Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts

[Keirasplace]

Holy [r@p! How will I remember a password that has 20 characters from all classes!

You could do what I do, use a long sentence of words smashed together. The more non sensical the better. To add to the difficulty, mispell the words, incorportate a long number, alternate cases and use non alphanumerics, the use emoticons is a bonus, especially mid sentence.

For example :
whee2731}bumm$LurveRoknRoolmouzikk!B-) (yes, that's 44 letters .
Original
We 2731 } bums love rock and roll music! B-) (even that non mispelled version is pretty crazy... )

Both are not too hard to remember and pretty insane to guess unless you are god . Of course, you don't have to make it THAT long.

I use a very long insane password on very very sensitive, log in once per week accounts. I don't even allow network logins, only console, but I'm paranoids about all aspect of security. Though, users are by far the weakest link, you have to protect them against themselves.

 

[Primejimbo]

Holy [r@p! How will I remember a password that has 20 characters from all classes!

I just use a password manager that doesn't store my passwords on a cloud (like iCloud). Look into 1Password and with the new iOS update, it will utilize the Touch ID on your iPhone (if you have a 5s). I now have over 50 logins and all have at least 15 characters (most have over 20).

https://agilebits.com/onepassword

https://itunes.apple.com/us/app/1password-password-manager/id568903335?mt=8

 

[burgundyyears]

Oh, I'm sure these celebs took noodie selfies and never, ever sent them to anyone else, ever. I'm sure they just took the noodie selfies and never, ever sent them to anyone else because, you know, they just like to look at their noodie selves.

 

[iZac]

Witness the death of passwords and the rise of Touch ID.

Fast forward five years time:

"Jennifer Lawrence's fingerprints leaked on the internet - swiftly followed by the rest of her."

 

[mozumder]

Apple really needs a "verified" cloud authentication that keys to your phone like TouchID, except with an added step of only fingerprinting when at the Apple store with government issued ID's as a second factor for TouchID.

In other words, the only way to reset your iCloud password or TouchID is if you bring in your government ID to an Apple store.

A "Verified by Apple" ID system.

 

[Rigby]

You also construct something out of a phrase from a book like so.

;%Thhgitagitsotakfoteostc5poJtePP

This is taken from "This hero had gone into the abyss, gone irrevocably, the son of the astrologer- king, forgiven on the eve of Sunday, the cruel fifth procurator of Judea, the equestrian Pontius Pilate"

This is a bad idea. The word lists used by password crackers these days include entire books (e.g. taken from the Gutenberg project) and can generate millions of variations based on quotes from them in very little time.

This could be a little more random

This is the key. Don't pick words or sentences yourself. They are anything but random. Use a method to generate your passwords from a good source of random numbers (like dice) instead. This way you get a provably high degree of entropy.

 

[Xenc]

I've read that some of these were deleted before Photostream even existed.

Aren't photos stream photos delete after 30 days?

iCloud Backup, maybe.

 

[ksuyen]

I smell Google or Samsung conspiracy with this happening so close to big event.

 

[Rigby]

I smell Google or Samsung conspiracy with this happening so close to big event.

Google is unlikely to do something like this. It undermines trust not only in Apple, but in cloud services in general, which is Google's bread and butter business.

 

[krravi]

Earlier today in Cupertino:

Tim – Phil, we can’t say a word about iCloud next week. Jennifer Lawrence is going to go hunger games on our a$$$$es. What do we do?

Phil – Talk bad about Android fragmentation as we always do!

Tim – You’re right! Android distribution numbers are always a classless punchline during our keynotes.

Phil – Lets have Craig do it. We can throw in a joke about his hair.

Tim – Just make sure you don’t use iCloud when saving the keynote. We don’t want the public to know our plans. Oh wait, that’s how the iPhone 6 parts got leaked on the internet.

LMAO! That was great!

 

[parapup]

Reminder: Don't ever put anything remotely private and potentially damaging on the Internet. If you do be sure you understand and keep track of crypto and encrypt it before it goes out of your device.

Does iCloud automatically backup all your photos to cloud or do you need to explicitly enable it? If it does it by default then Apple carries an even higher burden.

 

[aPple nErd]

People being foolish doesn't justify the criminals acts that were committed here.

And surely you know the difference between this and porn. Better yet, let's take Celebrity X out of the equation and insert your mom or your sister or just any random female you care about. Would we still think their foolishness would justify this criminal invasion of privacy and ensuing humiliation?

well first of all.. i don't hang with that crowd so I'm not a good person to ask. I dont hang with that crowd because in my opinion, thats gross.

 

[goke]

idiot journalist blaming Apple
http://www.youtube.com/watch?v=qz5i171h_no
<iframe width="560" height="315" src="//www.youtube.com/embed/qz5i171h_no" frameborder="0" allowfullscreen></iframe>

 

[aPple nErd]

But see the difference here is that these photos were swiped by way of an icloud backup (allegedly)
if this were true then these women aren’t being especially stupid, even a reasonable person would not know that their photos would somehow automatically, without them knowing, are being uploaded onto apple’s servers as soon as the phones get charged at night (by way of icloud backups).
Heck, i didnt pay attention to this until i got the notice that my icloud storage was full and played around to figure out that my camera roll back up was taking up all the space. I didn’t explicitly opt for a camera roll back up. It’s chosen automatically.
I didnt know this at the time and I frequent tech sites. Most people don’t.

This is different to users knowingly activating photostream, or users knowingly pressing send to send an email with their nudes onto a gmail account.
No this is simply users taking pictures on their phone and then doing nothing to it afterwards. iCloud did the rest automatically.

Apple needs to fix this.

thats why yo should read before agreeing or tapping "okay" to any popups on ios devices. theres a reason that you agree to terms and conditions and a reason you tap okay to allow photo stream. if people would read the popup like they are supposed to they would know these things. apple specifically tells you what an app is doing or if it doesn't, thats the user's responsibility to find out what the app does before just hitting "okay" or "accept". It's not apple's fault. it's the users' fault.

 

[Carlanga]

idiot journalist blaming Apple
http://www.youtube.com/watch?v=qz5i171h_no
<iframe width="560" height="315" src="//www.youtube.com/embed/qz5i171h_no" frameborder="0" allowfullscreen></iframe>

I thought it was an ok report, except the 4chan comments? apple did have a vulnerability that was patched today...

 

[jonbravo77]

I wouldn't be surprised if the celebs leaked the pics themselves. Because that's never happened to get a boost in publicity. People who think that Apple is not vulnerable to hacks are a bit delusional. It's still code just like all other software. Would it be nice to think that Apple is above hacks, sure, just not very realistic. My motto, if I don't want others to see it, keep it to yourself.

 

[aPple nErd]

its not that hard to read. and this is just by going into settings and into iCloud>photos... not even enabling or disabling anything.

----------

one of the celebs also stated that she uses an android so it seems like the media is blaming apple kinda like when Microsoft/Google were mistreating workers at Foxconn, apple got blamed.

 

[blahblah100]

well first of all.. i don't hang with that crowd so I'm not a good person to ask. I dont hang with that crowd because in my opinion, thats gross.

Well, and the fact that you are a superior individual who is perfect and never makes mistakes.

 

[Statusnone88]

The Fappening is upon us!!!!

 

[AaronEdwards]

its not that hard to read. and this is just by going into settings and into iCloud>photos... not even enabling or disabling anything.

You can thank Apple and its 'it just works' campaign...

one of the celebs also stated that she uses an android so it seems like the media is blaming apple kinda like when Microsoft/Google were mistreating workers at Foxconn, apple got blamed.

People don't take photos like these to keep for themselves, so did she send it to someone else, and if so, did that person use an iPhone/etc? It may not have been her account that the files where stolen from.

 

[aPple nErd]

Well, and the fact that you are a superior individual who is perfect and never makes mistakes.

i actually never said that... but hey, if you wanna give me that tittle, feel free.

 

[mabhatter]

thus why the cloud should die for personal use

Or treat iCloud like a public place that happens to offer lockers to put your stuff. It's simply not designed to be "secure" in the same way your house isn't secure to store $100,000 cash. Is it secure enough for me, yes... Because nobody gives a damn about me. And I would store naked pictures of me there... If I took naked pictures if me. (That would scare small children anyway)

Celebrity nudes are like Gold bricks. Yet they still use Email or SMS or Snapchat to pass them around.... You might as well use a postcard because Email and SMS are exactly that... Postcards with ZERO PRIVACY or security. Somebody just happened to find your mailbox on the side of the road and get lucky!

 

[aPple nErd]

You can thank Apple and its 'it just works' campaign...



People don't take photos like these to keep for themselves, so did she send it to someone else, and if so, did that person use an iPhone/etc? It may not have been her account that the files where stolen from.

true, but how would someone know what accounts to hack to get these photos?

 

[mabhatter]

Apple really needs a "verified" cloud authentication that keys to your phone like TouchID, except with an added step of only fingerprinting when at the Apple store with government issued ID's as a second factor for TouchID.

In other words, the only way to reset your iCloud password or TouchID is if you bring in your government ID to an Apple store.

A "Verified by Apple" ID system.

And every privacy advocate would scream to high hell that the government was locking down your personal accounts!

 

[Mashurrab]

Maybe if these celebs weren't so careless (and clueless) this wouldn't happen.

I'm sure some of them will be happy they get some mention in the news nowadays.

Or as we have heard multiple times before. It is intentional and they just blamed it on iCloud.