Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts
- Thread starter MacRumors
- Start date
- Sort by reaction score
A month from now people will barely remember these three "huge nightmares". Much adieu over nothing.
history keeps repeating itself, but for some reason nobody realizes that while it's happening. humans are so stupid sometimes.
They are making a hash of that as well. When attempting to switch-on 2FA, Apple demanded I 'improve' my password before letting me into my account. Apparently it fails the 'commonality' test despite being made up of a long (>12) string of mixed characters.
So I'm still without 2FA - well done, Apple.
I'm pretty sure it was determined that the brute force attack wasn't used for this hacking. It was stupid people not keeping their stuff secure. Also pics didn't all come from iCloud. Same "hack" was used with Gmail and Android backups.
You decide what's important to you. Adhere to Apple's stronger password guideline or stay without 2FA.
A month from now people will barely remember these three "huge nightmares". Much adieu over nothing.
much goodbye over nothing?
So in your world, breaking into someone's account is okay, as long as they used "weak security" (whatever you judge that to be)? And stealing and sharing private nude photos from those accounts is also okay?
It's already an extremely strong password; why should I have to change it just because Apple has gone into panic mode and are now crackings nuts with sledgehammers.
You really think that's good customer service?
At this moment nobody knows who did the hack issue and nobody knows exactly what is the security bug.
Some people say that there is a security bug in the backup icloud, others say that it was a brute force hack. I am sure that Apple has not fixed this issue because there were some new photos of kardashian less than a week ago.
I don't think the bug is related to the security questions because you can't find the correct answers for 30 or more people. Hackers like to do things easily and fast.
Some people say that there is a security bug in the backup icloud, others say that it was a brute force hack. I am sure that Apple has not fixed this issue because there were some new photos of kardashian less than a week ago.
I don't think the bug is related to the security questions because you can't find the correct answers for 30 or more people. Hackers like to do things easily and fast.
Awful victim blaming. "If she didn't want to get raped why did she dress like that?"
If you get hacked it's the hackers or people who gained entry into a private account who are to blame.
To be fair, it's more akin to leaving your downstairs windows open. We all know that burglary in that instance is a disgrace but we are realistic enough to know how the world is and so we close our windows and invest in locks.
No I didn't say that. It is wrong, but it is also wrong for Apple to get the blame for that situation. This wasn't Apple's fault. Apple use the same security that dozens of other websites have used. And for the most part security questions are OK, not great, but OK. There obvious flaws in that system now with social media. But there have been plenty of warnings out of the years to use strong answers that aren't easily obtainable on social media.
This is the same as suggesting people don't use their birthday as their actual password.
The fact is, yes Apple can make stronger security,but even the strongest security can't protect stupid users.
I remember showstopper bugs that killed access to Zip drives so no access to archived work and shared files (ended up being an update that killed the SCSI connection) as well as a modem upgrade that didnt allow me to use the internal fax mechanism that meant I had to go out and buy a stand alone Fax that stopped me from getting my work done. When OS updates would corrupt fonts. All from OS updates. Cost my business at the time heavily.
Of course the web as we know it hadn't proliferated by then, so I had no mega phone to shout with.
To say that things are going downhill is a misnomer, as with software and hardware you're always going to get issues. That's its very nature - thankfully most upgrades go smoothly, but I'm yet to come across quality software (i.e from Apple, Adobe, MS, Coda etc etc) that hasn't needed an upgrade for one reason or another. Unfortunaly, with that, we occasionally suffer issues where something goes awry.
Just remember, this isn't a new thing. People have been asking celebrity accounts for years. I remember a r few years back a Disney star got stuff stolen, then Scarlet Johanson a couple yes ago, and a different girl from glee, etc. This isn't new, just some decided to post all the pictures at once.
That's why is more then likely a security question issue. These are famous people with data everywhere using easy to figure out questions.
Also this wasn't just from iCloud.
Basic password security concepts have been around for decades and work well. The two most common are:
1. Delays between failed password attempts after a fixed number of tries.
2. Max failed attempts before either a phone call is needed or a very long delay.
Apple appears to have used neither and that makes brute force approaches viable. The inclusion of either will mostly eliminate brute force attacks.
Many people tend to pick poor passwords, even when they meet the length/case/numeric restrictions. This wont change, so other means are needed to protect things.
The two step process is a good start towards better cloud security. More is needed like the two above and other similar ideas. Its not rocket science.
1. Delays between failed password attempts after a fixed number of tries.
2. Max failed attempts before either a phone call is needed or a very long delay.
Apple appears to have used neither and that makes brute force approaches viable. The inclusion of either will mostly eliminate brute force attacks.
Many people tend to pick poor passwords, even when they meet the length/case/numeric restrictions. This wont change, so other means are needed to protect things.
The two step process is a good start towards better cloud security. More is needed like the two above and other similar ideas. Its not rocket science.
Why don't you spell out your password here and let us decide ?
It's your own account. You decide for yourself. I got 2FA set up without any issue.
The biggest hurdle for me was actually the security questions. I had forgotten the answers.
Yoi have no clue how long they worked on this or how seriously they took it. You are making your uneducated opinion sound like fact. Please stop.
If the press is to be belived then we need to ask why this "4chan" hacker guy has not been found yet, and does he perhaps work for Apple...[/QUOTE]
4chan is a Public forum/hacker/geek community. It's not Just one person. 4chan is where the pics were leaked originally.
4chan is a Public forum/hacker/geek community. It's not Just one person. 4chan is where the pics were leaked originally.
We like to blame simple auth questions or people or whatever but passwords are a fundamentally difficult thing for people in general. Handling tech support and training, I quickly had to accept the reality that people have a much more difficult time with passwords than I would have ever guessed. It makes sense when you think about it. "Remember an arbitrary string of characters meant to be difficult to figure out (and remember) for n number of services where n is greater than or equal to 2 (computer and email) and change a few of them when forced to.
Can you guys answer something for me? Do you honestly think ANY company can get 2FA or any enhanced security feature developed, tested, and implemented in a few days (let alone weeks)? NO.
This isn't you bank we are talking about here.
Last time I remember, Gmail allowed me to try 12 logins before I finally remembered what my password was for a VERY old email account. Granted after a few tries it wanted me to enter a recaptcha, but still.
If you have something so sensitive stored online, ENCRYPT IT. I don't care if it is nude selfies, tax reports, insurance information, or whatever (store what you want). But do yourself a favor and encrypt the file before.
I said it before and I will say it again. Passwords are the second most horrible security measure ever used (security questions are the first). Why do we still need passwords? They are so ridiculous that people either use the same one, or save them somewhere (text file on your desktop anyone?). 2FA needs to be a requirement EVERYWHERE. As long as we have passwords as the only main entry point to our accounts, people will use simple passwords, or re-use the same password.
This isn't you bank we are talking about here.
Last time I remember, Gmail allowed me to try 12 logins before I finally remembered what my password was for a VERY old email account. Granted after a few tries it wanted me to enter a recaptcha, but still.
If you have something so sensitive stored online, ENCRYPT IT. I don't care if it is nude selfies, tax reports, insurance information, or whatever (store what you want). But do yourself a favor and encrypt the file before.
I said it before and I will say it again. Passwords are the second most horrible security measure ever used (security questions are the first). Why do we still need passwords? They are so ridiculous that people either use the same one, or save them somewhere (text file on your desktop anyone?). 2FA needs to be a requirement EVERYWHERE. As long as we have passwords as the only main entry point to our accounts, people will use simple passwords, or re-use the same password.
Last edited:
Google and Samsung must be relishing every day for the past few weeks.. The ads are pretty much writing themselves!
Just another fender bender.
more like a head on collision. Apple has had a bad month