I agree with you on most of what you said. But all exploit exist because of a weakness somewhere. Whether it is code or weak passwords. But why isn't stronger passwords enforced? That in itself is a weakness......
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple 'Actively Investigating' Possible Hacking of Celebrity iCloud Accounts
- Thread starter MacRumors
- Start date
- Sort by reaction score
Unfortunately the 2 step verification is only in the USA or certain countries because it doesn't exist for my account.
Still not sure what part of the news pointing fingers means that's what happened. The news in Philadelphia last week claimed that facebook uses its messenger app to constantly film video from both of your smartphone cameras to generate ads.
Again, it's a holiday weekend in the US, you're not going to get much more out of Apple until tomorrow.
And, there we go, you're already running with it like a fact...this is simple logic, not sure how it keeps going over your heads.
----------
Because if you continue to up the stronger password enforcement you end up defeating the entire purpose of passwords when users start writing them down.
*may* have is to be taken lightly.
Of course it would have been stronger, regardless of anything else.
Seems Apple's been having a few issue with iCloud security, first with Mat Honan, and now this.
The word "trusted" device would imply here that the user must have Find My iPhone app on the device, since the SMS alone will not work without it.
If there is a hack in Find my iPhone, then this could be related.
Take note : Strong and memorable password... because u don't want to write it down..
This is pretty easy, but most people fail and write it down, cos its more convenient than remembering something. And if you always forget, no problem,i'd rather use "forget my password?" any day.
At least its a new password u get.
That's how i do everything. And if i can't get in, well that's my own fault. Why would i wanna make things easy for someone else?
Of course it would have been stronger, regardless of anything else.
Seems Apple's been having a few issue with iCloud security, first with Mat Honan, and now this.
The word "trusted" device would imply here that the user must have Find My iPhone app on the device, since the SMS alone will not work without it.
If there is a hack in Find my iPhone, then this could be related.
Take note : Strong and memorable password... because u don't want to write it down..
This is pretty easy, but most people fail and write it down, cos its more convenient than remembering something. And if you always forget, no problem,i'd rather use "forget my password?" any day.
At least its a new password u get.
That's how i do everything. And if i can't get in, well that's my own fault. Why would i wanna make things easy for someone else?
i'm not sure....it if walks like a duck....and so the saying goes. There is a LOT of info out there right now pointing to the brute force attack and weak passwords. But the system allows for weak passwords....that itself is a weakness. Then Apple patched their systems today blocking exactly what the hackers released as their proof of how they did it. One plus one does add up to 2. We do not have all the facts right now. But it is looking more and more like things happened exactly as it is being reported.
Whatever process was used to crack accounts the world has largely implicated iCloud as the issue and mud sticks. The icloud user who saved naked images of themselves with passwords that are nothing short of lame will not be put into question. This is Apples fault.
Two step verification has been talked about for quite sometime yet is it widely in place? The answer to that is no.
So whether it was for someone to make Apple look bad a week before their main event or a genuine issue, icloud security had already been widely discussed. Apple should have acted sooner. There's no getting out full stop/period.
Two step verification has been talked about for quite sometime yet is it widely in place? The answer to that is no.
So whether it was for someone to make Apple look bad a week before their main event or a genuine issue, icloud security had already been widely discussed. Apple should have acted sooner. There's no getting out full stop/period.
Last edited:
Perhaps you should READ those news story's then before commenting eh
For instance:
A representative from Apple told Sky News they are not currently commenting on allegations it was an iCloud leak.
More than 60 photographs of Lawrence were among those reportedly stolen after what some have said could have been an iCloud leak which allowed celebrities' phones to be hacked.
AND::
It is understood some of the images were obtained from services such as Apple iCloud that back up content from devices on to the internet.
Apple is understood to be looking into the issue.
Apple has not commented on speculation regarding iCloud's security, nor the celebrity leak.
So that is MAINSTREAM NATIONAL News stating, leak, iCloud, celebrities, and Apple and No Comment From Apple all in the same story.
"The breach of the celebrities iCloud accounts was reportedly made possible by a vulnerability in Apples Find My iPhone application programming interfaceat least, that's what has been suggested. Proof-of-concept code for the exploit, called iBrute, allowed for brute-force password cracking of accounts. It was uploaded to GitHub on August 30, just a day before the breach occurred, as ZDNets Adrian Kingsley-Hughes noted. Apple patched the vulnerability early on September 1."
You mad?
Yeah, if it walks like a duck, and some 4chan user claims to have seen it walk like a duck- might want to ask if it's a duck before we start chopping it up and roasting it...
The system does not allow for weak passwords. It allows for passwords in the top 500, which many systems do.
It's also looking more and more like things are happening exactly NOT as reported, are you not paying attention to any of the other news except for what is fitting your "walks like a duck" argument? If this is a duck, it doesn't have feathers, barks like a dog, and is also an inanimate object.
I don't blame Apple at all. Nothin is 100% secure. If you do something someone will work just as hard to undermine it.
It is the "celebs" fault for using crap passwords and thinking online is a safe place to store naked photos.
Also 2 step verification is not safer, it just causes more hassle for many. Where do you stop when that fails? 3 step ? 5 step ? It gets rediculous. Common sense is what is lacking here.
It is the "celebs" fault for using crap passwords and thinking online is a safe place to store naked photos.
Also 2 step verification is not safer, it just causes more hassle for many. Where do you stop when that fails? 3 step ? 5 step ? It gets rediculous. Common sense is what is lacking here.
Not in the least, I highlighted something for you that you should also look up in a dictionary.
----------
Perhaps you should READ those news story's then before commenting eh
For instance:
A representative from Apple told Sky News they are not currently commenting on allegations it was an iCloud leak.
More than 60 photographs of Lawrence were among those reportedly stolen after what some have said could have been an iCloud leak which allowed celebrities' phones to be hacked.
AND::
It is understood some of the images were obtained from services such as Apple iCloud that back up content from devices on to the internet.
Apple is understood to be looking into the issue.
Apple has not commented on speculation regarding iCloud's security, nor the celebrity leak.
So that is MAINSTREAM NATIONAL News stating, leak, iCloud, celebrities, and Apple and No Comment From Apple all in the same story.
Yes, mainstream news reporting what ALL of us already knew last night...talk about rolling eyes, I think mine are about to roll under my own feet. Had no idea the people who hate Apple on this forum were so incredibly ignorant to the English language and news reporting in general.
I bolded some more important words for you.
While each person is responsible for securing their accounts, photos, videos and other personal things, the perpetrator(s) involved with breaking into their accounts and releasing the private information online have no rights to do so. What the celebrities had in their accounts should be a moot point and don't necessarily deserve to be blamed.
Would you or anyone be getting down on them had their charitable donations or tax records have been exposed rather than their bodies?
Arguing whether or not what the celebrities did by creating and having photos of themselves in their accounts is beside the point. Like the rest of us, they had a reasonable expectation of privacy. Reasonable meaning that nothing is 100% secure, but one doesn't expect others to hack into their accounts and post their stuff online.
However, I do believe that it is foolish to take and store compromising photos of ones self or loved ones online in any form. The celebrities have a right to be upset that it was leaked, but not overly upset, because there is always the possibility of a hacker.
Yep.
Sure sounds like it to me - someone got let into the inner circle or outer circle of that group of folks and released a bunch of stuff that had been in private hands previously.
It seems scarcely believable that so many peoples accounts would be compromised simultaneously much less by one person.
Sure sounds like it to me - someone got let into the inner circle or outer circle of that group of folks and released a bunch of stuff that had been in private hands previously.
It seems scarcely believable that so many peoples accounts would be compromised simultaneously much less by one person.
Did you read the articles? Do you know what brute force attacks do? It tries to guess the password on the account using software. It can try 100s of passwords a second. So why didn't the icloud accounts get locked out after a few bad tries? That is the flaw in icloud and another exploit they used in find my phone.
Funny today your icloud account gets locked out after a few bad attempts due to the patch Apple applied today. Coincidence? really?
The exploit code was released as a proof of concept for the hack. Then the hack was done. How much clearer do they have to make it for you?
Didn't the "MAINSTREAM NATIONAL News" also report on Amazon delivering packages to peoples doors via drones?
How did that turn out in the end?
I read all about the brute force attacks last night, yes I have over 25 years experience in IT and 15 of that in some of the most secure environments around.
The exploit was revealed, Apple fixed it. That does not mean "these pictures leaked due to the exploit". These are coincidences, they could mean that...and I'm not going to be surprised if they DO mean that...but as of right now, there isn't PROOF.
yes yes, well sadly for you, Apple is going to get a rough ride in the news now and in the papers tomorrow. And when was it on this site? Certainly was not 'last night', when was it in mainstream news? Not 'last night'.
I don't hate Apple, but I don't blindly defend them no matter what, your incredibly ignorant yourself, if you weren't you would of read the stories before commenting
No idea what the English language has to do with anything either?
Wow that's really crappy. Thanks for letting me know. Definitely something they need to activate ASAP.
the problem is most people don't know that theyre doing that.
you take a picture.
the picture is saved just on your phone right?
well...yes...but as soon as you plug your phone in at night...icloud back up starts up....then unless you untick the camera roll button - up it goes.
no notice, no nothing.
Even tech-conscious people would fall for this.