Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop

munkery said:
... the disk images remain unmounted and encrypted until ...
Click to expand...

Ah - you mean they remain unmounted and encrypted. Well .hm.. I don't store their passwords in any keychain and I manually mount and unmount them, using a long complex passwords committed to memory as mnemonics, so I guess that's pretty secure.
 
why would we want to paste our ID on that site to check if our ID is on there.
Sure they wont store it, i would only ever check from an apple site not some random site that claims they wont save our info.
 
munkery said:
Can Bitlocker be used to encrypt just a data partition?

I think it can only be used to encrypt the volume containing the operating system. This type of protection provides no mitigation from data compromises, such as a remote exploit, while the user is logged in.
Click to expand...

You would use Windows' native file encryption and deny access without elevated privileges to accomplish that.
 
I don't really care what the FBI is doing with the info, I am willing to believe it is part of a legitimate investigation, how-ever the fact their security protocols are so lax that a hacker can obtain this info from a single laptop is ridiculously embarrassing.

AES 256 with rotating keys using a hardware FOB and for christ sake store the data on a server behind a heavily guarded firewall. Preferably across multiple servers in a farm with the data fragmented between them.

Just sad....
 
jennyp said:
Ah - you mean they remain unmounted and encrypted. Well .hm.. I don't store their passwords in any keychain and I manually mount and unmount them, using a long complex passwords committed to memory as mnemonics, so I guess that's pretty secure.
Click to expand...

Thanks, sorry.
 
Last edited by a moderator:
Is anyone really surprised by this? All of the crap Bush and his priors started Obama is just doing the same thing. Surveillance has increased exponentially even though he said he'd repeal the patriot act.
http://m.bgr.com/2012/08/27/u-s-government-domestic-surveillance-citizens-nsa-freedom/
 
MOD NOTE: Thread closed until we can cleanup all the off-topic 9/11 posts. When the thread reopens, please remain on-topic. If you wish to discuss 9/11 conspiracy theories, take it to the PRSI forum.
 
Thread has been re-opened. Please keep all 9/11 discussion in the appropriate forum, i.e., PRSI
 
I kinda wonder if this is real. Has anybody found their identifier in there?

I downloaded the file and searched for 9 devices I know of and none of them show up.
 
Iconoclysm said:
You would use Windows' native file encryption and deny access without elevated privileges to accomplish that.
Click to expand...

Ok, thanks.

How do you password protect access to achieve the effect while logged in? Set file permissions to admin user and run as standard account? No easier method to password protect and encrypt files by default in Windows?

How do you separate authentication credentials to access the file from a user's account credentials given still associated with a user account credentials? No separation causes the file to be compromised if privilege escalation is achieved. Privilege escalation is much more common in Windows.

A non-default keychain password can be different from any account credentials in OS X. This allows the file to be still protected in the event of privilege escalation.
 
hchung said:
I kinda wonder if this is real. Has anybody found their identifier in there?

I downloaded the file and searched for 9 devices I know of and none of them show up.
Click to expand...

I have not, but, if what I have picked up from other websites has led me to believe, it is most likely these UUID's are with developer accounts and such the like. I could be wrong on that assumption, so take it with a grain of salt.
 
why are people shocked? do people honestly think the government doesn't have info like this? you are living in a dream world if you think they didn't have it.
 
This could very likely be a file/list from an investigation of someone who stole that information. How would the FBI investigate/prosecute such a crime without actually examining the data of the alleged criminal?
 
Mr. Gates said:
Anyone know where to actually see this list so as to do a simple Control-F search and see if your personal UFID is in the list ?
Click to expand...

You actually have to download the encrypted file from the Anonymous blog then decrypt it using terminal. They provide the password. There are instructions on how to do it in this thread. I managed it without having ever run terminal or knowing anything about hacking... Its an 86 mb txt document... That said, I am sure there are decoded versions floating around by now...
 
Steve121178 said:
I used to work for one of the UK's largest networks (I work in I.T.) and the Government used to have a bunch of their servers in our server room. Without going into too much information, the Government can basically take what they want. Some actions required a court order, but there was nothing stopping them doing whatever they wanted. SMS logs, call records, your information - you name it, they have access to it.

All SMS's you send are archived and available for perusal by anyone that wants to look. Ever taken an embarrassing photo and sent it via SMS? It's on the server. Ever sent an SMS message in your life? All of them are archived. They are meant to be deleted after 6 years I think, but they are kept.

All this information can be downloaded to a laptop or whatever. Baring in mind that this information can easily be copied to another laptop and then this laptop can easily be stolen... It's so easy for your personal data to end up in the wrong hands and posted all over the internet, sold to another party or used against you.
Click to expand...

Thanks for sharing that. Too bad England and America decided to use Orwell's 1984 as a plan.

Oh, and at the point where our information became the property of the government is the point where it fell into the wrong hands.
 
28Gauge said:
I think that I would be more worried that Antisec had that data than the FBI.
Click to expand...

And who do you think this "Antisec " is?

Seems rather obvious that the whole thing is designed and fed by the government who have Special Agents working in the media.

I don't know who they have actually caught, but I know everyone who they have publicly prosecuted are reckless dissidents. Little to nothing has been revealed as to how they were actually identified. This is due to very poor legal representation. The EFF refuses to defend anyone charged criminally so they are all thrown to the sharks known as "public defenders. "

Is the EFF even a true opposition?
 
lol they gather all this information and still cant figure anything out seriously you would think they would have better things to do like follow actual leads of criminal activity or iono make sure a guy doesnt dress as batman and walk into a theater and just fires off, or a guy posting on some racist forum attacking a seikh temple , or figure out who burnt a Mississippi mosque to the ground 2 attempts within a month or so .....
 
charlituna said:
Who says its not sanctioned.

It could be that AntiSec is lying about this source of this info to embarrass the FBI and stir up a **** because they don't like that such things can be legal. Such social protests can be used to have it seem like the hackers arent so evil after all.
Click to expand...

Who's saying its not sanctioned? and then, the source is lying to stir up stuff because they dont like that such things can be legal.... I could care less about embarrassing the FBI or the love or hate of hackers. I care about my personal privacy and protections provided by the constitution and the law. No one has stated that the data is garbage and is not legit. I am sure the hackers can produce proof if they want to as to the source, but I doubt they will.

I'm going with its not sanctioned in any publicly known and legally tested way, or the FBI would have owned up to it stating that it was done within the confines of the law. They did not disavow any knowledge, only stating they were not aware of any breach of security. If in fact its sanctioned and legal as a matter of a general collection of data I think we would all know about it. If the data is being collected because 12 million devices are associated with people whom are being investigated and the authorization to collect this information was pursued through legal means such as a FISA court (forget that the F is supposed to mean Foreign) I would be very, very surprised. 12 million devices?

Either way, I am sure a legal action will follow and we will find out soon enough the legal basis asserted for the collection of this data.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back