I hope apple does it right, and shows who[was it 200 celebs or 200,000,000 people] was hacked and how, what they did (if anything) to prevent it.
Apple's response to Antennagate was slow, measured, and basically, a problem in the industry, not with our phone.
But if anything,everyone should be changing their AppleID passwords, just a a matter of good hygiene
It definitely needs to be looked into but I think iCloud servers being hacked seems like the least likely scenario to me.
The most likely options I see are either A) it was usernames and passwords gains from some major hack, like that 1.2 billion user data dump recently in the news, where the hackers looked for specific celebrities and hoped they were using the same password for iCloud as well as whatever crappy account the ill-gotten username and passwords were retrieved, or they targeted these particular celebrities by using social hacking to figure out how to access their accounts.
What I'd love to see with iCloud is what Google does with Gmail. You have your master password but if you want an app like Mail, Mailbox, Hop, Outlook, or whatever app you want to use you don't input your username and master password to log in, but your username and a randomly generated password for that specific device that will only allow for sending and receiving
If the app makers want to be nefarious they can still harvest data locally and send it back to their servers, but they won't ever be able to use that generated password to log in to google.com so your personal account settings and everything else it connects to is kept safe. Or, perhaps more realistically, if that username and password for say, your Gmail account in Apple Mail is intercepted and decrypted they won't be able to use it to log into google.com or even use it to sign in via another device once it's been set.
PS: We really need to teach kids about the potential longterm risks of their actions on the internet and pretty much anything they do with an electric device. I didn't choose an anonymous name here because I have something to hide from the average person here — and many of you do know my real name — but because you jut never know who in a digital world is looking to take advantage of you.
Ha! Hardly suspicious. More likely; "expected". (never fails :no: )
Still a week to go. Won't be the least bit surprised if somebody tries yet another smear before then.
Oh I'm sure this won't be the last. No way this just happens to leak this weekend. It's a week before Apple's event and a holiday weekend in the US which means no hard news so it will get plenty of coverage.
This is different. Apple is typically quick about fixing security holes(well, as fast as they can fix these things). They've already patched the hole that allowed unlimited number of password tries. No, i'm not changing my password. They had to know my email address first. Even then, my password is strong enough that even a brute force won't break it(unless they try every combination of characters which will take years). Typical brute force method uses a list of known weak passwords. In some cases, they may try dictionary attack, but that's rarely done online due to the number of tries needed. Dictionary attack is normally done locally where it's much quicker.
These celebs had easy passwords or they were retrieved via social engineering, phishing or some other method.
If you have good password, i wouldn't worry about it.....unless it turns out that there was some systemwide hack on iCloud(which is extremely unlikely).
Well, if it was a systemwide hack, then changing password won't help anyway, right?
3) Why use a dozen 1.4MiB (each) PNGs when 150KiB JPEGs (each) would be more than adequate?
On a slightly related note, I am 100% against the very existence of “mobile” websites and am disgusted that more–not fewer–of them exist since the creation of the iPhone. However, the thought that websites should be
1. more streamlined
2. have smaller page sizes
3. optimize themselves for capped data connections
should not be dismissed. A single URL shouldn’t be 10 megabytes. Simultaneously get rid of code bloat and petition for the removal of caps; that’s what website creators should be doing in the face of the uptick of mobile Internet use.
AI could do what Apple does and serve up optimized images for the platform. You get retina images if you’re on a retina device but not if you’re on a regular one, etc.
Another reason I'm suspicious about the timing is all rumors are pointing to Apple announcing a mobile payments scheme at the 9.9 event. Of course this hacking story will be fresh in people's minds (especially if the media keeps it out there) and any story about mobile payments will include this alleged hack to put doubts in people's minds whether they can trust Apple.
I have a hard time buying the Python hack. You can use Python to log into iCloud (simulating the way you might go to icloud.com and log in with a browser), but this won't accept a brute force attack. And Find My iPhone is something you get access to AFTER you've already logged in.
Apple on Monday confirmed in a short statement that it is in the process of determining whether or not security breaches in its online services were responsible for the outing of hundreds of racy photos of celebrities, including actress Jennifer Lawrence and model Kate Upton, over the weekend.
Looks nothing like Jennifer Lawrence & Kate Upton...
I have a hard time buying the Python hack. You can use Python to log into iCloud (simulating the way you might go to icloud.com and log in with a browser), but this won't accept a brute force attack. And Find My iPhone is something you get access to AFTER you've already logged in.
Not too familiar with Find My iPhone, but i guess it has a public facing API. In THEORY, this could've been a method used by the hacker to gain access if someone had a very weak password. However, I think most of the celebs were "hacked" via social engineering and such methods. I think the photos were collected over YEARS by many different hackers and traded between them. Someone finally decided to release the dam.
This reaks of a public smear a week before the latest iPhone release.
It staggers me that ALL of the major news sites are reporting this as an iCloud hack in their headlines before briefly mentioning deep within the articles that this information has not been verified.
What the f*ck has happened to reporting these days?
Clicks are money. No clicks and the kids go without braces.
#1 rule - never have pictures of yourself naked on a phone, any phone or computer.
#2 rule - never let anyone take your picture naked.
follow these two simple rules.
Regardless of what pictures are taken on your phone, any phone or computer they should be secure. You may as well say never let anyone take your picture full stop.
If they fully understood the inherent dangers, they wouldn’t do it in the first place.
It's not the time a celebrity has been exposed. Pictures, and videos aren't secure in the safes of their own homes. They've got to be pretty damn stupid to think that they're safe online.
Comments
The most likely options I see are either A) it was usernames and passwords gains from some major hack, like that 1.2 billion user data dump recently in the news, where the hackers looked for specific celebrities and hoped they were using the same password for iCloud as well as whatever crappy account the ill-gotten username and passwords were retrieved, or
If the app makers want to be nefarious they can still harvest data locally and send it back to their servers, but they won't ever be able to use that generated password to log in to google.com so your personal account settings and everything else it connects to is kept safe. Or, perhaps more realistically, if that username and password for say, your Gmail account in Apple Mail is intercepted and decrypted they won't be able to use it to log into google.com or even use it to sign in via another device once it's been set.
PS: We really need to teach kids about the potential longterm risks of their actions on the internet and pretty much anything they do with an electric device. I didn't choose an anonymous name here because I have something to hide from the average person here — and many of you do know my real name — but because you jut never know who in a digital world is looking to take advantage of you.
#1 rule - never have pictures of yourself naked on a phone, any phone or computer.
#2 rule - never let anyone take your picture naked.
follow these two simple rules.
Yeah, but having any other photos that you wouldn't want compromised (like, maybe ANY of them) is fine.
Hack away, dudes. Enjoy.
(and actually; why is this pertinent to photos? Same goes for ANY files)
You’d be surprised at the number of people who claim this isn’t a valid argument and that people should be allowed to do whatever they want.
Stop blaming the victims when their privacy is breached. Apple, how could you?
Now I'll only trust my secrets to Google. /s
1) Data usage.
2) Time to download.
3) Why use a dozen 1.4MiB (each) PNGs when 150KiB JPEGs (each) would be more than adequate?
This is different. Apple is typically quick about fixing security holes(well, as fast as they can fix these things). They've already patched the hole that allowed unlimited number of password tries. No, i'm not changing my password. They had to know my email address first. Even then, my password is strong enough that even a brute force won't break it(unless they try every combination of characters which will take years). Typical brute force method uses a list of known weak passwords. In some cases, they may try dictionary attack, but that's rarely done online due to the number of tries needed. Dictionary attack is normally done locally where it's much quicker.
These celebs had easy passwords or they were retrieved via social engineering, phishing or some other method.
If you have good password, i wouldn't worry about it.....unless it turns out that there was some systemwide hack on iCloud(which is extremely unlikely).
Well, if it was a systemwide hack, then changing password won't help anyway, right?
2) Time to download.
3) Why use a dozen 1.4MiB (each) PNGs when 150KiB JPEGs (each) would be more than adequate?
On a slightly related note, I am 100% against the very existence of “mobile” websites and am disgusted that more–not fewer–of them exist since the creation of the iPhone. However, the thought that websites should be
1. more streamlined
2. have smaller page sizes
3. optimize themselves for capped data connections
should not be dismissed. A single URL shouldn’t be 10 megabytes. Simultaneously get rid of code bloat and petition for the removal of caps; that’s what website creators should be doing in the face of the uptick of mobile Internet use.
AI could do what Apple does and serve up optimized images for the platform. You get retina images if you’re on a retina device but not if you’re on a regular one, etc.
That doesn't mean iCloud was hacked. They found the passwords from somewhere else and used them to log in to iCloud.
Apple on Monday confirmed in a short statement that it is in the process of determining whether or not security breaches in its online services were responsible for the outing of hundreds of racy photos of celebrities, including actress Jennifer Lawrence and model Kate Upton, over the weekend.
Looks nothing like Jennifer Lawrence & Kate Upton...
Maybe this is with no make-up?
I have a hard time buying the Python hack. You can use Python to log into iCloud (simulating the way you might go to icloud.com and log in with a browser), but this won't accept a brute force attack. And Find My iPhone is something you get access to AFTER you've already logged in.
Not too familiar with Find My iPhone, but i guess it has a public facing API. In THEORY, this could've been a method used by the hacker to gain access if someone had a very weak password. However, I think most of the celebs were "hacked" via social engineering and such methods. I think the photos were collected over YEARS by many different hackers and traded between them. Someone finally decided to release the dam.
This reaks of a public smear a week before the latest iPhone release.
It staggers me that ALL of the major news sites are reporting this as an iCloud hack in their headlines before briefly mentioning deep within the articles that this information has not been verified.
What the f*ck has happened to reporting these days?
Clicks are money. No clicks and the kids go without braces.
#1 rule - never have pictures of yourself naked on a phone, any phone or computer.
#2 rule - never let anyone take your picture naked.
follow these two simple rules.
Regardless of what pictures are taken on your phone, any phone or computer they should be secure. You may as well say never let anyone take your picture full stop.
“Clickthroughs!” “Lisa needs braces!” “Clickthroughs!” “Lisa needs braces!” “Clickthroughs!” “Lisa needs braces!” “Clickthroughs!” “Lisa needs braces!”
“If we make our article titles less misleading... I won’t be able to pay for Lisa’s braces!”
It's not a problem if they fully understand the inherent dangers in doing so.
If they fully understood the inherent dangers, they wouldn’t do it in the first place.
Kirsten Dunst seems to believe that her iCloud account was hacked.
It's not the time a celebrity has been exposed. Pictures, and videos aren't secure in the safes of their own homes. They've got to be pretty damn stupid to think that they're safe online.