Apple Ping'd By Spam - They Didn't See This Coming?

Friday, September 03, 2010

Chester Wisniewski

B59a51a3c0bf9c5228fde841714f523a

Apple launched iTunes 10 yesterday along with their updated hardware platforms. Aside from supporting the newest generation of iPod and Apple TV devices, this new version of iTunes also introduces a new social media service branded as Ping.

If you use iTunes, you should definitely update to iTunes 10 as it fixes thirteen separate vulnerabilities in the WebKit components used to render the iTunes interface.

Most of the security industry has been pointing out the migration of spam from an email-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms.

But apparently Apple didn't consider this when designing Ping, as the service implements no spam or URL filtering. It is no big shock that less than 24 hours after launch, Ping is drowning in scams and spams.

Apple seems to have anticipated a certain degree of malfeasance, as profile pictures that you upload will not appear until approved by Apple.

They are likely filtering for other offensive content as well, so they probably have means in place they could use to stop the spam. Another problem that is likely to contribute to spam is that it is quite easy to create bogus accounts for the Ping service because no credit card or other positive identification is required to participate.

Coincidentally, the most common spam on Ping at the moment targets Apple itself.

The attacks are nearly identical to survey spams we have blogged about on Facebook, Google and Twitter. If half as many free iPads, iPhones and iPods were being given away as Ping comments might lead you to believe, there would be no reason to bother with going to an Apple store.

But if you actually want an Apple device, my advice is to go out and buy one, as filling out surveys will likely only end in tears.
Possibly Related Articles:
2841
SPAM
Apple SPAM
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.