Attacks/Breaches
12/21/2010
09:41 AM
50%
50%

Apple Unplugs WikiLeaks App

Other applications that connect users to Julian Assange's rogue Web site are still available for Google's Android platform.

After three few days of availability, Apple on Monday unplugged a WikiLeaks app from its iTunes App Store.

The application, which went live on December 17, provided users with access to WikiLeaks documents and updates from the site's Twitter account. In addition, it automatically forwarded users to mirrored WikiLeak content and CableGate data.

Russian developer 'Igor Barinov '--also known by Twitter ID @wikileaksapp--submitted the app for Apple's approval on December 11, according to Barinov's Twitter update.

Barinov earlier had said that half the money raised from sales of the $1.99 WikiLeaks App would go to WikiLeaks, TechCrunch said. By Sunday, he claimed to have raised $1,000, primarily from sales in the United States, Barinov--who appears to be based in Russia--told TechCrunch.

"Collected >1000$ dollars already and will show in twitter copy of check," Barinov posted on Twitter on December 19. A copy of a check was unavailable on Twitter at press time, but earlier on Tuesday Barinov said $4,434would be transferred to WikiLeaks .

Interested Android users still can check out several WikiLeaks applications, both free and for a price.

A search of AppBrain.com revealed four WikiLeaks apps for Android: Two free and two for about $1.50. In addition, the WikiLeaks.ch site currently is online in the U.S., and the public can also view vetted information through The New York Times, The Guardian, and other newspapers that published information provided by WikiLeaks founder Julian Assange.

Apple is not the first to bar interactions with WikiLeaks.

Amazon, MasterCard, Bank of America, and others have stopped people from doing business with or donating to the site. Earlier this month, the MasterCard website suffered occasional bouts of downtime after an orchestrated WikiLeaks botnet attack. And members of the so-called 'Operation Payback' reached back a few decades, launching a fax-based attack that used free online fax services to inundate targeted fax machines with spam.

However, Operation Payback itself is under attack as unknown combatants forced the hackers offline. Antivirus firms have blocked the loosely knit group's technologies to prevent distributed denial of service (DDOS) attacks, and some ISPs have blocked the users' IP addresses.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2004-2771
Published: 2014-12-24
The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

CVE-2014-3569
Published: 2014-12-24
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshak...

CVE-2014-4322
Published: 2014-12-24
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or c...

CVE-2014-6132
Published: 2014-12-24
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML vi...

CVE-2014-6153
Published: 2014-12-24
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.