Cook says Apple will roll out new iCloud security alerts, expand 2-step authentication after celebri

124

Comments

  • Reply 61 of 81
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    I'm not sure what you mean.

     

    You can turn off photostream. It doesn't have to be on, and you can take as many pictures as you like, without them being uploaded to iCloud.


    Indeed, I long ago turned it off as it least early on I noticed I got doubles when Photostream was archiving photos and they weren't acknowledged to already be loaded when I next synced my device. And for myself all those "extra" images drove me nuts....

  • Reply 62 of 81
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by Apple ][ View Post

     

     

    Even though I'm speaking harshly against the celebrities, I am all for harsh punishments against the hackers.

     

    They need to find those people quickly and deal with them in the most severe way. In addition to their punishment when caught, those people should be banned from the internet for life. If somebody is a pedophile, you don't let them be around small children. If somebody is a convicted hacker, they should not be allowed anywhere online, ever.


    The challenge may ultimately be that in recent articles people are noting this release seems to have been the result of years of individual intrusions. which is why BB, Droids and iPhones etc. all appear in some selfies or data tags, some of which has been shopped on DarkNet and SilkRoad for years. Having passed through multiple hands, if true, the original thief is going to have a lot of separation from whoever has been releasing them, which possibly, was another thief who stole from a collector.....

     

    It may really come back to "Strong fences make good neighbors"...

  • Reply 63 of 81
    slurpyslurpy Posts: 5,330member
    Quote:

    Originally Posted by cropr View Post

     

    I think the main issue is that Apple (like other tech companies) encourage people to share automatically all their data  on iCloud.  Although this concept is easy and appealing, it is a bad practice.  People tend to be very lax with their online account management:  they use the same password on multiple online services, write down password on paper, ...  People should be thought to make a distinction between their public shareable data and their private data, and to keep their private date private.  Private data has no business on a public cloud service

    On all 4 Apple devices I have, I have switched off (among others things) the automatic photo stream upload.

    I only use a public cloud service for information I want to share with others and that I don't consider as harmful if it would be exposed. 

    For syncing my personal data, I 've setup a private cloud service, using the free ownCloud software, a really great package, that supports all my devices and not only the Apple supported ones.


     

    Is it really "bad practise"? These same people will bitch and moan, blaming Apple is something happens to their device, iCloud backup isn't turned on, and they find out they've lost everything. 95% of people are either too lazy or too stupid to actually go into their device settings and see whats actually happening when they get a new device. They wont change any of the defaults, even thought the onus is on them to educate themselves on these basic things. When my sister visited, she asked me to look at her iPhone and fix a few things- absolutely everything was set up wrong making data syncing a mess (ie. notes being synced with multiple accounts, no backup, etc) 

  • Reply 64 of 81
    Originally Posted by ddawson100 View Post

    I think the analogy with the physical home is helpful to simplify the discussion but that's only going to go so far. Go ahead and put on the new lock and get a gun. Heck, move into a bank vault. Nothing's invulnerable.


     

    It’s not about invulnerability. It’s about increasing the cost-risk ratio to the point where you are considered an unnecessary expenditure.

     

    And the house analogy is wrong. Houses are pretty darn secure. What happened here was they contracted out a vault in a warehouse but instead of using the vault’s tumblers they just ran a zip tie from the door handle to the frame.

  • Reply 65 of 81
    Quote:

    Originally Posted by EricTheHalfBee View Post

     

     

    If you have 2fa set up, then which device receives the notification with the verification code to allow you to access iCloud from a new computer (as an example)? It's going to be your iPhone, of course. The device you usually carry with you and can give you an immediate notification if there's activity on your iCloud account.

     

    So what if your phone quits working, gets lost or stolen? You have your new iPhone you want to restore from iCloud. Where does the 2fa notification go to? Your old iPhone is gone, so it's not going there. Your new iPhone isn't set up yet, so it's not getting it either. Apple lets you set up more than one device (great for families), but if you're single would you have a second SMS capable iOS device you could set up to also receive the verification code? Even if you did, would you even think it was necessary to add a second device while you're setting up 2fa?

     

    There are certain situations where you might need access to iCloud without the hassle of 2fa. And this is the crux of the matter. Some people say Apple should force users to use 2fa, but that's not always an option for everyone in every scenario.


    If you keep your number when you switch phones then the SMS goes to the new phone as well, I set up 2 factor on my account awhile back, I can't remember if there was an option to have it mailed out as well. 

  • Reply 66 of 81
    ipenipen Posts: 410member

    Doesn't matter what Apple do to iCloud, i'll still keep my encryption process for all files sending to the cloud.  Any file that's not worthy to be encrypted are those you don't mind to be seen by the public.

  • Reply 67 of 81
    Quote:

    Originally Posted by charlituna View Post

     

    If anyone is looking for publicity its the hacker, which might be why it was implied that they breached an Apple system. Apple gets press. During the days between invite and announcement everyone basically turns into 24/7 Apple press machines. It was very very well timed. 


     

    Really? I don't think Apple needs any PR - By default they got it. As far as the hacker needing a PR - You must be joking? Do we have the identify of the hacker? BTW, it was targeted attached for the chosen few and not a breach of Apple iCould service. If it was a breach than the numbers would be in thousands and millions of users.

  • Reply 68 of 81

    Apple's 2 factor authentication is a bad joke! It's not even available in all European countries! For 2 years I'm waiting for 2 factor authentication and Apple don't want to give it in my country while I'm using 2 factor authentication for Google, Microsoft, Dropbox and everything else. For Apple you don't count if you don't live in a rich Western country. You are only good to be milked for money not to have access to basic security! The only thing they care is profits, profits and more profits! **** you Apple!

  • Reply 69 of 81
    solipsismxsolipsismx Posts: 19,566member
    nelsonx wrote: »
    Apple's 2 factor authentication is a bad joke! It's not even available in all European countries! For 2 years I'm waiting for 2 factor authentication and Apple don't want to give it in my country while I'm using 2 factor authentication for Google, Microsoft, Dropbox and everything else. For Apple you don't count if you don't live in a rich Western country. You are only good to be milked for money not to have access to basic security! The only thing they care is profits, profits and more profits! **** you Apple!

    If Apple only cares about profits and 2-factor costs something to setup then why would they offer to anyone? What will you say when Apple does finally offer it to your county? I doubt you'll recant your comment.
  • Reply 70 of 81
    nelsonx wrote: »
    Apple's 2 factor authentication is a bad joke! It's not even available in all European countries! For 2 years I'm waiting for 2 factor authentication and Apple don't want to give it in my country while I'm using 2 factor authentication for Google, Microsoft, Dropbox and everything else. For Apple you don't count if you don't live in a rich Western country. You are only good to be milked for money not to have access to basic security! The only thing they care is profits, profits and more profits! **** you Apple!

    Get an Android and be happy with the malware.
  • Reply 71 of 81

    I would like to quote and reiterate this one "If you don't want  something on the internet, do not put it out on the internet."

  • Reply 72 of 81
    Quote:

    Originally Posted by eponymous View Post

     
    Quote:

    Originally Posted by AppleInsider View Post









    To add an extra layer of protection, Cook said Apple will start sending out email and push notification alerts when an attempt is made to restore iCloud data to another device. The protocol adds to current safety measures that push out similar messages when a password has been changed or a device is first linked to an iCloud account.







    With the alerts in place, iCloud users can quickly react to potential breaches by closing off access or deleting files before a nefarious user has a chance to download potentially sensitive data.

     

     




    Looks like I was too hasty. According to Apple, iCloud backups are encrypted, contrary to Mashable. And Cook did address expanding 2-factor authentication. I somehow missed that on my first read through. Whoops.



    I too am unsure about the back ups. Indeed, the Apple site says that they are encrypted, however as you say, Mashable are one of a  number of sites that have used the EPPB software. Each of those sites claim that the back ups are not encrypted

     

    http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/?utm_cid=Mash-Prod-RSS-Feedburner-All-Partial

  • Reply 73 of 81
    hungover wrote: »

    I too am unsure about the back ups. Indeed, the Apple site says that they are encrypted, however as you say, Mashable are one of a  number of sites that have used the <span style="color:rgb(85,85,85);display:inline;float:none;font:15px/22.5px 'Helvetica Neue', Helvetica, Arial, sans-serif;letter-spacing:normal;text-indent:0px;word-spacing:0px;">EPPB software. Each of those sites claim that the back ups are not encrypted</span>


    http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/?utm_cid=Mash-Prod-RSS-Feedburner-All-Partial

    There are many ways data can be encrypted. In broad strokes you have transport layer, file system, and file encryption. If the key for file encryption of your backup is your username and password then having that you're in. It's certainly not an additional password to unlock the backup once you've DLed it.
  • Reply 74 of 81
    r2d2r2d2 Posts: 95member
    Quote:

    Originally Posted by Slurpy View Post

     

     

    Is it really "bad practise"? These same people will bitch and moan, blaming Apple is something happens to their device, iCloud backup isn't turned on, and they find out they've lost everything. 95% of people are either too lazy or too stupid to actually go into their device settings and see whats actually happening when they get a new device. They wont change any of the defaults, even thought the onus is on them to educate themselves on these basic things. When my sister visited, she asked me to look at her iPhone and fix a few things- absolutely everything was set up wrong making data syncing a mess (ie. notes being synced with multiple accounts, no backup, etc) 


     

    There are a couple of arguments that Apple and it's fans have pushed forward that doesn't do their "average" customers any favors.

     

    1) Apple products are safer than Android or Windows, so you don't have to worry about security.

    2) Only geeks want to dig into their settings, average customers want something that just works out of the box.

     

    The first argument lulls people into a (false) sense of security and believing that since they purchased an Apple product all is safe. Many have said that Window and Android users practice safer habits than Apple users (in general) because they know that there are viruses and other pitfalls for them in the wild. The average Apple user may be more relaxed about such concerns. To them, security is security. Doesn't mean Apple customers should be ignorant about safety, but that feeds into the second argument.

     

    "Who has time to learn about these security and also learn about proper settings? I just want to use my iDevice!" This is something that I have seen written on this forum more than once. Now, some people here are saying that customers are at fault because they didn't know enough to set things up correctly.

     

    Now, realize that we're talking about "average" people that most users on this board  would say that Apple product are best suited for. These are the same "average" people that don't know much about technology (another thing I've seen written here). When an Apple product is touted as being secure without much setup, the "average" person just might believe it without further thought. These actresses (and your sister, Slurpy), as far as technology goes, are just average people.

     

    Don't call Apple customers careless, ignorant, lazy or stupid because they took the hype at face value. After all, they are Apple customers who made a wise choice, right?!

  • Reply 75 of 81
    If Apple can offer $10/month for 1TB online backup, I'm getting that.
  • Reply 76 of 81
    Quote:

    Originally Posted by SolipsismX View Post





    There are many ways data can be encrypted. In broad strokes you have transport layer, file system, and file encryption. If the key for file encryption of your backup is your username and password then having that you're in. It's certainly not an additional password to unlock the backup once you've DLed it.



    Thanks it hadn't occurred to me that the forensics software would be sending/receiving the encryption tokens.

     

    See page 13 http://www.elcomsoft.co.uk/PR/recon_2013.pdf

     

    Clearly, the seamless nature with which the software decrypts the files had lead others to assume that there was no encryption. I had thought it odd that the phone would encrypt the data and then it would be decrypted on the server.

  • Reply 77 of 81
    solipsismxsolipsismx Posts: 19,566member
    hungover wrote: »

    Thanks it hadn't occurred to me that the forensics software would be sending/receiving the encryption tokens.

    See page 13 http://www.elcomsoft.co.uk/PR/recon_2013.pdf

    Clearly, the seamless nature with which the software decrypts the files had lead others to assume that there was no encryption. I had thought it odd that the phone would encrypt the data and then it would be decrypted on the server.

    I wonder how many people use a different password for their backups? I certainly do, but I also use 1Password and make sure no password is simple or repeated.
  • Reply 78 of 81
    waybacmac wrote: »
    I'm surprised how many people don't realize that deleting a photo from their iPhone doesn't also delete the copy in Photo Stream. With iTunes Match, when I delete a matched song from my library, I get a dialog asking me if I want to delete the copy in the cloud as well. Maybe the same could be applied to Photo Stream. 

    Conversely, if you delete a photo from Photo Stream, it's deleted from all your devices.
  • Reply 79 of 81
    shogun wrote: »
    If I leave my door unlocked it's not my fault my house got robbed. No one has a right to come into my house.

    You're right, no one has the right to come into your house. However, if someone does and it's because you only closed your screen door, didn't lock it and left all your interior lights on so we could see you weren't home I would certainly think you could have done a better job protecting yourself.

    I'm in the middle here. Do I think the celebrity photo theft was right? No. Do I feel for these actresses who have had private moments exposed? Yes. Do I think the perpetrators should be punished? Yes. Could the affected people do more to protect themselves? Yes.

    Edit: To ignore the fact that there are people who will disregard privacy/personal property rights, etc., is just being naive.

    It's interesting how extreme people's views are. Some are completely on one side, others completely on the opposite side.

    And some are in the middle like you.

    Some veer to one extreme, some to the other, and some take a middle ground.

    Some see things in black and white, others take a grey approach.

    Some take the high ground...

    ARE YOU GETTING IT NOW?! ????
  • Reply 80 of 81
    Conversely, if you delete a photo from Photo Stream, it's deleted from all your devices.
    Deleting from Photo Stream won't remove it from the device that took the photo, thereby, it would still be in any iPhone backups. That's a separate action.

    Deleting a photo from 'Moments' on the device that took/saved the photo also deletes it from Photo Stream on all devices.

    400

    It's definitely a nuance that I'm sure many people don't know. Why the same action doesn't happen from the camera roll, or why you aren't at least prompted to also delete from Photo Stream when deleting from the Camera Roll is a problem.
Sign In or Register to comment.