Thursday, June 10, 2010

iPad owners' iTunes email accounts exposed

Wired.com: iPad owners' iTunes email accounts exposed

So...
1) Find AT&T web site that shows iPad user info
2) Guess the "secret" numbers for iPad SIM cards
3) Write script to do this over and over, really fast
4) Profit!

The lesson learned isn't necessarily the obvious ones of writing secure code, or authenticating people to a web site.  The lesson here is DON'T ASSOCIATE YOUR PERSONAL STUFF WITH YOUR WORK EMAIL!  Sheesh.  Why do people do this?  Keep work email for work and keep personal email for personal things, including your freakin' iPad.  Email address are cheap and easy. 

Managing two email addresses isn't hard either.  Really, its not.  Don't try to convince me that it is.  Use the tools you have available to you and creat filters, create rules, unsubscribe from and resubscribe to things and get it done.  This kind of thing will continue until people separate work and personal technology use out.  It puts you at risk and it puts your company at risk, just like this. 

Chris
LABrat.com