2 recommendations |
Glitch in Apple iCloud security may have been behind photo 'leak'quote: A weakness in Apple's iCloud security which allowed hackers to repeatedly try new passwords for as long as it took to find the correct one may have been behind the celebrity photo scandal.
A hacker who leaked more than 100 nude photographs of some of Hollywoods most famous female stars may have accessed the images due to a vulnerability in Apples security system, technology experts claimed.
The anonymous user of photo sharing website 4chan posted explicit pictures of celebrities such as Oscar-winning actress Jennifer Lawrence which are thought to have been obtained via Apples iCloud service.
Apple and the FBI are investigating the hack which is suspected to have exploited a weakness in the Find My iPhone cloud-based service.
The leak saw British names including model Cara Delevigne and former Downton Abbey actress Jessica Brown Findlay linked to the list of 101 famous people whose intimate pictures had reportedly been accessed.
Initial reports suggest the hacker may have used a computer programme which guesses likely passwords again and again until a correct one is found.
» www.telegraph.co.uk/tech ··· aim.html» ca.finance.yahoo.com/new ··· c=_startForget googling to get your daily celebrity porn, time to start surfing iCloud. Also it will be interesting how many more 'want to be' celebrities start uploading nudies and sex tapes to iCloud in hopes of getting that 'magic' exposure. Blake |
|
lorennerol Premium Member join:2003-10-29 Seattle, WA
5 recommendations |
Okay, bad on Apple for this, #1. And #2.
And...who in their right mind takes compromising pictures of themselves and then uploads them to the "Cloud"? Particularly public figures (except politicians because well, I've come to accept an inferior level of thought from them).
Even if there wasn't an external weakness, all it takes is one bad employee in the right location and you've been Snowden'd. |
|
|
quote: Mr Troshichev, a security researcher with HackApp - his online security firm, - said that he started looking for weaknesses in iCloud after photographs and emails apparently belonging to Dmitry Medvedev, the Russian prime minister and a prominent user of Apple products, were hacked and released on August 14.
Apple fixed the problem with the FindMyiPhone app, which allows remote tracking of Apple devices, on Monday %u2013 shortly after the nude celebrity photos began spreading online.
"The end of fun, Apple have just patched FindMyiphone bug," Mr Troshichev wrote on Twitter at the time.
He said he did not report the fault to Apple before going public because Apple does not usually respond to such information, and because he believed it was not a serious threat.
» www.telegraph.co.uk/news ··· law.htmlMaybe Apple will start responding now. Blake Edit - I wonder if the Sept 9 Apple event will include how to take better nude selfies? I know I post nude selfies of myself to the cloud but as a security feature (and boost sales of eye bleach). |
|
Link Logger |
I was going to post this earlier but I was out of town over the weekend. quote: iBrute iForce iHack
The breach of the celebrities iCloud accounts was reportedly made possible by a vulnerability in Apples Find My iPhone application programming interfaceat least, that's what has been suggested. Proof-of-concept code for the exploit, called iBrute, allowed for brute-force password cracking of accounts. It was uploaded to GitHub on August 30, just a day before the breach occurred, as ZDNets Adrian Kingsley-Hughes noted. Apple patched the vulnerability early on September 1.
If your password is in this list, you might want to choose something else. » github.com/hackappcom/ibruteBlake |
|
mackey Premium Member join:2007-08-20
1 recommendation |
to Link Logger
said by Link Logger:Maybe Apple will start responding now. Nah, the aura of Jobs' ghost protects almost all of their stuff, this was just a fluke /M |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to Link Logger
What i find funny is a old pass i have used for 15 years for things i do not honestly care much about has never shown up on any password list dictionaries and it is only like 6 chars long no caps etc. It is far from random ither. How ever to any one who found it wrote down somewhere it would seem to be total nonsense. |
|
|
to Link Logger
...I'm with lorennerol ... and getting vibes of this . So is it life imitating art, or art imitating life? Regards |
|
BlackbirdBuilt for Speed Premium Member join:2005-01-14 Fort Wayne, IN |
to Nanaki
said by Nanaki:What i find funny is a old pass i have used for 15 years for things i do not honestly care much about has never shown up on any password list dictionaries and it is only like 6 chars long no caps etc. It is far from random ither. How ever to any one who found it wrote down somewhere it would seem to be total nonsense. If there were just letters and numbers in it, there would be ~2.18 billion permutations... so the odds are indeed against it showing up on any pw list unless it's a very common word/name. |
|
|
to lorennerol
said by lorennerol:And...who in their right mind takes compromising pictures of themselves and then uploads them to the "Cloud"? According to this article, uploads are on by default for Iphone and IPad owners. quote: If you have an iPhone or iPad, all your photos are being uploaded to iCloud by default. Most people don't even realise that all their photos are being stored on iCloud servers.
So, it is up to the user to shut off the "feature" if not needed, once they figure out the feature is on. |
|
dave Premium Member join:2000-05-04 not in ohio |
dave
Premium Member
2014-Sep-2 8:33 pm
Presumably only if you actually have an iCloud account... |
|
lorennerol Premium Member join:2003-10-29 Seattle, WA |
to Frodo
said by Frodo:According to this article, uploads are on by default for Iphone and IPad owners. The default when you get into a car is for the seatbelt to be unbuckled. These folks are more than wealthy enough to have some savvy IT help, if they can't figure out how to buckle themselves up on the Interwebs. |
|
chip89 Premium Member join:2012-07-05 Columbia Station, OH
1 recommendation |
to Link Logger
It's mostly there fault for not doing safe hex! |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC
1 recommendation |
to Link Logger
Currently, the blame game is key - was it Apple's iCloud service, was it the failings of the same Celebs who practice poor security judgement and had simply not had 2FA turned on ? Apple are currently denying it was their fault. » www.theverge.com/2014/9/ ··· oto-hackSome compelling stuff from Wired Mag how a Police tool was used for the pic robbery. » www.wired.com/2014/09/ep ··· -icloud/Celeb photo hacks could not have come at a worse time for Apple. » www.wired.com/2014/09/th ··· r-apple/ |
|
|
siljaline |
to Link Logger
|
|
siljaline |
to Link Logger
Have an Apple ID ? Two factor authentication (2FA) » support.apple.com/kb/ht4232Those than run Apple iTunes and other media that talk | interface with your devices should be as secure as possible. Those with iTunes should log out when the software is not in use. Permanent login is a default. |
|
|
to Link Logger
» www.osnews.com/story/279 ··· _privacy» www.slashgear.com/celebr ··· 2344083/BTW - Justin Verlander (Detroit Tiger Pitcher) got caught in it. He's dating one of the celebs. |
|
mr weather Premium Member join:2002-02-27 Mississauga, ON |
to Link Logger
said by Link Logger: Maybe Apple will start responding now. I doubt it at least not publicly. To do so will admit some negligent activity on their part which will open them up to a mega-buck lawsuit. |
|
Riamen Premium Member join:2002-11-04 Calgary |
Riamen
Premium Member
2014-Sep-3 10:50 am
said by mr weather:said by Link Logger: Maybe Apple will start responding now. I doubt it at least not publicly. To do so will admit some negligent activity on their part which will open them up to a mega-buck lawsuit. Apple actually replied Monday (before this thread was started) and on Tuesday. Monday's reply was rather terse. We take user privacy very seriously and are actively investigating this report said Apple spokeswoman Natalie Kerris.Tuesday's reply. » www.apple.com/pr/library ··· ory.htmlWeak passwords and lack of 2FA may be to blame but Apple needs to step it up on their iCloud security. |
|
Nanaki (banned)aka novaflare. pull punches? Na join:2002-01-24 Akron, OH |
to Blackbird
Yeh it is a archaic spelling of a common word. Like ither and nither vs either and neither . It is not one of those how ever. It is funny how something so simple as using a archaic spelling can just ruin a pass word list lol. I have looked through a few and laughed because my pass was there but in the normal every day form. |
|
Nanaki |
to siljaline
I say apple is to blame. I base this on the fact that by default you can bypass any mac os pass word with in 30 seconds and not loose any user data and gain full root access to the computer in uestion. 99% of all apple mac users will leave it default. I can own that computer in seconds if i have physical access to it. In fact i can literally own a mac just by going to bestbuy and doing it there then registering the apple with apple like i bought it. The rest is just getting apple to replace a stolen laptop a little investment in insurance and its mine for like 50 to 100 bucks. Im just to honest a person to do it.
I already have a kindle fire hd 8.9 that some one pulled such a scam with. Buy insure report lost or stolen return get for 50 bucks. Now i honestly did not care i seen the receipt for it from a few days before and i knew the person for a couple years. So they wanted to get some of their money back and i wanted the kindle and took a chance i could root and rom it which i did.
But i would not want to put some one else through that sort of hassle. Apple needs to tighten things up where security is concerned and relax restrictions on what you can do with what you own. |
|
Carpie join:2012-10-19 united state |
to lorennerol
said by lorennerol:And...who in their right mind takes compromising pictures of themselves and then uploads them to the "Cloud"? I know right? That is so far fetched that it should be a storyline for a movie. Maybe one starring Cameron Diaz.... |
|
TheWiseGuyDog And Butterfly MVM join:2002-07-04 East Stroudsburg, PA |
to mr weather
said by mr weather:said by Link Logger: Maybe Apple will start responding now. I doubt it at least not publicly. To do so will admit some negligent activity on their part which will open them up to a mega-buck lawsuit. They and every major company should learn from the GM debacle. Trying to make believe you have not done anything wrong will cost you a lot more in the long run! |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC
1 recommendation |
to Link Logger
The Verge has a fairly comprehensive chain of events. » www.theverge.com/2014/9/ ··· ebrities |
|
Riamen Premium Member join:2002-11-04 Calgary
1 recommendation |
to Link Logger
An interesting write-up on how this came to be: » www.nikcub.com/posts/not ··· a-theft/ |
|
2 recommendations |
to Link Logger
Link to supposed "leaked" images or it didn't happen... |
|
AnavSarcastic Llama? Naw, Just Acerbic Premium Member join:2001-07-16 Dartmouth, NS |
to Link Logger
said by Link Logger:
Blake Edit - I wonder if the Sept 9 Apple event will include how to take better nude selfies? I know I post nude selfies of myself to the cloud but as a security feature (and boost sales of eye bleach).
Argggg, thats the last thing I need to read in the morning..., but how do we advertise this - could single handedly remove motivation for many hackers! |
|
siljalineI'm lovin' that double wide Premium Member join:2002-10-12 Montreal, QC |
to Link Logger
The Verge probably has the best story stream going that's not offensive, given the subject matter. » www.theverge.com/2014/9/ ··· ebrities |
|
mouse Premium Member join:2007-03-29 australia |
to Link Logger
Interesting - most are just names, nothing surprising but why would passwords like Tbfkiy9oN or 2wsx@WSX or 12qw!@QW appear in this list? Obviously a brute force attack can try anything but I don't see these as easy/obvious candidates or am I missing something? |
|
SnowyLock him up!!! Premium Member join:2003-04-05 Kailua, HI |
Snowy
Premium Member
2014-Sep-5 2:44 am
said by mouse:Interesting - most are just names, nothing surprising but why would passwords like Tbfkiy9oN or 2wsx@WSX or 12qw!@QW appear in this list? Obviously a brute force attack can try anything but I don't see these as easy/obvious candidates or am I missing something? Yup, 2wsx@WSX & 12qw!@QW are what I call 'pattern passwords' in that they are relative to a standard keyboard. If you type "2wsx@WSX" on your keyboard, watch where the keys fall - you will see a pattern to the key positions. Pattern passwords are very easy to crack, especially if you have any history on the password owner since they tend to use the same pattern over & over with just a switch of starting key, if even that. |
|
Snowy
1 recommendation |
to Chubbzie
said by Chubbzie:Link to supposed "leaked" images or it didn't happen... Yeah, I couldn't find them either. LOL |
|