So is Apple confirming that iCloud was breached or is that what they're investigating?
Apple is confirming nothing. They are looking into the issue and will likely comment in a day or two that there have been no hacks to the system. Something they probably already know but it will generate doubt if they say it too quickly. So in some ways saying they are looking into the issue is really a PR stunt
There is only the word of the hackers that the source was iCloud and that they actually hacked the system. Rather than what happened in Australia etc where it turns out that the victims were likely using the same password for iCloud as their email, Facebook etc and those systems were hacked or social engineered.
The more likely scenario is that someone hacked an email system, like say Yahoo, and got a bunch of email accounts and likely passwords, took a shot that some of these were also iCloud, dropbox etc and got into those that way rather than some kind of brute force attack. It's also possible that the victims weren't even the celebs but assistants. Someone hacks Jennifer Lawrence's assistants account without knowing who it is, finds a note with JLaw's info and bingo. Stupid stuff like that happens all the time. I believe it was Selma Hayek whose email was 'hacked' because when her assistant set it up she used "my first oscar nomination" as the security question. And since the username was selmahayek it was easy to google the answer
If anyone had actually hacked an apple system you can bet they would have recorded it and would post it all over the place to show how bad ass they are and yes they definitely did it.
I hope apple does it right, and shows who[was it 200 celebs or 200,000,000 people] was hacked and how, what they did (if anything) to prevent it.
They won't. Telling who is a major privacy issue. And telling how is a major security one.
The only response they might give is one last update to iOS 6 and iOS 7 and perhaps some better testing of what folks are using as iCloud passwords. Make certain folks aren't using their names, common words etc. After all, how security would theothergeoff@icloud.com be if the password was Theothergeoff1
If this wasn't an iCloud hack there's nothing for Apple to show. Unfortunately everyone seems to be rushing to blame it on an iCloud hack when no one knows for sure if that's what happened. I find it highly suspicious this comes out a week before Apple's big event.
you mean during a time when the media is gaga for all things Apple. yep, just a tad suspicious
So about your question: "how did they get photos from iCloud?" The answer is, apparently, if you backup your phone to iCloud, the photos, videos can be retrieved from the backup file.
I don't think it works like that. If you backup your iPhone to your PC, then it creates a single file with everything in it. On iCloud, not everything is backed up. Apple knows what music, Apps and other content you've purchased so these aren't backed up. Photos and videos are usually stored in Photostream, so I don't think these are backed up in another location (like a single backup file). Basically iCloud backups are usually quite small consisting of user data on your device.
I still think the only way to get photos from someone's iCloud account is to get your PC authorized and then download them. You definitely can't do it from a browser.
Edited: Has anyone downloaded the Python script? I've tried and can't find it yet, so if someone has a link (or already has it) it would be much appreciated.
I'd like to look at the code and see exactly what it's trying to do.
If anyone had actually hacked an apple system you can bet they would have recorded it and would post it all over the place to show how bad ass they are and yes they definitely did it.
Why would they do that unless they were hacking just for the sake of hacking an Apple system? What if the hack was merely a step toward a bigger objective?
What is hilarious to ME is that people like you only seem to get outraged when you notice this type of reporting going on about something you're personally passionate about.
The rest of time you take headlines for truth, despite the fact that half of them are exaggerations, the other half, lies.
Who says I'm outraged?
What gave you the impression that I'm not aware of the fact that half the headlines are exaggerations and the other half lies?
Where did you get that idea?
When you refer to yourself in writing why do you use CAPITAL LETTERS?
How did you get to know me so well by sitting and reading and typing stuff on the internet?
Why do you find that hilarious?
So. Many. Mysteries.
(If anybody can see what I just did give me a thumbs up to signal that you recognised what was done but don't say what you saw, if you see what I mean, as you'll ruin the intelligence recognition test for recognition of intelligence. Thank you for your co-operation, and have a wonderful day!)
I don't think it works like that. If you backup your iPhone to your PC, then it creates a single file with everything in it.
Nope.
A bunch of separate, plain (unless you encrypt the backup) files linked with an SQLite database.
You can go into the backups(~/Library/MobileSync/Backup/) and use the space bar to see the pix. Most of the other files are encoded (not encrypted) by the app so you may not see anything.
I just finished watching the news tonight, eyewitness news channel 7, and there it was, a story about how people were already lined up for the iPhone 6 in front of the Apple store at 5th Ave, and that story led right into their next story about the celebrity hacks.
I just finished watching the news tonight, eyewitness news channel 7, and there it was, a story about how people were already lined up for the iPhone 6 in front of the Apple store at 5th Ave, and that story led right into their next story about the celebrity hacks.
Amazing with all the shit going on in the world that this is one of the top news stories, and only getting all this attention because it involves celebrities. :rolleyes:
She seems to be thanking iCloud for the pizza and self-serve chocolate ice cream.
She saying "Thanks for giving me some sorely needed publicity after the severe damage that was done to my career after the Spider-man debacle. Free dinner and dessert on me!"
She saying "Thanks for giving me some sorely needed publicity after the severe damage that was done to my career after the Spider-man debacle. Free dinner and desert on me!"
The Spider-Man III debacle, you mean. Guh, that movie. I can’t even watch the Rifftrax without hurting. No one is evil enough to treat their girlfriend like that. Not even me and I’m the worst person I know.
I do like James Franco, though; chewing that scenery as hard as possible because he knows it’s bad.
I can see these guys sitting around a table trading ideas about the best way to hurt Apple before next week's big reveal.
"Let's put together all the photos we've gathered from a multitude of sources over the last year or so, dump them on the internet and then say they all came from a hack into iCloud!"
Brilliant, boys... just brilliant.
Now let's see if it will stick. I sincerely doubt it.
... and then, after a boatload or two of the new iPhones are sold, Apple can say that even if there was a vulnerability, people still prefer iOS over Android... because Android is just that shitty.
Gruber points to a potential flaw with Find My Friends that doesn't prevent brute force attacks. If that is the case then Apple is definitely to blame.
Uhhh, no. Only if the hackers actually used that method to gain access. It's *highly* unlikely that was the case for most of them. Maybe one or two. These brute force methods only work if you have one of those commonly used passwords. Even if someone gained access that way via a NEW device, the owner will get a notice(someone prove me wrong).
In any case, Apple will be able to EASILY check their logs and see if any suspicious device accessed iCloud.
This reaks of a public smear a week before the latest iPhone release.
It staggers me that ALL of the major news sites are reporting this as an iCloud hack in their headlines before briefly mentioning deep within the articles that this information has not been verified.
What the f*ck has happened to reporting these days?
I can think of a rival tech company that might have the motivation to drum up bad publicity for iCloud and Apple.
And let's face it, anarchy has generally worked out well for anybody who's ever tried it in the past.
/s
Actually, it has. We've spent more millenia in anarchy than not and we're still here. It's the arrogance of civilization which has brought us closest to the brink.
Anyone else get the feeling it's the anarchists who probably wouldn't last too long if they ever got their wish?
Sorry, leaked soft porn just before a major Apple announcement...hmmm...
I can think of a rival tech company that might have the motivation to drum up bad publicity for iCloud and Apple.
So, I think it's pretty well shown by now that these photos were being traded underground for a while. I think one of them was apple-hater and he decided to dump all the collections to make this look bad for Apple. This guy even started out by saying they were from iCloud accounts when that was flat out lie(which he later admitted was a lie because there were obvious non-iphone pictures). Well, that's my theory anyway.
On the other hand, if he wanted maximum damage, wouldn't he have done this the day or two before the announcement? As it is now, enough time will pass to show that it wasn't iCloud hack.
So, I think it's pretty well shown by now that these photos were being traded underground for a while. I think one of them was apple-hater and he decided to dump all the collections to make this look bad for Apple. This guy even started out by saying they were from iCloud accounts when that was flat out lie(which he later admitted was a lie because there were obvious non-iphone pictures). Well, that's my theory anyway.
On the other hand, if he wanted maximum damage, wouldn't he have done this the day or two before the announcement? As it is now, enough time will pass to show that it wasn't iCloud hack.
Hmm...but then maybe he did it now so that it doesn't look so obvious.
Yesterday was really just the celebrity stuff. Today is an actual article about Apple actively investigating the leak of photos that appear to have come from iCloud. The other tech sites are also only now reporting on Apple investigating how these accounts were breached.
I thought I had read about the investigation right after the publishing of these pictures.
Maybe a week ago, I received an email purporting to be from Apple asking to reset password or something to that effect. The sender email address seemed very convincing but the link in the message wasn't.
I found that email. This is the sender's address: no-reply@apple.com It was listed below 'other'.
I can only presume that email address is fake, but that's not the point. Where did the link point to?
Comments
So is Apple confirming that iCloud was breached or is that what they're investigating?
Apple is confirming nothing. They are looking into the issue and will likely comment in a day or two that there have been no hacks to the system. Something they probably already know but it will generate doubt if they say it too quickly. So in some ways saying they are looking into the issue is really a PR stunt
There is only the word of the hackers that the source was iCloud and that they actually hacked the system. Rather than what happened in Australia etc where it turns out that the victims were likely using the same password for iCloud as their email, Facebook etc and those systems were hacked or social engineered.
The more likely scenario is that someone hacked an email system, like say Yahoo, and got a bunch of email accounts and likely passwords, took a shot that some of these were also iCloud, dropbox etc and got into those that way rather than some kind of brute force attack. It's also possible that the victims weren't even the celebs but assistants. Someone hacks Jennifer Lawrence's assistants account without knowing who it is, finds a note with JLaw's info and bingo. Stupid stuff like that happens all the time. I believe it was Selma Hayek whose email was 'hacked' because when her assistant set it up she used "my first oscar nomination" as the security question. And since the username was selmahayek it was easy to google the answer
If anyone had actually hacked an apple system you can bet they would have recorded it and would post it all over the place to show how bad ass they are and yes they definitely did it.
On the one side Antennagate.
I hope apple does it right, and shows who[was it 200 celebs or 200,000,000 people] was hacked and how, what they did (if anything) to prevent it.
They won't. Telling who is a major privacy issue. And telling how is a major security one.
The only response they might give is one last update to iOS 6 and iOS 7 and perhaps some better testing of what folks are using as iCloud passwords. Make certain folks aren't using their names, common words etc. After all, how security would theothergeoff@icloud.com be if the password was Theothergeoff1
If this wasn't an iCloud hack there's nothing for Apple to show. Unfortunately everyone seems to be rushing to blame it on an iCloud hack when no one knows for sure if that's what happened. I find it highly suspicious this comes out a week before Apple's big event.
you mean during a time when the media is gaga for all things Apple. yep, just a tad suspicious
So about your question: "how did they get photos from iCloud?" The answer is, apparently, if you backup your phone to iCloud, the photos, videos can be retrieved from the backup file.
I don't think it works like that. If you backup your iPhone to your PC, then it creates a single file with everything in it. On iCloud, not everything is backed up. Apple knows what music, Apps and other content you've purchased so these aren't backed up. Photos and videos are usually stored in Photostream, so I don't think these are backed up in another location (like a single backup file). Basically iCloud backups are usually quite small consisting of user data on your device.
I still think the only way to get photos from someone's iCloud account is to get your PC authorized and then download them. You definitely can't do it from a browser.
Edited: Has anyone downloaded the Python script? I've tried and can't find it yet, so if someone has a link (or already has it) it would be much appreciated.
I'd like to look at the code and see exactly what it's trying to do.
If anyone had actually hacked an apple system you can bet they would have recorded it and would post it all over the place to show how bad ass they are and yes they definitely did it.
Why would they do that unless they were hacking just for the sake of hacking an Apple system? What if the hack was merely a step toward a bigger objective?
Who says I'm outraged?
What gave you the impression that I'm not aware of the fact that half the headlines are exaggerations and the other half lies?
Where did you get that idea?
When you refer to yourself in writing why do you use CAPITAL LETTERS?
How did you get to know me so well by sitting and reading and typing stuff on the internet?
Why do you find that hilarious?
So. Many. Mysteries.
(If anybody can see what I just did give me a thumbs up to signal that you recognised what was done but don't say what you saw, if you see what I mean, as you'll ruin the intelligence recognition test for recognition of intelligence. Thank you for your co-operation, and have a wonderful day!)
I don't think it works like that. If you backup your iPhone to your PC, then it creates a single file with everything in it.
Nope.
A bunch of separate, plain (unless you encrypt the backup) files linked with an SQLite database.
You can go into the backups(~/Library/MobileSync/Backup/) and use the space bar to see the pix. Most of the other files are encoded (not encrypted) by the app so you may not see anything.
I just finished watching the news tonight, eyewitness news channel 7, and there it was, a story about how people were already lined up for the iPhone 6 in front of the Apple store at 5th Ave, and that story led right into their next story about the celebrity hacks.
She saying "Thanks for giving me some sorely needed publicity after the severe damage that was done to my career after the Spider-man debacle. Free dinner and dessert on me!"
The Spider-Man III debacle, you mean. Guh, that movie. I can’t even watch the Rifftrax without hurting. No one is evil enough to treat their girlfriend like that. Not even me and I’m the worst person I know.
I do like James Franco, though; chewing that scenery as hard as possible because he knows it’s bad.
It will be really interesting to find out how those photos were really leaked.
Taylor Swift is, at least, is on security.
Props to the assholes who thought up this one.
I can see these guys sitting around a table trading ideas about the best way to hurt Apple before next week's big reveal.
"Let's put together all the photos we've gathered from a multitude of sources over the last year or so, dump them on the internet and then say they all came from a hack into iCloud!"
Brilliant, boys... just brilliant.
Now let's see if it will stick. I sincerely doubt it.
... and then, after a boatload or two of the new iPhones are sold, Apple can say that even if there was a vulnerability, people still prefer iOS over Android... because Android is just that shitty.
Gruber points to a potential flaw with Find My Friends that doesn't prevent brute force attacks. If that is the case then Apple is definitely to blame.
Uhhh, no. Only if the hackers actually used that method to gain access. It's *highly* unlikely that was the case for most of them. Maybe one or two. These brute force methods only work if you have one of those commonly used passwords. Even if someone gained access that way via a NEW device, the owner will get a notice(someone prove me wrong).
In any case, Apple will be able to EASILY check their logs and see if any suspicious device accessed iCloud.
This reaks of a public smear a week before the latest iPhone release.
It staggers me that ALL of the major news sites are reporting this as an iCloud hack in their headlines before briefly mentioning deep within the articles that this information has not been verified.
What the f*ck has happened to reporting these days?
I can think of a rival tech company that might have the motivation to drum up bad publicity for iCloud and Apple.
Actually, it has. We've spent more millenia in anarchy than not and we're still here. It's the arrogance of civilization which has brought us closest to the brink.
Anyone else get the feeling it's the anarchists who probably wouldn't last too long if they ever got their wish?
Sorry, leaked soft porn just before a major Apple announcement...hmmm...
I can think of a rival tech company that might have the motivation to drum up bad publicity for iCloud and Apple.
So, I think it's pretty well shown by now that these photos were being traded underground for a while. I think one of them was apple-hater and he decided to dump all the collections to make this look bad for Apple. This guy even started out by saying they were from iCloud accounts when that was flat out lie(which he later admitted was a lie because there were obvious non-iphone pictures). Well, that's my theory anyway.
On the other hand, if he wanted maximum damage, wouldn't he have done this the day or two before the announcement? As it is now, enough time will pass to show that it wasn't iCloud hack.
So, I think it's pretty well shown by now that these photos were being traded underground for a while. I think one of them was apple-hater and he decided to dump all the collections to make this look bad for Apple. This guy even started out by saying they were from iCloud accounts when that was flat out lie(which he later admitted was a lie because there were obvious non-iphone pictures). Well, that's my theory anyway.
On the other hand, if he wanted maximum damage, wouldn't he have done this the day or two before the announcement? As it is now, enough time will pass to show that it wasn't iCloud hack.
Hmm...but then maybe he did it now so that it doesn't look so obvious.
I thought I had read about the investigation right after the publishing of these pictures.
I can only presume that email address is fake, but that's not the point. Where did the link point to?
Nothing but repulsive, truly not worth watching.
Wouldn't it make more sense that the password would be TheRealGeoff¿
https://github.com/hackappcom/ibrute/blob/master/id_brute.py