Cook says Apple will roll out new iCloud security alerts, expand 2-step authentication after celebri

245

Comments

  • Reply 21 of 81
    apple ][apple ][ Posts: 9,233member

    Hey, what d'ya know? So it turns out that I was right, even though there was some protesting as usual in the previous thread. The celebrities were ignorant and careless. And especially if somebody is storing nude photos of themselves on their phones and in the cloud, then maybe, just maybe they should be more careful. In the end, it's their ass that's on the line, literally speaking, so they should take extra care with their personal security.

     

    Cook said that if two-step authentication had been enabled, then the hackers would not have been able to guess the security questions. These celebrities who make so much money should have known better, since they are well known, and they are more attractive targets than everybody else who is not a celebrity. Maybe they should hire somebody to look after their web security and teach them some common sense. I'm sure that some of them have bodyguards, lawyers, accountants, private chefs, personal assistants, personal trainers etc. 

     

    I'm sure that after this incident, more of them will perhaps think twice before being careless, but then again, some of them will not, and that will end up being their problem eventually.

  • Reply 22 of 81

    Nice work there with "When I step back from this terrible scenario that happened and say what more could we have done..." Others need to answer this question as well. That's the important one here.

     

    While there has been speculation of brute force against Find my iPhone that's not proven yet. Is there a reasonable way to block social engineering, password guesses, phishing, etc? It seems like what happened over the weekend has been a long time coming by a lot of people (see this great post) and the methods used are really old school, non-haxor stuff.

     

    These vulnerabilities are there because, well, we are people and there are asshats out there. There's security and there's security theater. I'd argue there are things Apple hasn't done well but they're handling the security part fairly well and I trust they will continue to.

  • Reply 23 of 81
    What is the point of getting an email or notification that someone is accessing a backup? What if I am asleep?

    Should accessing a cloud back-up just require the 2fa?
  • Reply 24 of 81
    rogifanrogifan Posts: 10,669member
    Wonder boy Mark Gurman says this proves no one inside Apple is good enough to run PR. :rolleyes:
  • Reply 25 of 81
    koopkoop Posts: 337member
    Quote:

    Originally Posted by charlituna View Post

     



    He's also not afraid to placate the public a bit. The truth is that there is zero proof that all those folks stuff came from iCloud. I believe Jennifer Lawrence is the only confirmed iCloud user in the bunch. The rest could have been Drop Box etc. And in Jennifer's case for all we know the source was a disgruntled employee who knew the log in info and decided to get back at her. Or a greedy current one with the same access. 

     

    But folks are screaming they should have more alerts so Tim will give it to them. Kind of like how Steve pointed out that the whole antenna gate thing was actually present on tons of phones but still gave folks free bumpers. 


     

    There's absolutely nothing wrong with implementing two step authentication that covers every part of your data. I use two step my cloud based storage (Onedrive in this case) to protect pictures and financial documents. I don't care what the reasoning was that caused Apple to take security on their cloud based services seriously. There's nothing 'overblown' about more tools to protect private data. Celebrities are just people with a fantastic makeup artist, and just like everyone else they don't know the first thing about managing their information. Companies need to do a better job hand holding in that department in my opinion.

  • Reply 26 of 81
    rogifan wrote: »
    Wonder boy Mark Gurman says this proves no one inside Apple is good enough to run PR. :rolleyes:

    But he's just a kid, I tell ya...a kid!
  • Reply 27 of 81
    You're not getting it. It's great PR, see locally prior to launching iCloud drive:

    - first tell you take your customers serious and are doing research
    - then tell the service wasn't unsafe but a fact of a bad password
    - then let people know you thought about it and still want to do better, also reiterate it wasn't about a security breach.

    So basically you take customers serious and at the same time come across as a company who wants to do better for their customers. You also reduce possible legal actions by showing you acted accordingly.

    It's also smart for Apple to say "I, Tim Cook, thought about it and what did I think can be improved", instead of a cold dry responds from "Apple, the legal entity".

    It's a very careful crafted sequence of events and I can only respect that.
    shogun wrote: »
    He had me until the last line. He's more outraged than the actresses who had their accounts pried open and their personal data stolen and spread all over the internet for every slimy person on earth to salivate and worse over. Um, yeah. No. I don't think so. One step too far Apple PR. Can you please pull your heads out of your holes?
  • Reply 28 of 81
    Quote:

    Originally Posted by Apple ][ View Post

     

    Hey, what d'ya know? So it turns out that I was right, even though there was some protesting as usual in the previous thread. The celebrities were ignorant and careless. And especially if somebody is storing nude photos of themselves on their phones and in the cloud, then maybe, just maybe they should be more careful. In the end, it's their ass that's on the line, literally speaking, so they should take extra care with their personal security.

     

    Cook said that if two-step authentication had been enabled, then the hackers would not have been able to guess the security questions. These celebrities who make so much money should have known better, since they are well known, and they are more attractive targets than everybody else who is not a celebrity. Maybe they should hire somebody to look after their web security and teach them some common sense. I'm sure that some of them have bodyguards, lawyers, accountants, private chefs, personal assistants, personal trainers etc. 

     

    I'm sure that after this incident, more of them will perhaps think twice before being careless, but then again, some of them will not, and that will end up being their problem eventually.


     

    As it was mentioned that it was a targeted attack on selected celebrities. No one picked up my nude pictures :-) Just kidding! There is only so much companies like Apple, Google, Facebook, etc. can do. If you are going to make your account named JenniferLawrence and use passwords like HungerGames or AmericanHustler, people are going to figure it out. I mean even if  companies put in all kind of protection measures, if you are going to do stupid thing, you will have to pay the consequences. Who knows? Could it also be a publicity stunt by all those actor?

  • Reply 29 of 81
    Quote:

    Originally Posted by John.B View Post



    It's a start.

    It's a good start.  I don't think even dropbox or google drive does this?   If someone has your google password(assuming two-factor isn't on), they can just copy stuff from google drive without you getting notice, right?   I could be wrong, but I thought I remember doing that from a random computer and i got no notice.

  • Reply 30 of 81
    Quote:

    Originally Posted by junkie View Post



    What is the point of getting an email or notification that someone is accessing a backup? What if I am asleep?



    Should accessing a cloud back-up just require the 2fa?

    What if you're not asleep?  Of course it's better than NOT having it.  However, I don't think the point of it is to prevent hacks.  It's just so that at least you're aware someone has your password and you better go change it(especially if you use it for other things).   Also, maybe you better check your computer to make sure it's not rooted or something.   It's SO much better to know that you've been hacked instead of letting them CONTINUE to steal your data forever.

  • Reply 31 of 81
    Quote:

    Originally Posted by junkie View Post



    What is the point of getting an email or notification that someone is accessing a backup? What if I am asleep?



    Should accessing a cloud back-up just require the 2fa?

     

    If you have 2fa set up, then which device receives the notification with the verification code to allow you to access iCloud from a new computer (as an example)? It's going to be your iPhone, of course. The device you usually carry with you and can give you an immediate notification if there's activity on your iCloud account.

     

    So what if your phone quits working, gets lost or stolen? You have your new iPhone you want to restore from iCloud. Where does the 2fa notification go to? Your old iPhone is gone, so it's not going there. Your new iPhone isn't set up yet, so it's not getting it either. Apple lets you set up more than one device (great for families), but if you're single would you have a second SMS capable iOS device you could set up to also receive the verification code? Even if you did, would you even think it was necessary to add a second device while you're setting up 2fa?

     

    There are certain situations where you might need access to iCloud without the hassle of 2fa. And this is the crux of the matter. Some people say Apple should force users to use 2fa, but that's not always an option for everyone in every scenario.

  • Reply 32 of 81

    The way I see it is like this:

     

    Say you drive a Ford Focus and it has a 4 Star crash rating. Ford decides to update the Focus and it now receives a 5 Star crash rating. Sure it's a safer car, but that doesn't mean the old Focus was a death trap - it was still pretty safe.

     

    So Apple improves iCloud. It doesn't mean the old iCloud was a sieve that leaked personal data to whoever wanted it.

  • Reply 33 of 81
    Quote:

    Originally Posted by Shogun View Post



    He had me until the last line. He's more outraged than the actresses who had their accounts pried open and their personal data stolen and spread all over the internet for every slimy person on earth to salivate and worse over. Um, yeah. No. I don't think so. One step too far Apple PR. Can you please pull your heads out of your holes?

     

    I think he meant customers in general, not those actresses specifically.

  • Reply 34 of 81
    tenobelltenobell Posts: 7,014member
    Quote:

    Originally Posted by Tallest Skil View Post

     

    PLEASE tell me there won’t be any time during the keynote dedicated to this drivel.


     

    I doubt they say anything directly about the celeb nudes. 

     

    At the same time one of their key features will be trusting all of our photos from Macs and iOS devices to iCloud, they absolutely will need to address how this information will be protected. 

  • Reply 35 of 81
    tenobelltenobell Posts: 7,014member
    Quote:
    Originally Posted by Shogun View Post



    He had me until the last line. He's more outraged than the actresses who had their accounts pried open and their personal data stolen and spread all over the internet for every slimy person on earth to salivate and worse over. Um, yeah. No. I don't think so. One step too far Apple PR. Can you please pull your heads out of your holes?

     

    http://www.apple.com/ios/ios8/photos/?cid=wwa-us-kwg-features-com

     

    Photos. Every photo you take. On all your devices.

     

    See as this is one of the  main features of iOS 8, I don't think Cooke is only speaking about the actresses. 

  • Reply 36 of 81
    junkiejunkie Posts: 122member


    If you have 2fa set up, then which device receives the notification with the verification code to allow you to access iCloud from a new computer (as an example)? It's going to be your iPhone, of course. The device you usually carry with you and can give you an immediate notification if there's activity on your iCloud account.

    So what if your phone quits working, gets lost or stolen? You have your new iPhone you want to restore from iCloud. Where does the 2fa notification go to? Your old iPhone is gone, so it's not going there. Your new iPhone isn't set up yet, so it's not getting it either. Apple lets you set up more than one device (great for families), but if you're single would you have a second SMS capable iOS device you could set up to also receive the verification code? Even if you did, would you even think it was necessary to add a second device while you're setting up 2fa?

    There are certain situations where you might need access to iCloud without the hassle of 2fa. And this is the crux of the matter. Some people say Apple should force users to use 2fa, but that's not always an option for everyone in every scenario.

    I understand that but leaving a cloud back up accessible with just password is problematic. Perhaps they need an alternate factor. They have the recovery code. if that's not effective, make another factor.
  • Reply 37 of 81
    slurpyslurpy Posts: 5,330member
    Quote:

    Originally Posted by Shogun View Post



    He had me until the last line. He's more outraged than the actresses who had their accounts pried open and their personal data stolen and spread all over the internet for every slimy person on earth to salivate and worse over. Um, yeah. No. I don't think so. One step too far Apple PR. Can you please pull your heads out of your holes?

     

    Oh, please **** off with your self-righteous, sanctimonious garbage. You mean these actresses who CHOSE to take nude, pornographic images of themselves posing like whores, who CHOSE  to take those images with an internet connected device, who CHOSE to have them uploaded to the cloud, who CHOSE to have extremely shitty passwords, who CHOSE not to enable 2 factor authentication, etc? At what point to these narcissists take accountability and responsibility for their own negligence and complete lack of self respect? It's not blaming the victim to point out that people should do the bare minimum to protect themselves, especially if they're celebrities with nude photos. And what point do people like YOU pull their heads out of their asses, and maybe account for personable responsibility instead of putting all the blame on Apple? These actresses made dozens of moronic decisions that led to that result, God forbid they take some responsibility for it, and God forbid pathetic little white knights like you do the same. Every cloud based service has been breached, in one form or another, at one time. Noone put a gun to the heads of these narcissistic little princesses and made them upload nude photos of themselves to the cloud. I'm assuming they got what they secretly wanted- why else take such photos? Only a fucking idiotic would do what they did if they truly were terrified of these being publicized. 

  • Reply 38 of 81

    I'm surprised how many people don't realize that deleting a photo from their iPhone doesn't also delete the copy in Photo Stream. With iTunes Match, when I delete a matched song from my library, I get a dialog asking me if I want to delete the copy in the cloud as well. Maybe the same could be applied to Photo Stream. 

  • Reply 39 of 81
    croprcropr Posts: 1,053member

    I think the main issue is that Apple (like other tech companies) encourage people to share automatically all their data  on iCloud.  Although this concept is easy and appealing, it is a bad practice.  People tend to be very lax with their online account management:  they use the same password on multiple online services, write down password on paper, ...  People should be thought to make a distinction between their public shareable data and their private data, and to keep their private date private.  Private data has no business on a public cloud service

    On all 4 Apple devices I have, I have switched off (among others things) the automatic photo stream upload.

    I only use a public cloud service for information I want to share with others and that I don't consider as harmful if it would be exposed. 

    For syncing my personal data, I 've setup a private cloud service, using the free ownCloud software, a really great package, that supports all my devices and not only the Apple supported ones.

  • Reply 40 of 81
    rogifanrogifan Posts: 10,669member
    waybacmac wrote: »
    I'm surprised how many people don't realize that deleting a photo from their iPhone doesn't also delete the copy in Photo Stream. With iTunes Match, when I delete a matched song from my library, I get a dialog asking me if I want to delete the copy in the cloud as well. Maybe the same could be applied to Photo Stream. 
    Is Photostream being replaced in iOS 8? I'd rather have it be optional than automatic.
Sign In or Register to comment.