is there a possibility that some other server is spoofing the apple ip address??
or
could the exploited machine be a router which is pointing us to a wrong place and saying it is the apple server when it is not as per the certificate on it??
is there a possibility that some other server is spoofing the apple ip address??
or
could the exploited machine be a router which is pointing us to a wrong place and saying it is the apple server when it is not as per the certificate on it??
No. If it says that IP address in the address bar then that's the IP address you are connected to.
It is, however, possible that a dodgy certificate was uploaded to Apple's web server. Whether or not this is the case remains to be established.
__________________ PicBoard - a visual support app for children with autism, communication difficulties or learning difficulties. Available now for iPad.
TalkBoard - Adds Communication Aid features to PicBoard, for non-verbal children or adults. Available now for iPad.
__________________ PicBoard - a visual support app for children with autism, communication difficulties or learning difficulties. Available now for iPad.
TalkBoard - Adds Communication Aid features to PicBoard, for non-verbal children or adults. Available now for iPad.
That is the cert for itunesconnect.apple.com which is not affected. the cert in question is at reportingitc.apple.com which is the sales and trends link in itunes connect.
YES works for mee too. Finally, they corrected it. I guess we need an explanation as to what happened in the first place.
I'm sending them a message now to ask whether we need to be concerned about that certificate.
__________________ PicBoard - a visual support app for children with autism, communication difficulties or learning difficulties. Available now for iPad.
TalkBoard - Adds Communication Aid features to PicBoard, for non-verbal children or adults. Available now for iPad.
During the recent outage of iTunes Connect Sales & Trends, reportingitc.apple.com started redirecting to 17.128.100.29 (within Apple's IP block I believe). A certificate request appeared which I accepted, assuming this was because iTC had moved to a different host. However, the certificate in Keychain Access was shown as being for www.infoblox.com. I have deleted the certificate and changed my iTunes Connect password. Do I need to be concerned about this?
Will report back when I receive a reply.
__________________ PicBoard - a visual support app for children with autism, communication difficulties or learning difficulties. Available now for iPad.
TalkBoard - Adds Communication Aid features to PicBoard, for non-verbal children or adults. Available now for iPad.
The reports page is now kinda half-working for me. It loads a blank page entitled "Sales and Trends" with a valid certificate from Apple. No sign of Infoblox.
Yeah its been working today! Although I notice something very weird. My app got in the top 25 Music apps in the New Zealand App Store. But when I checked the sales I hardly sold anything in New Zealand.... Weird. Good that iTunes connect is back though.
Thank you for contacting iTunes Connect. We believe this issue has been resolved. If you are still encountering any issues, please send us a screenshot of the error and steps to reproduce the issue.
Best Regards,
iTunes Connect Support
I sent the following in response:
Quote:
Hello
It is resolved in that Sales and Trends now works. However, I still wish to know whether the infoblox.com certificate is a risk to the security of my iTunes Connect account.
__________________ PicBoard - a visual support app for children with autism, communication difficulties or learning difficulties. Available now for iPad.
TalkBoard - Adds Communication Aid features to PicBoard, for non-verbal children or adults. Available now for iPad.
You expected a real response to this kind of question? You must not know Apple very well.
As a side note, I'm not a security expert by any means, but wouldn't it only be a concern if the certificate error was on the itunes connect login screen? After that, it's just referencing probably a meaningless session cookie... it's not like it re-sends your login info from the browser to each page you visit.
You expected a real response to this kind of question? You must not know Apple very well.
Actually I've had pretty good responses both to email and telephone contact with Apple. You just have to be very specific in your questions in my experience
Quote:
Originally Posted by Gudus
As a side note, I'm not a security expert by any means, but wouldn't it only be a concern if the certificate error was on the itunes connect login screen? After that, it's just referencing probably a meaningless session cookie... it's not like it re-sends your login info from the browser to each page you visit.
Good point. I don't have a firm understanding of what certificates actually do, but your suggestion is logical. I just thought it best to clarify with Apple. At least if my app sales income gets siphoned off by a hacker I can present evidence that I've attempted to query the situation
__________________ PicBoard - a visual support app for children with autism, communication difficulties or learning difficulties. Available now for iPad.
TalkBoard - Adds Communication Aid features to PicBoard, for non-verbal children or adults. Available now for iPad.
it's ON
Linear Mode
