[Updated]: Apple denies iCloud breach, says ‘very targeted attack’ hit certain celebrities and Tim Cook Responds

[RedRound2]

It solves the problem of brute force attacks. But the solution is to inform the victim of what's happening, in an informative way (i.e. email/text with "you had XX login attempts from source Y, if it wasn't you contact Z"). 

Do you think people try brute forcing their way though by hand? Ever heard of a bot? Look for Zip crackers.

Passwords that require more than certain length are plain stupid. It's the length of the password that's harder to crack, not its complexity. |_3\/\/@P is still easier to brute force than MyNickIsLewapAndThisIsMyPassword.

https://howsecureismypassword.net/ check both.

Also, with Touch ID it may be ok to forget Apple related passwords, because of the system around it, but how do you map passwords to 3rd party logons with it? Bank accounts, utilities websites, even my personal email would never land on a list of "TouchID'able" logins.

 

That solution is the one apple's implementing rather than blocking the account

 

I'm not stupid, I know that its bots, that's why Apple's asking for you to put one caps and one number, to increase the complexity and time taken by the so called bots. That's enough to people stopping to brute force their way in because Apple's servers will definetly flag when someone has tried a thousand combinations in an hour. Hackers are not stupid you know

 

Bank accounts is something everyone has unique. But they also have key codes (a device that generated random passwords) at a given minute for additional security. 

 

Most people have same passwords for less important stuff like email (unless you're some high profile agent) and other online utilities. Services where my credit card is tied in like my Apple ID will be much more complex to decipher by a bot or so. 

[Trik'Stari]

That solution is the one apple's implementing rather than blocking the account

 

I'm not stupid, I know that its bots, that's why Apple's asking for you to put one caps and one number, to increase the complexity and time taken by the so called bots. That's enough to people stopping to brute force their way in because Apple's servers will definetly flag when someone has tried a thousand combinations in an hour. Hackers are not stupid you know

 

Bank accounts is something everyone has unique. But they also have key codes (a device that generated random passwords) at a given minute for additional security. 

 

Most people have same passwords for less important stuff like email (unless you're some high profile agent) and other online utilities. Services where my credit card is tied in like my Apple ID will be much more complex to decipher by a bot or so. 

Some of us are actually smart enough to not have bank accounts. I might keep one for online purchases but there's no money in there unless I'm making a purchase. Not gonna pay a bank (you do pay them to hold your money) to hold onto my money, with which they play the stock market and give out loans and get rich.

[LePawel]

Some of us are actually smart enough to not have bank accounts. I might keep one for online purchases but there's no money in there unless I'm making a purchase. Not gonna pay a bank (you do pay them to hold your money) to hold onto my money, with which they play the stock market and give out loans and get rich.

I don't pay for my bank account.. where do you live?

[Trik'Stari]

I don't pay for my bank account.. where do you live?

Look on your list of charges, you will see "maintenance fees". Or at least you will if you're in the US. I'm actually $9.00 "overdrawn" on my account, even though I specifically said I want no overdraft, because they've charged me 5.00 for "maintenance" over the last 2 months. If they think I'm paying $35.00 in overdraft fees for that, their insane.

 

The point is, banks get rich off of holding your money, they use it to give loans, or play the stock market/invest in things. Why would you let them hold your money?

[LAwLz]

Look on your list of charges, you will see "maintenance fees". Or at least you will if you're in the US. I'm actually $9.00 "overdrawn" on my account, even though I specifically said I want no overdraft, because they've charged me 5.00 for "maintenance" over the last 2 months. If they think I'm paying $35.00 in overdraft fees for that, their insane.

 

The point is, banks get rich off of holding your money, they use it to give loans, or play the stock market/invest in things. Why would you let them hold your money?

Why would I let them have my money? Because it is safer than having tens of thousands of dollars in my home. Because it is easier to pay with my card instead of cash. Because I want to be able to pay for things online. The list goes on.

Oh and I get money for using my bank. I think it's usually a 10 dollar maintenence fee per year but it's free for students. I pay 0,and get interest.

[mr moose]

Look on your list of charges, you will see "maintenance fees". Or at least you will if you're in the US. I'm actually $9.00 "overdrawn" on my account, even though I specifically said I want no overdraft, because they've charged me 5.00 for "maintenance" over the last 2 months. If they think I'm paying $35.00 in overdraft fees for that, their insane.

 

The point is, banks get rich off of holding your money, they use it to give loans, or play the stock market/invest in things. Why would you let them hold your money?

I own shares in my bank, so not using it would be like owning a supermarket but buying your food from the corner store.  Also my total monthly fee because I own shares is $3

[Trik'Stari]

Why would I let them have my money? Because it is safer than having tens of thousands of dollars in my home. Because it is easier to pay with my card instead of cash. Because I want to be able to pay for things online. The list goes on.

Oh and I get money for using my bank. I think it's usually a 10 dollar maintenence fee per year but it's free for students. I pay 0,and get interest.

Meh. Also it's not easier to pay for things in person with a card, the machine's break (at least around here they do), the systems go down, etc. Cash can be used anywhere anytime (at least with any reasonably sane business, never heard of one that didn't take cash). What's unsafe about having your money in your house? If you don't tell people about it then it's somewhat secure.

 

I own shares in my bank, so not using it would be like owning a supermarket but buying your food from the corner store.  Also my total monthly fee because I own shares is $3

That's a bit smarter of a way to do things, if the bank doesn't go under. And why are they charging you if you already own shares?

[Murdoch]

Ehh... What? Their competitors have had those kinds of things for ages.

Don't praise them for just now caching up with other services.

 

Exactly, my old Hotmail account I no longer use got "hacked", Microsoft noticed an unusual IP address logging into my account, automatically blocked it, and notified me via text. This was all with default security settings cause I hadn't used the account in years.

[mr moose]

Meh. Also it's not easier to pay for things in person with a card, the machine's break (at least around here they do), the systems go down, etc. Cash can be used anywhere anytime (at least with any reasonably sane business, never heard of one that didn't take cash). What's unsafe about having your money in your house? If you don't tell people about it then it's somewhat secure.

 

That's a bit smarter of a way to do things, if the bank doesn't go under. And why are they charging you if you already own shares?

Visa card fee's.

[Trik'Stari]

Exactly, my old Hotmail account I no longer use got "hacked", Microsoft noticed an unusual IP address logging into my account, automatically blocked it, and notified me via text. This was all with default security settings cause I hadn't used the account in years.

I haven't thought about that, I had alot of accounts when I was younger that I no longer remember, do they delete accounts for innactivity?

[LAwLz]

umm no. I don't care if they're first or last. I care on who does the best. Google doesn't have those features nor does MS. Facebook has it though.

 

It still is the celebrities fault and not apple's. They could have just easily enabled 2 factor authentication or disabled iCloud services. But even after everything, they took up the responsibility and is enhancing their security still. It just doesn't happen with others especially with android and google where most data are always being tracked

That solution is the one apple's implementing rather than blocking the account

 

I'm not stupid, I know that its bots, that's why Apple's asking for you to put one caps and one number, to increase the complexity and time taken by the so called bots. That's enough to people stopping to brute force their way in because Apple's servers will definetly flag when someone has tried a thousand combinations in an hour. Hackers are not stupid you know

 

Bank accounts is something everyone has unique. But they also have key codes (a device that generated random passwords) at a given minute for additional security. 

 

Most people have same passwords for less important stuff like email (unless you're some high profile agent) and other online utilities. Services where my credit card is tied in like my Apple ID will be much more complex to decipher by a bot or so.

 

 

 

But... They do have those features.

In fact, I tried it today. I deliberately attacked my own hotmail account. A few minutes later I got an email on my gmail account saying my hotmail account had been locked.

 

Verify your account

We have discovered something unusual with one of your logins recently on your Microsoft-account XXXXXhotmail.com. You might have logged in from a new place, device or app.

 

In order to protect your account we have blocked access to your inbox, contact list and calender for that connection. Examine the latest activities activities and we will help you take action.

You have to validate that it was you who did the latest action in order to regain access.

<Button that brings me to the latest login attempts on my account>

When I pressed the blue button I had to request a one-time code be sent to my phone or gmail. When I changed IP again I still got the blocked message, so I assume it just defaults to "block any IP that we are unsure about", unless you verify that it's really you with the one-time code.

Anyone who says that "blocking accounts does more harm than good" has no idea what they are talking about. I am sorry but it's true.

There are ways of implementing it properly. I think GoodBytes will vouch for me not being particularly found of Microsoft, but they did a good job with the security aspects on Microsoft accounts.

They also have captchas if you type in the wrong password enough times.

 

What happened with iCloud could not happen (the same way) on Microsoft and Google because they have already protected themselves from it. Don't give Apple credit for just now implementing basic security features. They fucked up with iCloud's security and that's the end of it.

 

Oh by the way, Apple didn't flat it as suspicious even though tens of thousands of passwords were guessed. It will do it now, but it didn't before because they forgot to implement that.

 

 

 

 

 

Meh. Also it's not easier to pay for things in person with a card, the machine's break (at least around here they do), the systems go down, etc. Cash can be used anywhere anytime (at least with any reasonably sane business, never heard of one that didn't take cash). What's unsafe about having your money in your house? If you don't tell people about it then it's somewhat secure.

I've only had the scanner not work 2-3 times throughout the entire time I've used my card (6 years I think).

I think it is easier. You don't have to get a bunch of coins back, or count how much you should give etc. Just put your card in, look at the sum, tap your pin and it's done. No messy change to get back, no fumbling around with coins to get as close as possible to the correct amount.

 

It's unsafe because of things like fire or other accidents. Also, it loses value faster than if I have it in the bank. The interest rate is not high enough to completely counter inflation, but it's hell of a lot better than 0% interest.

 

So I think it's more convenient, it's safer and I actually make money from using it. For me it is win-win-win.

[Guest]

Very targeted? Are they joking? It's the most random collection of actresses, not to mention how would they know who to target in particular for nudes? **typing this with 1 hand, please forgive the typos.***

 

 

EDIT: Have you seen the ones of the girl who was in die hard(Mary Winston I think), What would you get by targeting her?. those aren't even good.

By targeted I assume they mean famous people- they don't care about the photos of normal people, so yes, it is targeted.

[The Last MeMe]

Look. Anyone who's blaming apple, shut the hell up. Any service, no matter how secure, is NOT unhackable.

This day in age people should know nothing is safe on the internet... Tired of seeing these articles saying it's not the celebs fault they took the pictures and sent them the pictures. There wouldn't have been anything to even leak if they hadn't taken them in the first place or at least hadn't uploaded them to CLOUD STORAGE???? Honestly if I was Jessica alba and I had nudes the last thing I would think is "oh I should probably upload these into online storage". The blame is not all on apple...

[mr moose]

This day in age people should know nothing is safe on the internet... Tired of seeing these articles saying it's not the celebs fault they took the pictures and sent them the pictures. There wouldn't have been anything to even leak if they hadn't taken them in the first place or at least hadn't uploaded them to CLOUD STORAGE???? Honestly if I was Jessica alba and I had nudes the last thing I would think is "oh I should probably upload these into online storage". The blame is not all on apple...

 

To be honest I believe it's combination, I don't think it's fair to expect everybody to have the same degree of understanding about how  how secure or unsecured certain parts are.  We are enthusiast and enjoy learning about all of this, not so much for some of these celebs who have no idea and likely not the predisposition to learn. So when a company comes along and says "use our secure online storage for all your personal files, we have XXX encryption so you know it's safe", can you blame them for thinking their photos were safe?  I don't.

 

I don't expect them to jump on forums and spend a few days trying learn how secure things really are. To them most of what we say would be like us sitting in a lecture on psychology where every second word had 13 syllables and was mostly Latin and expecting us to comprehend the subject.

[LAwLz]

To be honest I believe it's combination, I don't think it's fair to expect everybody to have the same degree of understanding about how how secure or unsecured certain parts are. We are enthusiast and enjoy learning about all of this, not so much for some of these celebs who have no idea and likely not the predisposition to learn. So when a company comes along and says "use our secure online storage for all your personal files, we have XXX encryption so you know it's safe", can you blame them for thinking their photos were safe? I don't.

I don't expect them to jump on forums and spend a few days trying learn how secure things really are. To them most of what we say would be like us sitting in a lecture on psychology where every second word had 13 syllables and was mostly Latin and expecting us to comprehend the subject.

I don't think it's fair to compare common sense to a lecture in physics.

I can even sum it up in a simple sentence: "Don't upload nudes photos of yourself the Internet if you don't want everyone to be able to see them".

I really think that this should be common sense. We have seen this happen over and over and over again. How many times does it have to happen and get reported on before people learn?

Sooner or later, the absolute basics of things we use every day should become common sense. I would put "don't upload naked pictures of yourself online" on the same level as "you have to refuel your car after driving it". Knowing how to refuel a car might not have been common sense before cars became widespread, but once they did you were expected to know how to refuel. I don't see why we give people so much slack for not knowing the basics of computers. If you're going to use something, especially if you rely on it so very much, then at least learn the absolute basics.

If that makes me a "nerd butthole" in your eyes (hi Linus) then too bad for me. I won't stop giving advice to people who desperately need it just because they don't want to learn what's best for them.

Don't want to put yourself in a situation where your nude photos might become public? Then don't upload them to the Internet to begin with.

Edit: and honestly, I don't give a damn about the photos. I don't care about real life porn nor do I care about celebrities. What I do care about is Apple having sloppy security, and people who push responsibility onto other people.

It seems like people don't want to take responsibility for anything these days. Raising my kids? The school should do that. Making healthy life style decisions? The government should do that for me. Making sure my nude photos are safe? Apple should do that.

[SpaceSquid]

Weren't some of the pics not taken by an iOs device?

[SpaceSquid]

Look on your list of charges, you will see "maintenance fees". Or at least you will if you're in the US. I'm actually $9.00 "overdrawn" on my account, even though I specifically said I want no overdraft, because they've charged me 5.00 for "maintenance" over the last 2 months. If they think I'm paying $35.00 in overdraft fees for that, their insane.

 

The point is, banks get rich off of holding your money, they use it to give loans, or play the stock market/invest in things. Why would you let them hold your money?

inflation

[LAwLz]

Weren't some of the pics not taken by an iOs device?

That is correct. The photos come from many different sources and many different time periods.

Some photos are very new, and some are many years old. Some were from iCloud and some were from other services.

[LividPanda]

This is rather disheartening, especially after hearing the WAN show. If you break into and steal somebody's data, and you should get into the maximum amount of legal trouble. Why people want to see naked celebrity pictures is something I'd never thought I'd have to explain. Finding boobs on the internet isn't what people are confused about, it's about finding particular boobs. An anonymous pair of mammaries on the internet is like a screen door on a submarine. Cyber security has wormed its way into every aspect of life and when you have 3, 4, 5 or 6 devices talking to the internet, you inherent all the vulnerabilities associated with that device. Ignorance is no longer an excuse, cyber security isn't something in the corner you can choose to ignore it's now part of everyday life. I am not suggesting Jennifer Lawrence dedicate years of her life to getting her CISSP and working on a red team but when you are a high profile individual having a fundamental understanding of how to be a responsible data custodian, is not being unreasonable, and certainly would of saved her an enormous headache.

[rootavish]

By targeted I assume they mean famous people- they don't care about the photos of normal people, so yes, it is targeted.

Just because the hacker didn't release the names of other less famous people, because honestly, who cares?, how can you make an assumption that they didn't hack the accounts of some other, lesser known people as well? If they indeed did it through code, which I strongly believe they did, as you can't social engineer a 100 accounts, they probably tested the hack first on some other innocent people as well, who knows? Certainly not Apple, if they knew about the bug it wouldn't be there to begin with. That enough for you, fanboy?

[Guest]

Just because the hacker didn't release the names of other less famous people, because honestly, who cares?, how can you make an assumption that they didn't hack the accounts of some other, lesser known people as well? If they indeed did it through code, which I strongly believe they did, as you can't social engineer a 100 accounts, they probably tested the hack first on some other innocent people as well, who knows? Certainly not Apple, if they knew about the bug it wouldn't be there to begin with. That enough for you, fanboy?

Whoa now.

They didn't release shit from anyone's account but those that (sick) people are interested in. So, it was targeted. Maybe not on specific celebrities, but on celebrities as a whole. No need to fight- nothing is unhackable, whether it's Apple's system, Steam, PSN (lol), or Google.

So, with that in kind, my point is still valid.

[rootavish]

Whoa now.

They didn't release shit from anyone's account but those that (sick) people are interested in. So, it was targeted. Maybe not on specific celebrities, but on celebrities as a whole. No need to fight- nothing is unhackable, whether it's Apple's system, Steam, PSN (lol), or Google.

So, with that in kind, my point is still valid.

You got me cracking on PSN, but when you discover something as cool as that, I guess celebrities are the best way to make noise about it. I just saw the WAN show which had Linus talking about how Apple lost 28 billion in company value, and I did get the part where it was not that much of a big deal. But I think the big deal is the fact that they are suffering on their ever "hotshots" image at all, especially with the launch event coming up. So those targets were essential to actually make noise like this. And the internet's favorite JLaw only added to that noise.

[Guest]

You got me cracking on PSN, but when you discover something as cool as that, I guess celebrities are the best way to make noise about it. I just saw the WAN show which had Linus talking about how Apple lost 28 billion in company value, and I did get the part where it was not that much of a big deal. But I think the big deal is the fact that they are suffering on their ever "hotshots" image at all, especially with the launch event coming up. So those targets were essential to actually make noise like this. And the internet's favorite JLaw only added to that noise.

Yeah, it's unfortunate that it happened. It seems like no matter who it is, and no matter how much they beef up security, things leak, and people get hurt. I didn't see any of the pictures, and I truly feel sorry for the people who were affected- all the people commenting on Twitter, and even this forum are saying some pretty disgusting things.

 

With the launch coming up, as usual, people will be busy gawking over the iPhone 6 and iWatch to worry about this, but I do hope they at least add more security measures.

[The Last MeMe]

To be honest I believe it's combination, I don't think it's fair to expect everybody to have the same degree of understanding about how how secure or unsecured certain parts are. We are enthusiast and enjoy learning about all of this, not so much for some of these celebs who have no idea and likely not the predisposition to learn. So when a company comes along and says "use our secure online storage for all your personal files, we have XXX encryption so you know it's safe", can you blame them for thinking their photos were safe? I don't.

I don't expect them to jump on forums and spend a few days trying learn how secure things really are. To them most of what we say would be like us sitting in a lecture on psychology where every second word had 13 syllables and was mostly Latin and expecting us to comprehend the subject.

You make a good point but before I was even interested in technology and was soley just a regular console gamer I was always told to be careful online... Nowadays just seems like common sense is all

[The Last MeMe]

To be honest I believe it's combination, I don't think it's fair to expect everybody to have the same degree of understanding about how how secure or unsecured certain parts are. We are enthusiast and enjoy learning about all of this, not so much for some of these celebs who have no idea and likely not the predisposition to learn. So when a company comes along and says "use our secure online storage for all your personal files, we have XXX encryption so you know it's safe", can you blame them for thinking their photos were safe? I don't.

I don't expect them to jump on forums and spend a few days trying learn how secure things really are. To them most of what we say would be like us sitting in a lecture on psychology where every second word had 13 syllables and was mostly Latin and expecting us to comprehend the subject.

You make a good point but before I was even interested in technology and was soley just a regular console gamer I was always told to be careful online... Nowadays just seems like common sense is all