Maybe a week ago, I received an email purporting to be from Apple asking to reset password or something to that effect. The sender email address seemed very convincing but the link in the message wasn't.
Indeed. As long as you don't mind getting arrested for it.
Well anything legal is what I meant. Let's not blame people for taking legal photos
I disagree.
Legality isn't the issue. If you're a celebrity and you pick your nose at an event with lots of paparazzi, they're liable to splash it in the papers. That celebrity may well think it's wrong. But if the celebrity doesn't pick her nose in the first place, there's no incriminating photo.
What if the celebrity is at home in her garden?
Common sense has to be applied. The moral of the story is: be good, and you won't get into trouble.
Maybe a week ago, I received an email purporting to be from Apple asking to reset password or something to that effect. The sender email address seemed very convincing but the link in the message wasn't.
Same here! I just remembered that now. Even though I'm very security conscious, I almost clicked on the link myself because it looked very legit(and it was late and i was probably tired). Hmm.....I wonder.......
Legality isn't the issue. If you're a celebrity and you pick your nose at an event with lots of paparazzi, they're liable to splash it in the papers. That celebrity may well think it's wrong. But if the celebrity doesn't pick her nose in the first place, there's no incriminating photo.
What if the celebrity is at home in her garden?
Common sense has to be applied. The moral of the story is: be good, and you won't get into trouble.
The paparazzi should be banned from photos in non public places too. People have a right to any legal activity in their own space.
Maybe a week ago, I received an email purporting to be from Apple asking to reset password or something to that effect. The sender email address seemed very convincing but the link in the message wasn't.
I found that email. This is the sender's address: no-reply@apple.com It was listed below 'other'.
1) I know LastPass is free but I don't care for their UI and that it's all saved on their servers.
2) I'm not sure if LastPass has this security feature but when I click on my 1Password browser extension to add a username and password 1Password will first warn me that the site is not using SSL. In all cases this is one of those wonky webpage setups that you can click Submit on the empty field to have the page reloads with SSL page telling you your submitted username and password were incorrect and to type them in again. Or just change the HTTP to HTTPS, but I find the other way faster. Anyway… does LastPass have that?
Point of fact, can't give you an answer. I'm still managing my own passwords with various schemes I created years ago and keep tweaking. But I'm looking at password managers and a number of podcasters I listen to on TWIT (guests and resident hosts) seem happy enough with LastPass (I'd get the $12/year version)... ....so I shoulda' said "a secure password manager".... ...as I too worry about the security of LastPass itself. So I was just saying that in general people who live in nude pic houses and don't wanna be seen need to make sure the shades stay drawn by using genuinely secure and opaque shades....
By the same token, I thought about trying out Personal Capital to get some of their interesting views of my portfolio... ...but the notion of a relatively small company with a relatively small IT staff (let alone a big one - as in the recent JP Morgan Chase hack) having all my financial accounts in one likely hackable place simply scares the lights outta' me, so I'll keep analyzing my whole sitch in a password protected spreadsheet of my own devising (which contains no passwords - I update the values manually).
I did bring up adding the TouchID /secure enclave to all Macs (I wonder if it's possible without the ARM chip), thus making apple's iCloud access fully 2 factor from all Apple-Sold vantage points (would require an iPod Touch with touchID, and maybe a TouchID on your AppleTV remote... but I digress....).
The fact that Apple's site would allow for infinite tries made me feel this was a targeted attack on individuals, probably seeding passwords captures through other means, and then doing brute force if no hits.
Apple should automatically block access after a set number of tries when it detects a pattern of multiple attempts with various passwords.
It would be a "3 strikes and you're locked out" system, that would notify the owner of the account that multiple attempts to access the account with various passwords indicates that the account is possibly being hacked, and that the owner will need to get a new password.
I found that email. This is the sender's address: no-reply@apple.com It was listed below 'other'.
Now that I think about it, this isn't the email I believe I received directly in my inbox but can't find it in the trash folder. The email I found earlier was in the junk folder. The sender's email address of missing email was different, something like insertword@insertword.apple.com. Not exactly sure where it was listed in the dialog box. The message was different and totally convincing versus the junk folder email but the link wasn't.
You mean Academy Award winning actor Jennifer Lawrence? Smacks of misogyny.
Yes, because between Computer Security Expert, Jennifer Lawrence and Doctor of Developmental Diseases, Jenny McCarthy, we can all relax knowing our future is in good hands.
In my experience, that's not true. WashingtonPost.com and NewYorkTimes.com are hardly mentioning the possible Apple connection in their stories.
I believe you may have misinterpreted my post.
I wasn't saying that all of the major sites were reporting this. I was saying that all of the sites that were reporting it were reporting that Apple had been hacked when this had not been confirmed.
The paparazzi should be banned from photos in non public places too. People have a right to any legal activity in their own space.
if they can see it from a public place (with their 800x lenses)... it's public. by definition. The public can't unsee something or be asked to not look in a general direction of someone's home/property.
Reasonable sense of privacy. Inside your or a personal friends property. Closed Curtains, no open phone lines.
Now let's extend this. YOU take a photo inside this private place. Then you put it in your purse, and take it out of the private place. You then place your purse on the counter at Starbucks and you fail to secure. Someone makes a copy (takes a picture of it). Or you send it on a postcard to a friend (email). At that point, is it private, because you've basically sent it to everyone in the postoffice, and the friend now has it, and do what they want with it? If that friend leaves it in a public place not thinking it's confidential, and some random person makes a copy of it whose at fault?
Finally, you put a copy of that picture in a storage locker in a crowded bus station and you think you're the only one with a key. You later see that picture in the news paper. Well the owner of the bus station may be at fault, but only up to a certain limit (printed on the EULA just below where you stuck your quarter for the key).
You're assuming this was all done at the same time. Most likely, these were pictures that were collected over years by many different hackers. I'm betting that some of the accounts took LONG time to finally gain access. Due to how valuable these pictures are, I can see people spending long time to gain access to their phones. Some/most of these hackers have no lives.
These celebs need to think of themselves like a bank or a government entity where there are constant hacking attempts.
Hmm...maybe I should get into a business of protecting celebs from virtual threats. They hire body guards, but what about virtual body guards?
Ok, don't steal my idea.
Anonynous has confirmed the existence of an "underground celeb n00d-trading ring." The event includes a number of people who essentially simultaneously released the celebrity photos according to Anonymous.
Apple should automatically block access after a set number of tries when it detects a pattern of multiple attempts with various passwords.
It would be a "3 strikes and you're locked out" system, that would notify the owner of the account that multiple attempts to access the account with various passwords indicates that the account is possibly being hacked, and that the owner will need to get a new password.
errr. how does a locked out account change their password? If it's locked out you can't get in...
oh, and if you did that, you just gave hackers a great dDoS attack vector... just start locking up every account you can. Every iCloud connected device for that account just dies (unless you tokenized their access)
;-)
The threat/attack model for this has lots of branch points, all of which are expensive to get right or open up new holes if you get wrong (especially if you don't have a phone in customer service line.... e.g. iCloud.com)
Hard problem.
The typical solution is the 'slow down' every failed try exponentially gets longer, and an alert to your threat intel group to see if this is part of a larger problem. after 24(8/4/1) hours of no attempts reset the timer to 'immediate' and hopefully Apple has identified the attackers and 'spiked' them.
Comments
Nobody's reported any pictures of her so it's hard to know what she is even tweeting for.
She was most definitely one of the celebrities included in this recent nude photo leak.
Not that I think this had anything to do with icloud. The Mail is not a Murdoch paper btw.
I was referencing that UK newspaper which Murdoch used to own. The one that hacked celebrity voice mails for profit.
Nobody thinks it "odd" that a challenge to Apple's vaunted abilities in security
should be trashed on the same day they announce agreements with major
credit card companies on a new payment system?
I'm not convinced this is really all about 'naked starlets'…maybe, but...
As Apple attempts to enter another hugely lucrative market
(assuming these deals pay them even a tiny transaction percentage)
they are playing in the big kids' pool…
and the big kids can see them coming, now - there's a track record.
Perhaps this is just a sleazy example of Marketing Warfare 101.
I disagree.
Legality isn't the issue. If you're a celebrity and you pick your nose at an event with lots of paparazzi, they're liable to splash it in the papers. That celebrity may well think it's wrong. But if the celebrity doesn't pick her nose in the first place, there's no incriminating photo.
What if the celebrity is at home in her garden?
Common sense has to be applied. The moral of the story is: be good, and you won't get into trouble.
Idiots lying about things they don’t comprehend is a PR nightmare?
Maybe a week ago, I received an email purporting to be from Apple asking to reset password or something to that effect. The sender email address seemed very convincing but the link in the message wasn't.
Same here! I just remembered that now. Even though I'm very security conscious, I almost clicked on the link myself because it looked very legit(and it was late and i was probably tired). Hmm.....I wonder.......
The paparazzi should be banned from photos in non public places too. People have a right to any legal activity in their own space.
1) I know LastPass is free but I don't care for their UI and that it's all saved on their servers.
2) I'm not sure if LastPass has this security feature but when I click on my 1Password browser extension to add a username and password 1Password will first warn me that the site is not using SSL. In all cases this is one of those wonky webpage setups that you can click Submit on the empty field to have the page reloads with SSL page telling you your submitted username and password were incorrect and to type them in again. Or just change the HTTP to HTTPS, but I find the other way faster. Anyway… does LastPass have that?
Point of fact, can't give you an answer. I'm still managing my own passwords with various schemes I created years ago and keep tweaking. But I'm looking at password managers and a number of podcasters I listen to on TWIT (guests and resident hosts) seem happy enough with LastPass (I'd get the $12/year version)... ....so I shoulda' said "a secure password manager".... ...as I too worry about the security of LastPass itself. So I was just saying that in general people who live in nude pic houses and don't wanna be seen need to make sure the shades stay drawn by using genuinely secure and opaque shades....
By the same token, I thought about trying out Personal Capital to get some of their interesting views of my portfolio... ...but the notion of a relatively small company with a relatively small IT staff (let alone a big one - as in the recent JP Morgan Chase hack) having all my financial accounts in one likely hackable place simply scares the lights outta' me, so I'll keep analyzing my whole sitch in a password protected spreadsheet of my own devising (which contains no passwords - I update the values manually).
And winning an Academy Award still doesn't make somebody an expert or an authority on anything that is computer related.
I don't care if somebody won 11 Academy Awards.
Is there disagreement on that point?
Idiots lying about things they don’t comprehend is a PR nightmare?
Isn't that the definition?
agreed. on all points.
I did bring up adding the TouchID /secure enclave to all Macs (I wonder if it's possible without the ARM chip), thus making apple's iCloud access fully 2 factor from all Apple-Sold vantage points (would require an iPod Touch with touchID, and maybe a TouchID on your AppleTV remote... but I digress....).
The fact that Apple's site would allow for infinite tries made me feel this was a targeted attack on individuals, probably seeding passwords captures through other means, and then doing brute force if no hits.
Apple should automatically block access after a set number of tries when it detects a pattern of multiple attempts with various passwords.
It would be a "3 strikes and you're locked out" system, that would notify the owner of the account that multiple attempts to access the account with various passwords indicates that the account is possibly being hacked, and that the owner will need to get a new password.
You mean Academy Award winning actor Jennifer Lawrence? Smacks of misogyny.
Yes, because between Computer Security Expert, Jennifer Lawrence and Doctor of Developmental Diseases, Jenny McCarthy, we can all relax knowing our future is in good hands.
I believe you may have misinterpreted my post.
I wasn't saying that all of the major sites were reporting this. I was saying that all of the sites that were reporting it were reporting that Apple had been hacked when this had not been confirmed.
The paparazzi should be banned from photos in non public places too. People have a right to any legal activity in their own space.
if they can see it from a public place (with their 800x lenses)... it's public. by definition. The public can't unsee something or be asked to not look in a general direction of someone's home/property.
Reasonable sense of privacy. Inside your or a personal friends property. Closed Curtains, no open phone lines.
Now let's extend this. YOU take a photo inside this private place. Then you put it in your purse, and take it out of the private place. You then place your purse on the counter at Starbucks and you fail to secure. Someone makes a copy (takes a picture of it). Or you send it on a postcard to a friend (email). At that point, is it private, because you've basically sent it to everyone in the postoffice, and the friend now has it, and do what they want with it? If that friend leaves it in a public place not thinking it's confidential, and some random person makes a copy of it whose at fault?
Finally, you put a copy of that picture in a storage locker in a crowded bus station and you think you're the only one with a key. You later see that picture in the news paper. Well the owner of the bus station may be at fault, but only up to a certain limit (printed on the EULA just below where you stuck your quarter for the key).
Anonynous has confirmed the existence of an "underground celeb n00d-trading ring." The event includes a number of people who essentially simultaneously released the celebrity photos according to Anonymous.
Apple should automatically block access after a set number of tries when it detects a pattern of multiple attempts with various passwords.
It would be a "3 strikes and you're locked out" system, that would notify the owner of the account that multiple attempts to access the account with various passwords indicates that the account is possibly being hacked, and that the owner will need to get a new password.
errr. how does a locked out account change their password? If it's locked out you can't get in...
oh, and if you did that, you just gave hackers a great dDoS attack vector... just start locking up every account you can. Every iCloud connected device for that account just dies (unless you tokenized their access)
;-)
The threat/attack model for this has lots of branch points, all of which are expensive to get right or open up new holes if you get wrong (especially if you don't have a phone in customer service line.... e.g. iCloud.com)
Hard problem.
The typical solution is the 'slow down' every failed try exponentially gets longer, and an alert to your threat intel group to see if this is part of a larger problem. after 24(8/4/1) hours of no attempts reset the timer to 'immediate' and hopefully Apple has identified the attackers and 'spiked' them.