Oh, please **** off with your self-righteous, sanctimonious garbage.
Ironically you're the self righteous one here. I'm saying that no one had a right to their stuff. If I leave my door unlocked it's not my fault my house got robbed. No one has a right to come into my house.
If I leave my door unlocked it's not my fault my house got robbed. No one has a right to come into my house.
You're right, no one has the right to come into your house. However, if someone does and it's because you only closed your screen door, didn't lock it and left all your interior lights on so we could see you weren't home I would certainly think you could have done a better job protecting yourself.
I'm in the middle here. Do I think the celebrity photo theft was right? No. Do I feel for these actresses who have had private moments exposed? Yes. Do I think the perpetrators should be punished? Yes. Could the affected people do more to protect themselves? Yes.
Edit: To ignore the fact that there are people who will disregard privacy/personal property rights, etc., is just being naive.
It's interesting how extreme people's views are. Some are completely on one side, others completely on the opposite side.
NOT good enough, provide the fix to enable two factor authentication for iCloud backups and Photo Stream in iOS 7 THIS month, Tim Cook! Not all devices will run iOS 8, and not all users, especially in corporations, will update to iOS 8 straight away.
If you leave your door unlocked, it's obviously illegal for somebody to enter it and rob you blind, but it's totally understandable if it happens.
The hackers and perverts in this story should be harshly punished, but that doesn't mean that the celebrities don't bear a large part of the responsibility.
NOT good enough, provide the fix to enable two factor authentication for iCloud backups and Photo Stream in iOS 7 THIS month, Tim Cook! Not all devices will run iOS 8, and not all users, especially in corporations, will update to iOS 8 straight away.
Also, what about iOS 6-only devices?!
He never said there would be two step for backups which makes sense cause that's pre access to the messages app. it would be a heck of a lot harder to reprogram the system to allow for texts before getting to the home screen. He said iCloud data which is more likely iCloud Drive.
Quote:
Originally Posted by Radjin
Then use better passwords and don't be stupid enough to give it away.
This. iBrute used a list of 500 'idiot' passwords, many of which were variations on the word password and the sad part is that those are likely legit for some folks. I have an older neighbor who uses her name. Seriously. Imagine if your user name was [email protected] and your password was Charlik1. yeah i'm getting hacked.
Hey, what d'ya know? So it turns out that I was right, even though there was some protesting as usual in the previous thread. The celebrities were ignorant and careless.
We do not know, 100% confirmed, the attack vector, so you can't say if they were or were not stupid. Cook said there is zero evidence that anyone attack the system directly. If we trust him to be telling the truth then that is fact.
But it doesn't mean the celebrities were careless. Keep in mind that often they don't run these accounts for themselves. A major figure like Lawrence is going to have at least one personal assistant. That is the person that buys her phone, sets it up etc. That person is more likely to know the password because he/she picked it. That is the person that might have written it out on a post it note or in the notes on their phone (which they proceeded to lost with no passcode on it) etc.
This. iBrute used a list of 500 'idiot' passwords, many of which were variations on the word password and the sad part is that those are likely legit for some folks. I have an older neighbor who uses her name. Seriously. Imagine if your user name was [email protected] and your password was Charlik1. yeah i'm getting hacked.
It's not just celebrities. I believe that the average person out there uses crap passwords, that are ridiculously easy to guess.
I'm no hacker, and I've never hacked anything before, but I'm fairly certain that it wouldn't be all that hard to gain access to many people's accounts.
We do not know, 100% confirmed, the attack vector, so you can't say if they were or were not stupid. Cook said there is zero evidence that anyone attack the system directly. If we trust him to be telling the truth then that is fact.
But it doesn't mean the celebrities were careless. Keep in mind that often they don't run these accounts for themselves. A major figure like Lawrence is going to have at least one personal assistant. That is the person that buys her phone, sets it up etc. That person is more likely to know the password because he/she picked it. That is the person that might have written it out on a post it note or in the notes on their phone (which they proceeded to lost with no passcode on it) etc.
I still think that the celebrities were careless, because even if they did have some personal assistant setting up their account, the ultimate responsibility lies with the celebrity. It's their account after all, and it's their body.
Is there a reasonable way to block social engineering, password guesses, phishing, etc? It seems like what happened over the weekend has been a long time coming by a lot of people (see this great post) and the methods used are really old school, non-haxor stuff.
These vulnerabilities are there because, well, we are people and there are asshats out there. There's security and there's security theater. I'd argue there are things Apple hasn't done well but they're handling the security part fairly well and I trust they will continue to.
You can only educate folks so much. It's highly unlikely that all the majors will ever join together to create a database that bars using common passwords. So it's on the user. If they insist on using the same password everywhere, that's on them. It's unruly to give folks one try then block them out, although that would be the safest. And phishing. Well that is again an education issue. Many folks just don't care to try to learn that stuff. So they happily give all their passwords away (which happen to be the same one) and all their money to that very nice prince in Nigeria
I mean even if companies put in all kind of protection measures, if you are going to do stupid thing, you will have to pay the consequences. Who knows? Could it also be a publicity stunt by all those actor?
You really think someone like Jennifer Lawrence needs to pull that kind of stunt. That she would hire someone to pose as a hacker, to implicate Apple etc.
If anyone is looking for publicity its the hacker, which might be why it was implied that they breached an Apple system. Apple gets press. During the days between invite and announcement everyone basically turns into 24/7 Apple press machines. It was very very well timed.
So what if your phone quits working, gets lost or stolen? You have your new iPhone you want to restore from iCloud. Where does the 2fa notification go to? Your old iPhone is gone, so it's not going there. Your new iPhone isn't set up yet, so it's not getting it either. Apple lets you set up more than one device (great for families), but if you're single would you have a second SMS capable iOS device you could set up to also receive the verification code? Even if you did, would you even think it was necessary to add a second device while you're setting up 2fa?
I mentioned this to someone on another site and they claimed that yes your phone gets text messages before iCloud is set up. If I had the time to waste I would actually wipe my phone to test that, but I highly highly suspect that this would be wrong. And thus 2 step wouldn't work for restoring a backup. Unless Apple wants to change the system so backups don't have to be set up on a fresh machine. Perhaps with the new iCloud system this will be the case, at least at once day. If not for the settings then at least for things like your camera roll. Which is after the reboot
If you sign up for an online service, create and employ a complex password. For recovery options, use questions and answers that are not easily identifiable through social engineering. If your favorite team is the Dallas Cowboys, using an avatar of the Cowboys logo on your online accounts is likely a dead giveaway.
If the service you are using has two-factor authentication, use it. Hey, it could be a hassle in the short-term but once it becomes habit and part of your routine it won't matter.
Use a secure password manager / generator to maintain your login information. Change your passwords on a regular basis and if you feel that you have had your security compromised change all accounts.
Don't log into public computers to check your personal email, bank accounts, retirement funds, etc.
If you don't trust the cloud, don't store on the cloud.
If you don't want something on the internet, do not put it out on the internet. This includes photos, your own personal information, and forum posts which express your personal opinions and beliefs if you are not comfortable sharing them in public.
We are all only human, so we are bound to break one of these "rules" at some point and quote "be stupid". The fact of the matter is there is a major breach of privacy because regardless of how easily the content was obtained, the people behind the leaks were very determined to get said information and there is no telling what lengths they would have gone to in order to extract the information they wanted. I feel sorry for these very real people who have now had a side of themselves exposed to the world that they would otherwise not share. The leaked content is not in context. We don't know if things were done in a provocative, loving, or possibly joking nature.
Could Apple have had tighter security? Sure, but how many "are you sure you want to do this" prompts are necessary before it becomes the responsibility of the user to ensure his or her privacy is being respected?
If anyone is looking for publicity its the hacker, which might be why it was implied that they breached an Apple system. Apple gets press. During the days between invite and announcement everyone basically turns into 24/7 Apple press machines. It was very very well timed.
Even though I'm speaking harshly against the celebrities, I am all for harsh punishments against the hackers.
They need to find those people quickly and deal with them in the most severe way. In addition to their punishment when caught, those people should be banned from the internet for life. If somebody is a pedophile, you don't let them be around small children. If somebody is a convicted hacker, they should not be allowed anywhere online, ever.
I mentioned this to someone on another site and they claimed that yes your phone gets text messages before iCloud is set up. If I had the time to waste I would actually wipe my phone to test that, but I highly highly suspect that this would be wrong. And thus 2 step wouldn't work for restoring a backup. Unless Apple wants to change the system so backups don't have to be set up on a fresh machine. Perhaps with the new iCloud system this will be the case, at least at once day. If not for the settings then at least for things like your camera roll. Which is after the reboot
I think if the original device is not available you have to use the recovery key that is provided during the two-factor authentication setup. Most two-factor setups require you, the user, to keep track of any recovery codes or emergency access codes if you lose access to your authenticating device. From there you will need to disable the old device and activate authentication with a new one.
I live in one of the places where it's hardest to get a gun in the entire US, but I'm thinking about getting one soon, just because I'd like to challenge the system, and exercise my rights.
You can only educate folks so much. It's highly unlikely that all the majors will ever join together to create a database that bars using common passwords. So it's on the user. If they insist on using the same password everywhere, that's on them. It's unruly to give folks one try then block them out, although that would be the safest. And phishing. Well that is again an education issue. Many folks just don't care to try to learn that stuff. So they happily give all their passwords away (which happen to be the same one) and all their money to that very nice prince in Nigeria
We don't know how people got to each of the celebrities' accounts and maybe there are multiple methods in this particular case. Having good computer-user habits is important but that means understanding all the attack vectors. And there's no one who knows it all. It's not useful to simply blame the victim.
Quote:
Originally Posted by Tallest Skil
Sounds like you need to buy a gun. Or a lock.
I think the analogy with the physical home is helpful to simplify the discussion but that's only going to go so far. Go ahead and put on the new lock and get a gun. Heck, move into a bank vault. Nothing's invulnerable.
My point is that this hack is complicated. There's an uncoordinated, opportunistic swarm of people involved in these hacks. There's public policy, law enforcement, government regulations involved. Those are all factors allowing things like "ElcomSoft Password Recovery Bundle" to be available to governments, private organizations and even individuals. There are multiple ways to get into your iCloud account. Who has considered all these things before connecting their phones to the network? Or even browsing the web?
Don't get me wrong. Security is important and I do think Apple's correctly earned a good reputation for it. I'm glad to hear that some of these vectors haven't been cracked. Touch ID is an important part of making security part of our everyday usage. An app store to limit what goes on iOS is a critical innovation. I'd argue Apple has done a better job protecting OS X than Microsoft has done for Windows. There's room for improvement and important decisions to come. I think they'll keep making good progress even as things continue to get more complicated.
Comments
Ironically you're the self righteous one here. I'm saying that no one had a right to their stuff. If I leave my door unlocked it's not my fault my house got robbed. No one has a right to come into my house.
You're right, no one has the right to come into your house. However, if someone does and it's because you only closed your screen door, didn't lock it and left all your interior lights on so we could see you weren't home I would certainly think you could have done a better job protecting yourself.
I'm in the middle here. Do I think the celebrity photo theft was right? No. Do I feel for these actresses who have had private moments exposed? Yes. Do I think the perpetrators should be punished? Yes. Could the affected people do more to protect themselves? Yes.
Edit: To ignore the fact that there are people who will disregard privacy/personal property rights, etc., is just being naive.
It's interesting how extreme people's views are. Some are completely on one side, others completely on the opposite side.
NOT good enough, provide the fix to enable two factor authentication for iCloud backups and Photo Stream in iOS 7 THIS month, Tim Cook! Not all devices will run iOS 8, and not all users, especially in corporations, will update to iOS 8 straight away.
Also, what about iOS 6-only devices?!
Update. No reason not to.
Sounds like you need to buy a gun. Or a lock.
No one has a right to come into my house.
If you leave your door unlocked, it's obviously illegal for somebody to enter it and rob you blind, but it's totally understandable if it happens.
The hackers and perverts in this story should be harshly punished, but that doesn't mean that the celebrities don't bear a large part of the responsibility.
NOT good enough, provide the fix to enable two factor authentication for iCloud backups and Photo Stream in iOS 7 THIS month, Tim Cook! Not all devices will run iOS 8, and not all users, especially in corporations, will update to iOS 8 straight away.
Also, what about iOS 6-only devices?!
He never said there would be two step for backups which makes sense cause that's pre access to the messages app. it would be a heck of a lot harder to reprogram the system to allow for texts before getting to the home screen. He said iCloud data which is more likely iCloud Drive.
Then use better passwords and don't be stupid enough to give it away.
This. iBrute used a list of 500 'idiot' passwords, many of which were variations on the word password and the sad part is that those are likely legit for some folks. I have an older neighbor who uses her name. Seriously. Imagine if your user name was [email protected] and your password was Charlik1. yeah i'm getting hacked.
Apple making a move is good, even though the whole thing is not entirely their fault.
Hey, what d'ya know? So it turns out that I was right, even though there was some protesting as usual in the previous thread. The celebrities were ignorant and careless.
We do not know, 100% confirmed, the attack vector, so you can't say if they were or were not stupid. Cook said there is zero evidence that anyone attack the system directly. If we trust him to be telling the truth then that is fact.
But it doesn't mean the celebrities were careless. Keep in mind that often they don't run these accounts for themselves. A major figure like Lawrence is going to have at least one personal assistant. That is the person that buys her phone, sets it up etc. That person is more likely to know the password because he/she picked it. That is the person that might have written it out on a post it note or in the notes on their phone (which they proceeded to lost with no passcode on it) etc.
This. iBrute used a list of 500 'idiot' passwords, many of which were variations on the word password and the sad part is that those are likely legit for some folks. I have an older neighbor who uses her name. Seriously. Imagine if your user name was [email protected] and your password was Charlik1. yeah i'm getting hacked.
It's not just celebrities. I believe that the average person out there uses crap passwords, that are ridiculously easy to guess.
I'm no hacker, and I've never hacked anything before, but I'm fairly certain that it wouldn't be all that hard to gain access to many people's accounts.
We do not know, 100% confirmed, the attack vector, so you can't say if they were or were not stupid. Cook said there is zero evidence that anyone attack the system directly. If we trust him to be telling the truth then that is fact.
But it doesn't mean the celebrities were careless. Keep in mind that often they don't run these accounts for themselves. A major figure like Lawrence is going to have at least one personal assistant. That is the person that buys her phone, sets it up etc. That person is more likely to know the password because he/she picked it. That is the person that might have written it out on a post it note or in the notes on their phone (which they proceeded to lost with no passcode on it) etc.
I still think that the celebrities were careless, because even if they did have some personal assistant setting up their account, the ultimate responsibility lies with the celebrity. It's their account after all, and it's their body.
Originally Posted by ddawson100
Is there a reasonable way to block social engineering, password guesses, phishing, etc? It seems like what happened over the weekend has been a long time coming by a lot of people (see this great post) and the methods used are really old school, non-haxor stuff.
These vulnerabilities are there because, well, we are people and there are asshats out there. There's security and there's security theater. I'd argue there are things Apple hasn't done well but they're handling the security part fairly well and I trust they will continue to.
You can only educate folks so much. It's highly unlikely that all the majors will ever join together to create a database that bars using common passwords. So it's on the user. If they insist on using the same password everywhere, that's on them. It's unruly to give folks one try then block them out, although that would be the safest. And phishing. Well that is again an education issue. Many folks just don't care to try to learn that stuff. So they happily give all their passwords away (which happen to be the same one) and all their money to that very nice prince in Nigeria
I mean even if companies put in all kind of protection measures, if you are going to do stupid thing, you will have to pay the consequences. Who knows? Could it also be a publicity stunt by all those actor?
You really think someone like Jennifer Lawrence needs to pull that kind of stunt. That she would hire someone to pose as a hacker, to implicate Apple etc.
If anyone is looking for publicity its the hacker, which might be why it was implied that they breached an Apple system. Apple gets press. During the days between invite and announcement everyone basically turns into 24/7 Apple press machines. It was very very well timed.
So what if your phone quits working, gets lost or stolen? You have your new iPhone you want to restore from iCloud. Where does the 2fa notification go to? Your old iPhone is gone, so it's not going there. Your new iPhone isn't set up yet, so it's not getting it either. Apple lets you set up more than one device (great for families), but if you're single would you have a second SMS capable iOS device you could set up to also receive the verification code? Even if you did, would you even think it was necessary to add a second device while you're setting up 2fa?
I mentioned this to someone on another site and they claimed that yes your phone gets text messages before iCloud is set up. If I had the time to waste I would actually wipe my phone to test that, but I highly highly suspect that this would be wrong. And thus 2 step wouldn't work for restoring a backup. Unless Apple wants to change the system so backups don't have to be set up on a fresh machine. Perhaps with the new iCloud system this will be the case, at least at once day. If not for the settings then at least for things like your camera roll. Which is after the reboot
Whatever happened to personal responsibility?
If you sign up for an online service, create and employ a complex password. For recovery options, use questions and answers that are not easily identifiable through social engineering. If your favorite team is the Dallas Cowboys, using an avatar of the Cowboys logo on your online accounts is likely a dead giveaway.
If the service you are using has two-factor authentication, use it. Hey, it could be a hassle in the short-term but once it becomes habit and part of your routine it won't matter.
Use a secure password manager / generator to maintain your login information. Change your passwords on a regular basis and if you feel that you have had your security compromised change all accounts.
Don't log into public computers to check your personal email, bank accounts, retirement funds, etc.
If you don't trust the cloud, don't store on the cloud.
If you don't want something on the internet, do not put it out on the internet. This includes photos, your own personal information, and forum posts which express your personal opinions and beliefs if you are not comfortable sharing them in public.
We are all only human, so we are bound to break one of these "rules" at some point and quote "be stupid". The fact of the matter is there is a major breach of privacy because regardless of how easily the content was obtained, the people behind the leaks were very determined to get said information and there is no telling what lengths they would have gone to in order to extract the information they wanted. I feel sorry for these very real people who have now had a side of themselves exposed to the world that they would otherwise not share. The leaked content is not in context. We don't know if things were done in a provocative, loving, or possibly joking nature.
Could Apple have had tighter security? Sure, but how many "are you sure you want to do this" prompts are necessary before it becomes the responsibility of the user to ensure his or her privacy is being respected?
If anyone is looking for publicity its the hacker, which might be why it was implied that they breached an Apple system. Apple gets press. During the days between invite and announcement everyone basically turns into 24/7 Apple press machines. It was very very well timed.
Even though I'm speaking harshly against the celebrities, I am all for harsh punishments against the hackers.
They need to find those people quickly and deal with them in the most severe way. In addition to their punishment when caught, those people should be banned from the internet for life. If somebody is a pedophile, you don't let them be around small children. If somebody is a convicted hacker, they should not be allowed anywhere online, ever.
I mentioned this to someone on another site and they claimed that yes your phone gets text messages before iCloud is set up. If I had the time to waste I would actually wipe my phone to test that, but I highly highly suspect that this would be wrong. And thus 2 step wouldn't work for restoring a backup. Unless Apple wants to change the system so backups don't have to be set up on a fresh machine. Perhaps with the new iCloud system this will be the case, at least at once day. If not for the settings then at least for things like your camera roll. Which is after the reboot
I think if the original device is not available you have to use the recovery key that is provided during the two-factor authentication setup. Most two-factor setups require you, the user, to keep track of any recovery codes or emergency access codes if you lose access to your authenticating device. From there you will need to disable the old device and activate authentication with a new one.
Is Photostream being replaced in iOS 8? I'd rather have it be optional than automatic.
I'm not sure what you mean.
You can turn off photostream. It doesn't have to be on, and you can take as many pictures as you like, without them being uploaded to iCloud.
Sounds like you need to buy a gun.
I live in one of the places where it's hardest to get a gun in the entire US, but I'm thinking about getting one soon, just because I'd like to challenge the system, and exercise my rights.
You can only educate folks so much. It's highly unlikely that all the majors will ever join together to create a database that bars using common passwords. So it's on the user. If they insist on using the same password everywhere, that's on them. It's unruly to give folks one try then block them out, although that would be the safest. And phishing. Well that is again an education issue. Many folks just don't care to try to learn that stuff. So they happily give all their passwords away (which happen to be the same one) and all their money to that very nice prince in Nigeria
We don't know how people got to each of the celebrities' accounts and maybe there are multiple methods in this particular case. Having good computer-user habits is important but that means understanding all the attack vectors. And there's no one who knows it all. It's not useful to simply blame the victim.
Sounds like you need to buy a gun. Or a lock.
I think the analogy with the physical home is helpful to simplify the discussion but that's only going to go so far. Go ahead and put on the new lock and get a gun. Heck, move into a bank vault. Nothing's invulnerable.
My point is that this hack is complicated. There's an uncoordinated, opportunistic swarm of people involved in these hacks. There's public policy, law enforcement, government regulations involved. Those are all factors allowing things like "ElcomSoft Password Recovery Bundle" to be available to governments, private organizations and even individuals. There are multiple ways to get into your iCloud account. Who has considered all these things before connecting their phones to the network? Or even browsing the web?
Don't get me wrong. Security is important and I do think Apple's correctly earned a good reputation for it. I'm glad to hear that some of these vectors haven't been cracked. Touch ID is an important part of making security part of our everyday usage. An app store to limit what goes on iOS is a critical innovation. I'd argue Apple has done a better job protecting OS X than Microsoft has done for Windows. There's room for improvement and important decisions to come. I think they'll keep making good progress even as things continue to get more complicated.
It's a start.
More of a journey.