Security researcher Ibrahim Balic credited by Apple for reporting Developer Center issue

Screen Shot 2013-08-20 at 9.43.32 AM

This morning, Apple updated its Apple Web Server notifications page to credit security researcher Ibrahim Balic and several others for pointing out security flaws in their web servers.

Balic claimed to be responsible for taking down the Developer Center after demonstrating how security flaws in the website allowed him to gather full names and Apple IDs. After Apple did not respond promptly to his bug reports, he posted the details to YouTube and discussed them on Twitter. The video has since been taken down.

During the Developer Center’s one week outage (other services took even longer to be restored), Balic was contacted by Apple and their security team to gather more details. During initial contact with 9to5Mac back in July, he was very persistent on stating that he’s not a “hacker” and was not going to use the data for any malicious purposes. Apple, it appears, did appreciate his findings and is now crediting him on their website: Read more

Apple says developer memberships and apps will not expire due to unexpected maintenance duration [Update: one week extensions]

dev

Apple has added some additional information to the Developer Portal’s maintenance page stating that memberships that were supposed to expire during the unexpectedly-long downtime have been extended to accommodate for the issue and apps will remain on the store until the portal is available again and developers can properly renew their accounts:

Read more