Apple (or others) can create the best, most secure software and access the world have even seen. But even that can't protect you if your stupid.
2FA can't be implemented by scrambling. We know Apple has been working on it for months.
Lots of companies fail to take action until they're forced to.
2FA might take time, but it doesn't take 6 months to develop code to lock out an account after a certain number of failed attempts. That's a standard feature that virtually every online service with a login does, even Macrumors. Apple just didn't take it seriously.
They should ban hacking, then no one would get hacked.![]()
I'm sure you don't believe this statement is true.
I'm also sure Apple thought about locking accounts after X failed logins, but chose not to because of the overhead involved to deal with locked accounts. Of course, in hindsight that looks like a bad choice.
Oh, the irony.
[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]
Apple knew about an iCloud security flaw six months before it was utilized to hack celebrity accounts on the service, reports The Daily Dot. The company was notified of the exploit by independent security researcher Ibrahim Balic, who shared emails between himself and members of Apple's product security team.
In an email from March 2014, Balic told Apple that he was able to bypass the security of any iCloud account by using a "brute-force" hacking method that was able to try over 20,000 password combinations. Balic recommended to Apple that it should implement a feature in iCloud that prevents log-ins after a set number of failed attempts, and even reported the exploit through Apple's Bug Reporter. Balic was also the developer said to be behind the extended outage of Apple's Dev Center last year.
In May 2014, Apple emailed Balic and questioned the validity of the exploit, stating that it "would take an extraordinarily long time" to find a valid authentication token to get into an iCloud account using the flaw. Balic states that Apple continued to ask him about the exploit and how it would be utilized.
On September 1, 2014, hackers breached the iCloud accounts of many well-known actresses, downloading and leaking private photos and videos. While it was not initially known what caused the breach, The Next Web linked to a Python script on Github that may have been used for the hacking. The script utilized a brute-force like method which allowed hackers to keep guessing passwords without being locked out.
Apple acknowledged later in the day that it was investigating the breach, ultimately leading to comments from CEO Tim Cook along with new security implementations. Those implementations included automatic emails when iCloud accounts are accessed via web browsers, automatic two-factor authentication for iCloud.com, and mandatory app-specific passwords for third-party apps accessing iCloud.
Article Link: Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts
Not a lot of companies claim some sort of moral high ground like Apple does.
Is that really what happened? It sounds like hackers had been collecting those pictures for months if not years, they just started releasing a bunch all at once on that day.
This article seems to be saying a brute force method is how the accounts were breached, yes?
That's not the story that's been reported for weeks now. The reported story is that this was done by obtaining (through Facebook, Wikipedia, etc) the answers to security questions.
I understand that this guy wants to make himself look good and apple look bad, but unless all the reports have been wrong to this point, what he's saying may be relevant in some sense but is not why these celebs' accounts were breached.
Another bad Apple. I've been seeing nothing but more bad news since Apple allowed the preorders of the iPhone 6.
I don't think I'll be using Apple pay anytime soon.
But if it was security questions, phishing or something else, who knows. just like the truth is that, aside from maybe five folks that admitted they use iCloud, we don't know if that is what was 'hacked' or if it was email, google drive, dropbox etc
Doubt it. People still bring up:
How Safari was unusable when the 3G came out
The cracks in the back of the 3G/3GS
Antennagate
Apple Maps
The purple haze in the photos of iPhone 5
Etc.
Plus, it's nearly a month since the photos leaked online and we're still talking about it.
much goodbye over nothing?![]()
Awful victim blaming. "If she didn't want to get raped why did she dress like that?"
If you get hacked it's the hackers or people who gained entry into a private account who are to blame.
It's still an important and bad issue despite the numbers. Who knows how many other accounts might have also been compromised that simply didn't have something worthy enough to be publicly released or included in this particular release of the times (which was already specified to be just a limited sampling of what was obtained).Only 9 naked celebrities have contacted Apple about their leaked iCloud photos out of 100 million users...
can we say witchhunt/conspiracy/over-reaction?!?