or Connect
New Posts  All Forums:

Posts by TheOtherGeoff

where does it sound like phishing?  There are other methods of targeting. You think these celebs shop at Target during the holidays?  That's a stretch.
I dunno.   The statement issued doesn't absolve them if their API code allowing infinite tries was in fact the problem, or if that was just coincidental. What I did read was... If you're not a celebrity, don't worry, your pictures are likely safe, unless someone has targeted you and we don't know it
3 thoughts. 1) The posted code was a classic hack.  They hacked the Web API and how you authenticate/change passwords passwords from a phone/ipad.  Not the website.  It's a subtle bug (e.g. some of the 'business' [security] logic moved into the UI layer), and pretty classic problem in multi modal web services.   It's less about 'iCloud' and more about 'Apple Cloud Services.'     One side of me says, bad Apple.   No comprehensive regression testing across all interfaces for...
or e-mail/messages sent to/from iPhone users  containing pictures...  It's likely easier to get photos from an email than your photo stream.
 errr.  how does a locked out account change their password?  If it's locked out you can't get in... oh, and if you did that, you just gave hackers a great dDoS attack vector... just start locking up every account you can.   Every iCloud connected device for that account just dies (unless you tokenized their access) ;-)   The threat/attack model for this has lots of branch points, all of which are expensive to get right or open up new holes if you get wrong (especially if...
if they can see it from a public place (with their 800x lenses)... it's public.  by definition.  The public can't unsee something or be asked to not look in a general direction of someone's home/property.   Reasonable sense of privacy.  Inside your or a personal friends property. Closed Curtains, no open phone lines. Now let's extend this.  YOU take a photo inside this private place.  Then you put it in your purse, and take it out of the private place.   You then place...
On the one side Antennagate. I hope apple does it right, and shows who[was it 200 celebs or 200,000,000 people] was hacked and how, what they did (if anything) to prevent it. Apple's response to Antennagate was slow, measured, and basically, a problem in the industry, not with our phone. But if anything,everyone should be changing their AppleID passwords, just a a matter of good hygiene 
agreed.  on all points. I did bring up adding the TouchID /secure enclave to all Macs (I wonder if it's possible without the ARM chip), thus making apple's iCloud access fully 2 factor from all Apple-Sold vantage points (would require an iPod Touch with touchID, and maybe a TouchID on your AppleTV remote... but I digress....). The fact that Apple's site would allow for infinite tries made me feel this was a targeted attack on individuals, probably seeding passwords...
No, but there were a couple of definite 'large diagonals' exposed.;-)
lots of people 'get' photos via email or MMS... although it's an exercise for the user to put them into your photo stream, it's a pretty minor effort to mine your apple email if I got your password by hook or by crook.  Or just hook up a phone to each of these accounts with the apple ID password, and latch onto the streams of information (notes, photo streams, etc).  NB:I love the irony of people who get photographed at various levels of undress, and then take/get/store...
New Posts  All Forums: