iPhoneDevSDK is a compromised site and should be avoided!
In a report on All Things D, Mike Isaac reveals that a “compromised website” used by iPhone developers is likely responsible for the hacking of some mega sites like Apple and Facebook:
In the spate of large companies hacked in recent weeks, it seems that many of them have one thing in common. Many have visited one compromised website specifically devoted to sharing information related to mobile development — and it’s not just tech companies visiting the site.
The site is called iPhoneDevSDK, according to sources close to the Facebook hacking investigation. It’s a hub for many companies concentrated on the mobile space.
Essentially, this was a bit of malware code written in to HTML of the iPhoneDevSDK website that found it’s way into employee computers via Java vulnerabilities. Jim touched on the vulnerability on our site not to long ago, but apparently one or two people at Twitter and Facebook don’t read DCT. Back in June, I also covered the dangers of being socially engineered to visit compromised websites. The point is, malware is a real threat to which not even the big boys are immune.
Usually, being cautious and aware will keep you safe, but in cases where the malicious code is written into sites you need to visit for a living, it remains a matter of when, not if. Large services — those without tight computer security for all of their employees — will inevitably fall victim to large-scale data loss and security breaches.
I don’t really have any suggestions on how to prevent such attacks and malware infections through Java loopholes, because I’m no java security expert. (Please, give us your thoughts in the comments section on how to avoid such fiascoes.) Personally I keep my system security updated at least weekly, but more importantly, keep a keen eye out for potentially dangerous and hazardous situations online.