and injuring dozens more
• July 2006: At least 43 people killed in a metro train crash in the Valencia area
• 1972: Andalusia crash leaves between 76 and 86 people dead.
• 1944: Hundreds believed dead after a crash in Torre del Bierzo, in Leon province - official account gave the figure as 78 killed.

• Spain train crash: What happened

It is unclear whether anyone else is subject to investigation.

Renfe president Julio Gomez Pomar was quoted by El Mundo newspaper as saying the 52-year-old driver had 30 years of experience with the company and had been operating trains on the line for more than a year.

Mr Pomar said the train had no technical problems.

The derailment happened on the eve of Santiago de Compostela's main annual festival where thousands of Christian pilgrims were expected to flock to the city in honour of St James.

The local tourism board cancelled all festivities as the city went into mourning.

According to official figures, the crash is one of the worst rail disasters in Spanish history.

Egyptians Rally in Huge Numbers as Violence Escalates

Supporters of Egypt's ousted President Mohammed Morsi run for cover from tear gas fired by riot police during clashes at Nasr City, where protesters have installed their camp and hold their daily rally, in Cairo, Egypt, July 26, 2013.

Violent clashes have broken out in Cairo and Alexandria, where tens of thousands of Egyptians took to the streets Friday in dueling rallies — one called by the military to show support for overturning the elected civilian government, the other called by the Muslim Brotherhood to reinforce its demand for the reinstatement of ousted president Mohamed Morsi.

In Alexandria, supporters and opponents of ousted President Mohamed Morsi pelted each other with rocks. Video showed Muslim Brotherhood supporters firing bird shot at pro-government demonstrators who support the military and its interim government.  Medical sources and state-run media said five people were killed and many others were injured.

In Cairo, Morsi supporters clashed in Tahrir Square with some of the thousands of people who answered Army chief Abdel Fattah el-Sissi's call for "all honorable Egyptians" to take to the streets to give him a mandate to fight "violence and terrorism."

As Karim Hassan, one man in the pro-government throng, said, "We are here today in order to support the commander-in-chief of the Egyptian Armed Forces ... and give him a green card [a go-ahead] to root out terrorism from Egypt. We can't wait any longer; the country is burning."

 

Morsi still detained 

Key Dates in Egypt

• February 11, 2011 - President Hosni Mubarak resigns after weeks of massive protests and clashes
• January 21, 2012 - The Muslim Brotherhood's Freedom and Justice Party wins almost half of Egypt's parliamentary seats
• June 24, 2012 - Mohamed Morsi becomes Egypt's first freely elected president
• November 22, 2012 - Morsi grants himself sweeping powers, sparking protests
• July 3, 2013 - The army removes Morsi from power and suspends the constitution

The demonstrations got under way as an Egyptian judge ordered Morsi to remain in custody for at least 15 more days. He has been held by the military in a secret location since July 3, when the army removed him from power.

The official MENA news agency said authorities are investigating charges that Morsi conspired with the Hamas group to help himself and dozens of other Islamist leaders escape from prison during the 2011 uprising that toppled former President Hosni Mubarak. The Muslim Brotherhood has said local residents helped free the prisoners, and a spokesman said Friday that the latest word from the government was proof that Egypt is returning to the tight controls on the public that marked the Mubarak era.

Hamas spokesman Sami Abu Zuhri also rejected the accusations and challenged Egyptian authorities to provide evidence that Hamas intervened in Egypt's internal affairs.

As they have on a daily basis, Morsi supporters massed Friday outside the Rabia el-Adawiya Mosque in Cairo's Nasr City, a Brotherhood stronghold, calling for Morsi's reinstatement.

Morsi's presidency and his subsequent ouster have bitterly divided Egyptians who see this as a pivotal moment for the country's future course. Many Islamists view General Sissi's call for mass popular support as a prelude to a violent crackdown on the Muslim Brotherhood
.

Top 5 Features in Android 4.3 Jelly Bean

Most people won't find a new version of Android to be as sexy as the latest Nexus 7 tablet, nor will they find it as entertaining as Google's answer to Apple TV, the Chromecast, but it will be bringing many new, strong features for both developers and end-users. Here's my list of the best of them.

First, for Joe and Jane user:

1) Support for Restricted Profiles:

This feature is for users who have kids. Android has allowed you to have multiple users for some time now, but with this version you can finally have restricted profiles.

New from Google

• Google unveils new Nexus 7, Jelly Bean
• The new Nexus 7 vs. iPad mini
• Google introduces Chromecast

What that means in English is you can keep junior out of your, ah, questionable apps or Web sites. Technically, it means that you can set up separate environments for each user with fine-grained restrictions in the apps that are available in those environments. According to Google, "Each restricted profile offers an isolated and secure space with its own local storage, home screens, widgets, and settings. Unlike with users, profiles are created from the tablet owner’s environment, based on the owner’s installed apps and system accounts. The owner controls which installed apps are enabled in the new profile, and access to the owner’s accounts is disabled by default."

While ideal for kids, restricted profiles are also ideal for guest users, kiosks, and point-of-sale (POS) devices.  This last point will give Android tablets a chance at the retail POS market that's recently been a strong point for iPads in stores.

2) OpenGL ES 3.0 for High-Performance Graphics:

I know what you're thinking. "How the heck will something called OpenGL ES 3.0 ever matter to an ordinary guy or gal with their smartphone or tablet?"

Easy, they'll never know the tech but they'll enjoy the far higher quality graphics in their games and videos. To really get the most out of it, of course, you'll need the hardware to back it up. Still, I see much better video experiences ahead for high-end Android tablet users.

Today, this is only supported on the new Nexus 7, Nexus 4, and Nexus 10 devices. More will follow.

And, now for the developers. Of course, they'll be busy implementing the above into their programs but what I see as attracting their attention are the other following features.

3) Bluetooth Smart Ready support

You may not know it, but a whole new family of Bluetooth devices have been arriving. What makes them different from their predecessors is Bluetooth Smart Ready. These are designed as sensors. So, for example, one might check if all windows are locked, while another might measure your heart rate. You get the idea.

In Android 4.3, with application programming interface (API) support for Bluetooth Generic Attribute Profile (GATT) services, you can create Android apps that will support these devices. This represents a new and potentially very profitable market for Android developers and their Bluetooth hardware partners.

4) Notification Access

People love those notifications at the top of their Android display. I know I do. I'm constantly checking them. Until this new version of Android appeared developers couldn't access this data stream. Now they can. That is, if you, the user, allow them to.

What developers can do is register a notification listener service that, with your blessing, will receive all the data notifications when they're displayed in the status bar. Developers can then launch applications or services for a new class of "smart" apps.

5) Better Digital Rights Management (DRM)

OK, go ahead and boo. I know you want too. I hate DRM too. But, here's the painful truth, DRM is here to stay and we might as well try to make the best of it.

That's exactly what Google has done with its new modular DRM framework. This will enable developers to more easily integrate DRM into their own streaming protocols such as MPEG Dynamic Adaptive Streaming over HTTP (DASH) (PDF Link).

Google has also added new media DRM framework APIs and improved the existing ones to provide  an integrated set of services for managing licensing and provisioning, accessing low-level codecs, and decoding encrypted media data.

The net effect of these changes is it will make DRM easier to manage and it should make video streams with DRM, which are pretty much all of them these days, look and play better. Like I said, Google is making the best of an annoying commercial video necessity.

Now, let's cut to the chase. When will you see it? Will you see it at all? Hugo Barra, vice president of Android product management said that starting July 24th, the original Nexus 7 and Nexus 10 tablets, and Google's Nexus 4 and Galaxy Nexus smartphones, will get the upgrades over the air. After that, the Google Play editions of the Galaxy S4 and the HTC One will get the upgrade.

As for everyone else... good question. As usual it will depend upon your phone's OEM and your carrier. If you can't stand to wait, possibly forever, for them, you should start looking into alternative Android Jelly Bean ROMs such as Cynaogenmod. I have no doubt they'll be porting Android 4.3 as fast as they can to a wide variety of Android devices

Apple shares notch best day of 2013

Apple shares got a big boost Wednesday, one day after the company reported better-than-expected earnings and surprisingly strong iPhone sales.

The stock rose 5.1% to end at $442.50 a share, marking Apple's biggest one-day percentage gain this year.

Apple (AAPL, Fortune 500) also reported revenue numbers that topped expectations, but warned that sales in the current quarter could disappoint.

The company expects to deliver sales of between $34 billion and $37 billion this quarter, below analysts' median forecast of just over $37 billion.

Related: Apple profit falls 22% as iPhone sales surge

However, there is a silver lining in Apple's sales outlook, according to Walter Piecyk, an analyst at BTIG. He thinks the forecast would be much lower if Apple did not have a new product in the pipeline.

"This could be the start of a string of new product announcements that increase investor confidence in Apple's ability to return to [earnings] growth next year," he wrote in a report.

Piecyk raised his third-quarter earnings estimate for Apple to $7.22 a share from $7 a share.

 

Has Apple lost its cool factor?

Analysts are increasingly confident that Apple will release a new iPhone sometime between now and the fall.

"We think Apple's forecast implies a new iPhone launch at the very end of the September quarter, at best," said Brian Colello at Morningstar, noting that Apple also lowered its revenue forecast ahead of new product launches in 2012.

Related: Apple's China problem

However, it's not clear that another version of the iPhone will be enough to excite investors.

"Almost everyone believes in a rally going into the new product announcements, so much so that this consensus view may limit its impact," said Stuart Jeffrey at Nomura Securities.

Jeffrey cut his earnings forecast for Apple's upcoming fiscal year by 8% to $39.18 a share, based largely on expected weakness in iPad sales. He said it will be tough for Apple to regain share in the smartphone market in developed countries, and that cutting prices will only hurt already stretched iPhone profit margins.

Related: 5 Apple rumors likely to come true

The good news is that Apple is trading at a steep discount to the broader market.

The stock is down 17% so far this year and is a far cry from the highs of last September, when Apple fetched more than $700 a share.

Apple shares are currently trading at about 10 times next year's earnings estimates, which compares 12.5 for the S&P 500.

The company also repurchased $16 billion worth of its own stock last quarter as part of a plan to return $100 billion in cash to investors. Apple also has a dividend yield of 2.9%, topping the S&P 500 dividend yield of 2.4%.

"Apple is a very good company that is trading at cheap levels compared to rest of market," said Laurence Balter, chief market strategist at Oracle Investment Research. "I think people should look at the near term perform as opportunity." 

Facebook’s CEO Defies Mobile-Ad Skeptics as Sales Soar

Facebook Inc. (FB) Chief Executive Officer Mark Zuckerberg’s decision last year to bet big on mobile software is paying off, with sales of ads on wireless devices now on track to surpass revenue from desktop computers.

Surging demand for mobile advertising helped profit and revenue top analysts’ estimates in the second quarter yesterday. The results sent shares of the world’s most popular social-networking service up as much as 20 percent in early trading today, leaving them poised for a record one-day gain.

Enlarge image

A Facebook Inc. employee holds a phone that is running the new Home program during an event at the company's headquarters in Menlo Park, California, U.S., on Thursday, April 4, 2013. Photographer: David Paul Morris/Bloomberg

6:01

July 24 (Bloomberg) -- Rob Jewell, founder and chief executive officer of Spruce Media, and David Kirkpatrick, CEO of Techonomy Media and author of "The Facebook Effect," talk about Facebook Inc.'s second-quarter earnings and outlook. Facebook reported sales and profit that exceeded estimates as it lured more advertisers to its mobile services. Jewell and Kirkpatrick speak with Emily Chang on Bloomberg Television's "Bloomberg West." (Source: Bloomberg)

Enlarge image

A pedestrian walks past the Facebook Inc. 'like' logo displayed on a sign at the entrance to Facebook headquarters in Menlo Park, California. Photographer: David Paul Morris/Bloomberg

The earnings may finally quiet concerns, voiced by analysts and investors since Facebook’s May 2012 initial public offering, that the rising popularity of smartphones and tablets is outpacing its ability to make money selling promotions to mobile users. By letting marketers show messages in the news feed on such devices, and shifting development efforts toward applications, Zuckerberg is delivering on his promise of making Facebook a “mobile-first” company, according toJordan Rohan, an analyst at Stifel Nicolaus & Co. in New York.

“There’s latent demand for marketers to spend money on Facebook,” Rohan, who rates the shares a buy, said in an interview. “The company finally introduced the right set of ad products to facilitate that.”

Revenue rose 53 percent to $1.81 billion in the latest quarter, the company said in a statement yesterday. Profit excluding certain items was 19 cents a share. Analysts had projected profit of 14 cents on sales of $1.62 billion on average, according to data compiled by Bloomberg.

Blowout Quarter

Facebook jumped to $31.70 at 7:13 a.m. New York time before tha markets opened, signaling the $64 billion company may exceed its record one-day gain of 19 percent in October, according to data compiled by Bloomberg.

“Finally, the blowout quarter that Facebook bulls have been waiting for,” said Paul Sweeney, an analyst at Bloomberg Industries. “Among many impressive data points, I think investors will focus on the percentage of revenue from mobile of 41 percent, which was well above consensus.”

Facebook, which had priced its IPO at $38 a share, saw its stock slump as low as $17.55 in September. Even after today’s gain, the stock is 17 percent below its initial offering price. Concern about Facebook’s ability to shift to mobile has weighed on the company’s shares since its $16 billion IPO, the largest technology offering on record.

Even with the decline, the Menlo Park, California-based company traded at 115 times earnings as of yesterday’s close, more expensive than 98 percent of the companies in the Standard & Poor’s 500 Index, according to data compiled by Bloomberg.

Family Rescued by George Zimmerman Cancels Appearance Fearing 'Blow Back'

George Zimmerman Resurfaces in Truck Rescue

AUTO START: ON | OFF

The family rescued by George Zimmerman when they were trapped in an overturned SUV canceled a scheduled news conference today and is pleading for privacy.

Zimmerman was one of two men who came to the aid of Dana and Mark Gerstle and their two children, who were trapped inside a blue Ford Explorer SUV that had rolled over after traveling off the highway in Sanford, Fla., about 5:45 p.m. Thursday, the Seminole County Sheriff's Office said in a statement.

The Gerstles were expected to hold a press conference today at the office of Zimmerman's attorney Mark O'Mara, but cancelled a few hours before it was supposed to take place.

"They have expressed to us that they are not comfortable doing media interviews at this time and they continue to ask for privacy," the Seminole City Sheriff's Office said in a statement.

Zimmerman's lawyer, Mark O'Mara, said the family had asked to speak, but then got concerned about the anger surrounding the controversial verdict.

Zimmerman Lawyer: 'This Is The Worst Time in His Life' Watch Video

George Zimmerman Jurors 'Cried' After Vote Watch Video

"The family called because they wanted to address the media. I knew that if we did it in an organized way, it would help them get back to a normal life.. But they called today and said they were more worried about blow back from saying anything that would be favorable to George, and decided they did not want to do any media," O'Mara said.

The lawyer said that when he spoke to the Gerstles "their voices were trembling" and that they feared saying anything positive about Zimmerman "would be toxic."

O'Mara wouldn't say whether Zimmerman is now carrying a weapon since the Department of Justice asked that the gun and other evidence be sent to federal prosecutors who are reviewing the case.

But Zimmerman "should be [armed] given the threats against him," O'Mara said. He added, "If I were him I would leave" the country.

The Gerstles could not be reached for comment.

Zimmerman has been in hiding since he was acquitted of murder in the death of Trayvon Martin and his acquittal prompted a flood of negative reactions and dozens of protests across the country. Zimmerman as well as his parents have received death threats.

READ MORE: 'Justice for Trayvon' Rallies Bring Martin's Family to the Fight

The Thursday crash occurred at the intersection of I-4 and route Route 46, police said, less than a mile from where Zimmerman shot Martin.

By the time police arrived, two people - including Zimmerman - had already helped the family get out of the overturned car, the sheriff's office said. No one was reported to be injured.

Zimmerman was not a witness to the crash and left after speaking with the deputy, police said.