Sunday, January 14, 2007

Macworld VIP Passes Cracked

Via Cnet -

Alongside the VIPs and people who paid top dollar, a hacker claims he also got priority access to Steve Jobs' speech at the Macworld Conference and Expo this week.

A security weakness in the event's Web site allowed enterprising hackers to get free "platinum passes" to the event, a $1,695 value, a security professional claims. These passes--the most expensive sold for Macworld--included much-coveted priority seating for the Jobs keynote address on Tuesday. In that packed speech, Jobs unveiled Apple's new iPhone.

The hack was possible because special discount codes were available on the Macworld site without proper security, Kurt Grutzmacher, a Berkeley, Calif.-based security professional, wrote on his blog late Thursday. It was relatively easy to uncover the code that would make a platinum pass free, he wrote.

Grutzmacher picked up his free "Platinum Pass" on Monday and reported the issue to IDG on Tuesday, he wrote. IDG World Expo runs Macworld, which closes Friday.

"They'd spent most of the day looking back over their logs and found that others also had found this vulnerability and used it but I was the only one to report it," Grutzmacher wrote.
Macworld organizer IDG World Expo won't confirm or deny that the hack happened.


Spokeswoman Charlotte McCormack on Friday said the company simply had "no comment." A representative for Registration Control Systems, the company that handled registrations for the event, referred all questions to IDG.

The claimed Macworld hack is an excellent example of security issues with Web 2.0 applications, Billy Hoffman, a researcher at Web security specialist SPI Dynamics, said in an e-mail interview Friday.

No comments:

Post a Comment