Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts

1356789

Comments

  • Reply 41 of 178
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    I'm sure that it's not.

     

    I've never gotten hacked online, but I was the target of a telephone scam some years back, by some shady company that had somehow made a few charges to one of my bank cards, without my authorization of course. 

     

    I was seriously pissed off, and I immediately cancelled that card, and then I contacted the State Attorney General, the FTC, and I even spoke to an agent at the FBI, since this was across state lines. To make a long story short, the situation was rectified pretty quickly.


     

    Good for you! The nuclear option is sometimes the only option.

  • Reply 42 of 178
    NM. a more in-depth article on The Verge answered my question about the Find my iPhone hack. That was already patched and it is not related to this leak. Those celebs must have had very weak passwords indeed.
  • Reply 43 of 178
    Quote:

    Originally Posted by Eric Swinson View Post

     



    One of the drawbacks to having the phone ask for permission to do things is that it always asking me to authenticate. I have caught myself many times just out of habit entering a pin code or apple id without actually reading the screen. I could see someone making a javascript malware script that popped up a pixel perfect authentication dialog in safari that would look like some other innocuous app in the background needing your credentials. Embarrassingly, I myself have even completed an unintended in-app purchase simply because muscle memory took over before my conscious mind could process what was happening. 


     

    I know what you mean. I get the "Trust this computer?" pop-up regularly for no apparent reason when I hook my iPad up to my computer. Of course I trust my own Apple computer!

  • Reply 44 of 178
    Originally Posted by meofcourse View Post

    Videos were stolen too. iPhones and iCloud do not upload videos.

     

    Except they do.

  • Reply 45 of 178

    Counsel: "You mean to tell me that Apple's stoplist did not preclude my client

    from choosing 'Princess1' as a password?"

     

    Defense: "Your honor, ladies and gentleman of the jury.  That is correct, but

    'Princess1' is only #2 on the "ibrute" list, so that our (temporary-only) gaffe

    with the "no counters" Find My iPhone URL login cannot be implicated."

  • Reply 46 of 178
    I keep seeing people complaining on rumor sites why account wouldn't be locked out after so many attempts. How do we know it wasn't? The hacker could have easily gained access to their email account first then started with password attempts on other accounts and just kept retrieving the reset emails until they got it right.
  • Reply 47 of 178
    Security starts with the user. These celebs need to use 1password or something. They can afford the full suite of the app.
  • Reply 48 of 178
    Quote:
    Originally Posted by John.B View Post

     

     

    While this may or may not be true, it doesn't excuse Apple from not having rate-limited iCloud login attempts:

     

    http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/




     


    Uhh...no, not iCloud login attempts.  Find My Phone API login attempts.   Those are two different things.   Find My Phone existed before iCloud.
  • Reply 49 of 178
    Quote:
    Originally Posted by SinisterStone View Post



    I keep seeing people complaining on rumor sites why account wouldn't be locked out after so many attempts. How do we know it wasn't? The hacker could have easily gained access to their email account first then started with password attempts on other accounts and just kept retrieving the reset emails until they got it right.

     

    This is why I assume (perhaps incorrectly) that a targeted phishing scam was at work here. No need for password generators and the like. The only thing needed would be a private e-mail address, which could have been exposed in any of the recent massive credit card hacks. In fact, a brute force attack on Twitter may have yielded those same private e-mail addresses.

  • Reply 50 of 178
    Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.
  • Reply 51 of 178
    gwmacgwmac Posts: 1,800member

    I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username. 

  • Reply 52 of 178
    Quote:

    Originally Posted by sflagel View Post



    Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.

     

    Apple is no "worse" than any other service. In fact, they seem to be more secure and proactive.

  • Reply 53 of 178
    [IMG]http://forums.appleinsider.com/content/type/61/id/47963/width/200/height/400[/IMG]
    Am I reading this right?
    "iCloud piece of shit"?
    or
    "iCloud eat shit"?
  • Reply 54 of 178
    Originally Posted by sflagel View Post

    Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.



    What a horrible idea.

  • Reply 55 of 178
    Quote:
    Originally Posted by gwmac View Post

     

    I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username. 


     

    How about tying a login/password to an anonymous Bitcoin code? Then it would be uncrackable, distributed and unknown, even to the user.

  • Reply 56 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:
    Originally Posted by sflagel View Post



    Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.

     

    No, they should not! 

     

    If somebody goes out and buys a $10,000 lock for their front door, yet they forget to lock it one day, and thieves walk up to it and enter the house, then whose fault is that?

     

    Human stupidity will trump any security measure, no matter how costly. Apple is not responsible for the dumb and careless actions that people make.

  • Reply 57 of 178
    chadbagchadbag Posts: 1,647member
    Quote:

    Originally Posted by Apple ][ View Post

     

    So most likely the majority of those celebs were stupid, careless and ignorant.

     

    They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.

     

    And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.


     

    There is a reason these people are famous and people want to see pics of them, and it isn't because of their brains...

     

    /end sexist but true remark

  • Reply 58 of 178
    Quote:

    Originally Posted by alphafox View Post

     
    Quote:
    Originally Posted by Maestro64 View Post

     

    This is what you get when you store personal things you would not want you mom seeing in the cloud and being stupid about it. Hacker are a lot smarter than your average thief. Image the work the when through to track down on the necessary information to get into each account whether on icloud or any other cloud based storage product out there.


     

    What is what you get? nothing happened as the leaks weren't from icloud so whats your point?


     

    That is not what this says. It says iCloud was not compromised as a service, but that some celebrity accounts were directly compromised. In other words, someone hacked their user account credentials / recovery information and not the iCloud service. Subtle difference but it does mean that some of that leaked content may be from peoples iCloud storage. This also doesn't say if any of the pictures and video in these leaks is actually from the accounts that were individually compromised. So it doesn't say much really other than people should use strong passwords, two factor authentication, and Apple should keep fixing bugs in their security as soon as they are found.

  • Reply 59 of 178
    imt1imt1 Posts: 87member
    Quote:

    Originally Posted by Tallest Skil View Post

     

    Just as I figured. I wonder if they’ll still up iCloud’s security anyway.

     

    I’d love to not have an upper limit on my password size. I’d also love to not be forced into having numbers and uppercase letters. There’s absolutely no excuse for that. I’ve kept my original iCloud password since the beta because of this nonsense (no restrictions in the beta).

     

    I’d also love to be able to write MY OWN QUESTIONS.


     

    That doesn't totally solve the problem. Answering any security question honestly is ripe for trouble. Same with using the same answers across many sites. It's akin to using the same password across many sites. Sometimes its easier to gain access to someones info by going the security question route vs. guessing at the password. 

     

    Using a password manager like 1password to generate unique passwords across all accounts as well as using it to generate dummy unique answers to security questions is the answer. Two factor authentication is another method. 

  • Reply 60 of 178
    gwmacgwmac Posts: 1,800member
    Quote:

    Originally Posted by SpamSandwich View Post

     

     

    How about tying a login/password to an anonymous Bitcoin code? Then it would be uncrackable, distributed and unknown, even to the user.


    I am open to any idea that is safe, secure, and makes it easier for all of us to access sites, apps, email, etc..without having to use long and burdensome passwords. I think temp passwords by text would be the easiest but I don't know much about Bitcoin. 

Sign In or Register to comment.