Apple says iCloud is safe and secure, stolen celebrity pics were targeted accounts

12345679»

Comments

  • Reply 161 of 178
    Originally Posted by s.metcalf View Post

    Rather than be so pompous and arrogant all the time maybe Apple should take the opportunity to push two-step verification harder or even make it mandatory!

     

    They already do push it.

  • Reply 162 of 178
    tenobelltenobell Posts: 7,014member
    Quote:

    Originally Posted by s.metcalf View Post

     

    So iCloud is safe and secure...unless you're targeted and don't have 2-step verification enabled?

     


     

    Pretty much could be said for any online service. Though I can agree if someone targets you and is motivated enough to get through, that does show that there are still inherent flaws in the system.

     

    Which also raises another question, is there really an absolutely faultless system?

  • Reply 163 of 178
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by Eideard View Post

     

    There still isn't a patch for stupid.


    And there is that.

  • Reply 164 of 178
    Quote:

    Originally Posted by TenoBell View Post

     

    Which also raises another question, is there really an absolutely faultless system?


     

    Nope. If a person can create something, another person can tear it down.

  • Reply 165 of 178
    MarvinMarvin Posts: 14,726moderator
    gatorguy wrote: »
    Marvin wrote: »

    Companies like Google have come up with ideas like wearing jewellery or swallowing an authentication pill to use as a security token but I don't think those are very practical. I think the way forward is to use encryption key pairs, possibly multiple keys.... etc

    Marvin, what do you think of something like SlickLogin as a password replacement? I realize the sticking point is still getting "the web" to cooperate.
    http://techcrunch.com/2014/02/16/google-acquires-slicklogin-the-sound-based-password-alternative/

    I think it's too cumbersome to have a phone nearby all the time. The part using audio would mean you'd have to shut off music and unplug headphones to login every time. Connecting via other methods like Bluetooth or wifi would be ok but may be more susceptible to local attacks like at a coffee shop. Then there's the issue of logging in on the phone itself, the phone is being treated as though it's the secure device where they suggest that if someone steals the phone, they can access accounts already, the phone isn't being asked to check against another machine so presumably still uses passwords to login.

    I'd rather see a secure system work with just a single device and I think that's possible.

    Protecting email is a little harder because it's often used as the last resort for recovering everything. Using the system I described before, you'd setup an email account like GMail and wouldn't have a password nor security questions (although these could be optional for recovery), you'd setup a key pair on your device and send the public key to the server. If you lose the private key, the way to reissue a key with another service would be to send an email to setup another key pair. If it's your email account that's compromised, there would be no way to setup new keys because you don't have access to your email account. The way to solve this would be to require other recovery options for email such as phone number, alternate email, security questions etc.
    tenobell wrote:
    is there really an absolutely faultless system?

    Identity verification systems will always have a flaw somewhere - it even happens in real life where real people mistake one identity for another. However, banks manage to maintain security very well. Accounts aren't drained regularly but millions of people have online bank logins. That could be down to the consequences for getting caught but it's bad for leaking images too. The guy that leaked images of a few celebs a couple of years ago got 10 years in prison:

    http://www.theverge.com/2012/12/17/3777818/hollywood-hacker-sentenced-to-ten-years

    The security system doesn't have to be faultless, it just needs to raise everyone to an acceptable threshold of security regardless of their own actions.
  • Reply 166 of 178
    jfc1138jfc1138 Posts: 3,090member
    Quote:
    Originally Posted by TenoBell View Post

     

     

    Pretty much could be said for any online service. Though I can agree if someone targets you and is motivated enough to get through, that does show that there are still inherent flaws in the system.

     

    Which also raises another question, is there really an absolutely faultless system?


    My not internet connected laptop.

     

    And that only until someone breaks into my home...

  • Reply 167 of 178
    jfc1138 wrote: »
    tenobell wrote: »
     

    Pretty much could be said for any online service. Though I can agree if someone targets you and is motivated enough to get through, that does show that there are still inherent flaws in the system.

    Which also raises another question, is there really an absolutely faultless system?
    My not internet connected laptop.

    And that only until someone breaks into my home...

    So not faultless then.
  • Reply 168 of 178
    jfc1138jfc1138 Posts: 3,090member

    Obviousely.

    Quote:

    Originally Posted by Benjamin Frost View Post





    So not faultless then.

    Obviously.

  • Reply 169 of 178
    hill60hill60 Posts: 6,992member
    Exactly: I will never be able to remember them. I can’t remember anything. I can’t ever address anyone by name because I don’t remember them. At least give me questions for which I can guess the answers...

    The answer is simple, answer everything with "iforgot".
  • Reply 170 of 178
    hill60 wrote: »
    Exactly: I will never be able to remember them. I can’t remember anything. I can’t ever address anyone by name because I don’t remember them. At least give me questions for which I can guess the answers...

    The answer is simple, answer everything with "iforgot".

    Easier still: 'password.'
  • Reply 171 of 178
    dasanman69dasanman69 Posts: 13,001member
    Easier still: 'password.'

    Or the leet speak version: [email protected]
  • Reply 172 of 178
    hill60hill60 Posts: 6,992member
    dasanman69 wrote: »
    Or the leet speak version: [email protected]

    Then you get those pesky IT boffins who demand capitals, numbers and symbols, so Password1!
  • Reply 173 of 178
    MarvinMarvin Posts: 14,726moderator
    chadbag wrote: »
    I can think of plenty of male celebrities that would have been included had this most recent issue included male celebrities...

    There are quite a few double standards that have been brought up in the aftermath. There have in fact been pictures of male celebrities released in the past such as Dylan Sprouse whose ex-girlfriend uploaded the pictures (the link has the images so don't visit it if you don't want to see them - they aren't fully nude):

    http://www.sugarscape.com/main-topics/lads/1001283/nude-photos-former-disney-star-dylan-sprouse-leaked-online-pics

    You can see comments from girls at the bottom of the page such as:

    "At least he owns up to what he has done... that's more than other celebrities."
    "At least he owned up to it and then made fun of himself"

    and from other sites:
    "Sure, some testicles and a tiny bit of his organ are showing, but it is not any worse than what other celebs are out there doing."
    "Let's be honest, we'd all suck his d*"
    "Looks like Bieber has some competition"
    "i always thought he was cute"
    "Atleast he owned up to it. I dont like what he did, but atleast he did something about it.?"
    "im not surprised and I forgive him I understand he messes up boys are boys?"
    "He was cute at 16 and under but not anymore?"
    "Damn he is fiiiiine now XD?"
    "It might be inappropriate 4 some people, but I think he's so funny & it's no big deal! It just make me adore him more!?"
    "It just leaked it's not like he posted them on tumlblur or anything like that and he's so hot so... Who cares"

    Women mostly criticize him for taking the pictures, not for the ex for leaking the pictures. Nor is the leaker arrested for it. Women and girls are also rating the pictures but guys who do that to the images of women are branded as perverts. Even worse, some women are branding men looking at women in the recent leak as rapists:

    http://www.washingtonpost.com/news/morning-mix/wp/2014/09/02/leaked-nude-celebrity-photos-when-a-cybercrime-becomes-a-sex-crime/

    This brings up another double standard because whenever anyone likens anything else to rape, they are considered insulting women who have been subjected to actual physical assaults but people are free to do it in this instance.

    Another double standard that has cropped up is that at least one of the leaked women said she was below the age of 16 at the time and so if people share those images then they are committing an even more serious offence than with the other women. However, the girl created the pictures herself and she can be charged with a crime:

    http://metro.co.uk/2014/07/22/schoolgirl-gets-criminal-record-for-sexting-topless-photo-to-boy-4807184/

    It seems crazy that the law would consider it a crime by assuming the teens couldn't consent when they are performing the action themselves but it has to be that way because otherwise the law would have to treat anything that young people are coerced into doing as consensual too.

    Another double standard that was brought up was the role of the media. The media has condemned the sharing of the images but is happy to publish non-consensual upskirt, side-boob, nipple slip photos or report on stories of the likes of Kate Middleton being photographed nude from a distance for as many celebrities and promote the sexualization and privacy invasion of famous people on a regular basis.

    It makes me wonder where things are all heading because we get so many social changes and yet the conflicts still remain. There is an aim to have a completely equal society but perceptions and responsibilities of different genders are still entrenched. We aim to have a sexually liberated society where the prudishness of old ways of thinking goes away and yet we criminalize and condemn expressions of it at every turn.
  • Reply 174 of 178

    found this while cruising through my junk mail.

     

    Ha. Nice try douchebags.

  • Reply 175 of 178

    I think the coincidence that Apple is rolling out Apple Pay and this situation is too hard to ignore.



    There's boatloads of money to be lost - sounds like a preemptive strike.

  • Reply 176 of 178
    Originally Posted by MarkyMarc43 View Post

    I think the coincidence that Apple is rolling out Apple Pay and this situation is too hard to ignore. There's boatloads of money to be lost - sounds like a preemptive strike.



    I don’t see how. Apple doesn’t handle any of the money. You’d have to steal the device and cut off a finger or just hack the credit card company or bank in the first place.

  • Reply 177 of 178

    In order to prevent Apple from owning mobile payments, you must first create the impression that it would be a horrible idea to have your financial data on people's iPhones. PayPal comes to mind with their full page ad in the New York Times. I don't think this is a coincidence.

  • Reply 178 of 178
    Originally Posted by MarkyMarc43 View Post

    In order to prevent Apple from owning mobile payments, you must first create the impression that it would be a horrible idea to have your financial data on people's iPhones. PayPal comes to mind with their full page ad in the New York Times. I don't think this is a coincidence.



    So PayPal orchestrated multiple high profile felonies for the sole purpose of combating a rumor of a competitor in their space?

     

    No. The celebrity leaks were created by the convergence of horny geniuses and stupid celebrities.

Sign In or Register to comment.