AntiSec Finds 12.3 Million Apple UDIDs on FBI Laptop, Publish 1M

Let the speculation begin as to how and why the FBI would have these Universal Device IDs for Apple products, but apparently, they do:

http://www.h-online.com/security/news/item/One-million-Apple-UDIDs-leaked-by-hacker-group-1698478.html

And thanks to one of the recent exploits of Java’s browser plug-in, the hacker group AntiSec now has them as well.  The FBI supervisor whose hardware was exploited just happens to be one of those previously known to be investigating Anonymous.

UPDATE:  An app development company called BlueToad has come forward to identify themselves as the ones hacked, rather than the FBI.  If their account is factual, the hackers do not have 12 Million UDID’s and are attempting to put blame on the particular agent to settle old scores.

http://www.nytimes.com/2012/09/11/technology/company-says-it-not-fbi-was-hacking-victim.html?_r=1&smid=tw-share

If a significantly large portion of additional IDs gets published, we can conclude their account is not factual.  Until then it seems more plausible than AntiSec’s release notes.

Google Wants You To Know The Government(s) Are Out To Get You… No, Really.

If you thought the recent LinkedIn/eHarmony/LastFM password leak was troubling, just be glad you haven’t run into this, positively the most bizarre security warning available from gmail:

We believe state-sponsored attackers may be attempting to compromise your account or computer.

http://bits.blogs.nytimes.com/2012/06/05/google-issues-new-warning-for-state-sponsored-attacks

Just so you know.

I wouldn’t be surprised if this turned out to be related to previous Chinese gmail phishing attempts than Stuxnet or Flame.  Very interesting.

Oracle v. Google: APIs Ruled NOT Copyrightable

Bigger than the trial jury’s rejection of Oracle’s patent claims against Android, Judge Aslup has further ruled that no API is copyrightable.  Groklaw again with the goods:

http://www.groklaw.net/article.php?story=20120531173633275

From the commentary:

The sky has been full of FUD about this topic, with folks, both self-styled experts and even a lawyer who has done work for Microsoft claiming that APIs have been copyrightable for years and years, throwing cases at us and examples of terms of use. Terms of use don’t make law, ladies and gents and experts and lawyers… if you continue to listen to such FUDsters after this total repudiation of everything they wrote about this case, please see your doctor right away.

This is an important decision and, barring reversal, it enables U.S. innovators to re-engineer and improve software components without exposing themselves to copyright liability.  (If you’ve been hacking on a proprietary ILS, please, continue.)  It cannot be overstated how badly Oracle lost.   This was an incredibly high profile and high stakes case, and it was expensive.  They had chances to get minor payouts and go home and they kept doubling down.  Now they haven’t just lost this one, they’ve lost an entire class of copyright protection that they imagined was the basis of the case.  As of now, it does not exist.  For anybody.

Oracle will no doubt appeal, but Judge Aslup has been so thorough, methodical and technically detailed that I regard their chances as marginal.  Entire sections of the decision were written (and indeed entire portions of the trial conducted) with the appeals court as the intended audience.  It isn’t exactly doubling down again since they’ve already eliminated all other options, but srsly Oracle, good luck with that.

Now if we could only see a similar eradication of overly broad software patents, we might really see some strategic changes in industry.