Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts

[Scrub175]

After reading the Jobs bio, one can see his management style, tolerance of lower standards, and response to the organization when milestones or objectives weren't being met. I'm guessing if there is a Tim Cook bio written, the response by Cook to those similar situations would be greatly different sometimes for the better sometimes for the worse. The issues we're are experiencing today are a product of lowered management expectations from the past. It didn't just happen overnight. Jobs being an of overbearing tyrant drove and kept high standards from the top down to the retail store employee level.

Although not enjoyable to work for, a top performing organization with that corporate mentality as a foundation of operation is destined to decline when those expectations and more important the fallout from underperfoming has been removed. Mr. Cook may be the nicest man in the world and drive supply side fulfillment with new gadgets containing great innovative features, but if you let the high standards lapse with very little consequence then Apple becomes just another consumer electronics company. I don't think the vision of the company founders was being an average everyday electronics company. Having talented genius level employees is just not enough. Bending phones, botched software updates, lapses in security protocol and any other major issues are a result of lowered leadership standards and lack of oversight of historically trustworthy infallible employees, not because of substandard employee/technician performance.

In other words, these issues rolled up paint a bigger picture and someone needs to be held accountable by Mr. Cook.

 

[gnasher729]

Apple need to publicly address this they look BAD and very irresponsible.

It's been fixed long ago. And there is no evidence that the attack every worked, except when people "attacked" their own accounts and knew the password.

 

[viacavour]

Apple need to publicly address this they look BAD and very irresponsible. It is standard practice for white-hat hacker to inform companies of security flaws like this. It is also standard practice for white-hat hackers to give the company reasonable amount of time to fix it then go public with the flaw.
While I am not a expert, I would think that Apple should be able to fix this is far less than 6 months. If Apple had know able the flaw for 6 months and only fixed when it when public and the bad PR hit, that is disgraceful and Apple shouldn't be trusted for with any security critical product such as .... ApplePay.

All software has bugs, but then a companies becomes aware of a security flaws like this they need to take it seriously, lit seems Apple may not have. If this flaw had become public a week or two after Apple was made aware of it while they were working on a fix, that would have been bad luck. Six months is too long. When Windows users get a security update that is not on the second Tuesday of the month, it is usually some serious security flaw that Microsoft didn't want to want less than one month to patch.

They already addressed it with 2FA. All they need to do is to encourage its use, and remind people that limiting the number of password retry is not a solution. It can be a denial of service attack.

Barlic's email also indicated that he found similar problems in Google, which also implemented 2FA.



----------

After reading the Jobs bio, one can see his management style, tolerance of lower standards, and response to the organization when milestones or objectives weren't being met. I'm guessing if there is a Tim Cook bio written, the response by Cook to those similar situations would be greatly different sometimes for the better sometimes for the worse. The issues were are experiencing today are a product of lowered management expectations from the past. It didn't just happen overnight. Jobs being an of overbearing tyrant drove and kept high standards from the top down to the retail store employee level.

He fired Scott. The people responsible for the streaming problem may be gone for all we know. But just firing people is not a solution either. The actual work still needs to be done.

Although not enjoyable to work for, a top performing organization with that corporate mentality as a foundation of operation is destined to decline when those expectations and more important the fallout from underperfoming has been removed. Mr. Cook may be the nicest man in the world and drive supply side fulfillment with new gadgets containing great innovative features, but if you let the high standards lapse with very little consequence then Apple becomes just another consumer electronics company. I don't think the vision of the company founders was being an average everyday electronics company. Having talented genius level employees is just not enough. Bending phones, botched software updates, lapses in security protocol and any other major issues are a result of lowered leadership standards and lack of oversight of historically trustworthy infallible employees, not because of substandard employee/technician performance.

In other words, these issues rolled up paint a bigger picture and someone needs to be held accountable by Mr. Cook.

They probably already are. See Scott.

Remember despite high expectations, Jobs' MobileMe and early iCloud attempts were weaker than Tim Cook's. Cook inherited the service and improved it.

 

[apolloa]

Haha I knew this was comeing, I can't remember a security breach where an expert doesn't come out of the woodwork proving he told said company an it the breach a few weeks before.
But 6 months! What the feck is Cook doing? Perhaps apple should stop hiring a new board and concentrate on their existing products and services first?

 

[Zxxv]

I'm all for conspiracy theories, not because I necessarily think they are true, but they are fun. This, otoh, I don't think is that outlandish. It certainly is plausible, because it's actually a great idea from an intelligence standpoint. Bravo to the NSA if they actually did this.

and if they didn't I could do with a job coming up with stuff for them

 

[viacavour]

Haha I knew this was comeing, I can't remember a security breach where an expert doesn't come out of the woodwork proving he told said company an it the breach a few weeks before.
But 6 months! What the feck is Cook doing? Perhaps apple should stop hiring a new board and concentrate on their existing products and services first?

My guess is 2FA for iCloud probably took 6 or more months to implement and test. They may not be done with the hardening yet.

 

[BC2009]

Worst reporting ever. First off, this is not news. This same information broke when celeb-gate first happened. You guys already reported that apple had fixed a brute force vulnerability in find my iPhone on Labor Day. You exported then that the vulnerability had been known about for six months.

What's more, apple's icloud security investigation against server logs has already shown that this was not the avenue of attack against the celebs.

Finally, it has already been reported that these accounts were not hacked in September bit over the past several years. The photos had been in circulation in a secret trading ring where buy-in stakes was photos of celebs. The photos were leaked by one of these perverts on Labor Day weekend, but the photos were shared among this group secretly for years before.

This is a rehash of an old story for click bait.

 

[jon3543]

Infinite password guesses is certainly bad, but it's not the half of it. Apple suggested secret questions that were extremely simplistic, and people unsophisticated in security would have answered them honestly, making them easy to guess by people who knew them well enough or who had researched them well enough. Big deal, right? Except it is, because Apple made it possible to reset a password merely by answering the secret questions. There was no email verification like even the most rinky dink forums use. I verified this myself a couple weeks ago, when The Fappening first came out. I believe they're going to take a hit, and the only thing hindering it is, for example, J-Law's reluctance to enter pictures of her bunghole into evidence.

 

[viacavour]

Infinite password guesses is certainly bad, but it's not the half of it. Apple suggested secret questions that were extremely simplistic, and people unsophisticated in security would have answered them honestly, making them easy to guess by people who knew them well enough or who had researched them well enough. Big deal, right? Except it is, because Apple made it possible to reset a password merely by answering the secret questions. There was no email verification like even the most rinky dink forums use. I verified this myself a couple weeks ago, when The Fappening first came out. I believe they're going to take a hit, and the only thing hindering it is, for example, J-Law's reluctance to enter pictures of her bunghole into evidence.

If you turn on 2FA, those security questions are not used.

They were inherited from Jobs' iCloud anyway.

 

[RichardI]

No Steve Jobs = the end of Apple as we knew it. The cracks are many and the warts grow larger. There is no one person at Apple that was as good as Steve Jobs, and there is no group even that can replace him. Too bad. If I had Apple stock, I would be abandoning ship right about now.

 

[nt5672]

I don't get this.
Apple have apparently been in a downward spiral of doom for the 20 or so years.

To me at least, there is a huge difference between creating products that missed the market and releasing updates/products that just don't work correctly. The first is general business risk and the second is just sloppy performance.

I have 20+ serious bug reports against current Xcode tools, some of them have prevented me from doing my job. I don't ever remember having that number of serious show stopper bugs in the OS 7/8/9 days. iCloud with Core Data has been a disaster since it was introduced, what 3 years ago.

New technology will always have some bumps, but I have really come to the opinion that Apple is happy if something is shinny and new, but does not really care if it works correctly because next year they will be replacing it with something else shinny and new. I believe they have the attitude "Why take the time to get it right we just going to replace it."

I am not saying Apple is any worse than its competitors in this regard, but I do think this applies even to the Jobs era after Apple was successful with the iPhone.

 

[Scrub175]

They already addressed it with 2FA. All they need to do is to encourage its use, and remind people that limiting the number of password retry is not a solution. It can be a denial of service attack.

----------



He fired Scott. The people responsible for the streaming problem may be gone for all we know. But just firing people is not a solution either. The actual work still needs to be done.



They probably already are. See Scott.

Remember despite high expectations, Jobs' MobileMe and early iCloud attempts were weaker than Tim Cook's. Cook inherited the service and improved it.

Thank you for the response. I'm not advocating firing folks but perhaps how we trust our department heads will always do their best work without the necessary oversight because they are the brightest in the industry isn't the best accountability model to use. Jobs in the bio anyway pushed all folks very hard. Even the golden employees. I see Mr. Cook as more collaborative with those regards. We really can't see the reporting structure in full operation but small lapses that grow to bigger lapses in other organizations point to the same latent weaknesses within the organization. That's what Mr. Cook needs to address.

As for the other firings, I'm thinking those were more of an alignment issues than performance based. Cook was getting the organizational alignment he needed. That's just my guess there.

 

[JLL]

On September 1, 2014, hackers breached the iCloud accounts of many well-known actresses, downloading and leaking private photos and videos.

No, someone made the photos public - big difference

The "hacking" has been going on for years.

 

[viacavour]

No Steve Jobs = the end of Apple as we knew it. The cracks are many and the warts grow larger. There is no one person at Apple that was as good as Steve Jobs, and there is no group even that can replace him. Too bad. If I had Apple stock, I would be abandoning ship right about now.

Again, Steve Jobs created MobileMe and iCloud. The legacy problems were there and are getting fixed by whoever are in Apple. From published reports, we know they added 2FA, and encryption between mail servers.

What's changed are old allegations before holiday season. Doesn't necessarily mean they are all true.

 

[2984839]

Whether this particular flaw was used to steal the celeb photos is irrelevant. The concerning thing is that Apple was shown a genuine security issue with their services and responded by patting the hacker on the head condescendingly and telling him to run along and play. Then, after the world focused on iCloud's security, they scrambled to fix it.

That kind of attitude is not compatible with security.

 

[Plutonius]

It's all going rather brilliantly at the moment isn't it.

It's called pump and dump. When the stock price goes down enough and people have made millions shorting the stock, you will hear only good news again .

 

[greenmeanie]

Now will these Celebs SUE Apple?

 

[viacavour]

Whether this particular flaw was used to steal the celeb photos is irrelevant. The concerning thing is that Apple was shown a genuine security issue with their services and responded by patting the hacker on the head condescendingly and telling him to run along and play. Then, after the world focused on iCloud's security, they scrambled to fix it.

That kind of attitude is not compatible with security.

2FA can't be implemented by scrambling. We know Apple has been working on it for months.

 

[deviant]

This was a targeted phishing exercise over the course of months if not years.

Email accounts etc from many different services were hit, there was no 'hacking' that occured.

Could Apple have had alerts in place telling people accounts we're being accessed from the start - for sure. But weak passwords and weak answers to security questions when you're in the public eye won't ever stop someone gaining access to your account.

It's a shame that not only have the victims of the leaks been blamed for ever having personal things - irregardless of where they're shared, but that only Apple seems to be singled out as being 'hacked'. The latest leak of Kim Kardashian (Checked, for science) clearly shows her taking photos on a Blackberry - do Blackberries sync to iCloud? And yet blackberry are very well known for their security chops, but I haven't seen a single article talking about Blackberry being 'hacked'... Why? Because no one really cares about Blackberry, it's not good news to create a story about kicking a dead dog.

Irregardless is a not a true word.

 

[viacavour]

Now will these Celebs SUE Apple?

My guess is they will wait for FBI's finding first. Why pay the lawyers before the police do their due diligence for them for free ?

Barlic's email doesn't prove anything since Apple has followed up with a better fix than what Barlic's suggested.

 

[2010mini]

Hopefully this will bring positive change to Apple

 

[unobtainium]

This wasn't Apple' fault.

This was fault of the celebrities

No. The people who used brute force attacks to steal people's private photos are at fault and should be prosecuted to the fullest possible extent if caught, along with anyone sharing them.

 

[viacavour]

Hopefully this will bring positive change to Apple

I hope so.

Perhaps some new hires and younger leaders are getting jittery. Hopefully they find their path in the fruit company.

I guess the competition are on a smear campaign. If these folks go through a few rounds of these, they should be hardened and well prepared for the job already. It's almost like Steve Jobs watching their back !

 

[ghettochris]

Lol, this article is written like they hacked icloud on 9/1 and relased the pics the same day. this was a dark web underground celeb pic trading circle, that probably got much of the material before 6 months ago, and kept quiet so they could keep getting new content.

----------

No Steve Jobs = the end of Apple as we knew it. The cracks are many and the warts grow larger. There is no one person at Apple that was as good as Steve Jobs, and there is no group even that can replace him. Too bad. If I had Apple stock, I would be abandoning ship right about now.

you obviously didn't follow apple during Steve Jobs time if you think that, lots of cracks and failures during his era. apple pay and watch are going to be huge and to me is proof to me that apple still has it without him. All you haters and doubters please dump your stock, so i can buy it cheap and get rich when history repeats itself yet again.

 

[unobtainium]

After reading the Jobs bio, one can see his management style, tolerance of lower standards, and response to the organization when milestones or objectives weren't being met. I'm guessing if there is a Tim Cook bio written, the response by Cook to those similar situations would be greatly different sometimes for the better sometimes for the worse. The issues were are experiencing today are a product of lowered management expectations from the past. It didn't just happen overnight. Jobs being an of overbearing tyrant drove and kept high standards from the top down to the retail store employee level.

Although not enjoyable to work for, a top performing organization with that corporate mentality as a foundation of operation is destined to decline when those expectations and more important the fallout from underperfoming has been removed. Mr. Cook may be the nicest man in the world and drive supply side fulfillment with new gadgets containing great innovative features, but if you let the high standards lapse with very little consequence then Apple becomes just another consumer electronics company. I don't think the vision of the company founders was being an average everyday electronics company. Having talented genius level employees is just not enough. Bending phones, botched software updates, lapses in security protocol and any other major issues are a result of lowered leadership standards and lack of oversight of historically trustworthy infallible employees, not because of substandard employee/technician performance.

In other words, these issues rolled up paint a bigger picture and someone needs to be held accountable by Mr. Cook.

The only thing that has changed is that Apple is getting bigger every day with a rapidly expanding stable of products and services. It's harder to maintain tight control.