Yes, life is simple. Very black and white. Good vs bad. Very simple. /s
Actually yes. It's very simple and black and white. The only one that knows my iCloud userID/Password is Apple. No one else. I would never EVER give it to any 3rd party and expect them to be responsible with it.
Your sarcastic flag, while understandable, implies a grey area. There is none. Don't give out your credentials to anyone or anything. Period.
mSpy did a complete rookie move. The users of this platform should sue mSpy on the basis of sheer stupidity at the minimum.
This has nothing to do with the security of iCloud itself. The headline (i.e. CLICKBAIT) is written in such a way that it make can be misread as Apple being involved, which is not true.
wonkothesane said: ...the only other service I chose to trust is iPin which i would drop in a heartbeat if Apple would have an iOS counterpart of keychain access where I could e.g. also store pictures of cards and retrieve them at will.
I'm not at all sure what you mean when needing an iOS way of safely storing pictures of cards… Do you mean Pictures of Credit/Debit cards? If so, you can already use a few iOS>MacOS iCloud apps with account authentication beyond 2FA.
This is what I meant and to my knowledge there is no Apple home brewed solution to this. Hence my use of iPIN.
"At least some that access belonged to Shah and Krebs."
This is what is annoying about today's online publications... many of them, including AppleInsider, don't have a proof-reading process done by a senior editor before publication. Where has the pride in the quality publications gone? It's become all about getting content online as quickly as possible to generate page views and ad impressions.
As for mSpy, these guys can go spend the rest of their days in a very hot place over-watched by scary red folk with forks, if you know what I mean. Yah, they can go to -----.
Millions of people use illegal software to spy on their spouses or children? Really? Another question. Obviously this illegal software is not available in the app store so how does it get on an iOS device? Jailbreaking?
Somebody tell me how this software actually works.
The article is weird. The breach is basically saying: "a notebook with someone's passwords was found and one of those passwords was their iCloud password. Others were their google and facebook passwords". I feel badly for them but it's got nothing to do with iCloud security.
Even weirder, the breach is of a service that has a narrow audience - it's not even an available service if it's true that "Such spyware is illegal to sell in the U.S.". It's not like it was some app that was available in the App Store.
Exactly. The fact that some of the data that this firm failed to secure happened to be iCloud related unfairly casts a negative net over Apple. Simply having "iCloud" and "data breach" in the same sentence is feeding into the fear and uncertainty that some people have about all cloud platforms. The fact is that EVERY BIT of information that customers trusted this firm with was compromised, whether it was related to iCloud, GMail, secret Swiss bank account passwords, private financial data, or whatever.
It's all comes down to: Who do you trust with your privacy and personal information? Whether it's the guy who installed your home security system, your bank, your mortgage lender, your financial advisor, the veterans association (VA), your doctors office, a credit service bureau, or a cloud service provider, the only thing that matters is whether they are worthy of your Trust and safeguarding everything associated with your trust relationship.
I truly hope that Apple never fails to uphold their side of the trust relationship with iCloud customers. So far, so good. I believe Apple has the technical chops, knowledge, and commitment to hold up their end of the bargain. But some of the other examples I gave, like the VA, mortgage lenders, and credit service bureaus have failed miserably to live up to their trust relationship with me personally, usually due to their incompetence, ineptitude, and utter cluelessness. Some of these organizations had, and still have, absolutely no understanding of how screwed they really are. I suspect other folks have had similar experiences with some of the examples given, and many others.
To be fair, it is a leak involves iCloud data, just not apple’s fails. It is the editor’s job to included the information in the title. After all it is mainly involved with Apple products and this is a Apple news site.
If people want to shame/blame Apple, they only need something much less then this.
on newer versions of iOS, this software is loaded on the device by granting access to iCloud credentials to the target device, and once installed, it will upload the data from the device to the cloud and then to the "spy's" control panel, which they access on the web. the device must be set for automatic 24 hour cloud backup. these log in credentials are the data that was breached.
ostensibly, if one already has a target's log in credentials, say your child for example, you've already got access to the device and a lot of what they're doing...the company claims "spying" on your child, or an employer-owned phone if the employee is made aware that it's being monitored, is legal....
Just make sure you use a RANDOM, long password of at least 20 digits for each site, and turn on 2 factor authentication at every site you visit that has that ability. This is why you need a real good Password Manager. Then you know need to only know 1 really good password. There are any number of ways to get a long password that is still easy to remember. Programs like Lastpass allow you to login with TouchID or FaceID. Some of this can be a hassle at times, but better then someone gaining access to your accounts. It's especally important to have a long password and 2 factor on with your email. Once someone gains access to your email, they can log into other sites you use and do a forget password, and then log into your email and create whatever they want and go crazy. Which is another reason to have 2 Factor turned on!!!
If you're foolish to use your same password everyone. It only takes 1 web site anywhere to get hacked and now they have free access to every site you have a account at. Again, yet another good reason to have 2 factor on. If you can use a Authentication app, do so as that's better. You can use Google, LastPast or Microsoft Authentication app and others at any site that allows the use of one. I like Lastpass because I can back it up easily. If you delete the app or something happens. The keyfile you used to setup Google or whatever site, you now don't have. How do you setup your account now when you can't log in? You generally get a QR code to scan, or enter the digits into the authenicator and that with the time of day combined gives you a new code every 30 seconds.You don't want to lose that Data. Its a better option and more secure that them leaving you a text message with the code as your phone could be cloned and now they are getting the data. That can't be done using a Authenticator app.
Apparently AppleInsider has taken the route of supermarket tabloids. Sensationalized and inaccurate headlines as Clickbait . It drives traffic to the site, even if it also lowers the quality of the site. Please... explain how that's NOT what's going on with this headline.
The article is weird. The breach is basically saying: "a notebook with someone's passwords was found and one of those passwords was their iCloud password. Others were their google and facebook passwords". I feel badly for them but it's got nothing to do with iCloud security.
Even weirder, the breach is of a service that has a narrow audience - it's not even an available service if it's true that "Such spyware is illegal to sell in the U.S.". It's not like it was some app that was available in the App Store.
Exactly. The fact that some of the data that this firm failed to secure happened to be iCloud related unfairly casts a negative net over Apple. Simply having "iCloud" and "data breach" in the same sentence is feeding into the fear and uncertainty that some people have about all cloud platforms. The fact is that EVERY BIT of information that customers trusted this firm with was compromised, whether it was related to iCloud, GMail, secret Swiss bank account passwords, private financial data, or whatever.
It's all comes down to: Who do you trust with your privacy and personal information? Whether it's the guy who installed your home security system, your bank, your mortgage lender, your financial advisor, the veterans association (VA), your doctors office, a credit service bureau, or a cloud service provider, the only thing that matters is whether they are worthy of your Trust and safeguarding everything associated with your trust relationship.
I truly hope that Apple never fails to uphold their side of the trust relationship with iCloud customers. So far, so good. I believe Apple has the technical chops, knowledge, and commitment to hold up their end of the bargain. But some of the other examples I gave, like the VA, mortgage lenders, and credit service bureaus have failed miserably to live up to their trust relationship with me personally, usually due to their incompetence, ineptitude, and utter cluelessness. Some of these organizations had, and still have, absolutely no understanding of how screwed they really are. I suspect other folks have had similar experiences with some of the examples given, and many others.
To be fair, it is a leak involves iCloud data, just not apple’s fails. It is the editor’s job to included the information in the title. After all it is mainly involved with Apple products and this is a Apple news site.
If people want to shame/blame Apple, they only need something much less then this.
Sure, but in the grand scheme of what this creepy app is designed to do, the iCloud related data that happened to be dumped into the spying database is arguably less disturbing than the other breached data. The customers of this product install this spyware on their kid's, spouse's, partner's, significant other's, etc., devices (iPhone and others) so they can spy on all of their activities including secure communications. As a result of this breach all of the spy data collected for the spyware customer was being exposed to the world. In other words, your kids' private communications that you are spying on are now available for public consumption. Creepiness squared.
This is why I do not store sensitive data in the cloud.
Nothing to do with iCloud or cloud in general. It has to do with people giving a third party service access to your data.
This is why I have never installed monitoring software on my kids devices, despite my wife always sending me links for various types of Apps that are supposed to help keep track of their activity or set limits. They always require you to give them access far above what any reasonable App should require, even your iCloud login in some cases.
This is why I'm stoked about iOS 12 as I'll now have these types of abilities built-in. So I can monitor my kids AND stay secure.
Well, yeh, it does have to deal with the cloud.
... If you have nothing there, there's nothing to steal. Physical security -- such as keeping the data on one physical device that nobody has access to is one of many types of security.
Storing stuff in cloud provides a number of benefits -- but it also makes it more likely to be stolen.
I'm not sure if I'm understanding the situation correctly, but the impression I have is that the only iCloud information exposed by this breach is that belonging to people who subscribe to the mSpy service. Is that correct? If so, the danger is not in storing information in the cloud -- the problem was having an mSpy account, because if you don't have an mSpy account, your information wasn't exposed.
The stolen mSpy information opened a door into the data stored on Apple's cloud. It takes both. Both are part of the story. You can't just look at one side of that coin.
This is why I do not store sensitive data in the cloud.
Nothing to do with iCloud or cloud in general. It has to do with people giving a third party service access to your data.
This is why I have never installed monitoring software on my kids devices, despite my wife always sending me links for various types of Apps that are supposed to help keep track of their activity or set limits. They always require you to give them access far above what any reasonable App should require, even your iCloud login in some cases.
This is why I'm stoked about iOS 12 as I'll now have these types of abilities built-in. So I can monitor my kids AND stay secure.
Well, yeh, it does have to deal with the cloud.
... If you have nothing there, there's nothing to steal. Physical security -- such as keeping the data on one physical device that nobody has access to is one of many types of security.
Storing stuff in cloud provides a number of benefits -- but it also makes it more likely to be stolen.
Wrong. iCloud has never been hacked. People have had all sorts of information stolen from malware on their devices or even misbehaving Apps not respecting privacy.
The only way data on a physical device could be more secure is if that device is never connected to anything. Which is simply not possible these days.
Sorry, but Wrong!
iCloud has been hacked. Stealing passwords into cloud data is only one method of hacking cloud storage. There are others -- but they are all hacks. Russia used the stolen password method to hack the DNC server. To say it wasn't hacked is foolish.
And, saying that a personal physical device has the same probability of being hacked as a server is a false analogy.
This is why I do not store sensitive data in the cloud.
Nothing to do with iCloud or cloud in general. It has to do with people giving a third party service access to your data.
This is why I have never installed monitoring software on my kids devices, despite my wife always sending me links for various types of Apps that are supposed to help keep track of their activity or set limits. They always require you to give them access far above what any reasonable App should require, even your iCloud login in some cases.
This is why I'm stoked about iOS 12 as I'll now have these types of abilities built-in. So I can monitor my kids AND stay secure.
I agree 100% about not allow 3rd parts access to my systems.
The simple solution to knowing what your kids are doing is just ask them most time they will just tell you. If you think they are not sharing all the information have them turn over their devices to you, you own it and pay for the service. You need to instill upon your kids as long as you're paying their bills you have a say so over what they can and can not do. I did this with my kids and today they both very independent people who make their own money since they do not want someone else telling them what they can do. They are both well educated on all the bad things that could happen if they are not careful, we made everything a learning situation.
Yes, life is simple. Very black and white. Good vs bad. Very simple. /s
Sounds like good parenting to me. At least the foundation is there—which is far more than I can say for the lot of you who don’t even discipline your children by letting them know that there are consequences for bad behavior. You simply can’t expect tech to be a substitute for you.
ROFl.... You live in a world without technology that is fading away fast. You better go feed your horse and polish its saddle old timer...
Yes, life is simple. Very black and white. Good vs bad. Very simple. /s
Actually yes. It's very simple and black and white. The only one that knows my iCloud userID/Password is Apple. No one else. I would never EVER give it to any 3rd party and expect them to be responsible with it.
Your sarcastic flag, while understandable, implies a grey area. There is none. Don't give out your credentials to anyone or anything. Period.
mSpy did a complete rookie move. The users of this platform should sue mSpy on the basis of sheer stupidity at the minimum.
This has nothing to do with the security of iCloud itself. The headline (i.e. CLICKBAIT) is written in such a way that it make can be misread as Apple being involved, which is not true.
Nice world you live in. Too bad if something happened to it.
I have 2FA enabled on my iCloud account, so I couldn't care less. As should everyone.
Do not confuse "More/better security" with "Bullet Proof security". It's a dangerous delusion. There is a way into everything. It's not an IF, it's a WHEN.
For example: one of today's hacking techniques is to open a cell phone account and have your information ported to it. When they hack your bank account the 2 factor verification goes to their phone rather than yours. You find out when your checks start to bounce because your account has been drained.
Very simply: There is no such thing as "UnHackable".
People today need to go back and understand 100 year old bank security and auditing measures: They trust nobody. Nobody. They assume that anybody is capable of stealing and they realize that it cannot be prevented. So, they institute checks and balances and things like random audits to catch it as quickly as possible and maybe even act as a deterrent.
Just make sure you use a RANDOM, long password of at least 20 digits for each site, and turn on 2 factor authentication at every site you visit that has that ability. This is why you need a real good Password Manager. Then you know need to only know 1 really good password. There are any number of ways to get a long password that is still easy to remember. Programs like Lastpass allow you to login with TouchID or FaceID. Some of this can be a hassle at times, but better then someone gaining access to your accounts. It's especally important to have a long password and 2 factor on with your email. Once someone gains access to your email, they can log into other sites you use and do a forget password, and then log into your email and create whatever they want and go crazy. Which is another reason to have 2 Factor turned on!!!
If you're foolish to use your same password everyone. It only takes 1 web site anywhere to get hacked and now they have free access to every site you have a account at. Again, yet another good reason to have 2 factor on. If you can use a Authentication app, do so as that's better. You can use Google, LastPast or Microsoft Authentication app and others at any site that allows the use of one. I like Lastpass because I can back it up easily. If you delete the app or something happens. The keyfile you used to setup Google or whatever site, you now don't have. How do you setup your account now when you can't log in? You generally get a QR code to scan, or enter the digits into the authenicator and that with the time of day combined gives you a new code every 30 seconds.You don't want to lose that Data. Its a better option and more secure that them leaving you a text message with the code as your phone could be cloned and now they are getting the data. That can't be done using a Authenticator app.
That's like putting a huge padlock on the front door. The thief won't even try to break it. He'll go around and use the back door instead. There's ALWAYS a back door. ALWAYS!
Apparently AppleInsider has taken the route of supermarket tabloids. Sensationalized and inaccurate headlines as Clickbait . It drives traffic to the site, even if it also lowers the quality of the site. Please... explain how that's NOT what's going on with this headline.
Because you don't like it makes it neither sensationalized nor inaccurate. Nor does it make it clickbait.
This is why I do not store sensitive data in the cloud.
This is why i try to inform myself about quality and seriousness of the service provider before I submit my data. Until now I’m having no issues with Apple’s iCloud and i use them without reluctance. Apart from this the only other service I chose to trust is iPin which i would drop in a heartbeat if Apple would have an iOS counterpart of keychain access where I could e.g. also store pictures of cards and retrieve them at will. Oh yes, and sleep Cycle has access to selected health data.
I use apple notes for storing any cards or data. If it is sensitive like a password or credit card number I don’t want my phone to remember I lock it with Touch ID for quick access.
I tried that route as well. It’s just a little less convenient for me. As mentioned before I would appreciate to have a keychain app for iOS.
This is why I do not store sensitive data in the cloud.
Nothing to do with iCloud or cloud in general. It has to do with people giving a third party service access to your data.
This is why I have never installed monitoring software on my kids devices, despite my wife always sending me links for various types of Apps that are supposed to help keep track of their activity or set limits. They always require you to give them access far above what any reasonable App should require, even your iCloud login in some cases.
This is why I'm stoked about iOS 12 as I'll now have these types of abilities built-in. So I can monitor my kids AND stay secure.
Well, yeh, it does have to deal with the cloud.
... If you have nothing there, there's nothing to steal. Physical security -- such as keeping the data on one physical device that nobody has access to is one of many types of security.
Storing stuff in cloud provides a number of benefits -- but it also makes it more likely to be stolen.
Wrong. iCloud has never been hacked. People have had all sorts of information stolen from malware on their devices or even misbehaving Apps not respecting privacy.
The only way data on a physical device could be more secure is if that device is never connected to anything. Which is simply not possible these days.
Sorry, but Wrong!
iCloud has been hacked. Stealing passwords into cloud data is only one method of hacking cloud storage. There are others -- but they are all hacks. Russia used the stolen password method to hack the DNC server. To say it wasn't hacked is foolish.
And, saying that a personal physical device has the same probability of being hacked as a server is a false analogy.
Could you please provide a link to an actual hack of iCloud? Not any cloud service, and also none where relevant iCloud account data was stored on a third party service? I understand your statement in the way like that having your physical key stolen, somebody finding it and braking into your house makes the door lock “hacked”. I understand that there is a difference between 100% and “quite safe”. To my knowledge and in practice so far iCloud is “quite safe”.
Yes, life is simple. Very black and white. Good vs bad. Very simple. /s
Actually yes. It's very simple and black and white. The only one that knows my iCloud userID/Password is Apple. No one else. I would never EVER give it to any 3rd party and expect them to be responsible with it.
Your sarcastic flag, while understandable, implies a grey area. There is none. Don't give out your credentials to anyone or anything. Period.
mSpy did a complete rookie move. The users of this platform should sue mSpy on the basis of sheer stupidity at the minimum.
This has nothing to do with the security of iCloud itself. The headline (i.e. CLICKBAIT) is written in such a way that it make can be misread as Apple being involved, which is not true.
Nice world you live in. Too bad if something happened to it.
I think he’s got a point, though: the more you share your credentials the weaker your whole security becomes. And I’d be tempted to add “exponentially weaker”.
Comments
This has nothing to do with the security of iCloud itself. The headline (i.e. CLICKBAIT) is written in such a way that it make can be misread as Apple being involved, which is not true.
This is what is annoying about today's online publications... many of them, including AppleInsider, don't have a proof-reading process done by a senior editor before publication. Where has the pride in the quality publications gone? It's become all about getting content online as quickly as possible to generate page views and ad impressions.
As for mSpy, these guys can go spend the rest of their days in a very hot place over-watched by scary red folk with forks, if you know what I mean. Yah, they can go to -----.
Somebody tell me how this software actually works.
If people want to shame/blame Apple, they only need something much less then this.
ostensibly, if one already has a target's log in credentials, say your child for example, you've already got access to the device and a lot of what they're doing...the company claims "spying" on your child, or an employer-owned phone if the employee is made aware that it's being monitored, is legal....
If you're foolish to use your same password everyone. It only takes 1 web site anywhere to get hacked and now they have free access to every site you have a account at. Again, yet another good reason to have 2 factor on. If you can use a Authentication app, do so as that's better. You can use Google, LastPast or Microsoft Authentication app and others at any site that allows the use of one. I like Lastpass because I can back it up easily. If you delete the app or something happens. The keyfile you used to setup Google or whatever site, you now don't have. How do you setup your account now when you can't log in? You generally get a QR code to scan, or enter the digits into the authenicator and that with the time of day combined gives you a new code every 30 seconds.You don't want to lose that Data. Its a better option and more secure that them leaving you a text message with the code as your phone could be cloned and now they are getting the data. That can't be done using a Authenticator app.
Please... explain how that's NOT what's going on with this headline.