An important WAN show discussion topic regarding Apple's standoff with the FBI/DOJ.

[Counter-Strike Player]

On the issue of "The Fappening," I question Linus' assumption that the "hack" took place solely via social engineering. Either more than 100 individuals (many celebrity-status) were dumb enough to be duped by someone using an email username "appleprivacysecurity" (a court document description), or, there was an exploit present in the "Find My iPhone" service that allowed unlimited attempts at brute-forcing a password...and if "hackers" got a hold of legitimate Apple iCloud usernames, they used a pre-compiled tool that guessed the associated weak passwords (or weak security answers.) The wiki is ambiguous about the exact route but Occam's Razor is telling me there was a flaw and "appleprivacysecurity" wasn't able to successfully dupe so many celebrities into giving away their password to unknown sources. Some have speculated the information was collected months before over insecure MitM wifi hotspots at high-profile events, but that can be dismiss-able given proper authentication methods (and not some incredibly-retarded old Bluetooth implementations that Bluesnarfing and "Linkkeys cracking" exploit which may or may not have gained access to Paris Hilton's pics on her phone back in 2005.)

 

Now, "guessing" people's security answers can be a different story -- this was how Sarah Palin's personal "Yahoo!" email account was "hacked" by some kid (David Kernell) of some state-level democrat and subsequently changed the password to "popcorn" and posted it on 4chan back in 2008. The court battle was a huge mess. 4chan creator Christopher Poole was called in to testify about the most basic internet terms like "OP" and "lurker." Prosecutors were clearly technologically-inept and accused the proxy operator that Kernell used ("Ctunnel" operated by Gabriel Ramuglia) of ridiculous plots of collusion for political gain in that election year -- which unsurprisingly never held up in court. Ramuglia was PISSED after that and subsequently stopped all of his logging which previously aided the case. As some of you may know, this is when "Yahoo!" changed their security questions to whatever you want versus a small list of drop-down questions that are relatively easy to guess the correct answer.

 

Back to the fappening, I honestly suspect that after 4chan implemented a more "takedown-friendly" system of pics...because people kept spamming the same pics over and over again, Poole was fed up with the mess, didn't want to be involved with another court battle, so he quit. I seem to recall reading about similar stories of some of the employees over at Imgur -- twitter posts like "Welp, my entire work day consisted of nothing but taking down pics" during the frenzy of threatening lawsuits against a wealth of individuals and organizations.

 

Apple eventually officially stated that it was "a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet." Now, that's some weasel wording if I've ever read such a statement. It doesn't claim negligence while appearing to offload most of the blame on "the evil internets." It's factually accurate for both situations: there was a flaw in the "Find My iPhone" service since "weak passwords" is a factor, OR Apple's security was in fact bullet-proof at the time and it was "appleprivacysecurity" accounts duping 100's of individuals. The resultant FBI investigation was unsurprisingly lackluster and provides very little information other than, "people are still being investigated," dated October 2014 -- the latest update thus far, 16 months ago. My theory: Apple screwed up in a way that most of us don't know about and it was determined henceforth to not let it happen again; they quietly re-designed their security implementation to the point where, if it wasn't bullet-proof before, it sure as hell will be 99.̅9% bullet-proof from now on. Hence the present "we're not budging" stance on re-writing our intellectual property (because we potentially got burned once and outright refuse to implement Pandora's Backdoor.) I despise the fact that so many people think this is nothing more than an uninformed conversation like,

Quote

Oh well, they're just asking for the "security key" to unlock the phone, herpa derpa, [now pretending to be angry at the workplace water-cooler.] Blah blah blah, something about ISIS chopping off heads and my tax dollars, oh and btw on an unrelated note, it's "not my problem" if [close-proximity] co-worker 'X' can't do their job; so don't blame me for not taking responsibility for anything I do here.

 

I expect this to get all the way to the Supreme Court and will ironically get a tie vote. Instead of giving the lower courts the winning decision in the case, wouldn't a simple coin flip that determines if future devices now turn into Telescreens from 1984 (watch the movie)...be more interesting? And yes, that was a /s.

 

Summoning @jmart604 for mandatory law discussion.