Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I missed the post where someone said the people "deserved" what they got. Can you point it out to me? I don't think anyone here did. I certainly didn't.

I think i was one of them...

Maybe, once accounts get hacked, it hopefully may teach them to use a strong password next time..

I know I would defiantly take heed of that.

Also, Apple has surrounded us about mobile payment systems.... Would this make us all re-think seriously about the use of such a system ?

Personally, I would rather trust my Credit card company more than Apple.. And my CC details are not stored with Apple.. They are only stored on my account when i need to purchase something, then i remove it.

Just wondering.
 
Pretty much most of the actual informative/investigative articles about all of this.

Firstly go and ask your non techie friends with iPhones where the instruction manuals are, or if they have ever googled for help with their iPhones.

And secondly, link to this proof then where they claim that Google and Microsoft's Clouds specifically were also hacked for celebrity nude photos. I am yet to see that information.
 
The alleged patch that Apple did on Monday may not have been enough:

On Monday, iBrute creator Troshichev noted that Apple had released an update for Find My iPhone designed to fix the flaw exploited by iBrute. “The end of fun, Apple have just patched,” he wrote on Github. But Anon-IB users continued to discuss stealing data with iBrute in combination with EPPB on the forum Tuesday, suggesting that the fix has yet to be applied to all users, or that stolen credentials are still being used with Elcomsoft’s program to siphon new data. Apple didn’t immediately respond to WIRED’s request for further comment, though it says it’s still investigating the hack and working with law enforcement.

http://www.wired.com/2014/09/eppb-icloud/
Or that there are still ways of guessing passwords and/or security question answers or using passwords obtained through various other methods. None of that seems to actually say that the exploit is still actually there and is being exploited (or even actually was exploited) in relation to this.

----------

Firstly go and ask your non techie friends with iPhones where the instruction manuals are, or if they have ever googled for help with their iPhones.

And secondly, link to this proof then where they claim that Google and Microsoft's Clouds specifically were also hacked for celebrity nude photos. I am yet to see that information.
First, again, does it matter what people do or don't do? Ignorance or laziness or what have you is still not an excuse.

Second, enough actual informative (non-sensationalist) articles talk about all of this information coming from variety of places over a long period of time. The point is that it's not just iCloud and/or that some specific security issue with iCloud was specifically and fully responsible for it all or even most of it.
 
If there are several, you can quote one. I didn't want a literal "they deserved what they got". I want a post that even implied they deserved to have their stuff stolen. NO ONE said that.

Noone claimed that they deserved what happened, just that they made it easier when they could have done more to prevent it. That's not "deserved", which implies punishment. People playing fast and loose with word definitions and what they "think" people meant is the primary problem with this thread.


I guess you're just being "lazy" tonight..


https://forums.macrumors.com/posts/19558240/

https://forums.macrumors.com/posts/19558180/

https://forums.macrumors.com/posts/19558248/

https://forums.macrumors.com/posts/19558126/

https://forums.macrumors.com/posts/19559559/

oh - and my favorite now since it does use the word deserve :)

https://forums.macrumors.com/posts/19556629/
 
Last edited:
[/COLOR]First, again, does it matter what people do or don't do? Ignorance or laziness or what have you is still not an excuse.

Second, enough actual informative (non-sensationalist) articles talk about all of this information coming from variety of places over a long period of time. The point is that it's not just iCloud and/or that some specific security issue with iCloud was specifically and fully responsible for it all or even most of it.

So you picked on my comment, made a comeback that you cannot backup, because I am right, you damn well know non techies do not know where their iPhone instruction manual is, and that Apple sells it's devices on the premiss they do not need to be setup and you do not need to read an instruction manual.

And you are not able to link to any articles to backup your claim about the Google and Microsoft cloud services, because they don't exist as you have only read about that on here I bet, in the comments section.

Well those non techie people will now be reading news reports accusing Apple of having weak security like this one:

http://www.bbc.co.uk/news/technology-29045789

The damage to Apple has been done.
 
Last edited:
So you picked on my comment, made a comeback that you cannot backup, because I am right, you damn well know non techies do not know where their iPhone instruction manual is, and that Apple sells it's devices on the premiss they do not need to be setup and you do not need to read an instruction manual.

And you are not able to link to any articles to backup your claim about the Google and Microsoft cloud services, because they don't exist as you have only read about that on here I bet, in the comments section.

Well those non techie people will now be reading news reports accusing Apple of having lacks security like this one:

http://www.bbc.co.uk/news/technology-29045789

The damage to Apple has been done.
I didn't say anything about Microsoft or Google, just that it was more than iCloud, as it was.

As for other people not reading instruction manuals or bothering to spend more time learning about what they bought and are using--what's your point? Whatever Apple or any company might sell things as, it doesn't in any way excuse the ignorance or laziness of the people not to learn more about it. Again, just because something is made easier and is marketed that way doesn't mean that people shouldn't find out more about using it if they are actually going to use it. Ignorance or laziness is not an excuse.
 
Well if Apple indeed allowed for infinite password tries at any level, then that's not really smart. Google sends you an email if your password was entered wrong several times I think.

Only the brute force method allowed for unlimited attempts due to an api flaw but that wasn't used in the celeb "hackings"...
 
And secondly, link to this proof then where they claim that Google and Microsoft's Clouds specifically were also hacked for celebrity nude photos. I am yet to see that information.

How do you define proof? There really isn't even any proof that iCloud was compromised. What is known is that most of the photos had metadata showing the pictures were taken from Apple devices and some websites have people talking about exploiting iCloud. The only real proof is Apple's press release saying that certain accounts were targeted.

If metadata and website boasting is your standard of proof, then this link should suffice. The author scoured various forums and concluded that iCloud was the most popular target but other platforms were hacked as well. This makes sense as a vast majority of celebrities probably use iPhones.

Here is another link that states that many pictures and videos could not have been from iCloud. The author writes,

Dropbox or Google Drive
Despite the original leaker claiming to have accessed the trove of photos thanks to an iCloud exploit, the range of devices showcased suggests that another service may have been to blame. Various naked celebrities are photographed taking selfies with Android devices and webcams. Leaked videos could not have originated from the iCloud photo backup service. The range of devices and media may mean that another backup service like Dropbox or Google Drive could be the originator of the leaked photos, with both services offering automatic backup tools for photos and videos imported from cellphones.

Snapchat
Several of the leaked celebrity photos had text overlaid, which indicates that at least some of the photographs were first sent through Snapchat. While Snapchat has struggled with security issues in the past, it's unlikely that the app was the source of all the nude photos. Rather, it may be that it was either accessed as part of a larger hack, or screenshots of images received through the app were discovered after hacking into a backup service.

-----------

Here is an interview were someone states that Google's cloud was also to blame.

JUDY WOODRUFF: And staying with you, Sean Gallagher, so what questions does this raise about the so-called cloud? And, by the way, remind everybody what the cloud is. It’s not actually a cloud. What is it?

SEAN GALLAGHER: Right.

Well, the cloud is computers in a data center attached to the Internet. In this case, they were computers at a data center owned by Apple. Also, there was data stolen from devices that were on Amazon — pardon me — on Google’s cloud.

----------

Celebrity accounts on many different platforms have been hacked over the years. The only thing that makes this instance special is that so many names were involved. Each celebrity probably has a different story for how their images got in the hands of these creeps. Sadly, though, instead of finding out those stories the narrative has devolved into "its all Apple's fault."
 
I didn't say anything about Microsoft or Google, just that it was more than iCloud, as it was.

As for other people not reading instruction manuals or bothering to spend more time learning about what they bought and are using--what's your point? Whatever Apple or any company might sell things as, it doesn't in any way excuse the ignorance or laziness of the people not to learn more about it. Again, just because something is made easier and is marketed that way doesn't mean that people shouldn't find out more about using it if they are actually going to use it. Ignorance or laziness is not an excuse.

Ah I see, I apologize as you replied for the other guy here:

It is a mystery why Apple has been singled out in this mess. Google and Dropbox, among others, had accounts compromised as well.
 
Ah I see, I apologize as you replied for the other guy here:
And at the same time it looks like the specifics you were after were provided by "the other guy here" in a reply just above.
 
How do you define proof? There really isn't even any proof that iCloud was compromised. What is known is that most of the photos had metadata showing the pictures were taken from Apple devices and some websites have people talking about exploiting iCloud. The only real proof is Apple's press release saying that certain accounts were targeted.

If metadata and website boasting is your standard of proof, then this link should suffice. The author scoured various forums and concluded that iCloud was the most popular target but other platforms were hacked as well. This makes sense as a vast majority of celebrities probably use iPhones.

Here is another link that states that many pictures and videos could not have been from iCloud. The author writes,

Dropbox or Google Drive
Despite the original leaker claiming to have accessed the trove of photos thanks to an iCloud exploit, the range of devices showcased suggests that another service may have been to blame. Various naked celebrities are photographed taking selfies with Android devices and webcams. Leaked videos could not have originated from the iCloud photo backup service. The range of devices and media may mean that another backup service like Dropbox or Google Drive could be the originator of the leaked photos, with both services offering automatic backup tools for photos and videos imported from cellphones.

Snapchat
Several of the leaked celebrity photos had text overlaid, which indicates that at least some of the photographs were first sent through Snapchat. While Snapchat has struggled with security issues in the past, it's unlikely that the app was the source of all the nude photos. Rather, it may be that it was either accessed as part of a larger hack, or screenshots of images received through the app were discovered after hacking into a backup service.

-----------

Here is an interview were someone states that Google's cloud was also to blame.

JUDY WOODRUFF: And staying with you, Sean Gallagher, so what questions does this raise about the so-called cloud? And, by the way, remind everybody what the cloud is. It’s not actually a cloud. What is it?

SEAN GALLAGHER: Right.

Well, the cloud is computers in a data center attached to the Internet. In this case, they were computers at a data center owned by Apple. Also, there was data stolen from devices that were on Amazon — pardon me — on Google’s cloud.

----------

Celebrity accounts on many different platforms have been hacked over the years. The only thing that makes this instance special is that so many names were involved. Each celebrity probably has a different story for how their images got in the hands of these creeps. Sadly, though, instead of finding out those stories the narrative has devolved into "its all Apple's fault."

Firstly you claim there is no proof the iCloud was compromised, in APPLES own words:

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions,

It's in APPLES press statement on the first page at the top of this thread.

And secondly: http://www.netnebraska.org/node/936995 is the only link you have provided where someone specifically states Google was hacked for the photos, the other two links is one person speculating, and another is a news story speculating, neither one outright claiming Google was hacked, I didn't check for Microsoft.

Also that is an interview you posted, not a news story link, and another thing is that to assume that their was no way all the photos came from iCloud, and I am not claiming they did, is to then assume non of these celebrities have backed up their computers onto new computers, which includes their old photos backed up from their old phones, and then as they changed computers backed up those photos to the new computers then onto a Mac where they backed up to the iCloud.

Not one single trusted news outlet has stated Google or Microsoft were also hacked as a fact, only Apple, and I am MORE then sure they would name the other companies if they were hacked, staff at these news corporation's own iPhones and iPads too.
 
Firstly you claim there is no proof the iCloud was compromised, in APPLES own words:

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions,

It's in APPLES press statement on the first page at the top of this thread.

And secondly: http://www.netnebraska.org/node/936995 is the only link you have provided where someone specifically states Google was hacked for the photos, the other two links is one person speculating, and another is a news story speculating, neither one outright claiming Google was hacked, I didn't check for Microsoft.

Also that is an interview you posted, not a news story link, and another thing is that to assume that their was no way all the photos came from iCloud, and I am not claiming they did, is to then assume non of these celebrities have backed up their computers onto new computers, which includes their old photos backed up from their old phones, and then as they changed computers backed up those photos to the new computers then onto a Mac where they backed up to the iCloud.

Not one single trusted news outlet has stated Google or Microsoft were also hacked as a fact, only Apple, and I am MORE then sure they would name the other companies if they were hacked, staff at these news corporation's own iPhones and iPads too.
There is a difference between iCloud as a service being compromised and some (iCloud) accounts being compromised. One is a system being compromised due to some security hole, the other one is some accounts being accessed by someone other than their user, but through perfectly regular means not involving some sort of security hole in the system.

As for the hypothetical of how other images from other phones or services might have gotten onto iCloud and then taken from there...that's basically just making up a potential explanation without having anything to back that up, right? Right.
 
Great read from the creators of the infamous Elcomsoft Phone Password Breaker tool from May, 2013, saying that Apple's implementation of the 2-step verification applies only to iCloud login and not to iCloud backup and that this leaves a significant security vulnerability:

Apple stipulates that “Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.” But is this implementation enough to secure personal information of Apple users? According to our research, Apple did a half-hearted job, still leaving ways for the intruder to access users’ personal information bypassing the (optionally enabled) two-factor authentication.

You can trade a little security for a bit of convenience. Then sacrifice some more security for some extra convenience. Then buy even more convenience at expense of security. There’s nothing particularly bad in this tradeoff in non-mission critical applications, but where should it stop? Apparently, Apple decided to maintain its image as being more of a “user-friendly” rather than “secure” company.

In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device. In addition, and this is much more of an issue, Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud. This is easy to verify; simply log in to your iCloud account, and you’ll have full information to everything stored there without being requested any additional logon information.

In ElcomSoft’s opinion, this is just not the right way to do this from a security point of view. iCloud has been exploited in the past (see Norwegian Teenagers Hacking iCloud Accounts) and will be exploited in the future.


http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/

It seems to me what's at fault is primarily Apple's implementation of the 2-step verification which 1. It's optional and not presented to users when buying a new iphone or making an icloud account 2. Apple did a "half-hearted job" with the 2-step verification applying only to iCloud login rather than having it also for iCloud backup.
 
Another great article confirming Apple's flawed design:

"To me the story here is all about Apple offering a 2FA [two-factor authentication] solution that doesn't really add much extra security for you (files, documents etc), but it protects them (and you) from unauthorized money transactions and changes to your account," Per Thorsheim, a security consultant in Oslo, Norway, wrote in an e-mail to Ars. "People are not made aware of this at all, and it will be a false layer of security when people enable 2FA and put sensitive and secret documents into iCloud."

He continued:

"People EXPECT a 2FA solution to add additional security in order to protect their data, but contrary to Dropbox & Google, Apple doesn't really do that. It's the 'weakest' 2FA solution launched so far by the big and well-known services, it will only add an additional layer of false security to people's minds, which may have dangerous results."


http://arstechnica.com/security/201...e-two-step-protection-wont-protect-your-data/
 
Great read from the creators of the infamous Elcomsoft Phone Password Breaker tool from May, 2013, saying that Apple's implementation of the 2-step verification applies only to iCloud login and not to iCloud backup and that this leaves a significant security vulnerability:

Apple stipulates that “Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.” But is this implementation enough to secure personal information of Apple users? According to our research, Apple did a half-hearted job, still leaving ways for the intruder to access users’ personal information bypassing the (optionally enabled) two-factor authentication.

You can trade a little security for a bit of convenience. Then sacrifice some more security for some extra convenience. Then buy even more convenience at expense of security. There’s nothing particularly bad in this tradeoff in non-mission critical applications, but where should it stop? Apparently, Apple decided to maintain its image as being more of a “user-friendly” rather than “secure” company.

In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device. In addition, and this is much more of an issue, Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud. This is easy to verify; simply log in to your iCloud account, and you’ll have full information to everything stored there without being requested any additional logon information.

In ElcomSoft’s opinion, this is just not the right way to do this from a security point of view. iCloud has been exploited in the past (see Norwegian Teenagers Hacking iCloud Accounts) and will be exploited in the future.


http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/

It seems to me what's at fault is primarily Apple's implementation of the 2-step verification which 1. It's optional and not presented to users when buying a new iphone or making an icloud account 2. Apple did a "half-hearted job" with the 2-step verification applying only to iCloud login rather than having it also for iCloud backup.
But again that can't be exploited without having the password, right?
 
But again that can't be exploited without having the password, right?

Right but:

The purpose of two-factor authentication is to prevent parties gaining unauthorized access to your account credentials from taking any real advantage. Passwords are way too easy to compromise. Social engineering, keyloggers, trojans, password re-use and other factors contribute to the number of accounts compromised every month. An extra step in the authorization process involving a trusted device makes hackers lives extremely tough.

http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/

Hence Apple is at fault for a flawed security design. They need to redesign the 2-step verification to include iCloud backup and push this as the default. This way if a user's password is compromised, the hacker may be able to login to iCloud but he will have an extremely difficult time trying to extract the iCloud backup data.
 
But again that can't be exploited without having the password, right?

There is a reason why companies like Google and many others are spending a lot of R&D on non-text based password implementations. These days text-based passwords are so easy to crack that things like 2-factor authentication is really the minimum that should be done to protect user accounts.

Apple seems to be implying their password reset system was used in this instance. If that is the case, it really just highlights how insecure the system is.

I think Apple must be working right now to find a better way to protect accounts because this type of publicity is not good for the company.
 
I guess you're just being "lazy" tonight..

OK, Let's talk about each one

https://forums.macrumors.com/posts/19558240/

Nope, never said anything about deserving being hacked. Just said they shouldn't be surprised it happened.

https://forums.macrumors.com/posts/19558180/

Ok, "serves them right" is a little bit of they deserved it. You got one.

https://forums.macrumors.com/posts/19558248/

Nope, nothing about them deserving to be hacked

https://forums.macrumors.com/posts/19558126/

Nope, nothing about them deserving to be hacked

https://forums.macrumors.com/posts/19559559/

Nope, nothing about them deserving to be hacked. Just that it's tough luck when you let it happen by being lax about protecting yourself


oh - and my favorite now since it does use the word deserve :)

https://forums.macrumors.com/posts/19556629/

Ok, you found two. Congrats. Notice none of them was mine.

But the others you extrapolated to something they didn't actually say. Can you at least be honest when you argue about something so I can respect what you have to say?

----------

The easily influenced Apple followers may believe the company line, but celebrities have far more self confidence.

They also think for themselves and are not so quick to believe a self serving response.

Here's another take on this debacle Apple finds themselves smack in the middle of.

http://www.cnet.com/news/apples-iphone-6-show-under-a-cloud-after-leak-of-nude-pics/:confused:

What you said makes absolutely no sense. Why would being dumb enough to take risqué photos and store them online mean they are "self-confident" and "think for themselves". I think english is your second language and you have no idea what you just said. Or you're high because it reads like a drunk text.
 
Last edited:
Not one single trusted news outlet has stated Google or Microsoft were also hacked as a fact, only Apple, and I am MORE then sure they would name the other companies if they were hacked, staff at these news corporation's own iPhones and iPads too.

I see the disconnect here. From my point of view the reporting has been terrible. The initial reports speculated that perhaps the iBrute script was the source of the hack, ever since, Apple's name has been tied to the story. Apple was forced to give an initial response that was followed by their press announcement the next day. From that point on this has been reported as an Apple only issue.

No one seems to have bothered to contact other companies to see if their cloud services were affected as well. Google, Dropbox and others have not been exonerated, they simply haven't been asked. Seeing that some of the pictures and videos could not have come from iCloud and have metadata pointing to other services, this seems like a glaring omission.

The few journalists who have gone digging through the dark web have mentioned that there is far more to the story and that iCloud wasn't the only service that was targeted. If it turns out that these photos were collected the same way previous celebrity photos have been collected, though ex-boyfriends and phishing scams, don't you think it is a little unfair for one company to shoulder all the blame?
 
Because the example was about robbers, not murderers.

It's more than a pragmatic step. The insurance companies won't pay after a robbery you if you left your door open. It's called personal responsibility and common sense.

And I don't think it's true that if society expects something from us it would be codified in law. Society expects you to drink responsibly but there's no law saying that you can't fry your liver by drinking heavily. People are allowed to act on ways that are self destructive. It's called freedom.

How do you figure? A criminal is a criminal whether he gets into a house through an open door, or through 10 deadbolt locks. The crime (well in this case it's either entering or breaking/entering but you get the point) is the same and he/she has no sympathy from me in any case and I'd stay away from people who'd actually have sympathy for a criminal.

The victim not doing what's necessary does not diminish the guilt of the criminal at all. But in this case, if the example would be walking into a house or breaking into a house, the crime and the punishment is different. So even the law differentiates between making it too easy for a criminal and taking some security measures. But that's the law, I'd say punish the criminal the same way in both cases.
The example was that "the value of the target has to match your security". Murderers walk through doors too.

Insurance companies are nothing but pragmatic. They don't care about right and wrong, they care about expected values. They therefore expect you to protect their risk, it's in the contract you sign, and is enforced by law.

Your point about the freedom to do bad things to yourself though is a different conversation. When Budweiser says "drink responsibly" it's so they aren't held as liable for also telling you that you're sexy and fun when you're drinking their beer.

It varies a lot by jurisdiction but, in most places I'm aware of, the law makes no distinction as to whether the door was locked, closed or if a space is merely occupied or private-- that is, whether the password was 16 random unicode characters or 1234 or the contents were simply not yours.

If you say both parties are to blame, you are saying that the criminal is not fully to blame.

No doubt better security would have saved these women some unpleasantness. I feel bad and wish they'd been more careful, but it's not their fault that their private property was stolen.
 
I don't know if other companies like Microsoft and Google have been breached in a similar manner to iCloud, but if they haven't perhaps it's due to this:

Online services such as Microsoft or Google implement two-factor authentication in a different manner, asking their customers to come up with a second piece of an ID when attempting to access their services from a new device. This is supposed to prevent anyone stealing your login and password information from gaining access to your account from devices other than your own, verified PC, phone or tablet.

http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/
 
If you say both parties are to blame, you are saying that the criminal is not fully to blame.

No doubt better security would have saved these women some unpleasantness. I feel bad and wish they'd been more careful, but it's not their fault that their private property was stolen.

And how does that attitude help someone if they don't change their behaviors to better protect themselves? Can we please have a discussion about the real life practicality of having the "I'm a victim, I didn't do anything wrong so don't tell me what I should do differently." mentality? Should people just keep doing not so smart things that expose them to bad results while they wait for everyone else to change?

And I don't know why "blame" is subject to a mathematical-type equation. All parties can contribute to a problem without assigning fractions of "blame" that aren't useful to achieve a better solution in the future. People who steal or invade other people's privacy should 100% not do it anymore and people who have valuable items should 100% make a decent effort to protect them and companies that provide storage should make a 100% effort to reasonably secure data while balancing cost and convenience for the end consumer. Sure, Apple could create a cloud that is locked so securely that it requires they charge for it and it is a royal pain for people to use but is that what most people REALLY want or something reasonably in between? And keep in mind that even the Pentagon and other major country's secrets get hacked into so do you really think a free cloud from Apple is going to be better?
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.