<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d11356004\x26blogName\x3dxception\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttps://openrent.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://openrent.blogspot.com/\x26vt\x3d-4655156434419967503', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

Even Apple bleeds web information

I was trying to find the RMA section of Apple's repair website (selfservice.apple.com), when I discovered these URL's:


Apple has just informed any willing cracker what software and version runs its support website. A well-informed cracker now has an easier job. Can they exploit something about the version 8.1 of Weblogic that Apple is running? Have they changed the default passwords on the Console Login page? If you view the source of one page, you also know now that they are running Peoplesoft.

Its pretty amazing that even large companies with the time and money to focus on security can have lapses like this. But security, after all, is only as good as the human being who implements it.