Macworld passes were hackable. This just amuses me to no end. While Apple does not directly put on Macworld (IDG World Expo does), it is interesting how security by proxy can work. I would hope IDG World Expo’s developers are few in number, underpaid, and overworked to put out something like this. This reflects badly on Apple as well.
Which brings up the question of just how many and how bad can insecure practices be before they take in collateral damage? Can a mistake on IDG’s part be prevented by Apple? Should companies VA or pen-test each other? Should Apple have known better? Is there really any recourse for this as we move into the future security-be-damned?
It amazes me that such simple things are still occurring today, like javascript “secrets.” I’m not what you would call a web programmer, although I could likely be one given a bit more effort and a job in that field, and yet even I feel I should be better at coding and design concepts than that. Seriously, though, it makes me yearn to get back into web coding again.
If I find more details on the hack, I’ll update this post.
“Which brings up the question of just how many and how bad can insecure practices be before they take in collateral damage? Can a mistake on IDG’s part be prevented by Apple? Should companies VA or pen-test each other? Should Apple have known better? Is there really any recourse for this as we move into the future security-be-damned?”
LV-
I would add, “Was there really that much risk?”
Fair enough! Good point!
of course, there may be reputation fall-out if these sorts of things keep happening to Apple. But you have to have your current reputation get to the point where that sort of news is blown out of proportion.
Imagine, for example, that this were a Microsoft convention and the badges were hackable. It’d be on the front page of /. by now, much to the enjoyment of the OS war bigots.