Apple Reportedly Aware of iCloud Flaw Six Months Before Hacking of Celebrity Accounts

[roadbloc]

Oh wow Apple. It isn't exactly going amazing for you at the moment and now this. The obvious question is why wasn't this fixed as soon as it was discovered? Or do you just enjoy shooting yourselves in the foot with this, a bendy iPhone and iOS updates that cripple devices?

And you expect people to start piling their debit/credit card information into your devices after all this? Madness.

 

[GreyOS]

It really is not victim blaming. We live in the real world where crime happens. So the proper analogy would be: if she walks alone in a dark alley in a high crime area. She might just get raped. She should make sure Not to.....Not without at least being armed.

The internet is not safe. Be vigilant about protecting your privacy.

You realise what you gave as an analogy is just another example of victim blaming, right? For rapes to stop, men need to stop raping. If a man rapes, he is to blame. Attempting to control women by telling them not to walk down alleys and then blaming rape on them if they don't listen to you is victim blaming.

 

[Carlanga]

And on my blog site that I don't have a news story just broke....


NSA infiltration at Apple prevents security measures being implemented earlier than necessary.

It has come to light that the NSA placed operatives within apples infrastructure so it could hack apple users accounts with ease. The operatives were tasked with delaying and in some case burying security holes that came to light. Their main task was to prevent the higher ups in apple from knowing about security breaches that were brought to the companies attention.

We reached out for comment from apple who replied they do not know how deep the infiltration goes but they will be implementing new security screenings and test procedures.

They don't need to infiltrate when the owner gets them their personal key to come and go as they wish.

 

[V_Man]

For all we know Google might be behind this. Would not surprise me.

Yep. Google broke into Apple hq and screwed up their update. Please. Admit it Apple messed up

 

[gnasher729]

Apple are no different, they can provide a choice of not so common questions if they choose.
You know, ones that are still personal but;
The registration of the first car you owned.
Number of children your great grandmother had.
Your height in inches/cm/mm.
Your weight in pounds.
Total number of characters in your uncles full name.

…and so on.

Serious question. Is rediculous really how you spell it?

You are not required to give truthful answers to these questions. When they ask for your favourite colour, type "ke03mdp2o". When they ask for your mother's maiden name, type "0dkn2-ogm2". And so on. Of course you need to write down the answers somewhere, but nobody can find the answers on the internet.

I quite like the idea of using rediculous for things that are so ridiculous they don't even deserve to be called a correctly spelled ridiculous.

 

[Karma*Police]

Why the media makes this out to be an icloud issue is beyond me. Some celebrities weren't even using iPhones. It's an Internet issue. It wasn't that long ago when millions of gmail accounts were compromised... Though one could argue that Google hacks gmail accounts every day.

 

[A MacBook lover]

Why the media makes this out to be an icloud issue is beyond me. Some celebrities weren't even using iPhones. It's an Internet issue. It wasn't that long ago when millions of gmail accounts were compromised... Though one could argue that Google hacks gmail accounts every day.

Naturally when you're on top, you get a lot of haters trying to bring you down. This is what's happening now.

 

[2010mini]

You realise what you gave as an analogy is just another example of victim blaming, right? For rapes to stop, men need to stop raping. If a man rapes, he is to blame. Attempting to controlling women by telling them not to walk down alleys and then blaming rape on them if they don't listen to you is victim blaming.

Absolutely not. I live in a world where rape happens. It has happened since the dawn of civilization. It's a fact you can make yourself less a target by doing basic things to protect yourself. Things like being aware of your surroundings. Planning ahead when going out top not be alone..etc
Rape is appalling and should stop and it is not the victim's fault. But you can and should avoid leaving yourself open to becoming one.
That is a fact any LEO will tell you

 

[gnasher729]

You realise what you gave as an analogy is just another example of victim blaming, right? For rapes to stop, men need to stop raping. If a man rapes, he is to blame. Attempting to control women by telling them not to walk down alleys and then blaming rape on them if they don't listen to you is victim blaming.

That's not really "victim blaming". It's advice how to avoid becoming a victim. It's not an "attempt to control". The blame is fully on the rapist - but that doesn't exactly help you if you are the victim, does it? Better to take steps to avoid becoming the victim.

----------

Why the media makes this out to be an icloud issue is beyond me. Some celebrities weren't even using iPhones. It's an Internet issue. It wasn't that long ago when millions of gmail accounts were compromised... Though one could argue that Google hacks gmail accounts every day.

One problem is that people might use the same, very safe, password in two places - and one of the places uses rubbish software that let's people find your password! And when that happens, the criminals have the key to your safe website as well.

So in your world, breaking into someone's account is okay, as long as they used "weak security" (whatever you judge that to be)? And stealing and sharing private nude photos from those accounts is also okay?

It's not Ok to break into my home. But if I cry loudly that the locks that my locksmith sold me are rubbish, and then it turns out that I lost my keys with my name and address attached, then this makes a difference to the reputation of my locksmith.

 

[Olivier Giround]

For all we know Google might be behind this. Would not surprise me.

It's ok to admit that Apple makes mistakes. No one's going to come over and repossess your iMac if you do.

 

[0098386]

To be fair, it's more akin to leaving your downstairs windows open. We all know that burglary in that instance is a disgrace but we are realistic enough to know how the world is and so we close our windows and invest in locks.

Yup, but it's not the owners fault they were burgled. The burglar is to blame for burgling. It's foolish to do so but what that original poster said almost exonerates the hackers because it was so easy to do.

 

[krravi]

Tim cook needs to rip the guy in charge of security at Apple on why the flaw was not investigated properly, instead of questioning balic repeatedly.

Some Jobs'ian yelling and shouting is in need, looks like it. Cook is being too nice.

 

[0098386]

It really is not victim blaming. We live in the real world where crime happens. So the proper analogy would be: if she walks alone in a dark alley in a high crime area. She might just get raped. She should make sure Not to.....Not without at least being armed.

The internet is not safe. Be vigilant about protecting your privacy.

Of course, take precautions, but if you're hacked, burgled, raped whatever it's not your fault - it's the person who did it.

The difficulty of the crime doesn't exonerate the person committing it.

 

[RJCP]

It's ok to admit that Apple makes mistakes. No one's going to come over and repossess your iMac if you do.

And this "Steve would have..." talk is just nonsense. He had his major slips as well... MobileMe, that iTunes Motorola phone, iTunes Ping, Antenna-gate (which was a REAL issue that he addressed as "you're holding it wrong" and later tried to mask with a software tweak).

All managements have problems and while Steve was a great leader, his "fail" record isn't any smaller that Tim's.

 

[0098386]

You realise what you gave as an analogy is just another example of victim blaming, right? For rapes to stop, men need to stop raping. If a man rapes, he is to blame. Attempting to control women by telling them not to walk down alleys and then blaming rape on them if they don't listen to you is victim blaming.

Exactly, sad isn't it.

----------

Repeat after me. "Apple screwed up gig time"

Ok!
Apple screwed up gig time!

 

[gnasher729]

Awful victim blaming. "If she didn't want to get raped why did she dress like that?"

If you get hacked it's the hackers or people who gained entry into a private account who are to blame.

But lots of people aren't blaming the hacker, they are blaming iCloud. So I didnt express this quite right: If your password is Password1 then you are still right to blame the hacker who breaks into your account, but you are not right to blame iCloud for it.

 

[charlituna]

How many celebrities would be able to use iCloud accounts in that case, if all a hacker has to do is guess the username and try to log in five times, to get their account locked?

There is still no firm proof that it was brute force hack or even multiple passwords attempts of any kind. For all we know it was five accounts all of which had been phished either by a fake iCloud email or another site like Facebook with a common password. As set up by an idiotic assistant.

This guy hasn't provided proof he was actually in contact with Apple even. I can make some fake emails too. And if they were real I wouldn't obscure the email, I would want folks to know exactly which Apple staffer I told and who ignored the issue.

This could be legit or it could be someone trying to get press

 

[AverageBob]

This wasn't Apple' fault.

This was fault of the celebrities and really anyone that trusts security questions. Have long security questions set up to help access your account if you forget your password isn't bad unless the answer to the question is public information.

For example, if your entire life is on Wikipedia, do choose "mother maiden name" and "HS mascot".
Almost all websites have this for the form "security" and its up the the user not to put stupid answers to the questions.
Is it good Apple is increasing security and making it more robust, yes. Should Apple be taking the majority of the blame for this situation,no.

Apple (or others) can create the best, most secure software and access the world have even seen. But even that can't protect you if your stupid.

Fanboy detected. Apple was at fault here for not fixing the security flaw. You shouldn't be able to use a program to brute force 20,000 different passwords without being locked out. Should the celebrities have used stronger passwords and questions? Absolutely. They're both at fault but to say Apple isn't at fault is just wrong.

 

[realuseless]

Why the media makes this out to be an icloud issue is beyond me. Some celebrities weren't even using iPhones. It's an Internet issue. It wasn't that long ago when millions of gmail accounts were compromised... Though one could argue that Google hacks gmail accounts every day.

One word: Clickbait

Put Apple and something negative in aheadline and you'll have craploads of clicks/views/etc, both from the selfrightous Apple haters eager to have that gratifying "i told you so! Crapple sux0rz!!!11!" and from the Steve Jobs worshipers ready with the "This would not have happened if Steve were alive!11!!!1!" comments... + the 2 rational people trying unsuccessfully to explain stuff with logic and reason and getting ignored or shouted down...

 

[charlituna]

Can somebody pelase show me the proof that those leaked pics (some from years ago, before iCloud existed) came from hacked iCloud accounts. This clickbait sensationlism is getting rediculous.

The leaked pics came from and underground celeb-sex pic ring, where at least 2 people were offering pics and there were several "collections" that were exposed at different times.

For all we know they didn't come from any hacked accounts but were sold by disgruntled employees, techs when a computer was brought in for service etc.

----------

Oh things couldn't get any better for Apple at the minute can they?

They have sold 15 million iPhones before adding any new countries. Most folks don't read sites like this to know about all this news.

So I doubt they are super bugged at the moment

 

[Arran]

Oh, it's that dev centre security issue dude again. Hmm, guess he wants to feel self important again by sharing the email thread between him and Apple.

Exactly. Grabbing the opportunity - no matter how ignoble it appears.

Why doesn't Apple hire guys like this to find vulnerabilities in their systems? Surely they could throw enough money at this guy to keep him happy and mitigate future PR disasters.

Because then he'd be an invisible Apple employee. He wouldn't be able to blather freely and become a (minor) internet celeb

 

[powerstrokin]

They should ban hacking, then no one would get hacked.

 

[scottwaugh]

It's all going rather brilliantly at the moment isn't it.

Could not be said better…great post.

 

[charlituna]

You may be wrong.

For one, if Apple had just limited the number of wrong password attempts, they would have allowed the attacker to implement a denial-of-service attack successfully. All the attackers need to do is to make N wrong guesses repeatedly, the account would be locked, potentially preventing a legit user from accessing his account.

Legit user just resets password. Issue resolved.

Unless of course the first step is to check for piss poor security questions and get in by resetting the password. And immediate change the credentials to keep the real user out

 

[Arran]

Oh balls. So there's this, iOS 8 and 8.0.1 issues, iPhone 6 Plus bending, have I missed anything?

Just waiting for it all to be summed up in a Samsung ad.

Actually, I heard Samsung were rushing to get their bendable/breakable phone to market! They're sick of all this free publicity Apple's getting.