I've never gotten hacked online, but I was the target of a telephone scam some years back, by some shady company that had somehow made a few charges to one of my bank cards, without my authorization of course.
I was seriously pissed off, and I immediately cancelled that card, and then I contacted the State Attorney General, the FTC, and I even spoke to an agent at the FBI, since this was across state lines. To make a long story short, the situation was rectified pretty quickly.
Good for you! The nuclear option is sometimes the only option.
NM. a more in-depth article on The Verge answered my question about the Find my iPhone hack. That was already patched and it is not related to this leak. Those celebs must have had very weak passwords indeed.
One of the drawbacks to having the phone ask for permission to do things is that it always asking me to authenticate. I have caught myself many times just out of habit entering a pin code or apple id without actually reading the screen. I could see someone making a javascript malware script that popped up a pixel perfect authentication dialog in safari that would look like some other innocuous app in the background needing your credentials. Embarrassingly, I myself have even completed an unintended in-app purchase simply because muscle memory took over before my conscious mind could process what was happening.
I know what you mean. I get the "Trust this computer?" pop-up regularly for no apparent reason when I hook my iPad up to my computer. Of course I trust my own Apple computer!
I keep seeing people complaining on rumor sites why account wouldn't be locked out after so many attempts. How do we know it wasn't? The hacker could have easily gained access to their email account first then started with password attempts on other accounts and just kept retrieving the reset emails until they got it right.
I keep seeing people complaining on rumor sites why account wouldn't be locked out after so many attempts. How do we know it wasn't? The hacker could have easily gained access to their email account first then started with password attempts on other accounts and just kept retrieving the reset emails until they got it right.
This is why I assume (perhaps incorrectly) that a targeted phishing scam was at work here. No need for password generators and the like. The only thing needed would be a private e-mail address, which could have been exposed in any of the recent massive credit card hacks. In fact, a brute force attack on Twitter may have yielded those same private e-mail addresses.
Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.
I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username.
Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.
Apple is no "worse" than any other service. In fact, they seem to be more secure and proactive.
Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.
I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username.
How about tying a login/password to an anonymous Bitcoin code? Then it would be uncrackable, distributed and unknown, even to the user.
Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.
No, they should not!
If somebody goes out and buys a $10,000 lock for their front door, yet they forget to lock it one day, and thieves walk up to it and enter the house, then whose fault is that?
Human stupidity will trump any security measure, no matter how costly. Apple is not responsible for the dumb and careless actions that people make.
So most likely the majority of those celebs were stupid, careless and ignorant.
They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.
And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.
There is a reason these people are famous and people want to see pics of them, and it isn't because of their brains...
This is what you get when you store personal things you would not want you mom seeing in the cloud and being stupid about it. Hacker are a lot smarter than your average thief. Image the work the when through to track down on the necessary information to get into each account whether on icloud or any other cloud based storage product out there.
What is what you get? nothing happened as the leaks weren't from icloud so whats your point?
That is not what this says. It says iCloud was not compromised as a service, but that some celebrity accounts were directly compromised. In other words, someone hacked their user account credentials / recovery information and not the iCloud service. Subtle difference but it does mean that some of that leaked content may be from peoples iCloud storage. This also doesn't say if any of the pictures and video in these leaks is actually from the accounts that were individually compromised. So it doesn't say much really other than people should use strong passwords, two factor authentication, and Apple should keep fixing bugs in their security as soon as they are found.
Just as I figured. I wonder if they’ll still up iCloud’s security anyway.
I’d love to not have an upper limit on my password size. I’d also love to not be forced into having numbers and uppercase letters. There’s absolutely no excuse for that. I’ve kept my original iCloud password since the beta because of this nonsense (no restrictions in the beta).
I’d also love to be able to write MY OWN QUESTIONS.
That doesn't totally solve the problem. Answering any security question honestly is ripe for trouble. Same with using the same answers across many sites. It's akin to using the same password across many sites. Sometimes its easier to gain access to someones info by going the security question route vs. guessing at the password.
Using a password manager like 1password to generate unique passwords across all accounts as well as using it to generate dummy unique answers to security questions is the answer. Two factor authentication is another method.
How about tying a login/password to an anonymous Bitcoin code? Then it would be uncrackable, distributed and unknown, even to the user.
I am open to any idea that is safe, secure, and makes it easier for all of us to access sites, apps, email, etc..without having to use long and burdensome passwords. I think temp passwords by text would be the easiest but I don't know much about Bitcoin.
Comments
I'm sure that it's not.
I've never gotten hacked online, but I was the target of a telephone scam some years back, by some shady company that had somehow made a few charges to one of my bank cards, without my authorization of course.
I was seriously pissed off, and I immediately cancelled that card, and then I contacted the State Attorney General, the FTC, and I even spoke to an agent at the FBI, since this was across state lines. To make a long story short, the situation was rectified pretty quickly.
Good for you! The nuclear option is sometimes the only option.
One of the drawbacks to having the phone ask for permission to do things is that it always asking me to authenticate. I have caught myself many times just out of habit entering a pin code or apple id without actually reading the screen. I could see someone making a javascript malware script that popped up a pixel perfect authentication dialog in safari that would look like some other innocuous app in the background needing your credentials. Embarrassingly, I myself have even completed an unintended in-app purchase simply because muscle memory took over before my conscious mind could process what was happening.
I know what you mean. I get the "Trust this computer?" pop-up regularly for no apparent reason when I hook my iPad up to my computer. Of course I trust my own Apple computer!
Except they do.
Counsel: "You mean to tell me that Apple's stoplist did not preclude my client
from choosing 'Princess1' as a password?"
Defense: "Your honor, ladies and gentleman of the jury. That is correct, but
'Princess1' is only #2 on the "ibrute" list, so that our (temporary-only) gaffe
with the "no counters" Find My iPhone URL login cannot be implicated."
While this may or may not be true, it doesn't excuse Apple from not having rate-limited iCloud login attempts:
http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/
I keep seeing people complaining on rumor sites why account wouldn't be locked out after so many attempts. How do we know it wasn't? The hacker could have easily gained access to their email account first then started with password attempts on other accounts and just kept retrieving the reset emails until they got it right.
This is why I assume (perhaps incorrectly) that a targeted phishing scam was at work here. No need for password generators and the like. The only thing needed would be a private e-mail address, which could have been exposed in any of the recent massive credit card hacks. In fact, a brute force attack on Twitter may have yielded those same private e-mail addresses.
I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username.
Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.
Apple is no "worse" than any other service. In fact, they seem to be more secure and proactive.
Am I reading this right?
"iCloud piece of shit"?
or
"iCloud eat shit"?
What a horrible idea.
I am waiting for the day when passwords are a distant memory. To be safe and secure you have to use long and difficult to remember ones. You also should never use the same ones on different sites and change often. I would much prefer a temp password sent by text that only last 15 minutes before it expires then only need to remember the email address or username.
How about tying a login/password to an anonymous Bitcoin code? Then it would be uncrackable, distributed and unknown, even to the user.
Apple should take responsibility! If security measures (login/password) are not good enough to guarantee security, then maybe the service is ahead of its time. Maybe cloud services, including iCloud, should not be released until a proper security mechanism is found.
No, they should not!
If somebody goes out and buys a $10,000 lock for their front door, yet they forget to lock it one day, and thieves walk up to it and enter the house, then whose fault is that?
Human stupidity will trump any security measure, no matter how costly. Apple is not responsible for the dumb and careless actions that people make.
So most likely the majority of those celebs were stupid, careless and ignorant.
They're probably the kind of stupid people that would use their birthdates in their passwords, or the name of their pets or some other, extremely easy to guess passwords. Especially if somebody is a famous celeb, finding personal information about them online isn't exactly difficult.
And they also probably chose very easy to guess security questions, that anybody who has access to a search engine could easily figure out.
There is a reason these people are famous and people want to see pics of them, and it isn't because of their brains...
/end sexist but true remark
This is what you get when you store personal things you would not want you mom seeing in the cloud and being stupid about it. Hacker are a lot smarter than your average thief. Image the work the when through to track down on the necessary information to get into each account whether on icloud or any other cloud based storage product out there.
What is what you get? nothing happened as the leaks weren't from icloud so whats your point?
That is not what this says. It says iCloud was not compromised as a service, but that some celebrity accounts were directly compromised. In other words, someone hacked their user account credentials / recovery information and not the iCloud service. Subtle difference but it does mean that some of that leaked content may be from peoples iCloud storage. This also doesn't say if any of the pictures and video in these leaks is actually from the accounts that were individually compromised. So it doesn't say much really other than people should use strong passwords, two factor authentication, and Apple should keep fixing bugs in their security as soon as they are found.
Just as I figured. I wonder if they’ll still up iCloud’s security anyway.
I’d love to not have an upper limit on my password size. I’d also love to not be forced into having numbers and uppercase letters. There’s absolutely no excuse for that. I’ve kept my original iCloud password since the beta because of this nonsense (no restrictions in the beta).
I’d also love to be able to write MY OWN QUESTIONS.
That doesn't totally solve the problem. Answering any security question honestly is ripe for trouble. Same with using the same answers across many sites. It's akin to using the same password across many sites. Sometimes its easier to gain access to someones info by going the security question route vs. guessing at the password.
Using a password manager like 1password to generate unique passwords across all accounts as well as using it to generate dummy unique answers to security questions is the answer. Two factor authentication is another method.
How about tying a login/password to an anonymous Bitcoin code? Then it would be uncrackable, distributed and unknown, even to the user.
I am open to any idea that is safe, secure, and makes it easier for all of us to access sites, apps, email, etc..without having to use long and burdensome passwords. I think temp passwords by text would be the easiest but I don't know much about Bitcoin.