Is this the video that brought down the Apple Developer Center?
If you missed it, the video that Ibrahim Balic made (since removed) demonstrating the flaw that he discovered in the Apple’s iAd Workbench has been re-posted (embed below). Balic claims that the vulnerability he discovered was the impetus for the company’s removal of the Apple Developer Center portal.
In the video Balic demonstrates the flaw that allowed him to scrape 100,000 names and email addresses from the iAd Workbench tool, which isn’t the most concerning issue. Balic submitted a total of 13 issues to Apple via its bug reporting tool, 12 of them were XSS (cross-site scripting) vulnerabilities in various Apple Services (including the Developer portal) which had the potential to expose user details .
Although his motives are unclear, Balic presumably removed the video because it shows actual user names and email addresses. For his part, Balic claims his efforts weren’t malicious and that he told Apple about the flaws via official channels. According to TechCrunch :
Balic swears up and down that he’s not a malicious hacker. Rather, he claims to be just a security buff who stumbled upon a way to access gobs of Apple user data, tried to warn the company about it, and made a (now private) video highlighting the security flaw in question when Apple wouldn’t respond.
Apple hasn’t responded to questions about the outage (outside of the statement below) and the Developer Center has been down since Thursday, July 18, 2013.
Does the video help or hurt his case?