Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts

[Sharkus]

Oh, it's that dev centre security issue dude again. Hmm, guess he wants to feel self important again by sharing the email thread between him and Apple.

Yes, it is likely very true the security issue was known about in April, and Apple didn't immediately jump on it and patch it, and this could be seen as somewhat sloppy, but one could also argue the same about heartbleed, how long has that been out there? But of course, that wasn't Apple, and this is, so anything to take a swipe at the fruit company, and why not drop more crap on them while they are recovering from iOS 8.0.1 (not to mention the pain devs had with the new iTunesConnect and Xcode, and not being able to submit apps)

Journalism at it's best, knock someone when they are down, and keep at it.

 

[Plutonius]

Oh, it's that dev centre security issue dude again. Hmm, guess he wants to feel self important again by sharing the email thread between him and Apple.

Yes, it is likely very true the security issue was known about in April, and Apple didn't immediately jump on it and patch it, and this could be seen as somewhat sloppy, but one could also argue the same about heartbleed, how long has that been out there? But of course, that wasn't Apple, and this is, so anything to take a swipe at the fruit company, and why not drop more crap on them while they are recovering from iOS 8.0.1 (not to mention the pain devs had with the new iTunesConnect and Xcode, and not being able to submit apps)

Journalism at it's best, knock someone when they are down, and keep at it.

I believe that most of the bad news hitting now is timed for pump and dump stock manipulation.

 

[Bubba Satori]

This wasn't Apple' fault.

This was fault of the celebrities and really anyone that trusts security questions. Have long security questions set up to help access your account if you forget your password isn't bad unless the answer to the question is public information.

For example, if your entire life is on Wikipedia, do choose "mother maiden name" and "HS mascot".
Almost all websites have this for the form "security" and its up the the user not to put stupid answers to the questions.
Is it good Apple is increasing security and making it more robust, yes. Should Apple be taking the majority of the blame for this situation,no.

Apple (or others) can create the best, most secure software and access the world have even seen. But even that can't protect you if your stupid.

Hi Tim.

----------

I believe that most of the bad news hitting now is timed for pump and dump stock manipulation.

Hi Carl.

 

[Xiph0s]

Wow, more good news for apple. They're really hitting their stride with bad press lately.

Bending phone
iOS 8.01 bug that should not have been rolled out
iCloud security issues that should have been addressed sooner.

+ iWatch being delayed due to production (battery life/ software) issues
+ iPhone 6+ having production (display yield) issues, extremely limited supply
+ HealthKit bug and all the health kit apps being removed in iOS 8.0

 

[S.B.G]

It's disappointing that Apple underestimated the situation and didn't take it serious enough. Obviously, it came around to bite them, and embarrass many people in the process.

I find it sad it had to come to that before they started implementing better security practices for iCloud. But I'm glad they finally did.

 

[RJCP]

If your password is Password123, any loss of data is really self inflicted and you have nobody to blame.

My point exactly.

 

[scottwaugh]

LOL, apple realy is on a roll lately. Leaked pics, great keyonte stream, bend gate, ios8 and 8.0.1.
Bravo, well deserver Thanksgiving break .

Don't forget the Web Front End to the Apple Store for iPhone 6 Pre-Orders…supposedly that was down for more than an hour after orders started...

 

[cocky jeremy]

Apple is fine. People are making it out like there's a million issues that the world knows about. Keynote stream issues? Really? Non outside of Macrumors types give two craps about that. 90% of people know nothing about these issues. Only us nerds on here. lol.

 

[RJCP]

It depends how easily it bends. Most phones can be bent when there's enough force and that's acceptable. However, if the phone bends in totally normal use conditions, then that's an issue.

True. But the "bending test" video is just ridiculous.

 

[gramtrax]

I'm waiting or the not Apple's fault crowd.

I love apple products, the culture, heck I love everything about apple EXCEPT the excuses made for them. Apple prides itself on excellence. Until they no longer make quality and excellence a selling point their customers need to demand it and call them out when they under perform.

Making excuses for mistakes & sloppy work will not help Apple.

AMEN and well said!!! I'm really pissed at their lack of quality these days.

 

[Mtmspa]

Google and Samsung must be relishing every day for the past few weeks.. The ads are pretty much writing themselves!

For all we know Google might be behind this. Would not surprise me.

 

[kas23]

A month from now people will barely remember these three "huge nightmares". Much adieu over nothing.

Doubt it. People still bring up:

How Safari was unusable when the 3G came out
The cracks in the back of the 3G/3GS
Antennagate
Apple Maps
The purple haze in the photos of iPhone 5
Etc.

Plus, it's nearly a month since the photos leaked online and we're still talking about it.

 

[H2SO4]

This wasn't Apple' fault.

This was fault of the celebrities and really anyone that trusts security questions. Have long security questions set up to help access your account if you forget your password isn't bad unless the answer to the question is public information.

For example, if your entire life is on Wikipedia, do choose "mother maiden name" and "HS mascot".
Almost all websites have this for the form "security" and its up the the user not to put stupid answers to the questions.
Is it good Apple is increasing security and making it more robust, yes. Should Apple be taking the majority of the blame for this situation,no.

Apple (or others) can create the best, most secure software and access the world have even seen. But even that can't protect you if your stupid.

Oh please.
Yes the people should bear some responsibility but so should Apple.
Hypothetically let’s just say I;
a) Go to the bank and get a cashpoint card and I’m allowed to choose my own pin. I choose the number ‘1’.
b) Go to the bank and get a cashpoint card and I’m allowed to choose my own pin. This tme I choose the numbers ‘1, 3, 6, 4, 6, 2, 8’.

One is significantly more secure than the other. This because the card provider has made it impossible to choose to simple a pin code. Apple are no different, they can provide a choice of not so common questions if they choose.
You know, ones that are still personal but;
The registration of the first car you owned.
Number of children your great grandmother had.
Your height in inches/cm/mm.
Your weight in pounds.
Total number of characters in your uncles full name.

…and so on.

----------

Can somebody pelase show me the proof that those leaked pics (some from years ago, before iCloud existed) came from hacked iCloud accounts. This clickbait sensationlism is getting rediculous.

The leaked pics came from and underground celeb-sex pic ring, where at least 2 different people were offering pics and there were several "collections" that were exposed at different times.

The iCloud vulnerability itself is obviously bad, however it worked only accounts with bad/easy passwords (the github python script used a list of 500 common passwords to bruteforce). If its true they knew about it from this Balic guy around March, then that indeed is bad news. However, linking it to the celeb-nudes is just bad journalism and sensationlism.

If the press is to be belived then we need to ask why this "4chan" hacker guy has not been found yet, and does he perhaps work for Apple...

Serious question. Is rediculous really how you spell it?

 

[kingtj]

Yeah....

Because the existing system with magnetic strip on cards is SO much more secure! No way you'll ever have problems using it with reputable chains like Goodwill, Target or Home Depot. No sir!

Surely wouldn't trust them with Apple pay now, imagine your credit card information stolen.

 

[macduke]

ELI5: Why doesn't Apple hire guys like this to find vulnerabilities in their systems? Surely they could throw enough money at this guy to keep him happy and mitigate future PR disasters.

 

[realuseless]

If the press is to be belived then we need to ask why this "4chan" hacker guy has not been found yet, and does he perhaps work for Apple...

4chan is a Public forum/hacker/geek community. It's not Just one person. 4chan is where the pics were leaked originally.[/QUOTE]

Guess I forgot to put my sarcasm tag in there... lol.

Was talking aobut **** like this: https://www.youtube.com/watch?v=kRcdmbC0HHs

 

[2010mini]

Awful victim blaming. "If she didn't want to get raped why did she dress like that?"

If you get hacked it's the hackers or people who gained entry into a private account who are to blame.

It really is not victim blaming. We live in the real world where crime happens. So the proper analogy would be: if she walks alone in a dark alley in a high crime area. She might just get raped. She should make sure Not to.....Not without at least being armed.

The internet is not safe. Be vigilant about protecting your privacy.

 

[H2SO4]

We like to blame simple auth questions or people or whatever but passwords are a fundamentally difficult thing for people in general. Handling tech support and training, I quickly had to accept the reality that people have a much more difficult time with passwords than I would have ever guessed. It makes sense when you think about it. "Remember an arbitrary string of characters meant to be difficult to figure out (and remember) for n number of services where n is greater than or equal to 2 (computer and email) and change a few of them when forced to.

Not always. Some password allow significant number of characters. They can make a nonsensical sentence up.
I_live_at_BMWVille for instance for a car nut, or even I_l1ve_at_8MWVille

 

[realuseless]

Serious question. Is rediculous really how you spell it?

Yes, its ridiculous's bastard hick cousin...

http://www.urbandictionary.com/define.php?term=rediculous

 

[thekeyring]

Oh balls. So there's this, iOS 8 and 8.0.1 issues, iPhone 6 Plus bending, have I missed anything?

Just waiting for it all to be summed up in a Samsung ad.

 

[Michaelgtrusa]

Lets hit Apple with more bad news.

 

[thekeyring]

Apple is fine. People are making it out like there's a million issues that the world knows about. Keynote stream issues? Really? Non outside of Macrumors types give two craps about that. 90% of people know nothing about these issues. Only us nerds on here. lol.

You have a point. I've told a few friends that so many people were watching the keynote Apples website went down, but no one cares. I told my girlfriend Apple watch isn't waterproof and she said 'so... The iphone isn't? I wouldn't expect it to be?'

 

[8281]

I'm waiting or the not Apple's fault crowd.

I love apple products, the culture, heck I love everything about apple EXCEPT the excuses made for them. Apple prides itself on excellence. Until they no longer make quality and excellence a selling point their customers need to demand it and call them out when they under perform.

Making excuses for mistakes & sloppy work will not help Apple.

Exactly! Apple has higher standards and we need to hold them to those standards. They released a phone that easily bends! If Samsung did the same, we be calling them moronic pieces of *****.

For a company that markets itself as one with an intense focus on detail, they sure are overlooking some crucial aspects of the products.

 

[H2SO4]

Yes, its ridiculous's bastard hick cousin...

http://www.urbandictionary.com/define.php?term=rediculous

Wow, never knew that. I did have to laugh at;

rediculous
v.
To diculous again
I thought I would diculous once, but I had to rediculous to get it right

 

[V_Man]

Repeat after me. "Apple screwed up gig time"