Apple 'actively investigating' celebrity photo leaks for possible iCloud connection

1567911

Comments

  • Reply 161 of 210
    Quote:

    Originally Posted by SpamSandwich View Post



    It'll all be addressed before the 9th guaranteed, but those celebs may not be quick to forgive and forget.

     

    They just have to buy an Android phone... they'll quickly forgive and forget.

  • Reply 162 of 210
    solipsismxsolipsismx Posts: 19,566member
    solipsismx wrote: »
    Taylor Swift is, at least, is on security.


    Usually it's very jokey but do to these pictures being stolen and uploaded the person that runs it has gotten a little more serious. Hopefully that ends soon.
  • Reply 163 of 210

    "Kirsten Dunst seems to believe that her iCloud account was hacked."

     

    Um. She shows her rack in almost every movie she's in. Not sure how this is an invasion of 'privacy'.

  • Reply 164 of 210
    MarvinMarvin Posts: 14,790moderator
    tenobell wrote: »
    Here is a story about a guy who was offered to pay to see the pics weeks ago.

    http://deadspin.com/this-guy-was-sharing-the-hacked-celeb-nudes-weeks-befor-1629384848

    Some pictures have been collected over a longer period of time because one of the celebrities even said they'd deleted them a long time ago. Kate Upton and Verlander have only been in the press recently but dated as far back as 2012. Plus there are fake images in the uploads. There are groups that do all sorts of things online using encrypted networks:

    http://www.wired.com/2014/04/grams-search-engine-dark-web/

    The web that most people access is the one censored by Google, Yahoo, Bing etc and ISPs. The internet feels like it's a visible place where you can see everything happening but when you think of how you got to AppleInsider, it would be via a referral or through Google. If the forum blocked Google from accessing their server, hid content behind a login, nobody would know what was happening. This is why intelligence agencies try to break SSL encryption and capture content at the major internet relays. No matter how peer 2 peer data is, it has to flow worldwide through a relay.

    The brute force attack was probably a significant part of the leak as Apple just fixed it:

    http://www.engadget.com/2014/09/01/find-my-iphone-exploit/

    but the script code exploiting it on github would have been released long after it had been put to good use because bruteforce logins are slow, especially online. The leak online could have been due to a new member of a hidden group sharing celebrity pictures deciding to make them public for profit. Some people have been paid a lot of money for this kind of thing - there was the time Paris Hilton had a second batch of media released after not paying for long-term storage:

    http://www.people.com/people/article/0,,20010230,00.html

    "The lawsuit alleges that defendants Nabil and Nabila Haniss of Culver City, Calif., paid $2,775 for Hilton's items and then sold them for $10 million to entrepreneur Bardia Persa, creator of Parisexposed.com.

    Reads the text on the Web site: "Believe it or not, this supermodel, from one of the wealthiest families in the world, failed to pay her $208 bill. ... As you probably guessed by now, the storage unit was auctioned off ... the heiress lost all rights to her goods.""

    The person who went public with the recent pictures clearly overestimated how much people with bitcoins would pay him for the images. When this sort of thing is done in the open, it brings too much interest from authorities and nobody wants to be implicated in it.
    lunarmoon wrote:
    #1 rule - never have pictures of yourself naked on a phone, any phone or computer.
    #2 rule - never let anyone take your picture naked.

    follow these two simple rules.

    What on earth is wrong with naked?

    There's good naked and bad naked. Good naked gets too much unwanted attention from people who can't control themselves like this:


    [VIDEO]


    When you're the observer, it's all fine because having a look doesn't do you any harm. When you are the one being watched, it feels a bit different. I've actually been on the receiving end of some unwanted attention and it does feel a bit odd. I like to keep myself in shape and I was at a beach years ago in my tight shorts getting tanned and sweaty and this really overweight woman lying down the beach a bit lifts up her phone, points it at me and I hear the shutter noise. I didn't mind all that much as I actually try to look good but not for her and the idea of her rubbing her chubby parts to my body image is a bit gross and she could share the image anywhere. I got some attention from guys too and I didn't want their attention but I instantly realised that what those people were doing is what I do at the beach to people I'm attracted to (not take pictures but give them attention) so I just try not to be bothered by it. Now part of the reduction in harm there is that I know I can walk away from it and not see the people again, friends and family of the celebs will get access to the pics and they are people you see all the time. These celebrities are trying to look nice, attractive and seductive in the images but for their partners, not for millions of people around the world who include spotty, gross, ugly teenagers who they may come in contact with at any time. The irony for some of these celebs is that is in fact what they get paid to do as models in mens magazines but they still limit what they show and they are in control.

    Some people have taken to social media networks to try and offer support for the whole idea of it being ok to be naked by posting pictures of themselves (#leak4jlaw) - there's an idea for the next ALS fundraiser - but these are people who don't mind strangers seeing them naked.

    When it comes to blame, the victims won't accept any because despite putting explicit media on an internet connected device, as far as they were concerned, they were using secure services, which is fair because people use email all the time and no one expects messages to be leaked. Apple deserves some blame for their security weakness, other services may have been exploited too. The group that deserves the most blame is the group cracking password-protected services and leaking the images. The damage is done now and may not be over yet as there are many more unreleased celebrities.

    What I notice when these things happen is how much people try to communicate their own feelings but it falls on deaf ears:

    One group is news reporters and authorities who are mainly older and don't understand technology nor how it works, who the perpetrators are and their motives. Some of them think that 4chan is the online handle for a computer hacker and they want to hold that person responsible, which obviously causes some people great entertainment. They also try to project authority where many people assume they have no jurisdiction because the internet is treated as a space of free information.

    What the communities promoting the leaks try to get across is that information should always be free but they can't and don't think about it from the point of view of it being their own personal or intellectual property because they are often young and don't know what ownership and control are like - they have nothing of significant value and nobody depends on them so they don't need to exert control. I think there's also an assumption that the harm doesn't exist because they'd be fantasising about these celebs anyway (they are being photoshopped nude all the time) in much the same way that there's justification of downloading software/games/videos because it wouldn't be a purchase anyway and in fact it's a form of marketing. People don't have less respect for these celebrities now than before, quite the opposite so some will see it as a good thing for them.

    What the victims try to get across is that it is in fact harmful to them and they don't want strangers seeing them in those scenarios. They are celebrities who make money from selling their image but it's not all-access and everyone has limits on what they put out to the public.

    These messages never get through because they are coming from different vantage points.

    Human behaviour is very strange when you really take a good look at it though. Every day people get up, they are getting nude for everything in the bathroom or intimacy, doctors visits without a second thought but in public, people will be absolutely meticulous about not showing any excess flesh. And yet, if the members of the public had watched them in the bathroom or bedroom and they didn't know about it such as in hidden online groups for years, they would go about their day as normal. The knowing is what causes the harm but why? How can it be used against them to adversely affect their lives in the present or future any more so than when they didn't know about it? They might be objectified sexually more than usual, they may get more unwanted attention than usual but the damage is mostly emotional and is from conditioning about how we should feel about being nude or sexual in front of strangers.
  • Reply 165 of 210
    jmc54jmc54 Posts: 207member
    Quote:

    Originally Posted by Tallest Skil View Post

     

     

    You’d be surprised at the number of people who claim this isn’t a valid argument and that people should be allowed to do whatever they want.


    And no one denies them that right! With security breeches at Target, Blackberry and various large banks making the news on a regular basis, these geniuses should then accept the consequences of taking nude selfies!

  • Reply 166 of 210
    Quote:



    Originally Posted by SirLance99 View Post



    Despite what actually really happened, most morning "news" programs are reporting that the FBI and Apple are investigating the iCloud hack. This is now the narrative. This is what the masses are hearing and it's linked to Apple.

    3 thoughts.

     

    1) The posted code was a classic hack.  They hacked the Web API and how you authenticate/change passwords passwords from a phone/ipad.  Not the website.  It's a subtle bug (e.g. some of the 'business' [security] logic moved into the UI layer), and pretty classic problem in multi modal web services.   It's less about 'iCloud' and more about 'Apple Cloud Services.'    

     

    One side of me says, bad Apple.   No comprehensive regression testing across all interfaces for critically confidential data.   The other side says... This is great, as it forces Apple and its aware consumers to clean house on old stale passwords and data storage practices.  

     

    2) No evidence yet that the code = leaked photos.   Lots of theories abound, and it's plausible that this is the way to get a password, but not proven that Apple infrastructure/device stored data was actually the source.   

     

    3) The FBI is automatically involved if there is evidence that financial impact is involved (extortion or sale of ill-gotten data), or if Apple has that as part of their incident response, given how close apple IDs are to financial transactions (ITMS/AppStore/inApp purchases).  

     

     

    I'm assuming Apple will be focused and methodical on researching this much like they were during Antennagate.  My guess we'll hear nothing until either just before the 9/9 announcement - that we'll see a very curt release on Thurs - Friday this week, and a 30 second bit during the event.  Or there will be about 1 minute repeating what was said by Apple yesterday, with a promise from Tim that they'll say more when they know more, and then another event to discuss it will be scheduled.

  • Reply 167 of 210
    "Kirsten Dunst seems to believe that her iCloud account was hacked."

    Um. She shows her rack in almost every movie she's in. Not sure how this is an invasion of 'privacy'.

    It's not the fact that skin is exposed, it's a matter of consent. Ever had your house broken into? Ever had something stolen?
  • Reply 168 of 210
    blitz1blitz1 Posts: 413member
    Quote:

    Originally Posted by Apple ][ View Post

     

    Just because some pea brained actress believes that iCloud has been hacked doesn't make it so. Maybe somebody gained access to their account, but that doesn't mean that there has been a system wide attack on iCloud. I am interested in cold, hard facts, not simple minded speculation and ignorant hysteria.

     

    I also don't have much sympathy for anybody who gets their pictures leaked online.

     

    I don't care who it is, Apple, Google, Microsoft, whoever. It doesn't make a damn difference.

     

    Don't store any pictures online that you do not want anybody else to see.

     

    I use iCloud and have no problems with it, but I sure as hell wouldn't upload any x-rated pictures of myself to iCloud.

     

    People are dumb.


    So you mean iCloud and - by extension - the cloud paradigm aren't safe?

    Interesting!

     

  • Reply 169 of 210
    blitz1blitz1 Posts: 413member
    Quote:

    Originally Posted by jmc54 View Post

     

    And no one denies them that right! With security breeches at Target, Blackberry and various large banks making the news on a regular basis, these geniuses should then accept the consequences of taking nude selfies!


     

    How do you feel about your house, locked, and still have someone snooping & stealing in it?

    Just "accept the consequences" ?

  • Reply 170 of 210
    malaxmalax Posts: 1,598member
    Quote:

    Originally Posted by PhilBoogie View Post





    Thanks for the heads-up, at least I now know the length. Python will do the rest¡

    Good luck with that.  Even if he used only lower-case random letters, you'd still have to work through 2.4x10^35 combinations to try them all.  Lucky for you it would only take 1.2*10^35 tries to find the right one, on average.  You'd better get started if you want to finish before the sun runs out of energy.  (If you could try 1,000,000,000 passwords a second, it would take you 3,750,000,000,000,000,000 years.)

  • Reply 171 of 210
    Quote:
    Originally Posted by Marvin View Post



    When it comes to blame, the victims won't accept any because despite putting explicit media on an internet connected device, as far as they were concerned, they were using secure services, which is fair because people use email all the time and no one expects messages to be leaked. Apple deserves some blame for their security weakness, other services may have been exploited too. The group that deserves the most blame is the group cracking password-protected services and leaking the images. The damage is done now and may not be over yet as there are many more unreleased celebrities.

     

    Sure, service providers have a responsibility for some level of security, but I think it's ridiculous that anyone would think of these services as some sort of a vault where only authorized access will occur. Everyone should expect email messages to be leaked. It has happened and will continue to happen. There will be outrage though, as people try to rationalize their dependence on convenient internet services, and will blame Internet companies for not doing the impossible.

  • Reply 172 of 210
    malaxmalax Posts: 1,598member
    Quote:

    Originally Posted by sog35 View Post

     

    Who cares.

     

    Don't save embarrasing photo's on the cloud.


    You mean "don't save anything potentially sensitive or with any financial implications in the cloud?"

     

    This story is the modern equivalent of learning that 100 celebrities had their houses broken into on the same day.  That would cause people to wonder about their personal security habits and whether they should trust their security systems.  And then you would say "Don't store anything valuable in your house."

  • Reply 173 of 210
    I just saw a report by Jeff Rossun (sp?) on the Today show where they set up a sting on bike thefts in New York. They got the crooks on tape ripping off the bike and one insisted he had nothing to do with it even as he watched the reporter play back the tape to his face. Then they tracked the stolen bike to some run down house miles outside the city, confronted the scumbags who had the bike partially disassembled and in their shed in the back and they insisted...INSISTED...they had no idea how the stolen, partially in pieces bike got in their shed.

    This is the sewer rat mentality of these hackers. Same as these thieves.
  • Reply 174 of 210

    Regardless if only iCloud or also includes other Cloud services, this will make Apple's announcement next week of payments with American Express, MC and Visa a harder sale initially to some.

  • Reply 175 of 210
    1 2 3 4....6..hmm no..is to complicated, 5! Lol
    Kate Upton? That prostitute has privacy too? I always thought she was pornstar. Selena Gomes, just because she had sex with that 12 year old creature doesn't make her star. As for my favorite ladies Kirsten Dunst, Kaley C., Mary Elisabeth W. and especially Jennifer Lawrence, i'm not worried, Apple will take good care of them and for the rest of them, I hope they will go back and being nobody
  • Reply 176 of 210
    imember wrote: »
    I always thought [Kate Upton] was pornstar.

    :no:
    Selena Gomes, just because she had sex with that 12 year old creature doesn't make her star.

    How about starring in TV shows, movies and being a singer? Also note her fame as a child actor came well before she was involved with Beiber.
  • Reply 177 of 210
    solipsismx wrote: »
    :no:
    How about starring in TV shows, movies and being a singer? Also note her fame as a child actor came well before she was involved with Beiber.
    I did not know that, ok she can pass
  • Reply 178 of 210
    MarvinMarvin Posts: 14,790moderator
    It's not the fact that skin is exposed, it's a matter of consent. Ever had your house broken into? Ever had something stolen?

    The nudity has to be a significant part of it. If they were just fully clothed holiday snaps, there would be nowhere near the same level of concern nor interest from the public.
    malax wrote:
    Even if he used only lower-case random letters, you'd still have to work through 2.4x10^35 combinations to try them all. Lucky for you it would only take 1.2*10^35 tries to find the right one, on average. You'd better get started if you want to finish before the sun runs out of energy. (If you could try 1,000,000,000 passwords a second, it would take you 3,750,000,000,000,000,000 years.)

    That's not how they do it though, starting with memorable words and phrases cuts down the combinations significantly (maybe it can't strictly be called bruteforce but it's still using combinations):

    http://www.zdnet.com/password-breaker-successfully-tackles-55-character-sequences-7000019891/
    http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/

    And people simply aren't going to use 25+ character passwords. This was demonstrated with an old password dump:

    http://venturebeat.com/2009/12/15/rockyou-hacked-32-million-account-passwords/

    The arstechnica link says the password cracker can bruteforce all the passwords that people used there in 65 seconds. Even with a slower cloud service, it could be done in a few days as long as it didn't slow down the password input.

    Every cloud service should check login location to see if the location is suspect and if it's been used before. GMail does this and warns your backup email of the suspicious login. It should only allow a certain limit of logins before flagging it as suspect like 5-10 logins before email verification is required and have a delay between logins. There should be a certification for compliance too so people know what logins to trust but this doesn't stop the problem of password reuse and I still think passwords should be replaced entirely.
    I think it's ridiculous that anyone would think of these services as some sort of a vault where only authorized access will occur. Everyone should expect email messages to be leaked. It has happened and will continue to happen.

    But then nobody would trust cloud services for anything important, which can't be the case. Online services run the entire world economy. Good security practises at least are expected.
    imember wrote:
    Kate Upton? That prostitute has privacy too? I always thought she was pornstar.

    Softcore models aren't pornstars but pornstars have a right to privacy. They elect to show you a predetermined scene but if someone leaked intimate pictures of them with their partners, that would be an invasion of their privacy.
  • Reply 179 of 210
    jmc54jmc54 Posts: 207member
    Quote:

    Originally Posted by Blitz1 View Post

     

     

    How do you feel about your house, locked, and still have someone snooping & stealing in it?

    Just "accept the consequences" ?




    Pretty much! Burglaries happen all the time and the same rules apply. Increase home security, lock up high value items off site if needs be. If you don't, accept the consequences. 

  • Reply 180 of 210
    malax wrote: »
    Good luck with that.  Even if he used only lower-case random letters, you'd still have to work through 2.4x10^35 combinations to try them all.  Lucky for you it would only take 1.2*10^35 tries to find the right one, on average.  You'd better get started if you want to finish before the sun runs out of energy.  (If you could try 1,000,000,000 passwords a second, it would take you 3,750,000,000,000,000,000 years.)

    Ha! I was hoping someone would respond with this respond....so I guess your post is 'predictable'(?)

    No, really, thanks for doing the math. Though I do think Marvin has a good point in his post one page down.
Sign In or Register to comment.