I think this is what people call it, no matter the details on the tech side.
Plus, Apple has had 2 step verification implemented for some time, so a user cannot access this sort of data without verification from an existing approved device.
Thus far the latest iPhone to be announced on September 9th will offer the following: Custom Actions iCloud Drive Nitro JavaScript engine for third party web browsers Photo Editing Sharing Options Third party keyboards Widgets
Additionally, according to rumors Apple will offer: Multiple form factors (4", 4.7", 5.5") NFC Optical Image Stabilization
I wonder what Android proponents will complain about next.
I think this is what people call it, no matter the details on the tech side.
People do use the word incorrectly. This happened with the news media where journalists were guessing the voicemail pin codes of celebrities to hear messages they could write stories about and it was called hacking but nobody would say the cellular network operators were to blame.
There was a brute force script written to guess iCloud login passwords and it seems that iCloud didn't bother preventing multiple attempts. It's suspected that this was used.
The use of passwords online needs to end altogether. A passcode should be local to a device and be used to protect strong private keys. Only public keys should be stored on the server. Private keys should be synced from one device to another locally.
It's convenient, secure and it will never require a mass password reset after a breach. Logging in using a temporary machine is trickier but there can be a request via email for a temporary access key that has an expiry time.
[quote name="kent909" url="/t/182043/rear-shell-for-5-5-iphone-6-allegedly-shown-measured-in-new-video#post_2587353"]I can't wait until September 10th when all the Apple news sites start talking about the iPhone 6s. Smirking...
"Hack" to people that don't know what hack means, means compromising anything, from anywhere.
In the real world, hack means through a security flaw of a system, a malicious user was able to compromise a system and/or it's data.
If these celebrities set their passwords to Password321, and it is guessed, that is not a hack. This also applies if their email account has been compromised and their Apple ID password has been changed unknowingly. That is not a hack. That is poor security management on the users end.
A hack would be finding a backdoor (in this case to the Photo Stream and/or iCloud backup service) and targeting Apple ID's to steal data. That did not happen.
Plus, Apple has had 2 step verification implemented for some time, so a user cannot access this sort of data without verification from an existing approved device. If you had celebrity status, where many, many people would like to compromise your accounts and details, you would undisputedly turn on the maximum security settings available.
Good day.
Allowing endless attemps at a password is a major security flaw... This was indeed an hack, they found a way to be able to try passwords without the account being frozen. This as nothing to do with passwords being weak, the only thing a robust password will change is it takes more time.
There was a brute force script written to guess iCloud login passwords and it seems that iCloud didn't bother preventing multiple attempts. It's suspected that this was used.
Do you have an evidence that a brute force attack was used?
The evidence I have seen (exif files, reporter statements indicating they were contacted about this prior to "The Happening", many images are not the celebrity in question or are photoshopped, etc.) suggests that this was a person who has traded such images in exchange for similar images for some time.
Allowing endless attemps at a password is a major security flaw... This was indeed an hack, they found a way to be able to try passwords without the account being frozen
You are correct. Fortunately, Apple doesn't allow an infinite amount of password attempts.
Download Fiddler, set it up to send say, 1 request per second to the iCloud login handler:
Obviously replacing values with whatever you want.
See how long it takes them to freeze your IP from subsequent requests.
If you would like to share who "they" are, or a post to the exact method on how it was hacked, or a post a hacker has made backing up what you just said, I would highly appreciate it.
Edit: Oh and before somebody mentions easily changing the IP header, the same freeze is applied on the session id + account.
Obviously replacing values with whatever you want.
See how long it takes them to freeze your IP from subsequent requests.
If you would like to share who "they" are, or a post to the exact method on how it was hacked, or a post a hacker has made backing up what you just said, I would highly appreciate it.
Edit: Oh and before somebody mentions easily changing the IP header, the same freeze is applied on the session id + account.
This is why I suspect someone inside Apple culled these accounts or possibly a photo app was cracked, one with easy access to the photos.
Comments
For comparison, here are the dimensions for the Galaxy Note 3, which has a 5.7" screen:
I hope that wasn't for me as I don't work for Best Buy.
I think this is what people call it, no matter the details on the tech side.
That is opt-in though, not mandatory.
Custom Actions
iCloud Drive
Nitro JavaScript engine for third party web browsers
Photo Editing
Sharing Options
Third party keyboards
Widgets
Additionally, according to rumors Apple will offer:
Multiple form factors (4", 4.7", 5.5")
NFC
Optical Image Stabilization
I wonder what Android proponents will complain about next.
It will be fun to sees phablet iPhone in stores soon.
As far as nomenclature. I hope Apple doesn't call this massive phone the "iPhone Air".
The smaller 4.7 inch phone should be called "Air" while the larger model should be called the "Pro" model just like with the MacBooks.
"iPhablet"
People do use the word incorrectly. This happened with the news media where journalists were guessing the voicemail pin codes of celebrities to hear messages they could write stories about and it was called hacking but nobody would say the cellular network operators were to blame.
There was a brute force script written to guess iCloud login passwords and it seems that iCloud didn't bother preventing multiple attempts. It's suspected that this was used.
The use of passwords online needs to end altogether. A passcode should be local to a device and be used to protect strong private keys. Only public keys should be stored on the server. Private keys should be synced from one device to another locally.
It's convenient, secure and it will never require a mass password reset after a breach. Logging in using a temporary machine is trickier but there can be a request via email for a temporary access key that has an expiry time.
Mainly the slot for the sim tray on the side but it could also be one of those knockoff models.
Why?
What is “professional” about a device too large to be used?
Why?
You wound me, sir.
I want to believe (that this absolute garbage isn’t a phone), but there’s no reason for antenna bands on an iPod touch.
Where do you work? The Nude Celebrities Hotline?
Allowing endless attemps at a password is a major security flaw... This was indeed an hack, they found a way to be able to try passwords without the account being frozen. This as nothing to do with passwords being weak, the only thing a robust password will change is it takes more time.
Do you have an evidence that a brute force attack was used?
The evidence I have seen (exif files, reporter statements indicating they were contacted about this prior to "The Happening", many images are not the celebrity in question or are photoshopped, etc.) suggests that this was a person who has traded such images in exchange for similar images for some time.
Allowing endless attemps at a password is a major security flaw... This was indeed an hack, they found a way to be able to try passwords without the account being frozen
You are correct. Fortunately, Apple doesn't allow an infinite amount of password attempts.
Download Fiddler, set it up to send say, 1 request per second to the iCloud login handler:
https://setup.icloud.com/setup/ws/1/login
and post this data:
{"apple_id":"[email protected]","password":"testpassword","extended_login":false}
Obviously replacing values with whatever you want.
See how long it takes them to freeze your IP from subsequent requests.
If you would like to share who "they" are, or a post to the exact method on how it was hacked, or a post a hacker has made backing up what you just said, I would highly appreciate it.
Edit: Oh and before somebody mentions easily changing the IP header, the same freeze is applied on the session id + account.
Oh, I think they are quite aware of this now. It was all over the news this morning and the originating site was repeatedly named.
This is why I suspect someone inside Apple culled these accounts or possibly a photo app was cracked, one with easy access to the photos.
Thus far the latest iPhone to be announced on September 9th will offer the following:
Custom Actions
iCloud Drive
Nitro JavaScript engine for third party web browsers
Photo Editing
Sharing Options
Third party keyboards
Widgets
Additionally, according to rumors Apple will offer:
Multiple form factors (4", 4.7", 5.5")
NFC
Optical Image Stabilization
I wonder what Android proponents will complain about next.
Same old FUD: