Surely wouldn't trust them with Apple pay now, imagine your credit card information stolen.![]()
Ah, but they don't store your credit card details do they?
Surely wouldn't trust them with Apple pay now, imagine your credit card information stolen.![]()
Tim cook needs to rip the guy in charge of security at Apple on why the flaw was not investigated properly, instead of questioning balic repeatedly.
Some Jobs'ian yelling and shouting is in need, looks like it. Cook is being too nice.
Of course, take precautions, but if you're hacked, burgled, raped whatever it's not your fault - it's the person who did it.
The difficulty of the crime doesn't exonerate the person committing it.
It shouldn't matter how long it would take a user to guess - repeated auth failures lockout is just a best practice; that should have have been good enough to implement it.
It looks like they've figured out why others do it the hard way.
.
While I am not a expert, I would think that Apple should be able to fix this is far less than 6 months.
I'm waiting or the not Apple's fault crowd.
I love apple products, the culture, heck I love everything about apple EXCEPT the excuses made for them. Apple prides itself on excellence. Until they no longer make quality and excellence a selling point their customers need to demand it and call them out when they under perform.
Making excuses for mistakes & sloppy work will not help Apple.
Ah, but they don't store your credit card details do they?
It is a good practice, I agree, but I wonder how many users would lock themselves out? People forget passwords.
And then there's the malicious element who would deliberately try to fail authentication on others' accounts in order to lock their victims out of their own accounts. Just for kicks.
Whether this particular flaw was used to steal the celeb photos is irrelevant. The concerning thing is that Apple was shown a genuine security issue with their services and responded by patting the hacker on the head condescendingly and telling him to run along and play.
Now will these Celebs SUE Apple?
Surely wouldn't trust them with Apple pay now, imagine your credit card information stolen.![]()
No. The people who used brute force attacks to steal people's private photos are at fault and should be prosecuted to the fullest possible extent if caught, along with anyone sharing them.
So in your world, breaking into someone's account is okay, as long as they used "weak security" (whatever you judge that to be)? And stealing and sharing private nude photos from those accounts is also okay?
I'm pretty sure it was determined that the brute force attack wasn't used for this hacking. It was stupid people not keeping their stuff secure. Also pics didn't all come from iCloud. Same "hack" was used with Gmail and Android backups.
Basic password security concepts have been around for decades and work well. The two most common are:
1. Delays between failed password attempts after a fixed number of tries.
2. Max failed attempts before either a phone call is needed or a very long delay.
Apple appears to have used neither and that makes brute force approaches viable. The inclusion of either will mostly eliminate brute force attacks.
Many people tend to pick poor passwords, even when they meet the length/case/numeric restrictions. This wont change, so other means are needed to protect things.
The two step process is a good start towards better cloud security. More is needed like the two above and other similar ideas. Its not rocket science.
If your password is Password123, any loss of data is really self inflicted and you have nobody to blame.
Oh please.
Yes the people should bear some responsibility but so should Apple.
Hypothetically lets just say I;
a) Go to the bank and get a cashpoint card and Im allowed to choose my own pin. I choose the number 1.
b) Go to the bank and get a cashpoint card and Im allowed to choose my own pin. This tme I choose the numbers 1, 3, 6, 4, 6, 2, 8.
One is significantly more secure than the other. This because the card provider has made it impossible to choose to simple a pin code. Apple are no different, they can provide a choice of not so common questions if they choose.
You know, ones that are still personal but;
The registration of the first car you owned.
Number of children your great grandmother had.
Your height in inches/cm/mm.
Your weight in pounds.
Total number of characters in your uncles full name.
and so on.
Because the existing system with magnetic strip on cards is SO much more secure! No way you'll ever have problems using it with reputable chains like Goodwill, Target or Home Depot. No sir!
You realise what you gave as an analogy is just another example of victim blaming, right? For rapes to stop, people need to stop raping. If a person rapes, that person is to blame. Attempting to control people by telling them not to walk down alleys and then blaming rape on them if they don't listen to you is victim blaming.
Ah, but they don't store your credit card details do they?
Would you say it's also a rape victim's fault if they don't have bars on their windows?
This is the fault of the jackasses who hacked the accounts, NOT the women who were victims.
Legit user just resets password. Issue resolved.
Unless of course the first step is to check for piss poor security questions and get in by resetting the password. And immediate change the credentials to keep the real user out