Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts

1235789

Comments

  • Reply 81 of 178
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    Sure, I wouldn't have any objections if Apple implements even stronger security, especially since they are going to be rolling out their new payment system.

     

    I have a few different bank accounts, and some of them use a hardware dongle in addition to regular passwords when you log in.


     

    I think Apple's existing security measures are solid and iOS 8 will only improve the situation. Who knows, they may even offer one on one private security lessons to the aggrieved celebs as a goodwill gesture. They'll love the attention.

  • Reply 82 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by SpamSandwich View Post

     

    Who knows, they may even offer one on one private security lessons to the aggrieved celebs as a goodwill gesture. They'll love the attention.


     

    That's a good idea! Apple could have short classes held at Apple stores for everybody who buys a new device, not just celebrities. It would basically be a class in common sense and basic internet security.

  • Reply 83 of 178
    dasanman69dasanman69 Posts: 13,001member
    I think Apple's existing security measures are solid and iOS 8 will only improve the situation. Who knows, they may even offer one on one private security lessons to the aggrieved celebs as a goodwill gesture. They'll love the attention.

    Like Finster said in The Usual Suspects, "fcuk um" ????
  • Reply 84 of 178
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    That's a good idea! Apple could have short classes held at Apple stores for everybody who buys a new device, not just celebrities. It would basically be a class in common sense and basic internet security.


     

    Don't they already have free classes? I think they do. I'm talking about a stealth campaign to woo back the prima donnas who people take so seriously for some reason (I think it's because they represent a lifestyle the average person will never attain, much like previous generations of people believed in Greek or Roman gods).

  • Reply 85 of 178
    jfc1138jfc1138 Posts: 3,090member
    Quote:
    Originally Posted by Tallest Skil View Post

     

    Just as I figured. I wonder if they’ll still up iCloud’s security anyway.

     

    I’d love to not have an upper limit on my password size. I’d also love to not be forced into having numbers and uppercase letters. There’s absolutely no excuse for that. I’ve kept my original iCloud password since the beta because of this nonsense (no restrictions in the beta).

     

    I’d also love to be able to write MY OWN QUESTIONS.


    up security? I expect so. (the login attempt counter has been implemented already IIRC).

     

    Questions?

    Ah, but you can answer them any way you want.

     

    Me?

     

    I lie early and often.

  • Reply 86 of 178
    tenobelltenobell Posts: 7,014member
    Quote:
    Originally Posted by Apple ][ View Post

     

     

    I don't have any problems with blaming the victim. I mean, it all depends on the circumstances.

     

    If somebody chooses to walk around in an area of town that is known to be unsafe and crime infested at 3am and they are flashing around money or wearing expensive jewelry, do they deserve to be shot and robbed? No they do not, but it is certainly understandable if it happened to them.

     

    The internet is not a safe place. There are all sorts of scumbags and criminals on the internet, and I'm sorry, but I can not feel sorry for anybody who gets their account broken into, if they had a password like "cat" or "dog".

     

    And I especially don't feel sorry for anybody who falsely accuses Apple for their problem.


    You are making the assumption that this is common knowledge everyone should have. You make the assumption that their passwords were as simple as "cat" or "dog", we really don't know.

     

    There are areas of expertise were we all fall short of knowledge that could help us, I don't think that makes us stupid. Many of us are busy and we cannot be experts at everything.



    I'd venture to believe these young women had little idea their were people out there willing to spend so much time and dedication to getting at this information. 

     

    Of course now everyone knows. 

  • Reply 87 of 178
    MarvinMarvin Posts: 14,730moderator
    400
    Am I reading this right?
    "iCloud piece of shit"?

    I think that's the one she meant. No matter what way their iCloud service was accessed, it was the service they were using at the time and they'd say the same about any other service. People on the forum had concerns about it years ago:

    http://forums.appleinsider.com/t/150147/users-raise-questions-about-apples-security-after-icloud-hacks#post_2111719

    "It took me about 30 seconds to figure out a "crack" for iCloud if I have someone's Apple ID and considering the ubiquity of iCloud you can probably just try any name at iCloud.com with some small chance of success. Unfortunately, iCloud is very vulnerable to social hacks apparently (based on the 30 second "crack"). I should add that I am no Charlie Miller either so this is something any computer savvy person could discover (disclaimer: I do have formal education in network administration)."

    I'm sure someone mentioned the possibility of important figures having photos stolen. If they were subject to phishing attacks, logging in would be trivial because they are handing over the login directly and having memorable questions to reset a password is asking for trouble because you are better off answering them incorrectly.

    Convincing people to use online services (not just iCloud) without informing them all fully of the risks would always lead to this. The only way to fix it is to not allow the user to be the weak point of security because they value convenience more. I even purposely use short passwords for some services I use regularly because I don't want it stored in auto-logins and I don't want to type long passwords every single day.
  • Reply 88 of 178
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    That's a good idea! Apple could have short classes held at Apple stores for everybody who buys a new device, not just celebrities. It would basically be a class in common sense and basic internet security.


    That would be a softer sell than "imposing" two-step identification as the default that had to be opted out from.

  • Reply 89 of 178
    apple ][ wrote: »
    No, they should not! 

    If somebody goes out and buys a $10,000 lock for their front door, yet they forget to lock it one day, and thieves walk up to it and enter the house, then whose fault is that?

    Human stupidity will trump any security measure, no matter how costly. Apple is not responsible for the dumb and careless actions that people make.
  • Reply 90 of 178
    Using the likes of 1Password, it really doesn't matter what the security question are as you can configure the answer to be any random string. The biggest problem with this method though is if you're asked to supply, for example, the 3rd & 9th characters of the answer.
  • Reply 91 of 178
    you really, really, think that login/password, as a system is a good system? you think it is fit for purpose as a system to safeguard valuable data? if you had 100Mn in the bank and the account details in a document on, say, Dropbox and iCloud and Google Drive and MS drive, and all your friends knew this, you'd feel they are safe for the next 10 years?
  • Reply 92 of 178

    There still isn't a patch for stupid.

  • Reply 93 of 178
    what there isn't, is a proper secure system that does not require the memory of an elephant and/or the geekiness of an MIT engineer.
  • Reply 94 of 178

    One issue I see is that IIRC setting up iCloud enables Photo Stream by default. Not long after I activated my iPhone, I checked its contents on iTunes and wondered why it made two copies of every photo. I found that Photo Stream was responsible, and promptly deactivated the service since I had no use for it (photos that I want shared are already on Facebook and Flickr, and I do all my backups using iTunes).

     

    I deactivated Photo Stream because of how much storage it used, but keeping strictly private photos out of the cloud is another side benefit of switching Photo Stream off. Given that I didn't even know that Photo Stream was switched on until I monitored my storage, I wonder how many other iOS users are unintentionally uploading their photos to iCloud.

  • Reply 95 of 178
    woochifer wrote: »
    One issue I see is that IIRC setting up iCloud enables Photo Stream by default. Not long after I activated my iPhone, I checked its contents on iTunes and wondered why it made two copies of every photo. I found that Photo Stream was responsible, and promptly deactivated the service.

    I deactivated Photo Stream because of how much storage it used, but keeping strictly private photos out of the cloud is another side benefit of switching Photo Stream off. Given that I didn't even know that Photo Stream was switched on until I monitored my storage, I wonder how many other iOS users are unintentionally uploading their photos to iCloud.
    Currently there are limits to how much is stored in photostream. Last 1000 photos and only (I believe) for the last 30 days.

    But iOS8 is coming with storing all photos automatically (like Google +, Dropbox, Kindle Fire, etc.) so it's not like this wouldn't be an issue in any cloud service.
  • Reply 96 of 178
    chadbag wrote: »
    Yeah, they re not usually the brightest peas in the pod and maybe have to have simple answers and passwords so that they will remember them.
    Actually, they are the brightest peas in the pod. Physical attractiveness has been shown to be positively correlated with intelligence in numerous studies.
    Sorry to insult your intelligence, but your assumption is dumb, sexist prejudice.
  • Reply 97 of 178
    Quote:
    Originally Posted by alcstarheel View Post





    Currently there are limits to how much is stored in photostream. Last 1000 photos and only (I believe) for the last 30 days.



    But iOS8 is coming with storing all photos automatically (like Google +, Dropbox, Kindle Fire, etc.) so it's not like this wouldn't be an issue in any cloud service.

    The issue I see is having the photo storage enabled by default when you activate iCloud. I only activated iCloud because I wanted switch on the Find My iPhone activation lock. I had no idea when I did this that all my photos were also getting duplicated locally and uploaded to iCloud.

     

    With other cloud services, I choose what to store and what to automatically sync. But, those are not services that I enable as part of a device activation. My point is simply that I can see a lot of people having their photos uploaded to iCloud without their knowledge. If someone wants to stalk a celebrity, they can peruse through private photos that the victim doesn't even know were uploaded from their phone in the first place.

  • Reply 98 of 178
    apple ][apple ][ Posts: 9,233member
    Quote:

    Originally Posted by SpamSandwich View Post

     

     

    Don't they already have free classes? I think they do.


     

    Yes, they do. I've never been to one, but I noticed that they have a variety of free classes at various Apple stores, but I'm not sure if any were specifically about security.

  • Reply 99 of 178
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    Yes, they do. I've never been to one, but I noticed that they have a variety of free classes at various Apple stores, but I'm not sure if any were specifically about security.


     

    I think they're more generally about how to set up and use one's iOS device.

  • Reply 100 of 178
    jonljonl Posts: 210member
    Quote:

    Originally Posted by Marvin View Post



    I think that's the one she meant. No matter what way their iCloud service was accessed, it was the service they were using at the time and they'd say the same about any other service. People on the forum had concerns about it years ago:



    http://forums.appleinsider.com/t/150147/users-raise-questions-about-apples-security-after-icloud-hacks#post_2111719



    "It took me about 30 seconds to figure out a "crack" for iCloud if I have someone's Apple ID and considering the ubiquity of iCloud you can probably just try any name at iCloud.com with some small chance of success. Unfortunately, iCloud is very vulnerable to social hacks apparently (based on the 30 second "crack"). I should add that I am no Charlie Miller either so this is something any computer savvy person could discover (disclaimer: I do have formal education in network administration)."

     

    Looking back at that thread, I find that claim dubious to put it mildly, and I don't see where he described the crack he figured out in 30 seconds that gets him in with just an Apple ID.

Sign In or Register to comment.