Ironically, getting iCloud suggest a password for every site you sign up to will help to secure your accounts. I've been systematically going through all my accounts and having iCloud suggest a safe password. The only accounts with simple passwords are the ones which hold no data and are disposable.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Hackers Remotely Locking Some Macs and iOS Devices in Australia for Ransom
- Thread starter MacRumors
- Start date
- Sort by reaction score
Ironically, getting iCloud suggest a password for every site you sign up to will help to secure your accounts. I've been systematically going through all my accounts and having iCloud suggest a safe password. The only accounts with simple passwords are the ones which hold no data and are disposable.
I kno..... Someone's gonna know what level of angry birds I got to....
Ps. I'm trying to throw in some light comedy relief.. don't get yer panties in a twist guys #
Not all of them.
'snip'
(total: 151)
(source: wolframalpha)
Haha, well done! my comment was meant to take the Mick out of Obama, with his comment on speaking Austrian in Austria.
After looking at the main thread on the Apple support forums here, apparently one person who got hacked said they didn't have an eBay account so it may not be linked to that. Also, another reason I doubt it's linked to the eBay hack is that so far it's only affected people in Australia. If it had been eBay passwords being used, you'd think it'd affect a much wider demographic.
On that same support thread, someone else said that the only other place he reused the same pass was on "Catch of the day" (an Australian online store) so I guess it would be linked to that.
So anyone who uses the same pass on Catch of the Day and iCloud should probably change their passwords pronto.
On that same support thread, someone else said that the only other place he reused the same pass was on "Catch of the day" (an Australian online store) so I guess it would be linked to that.
So anyone who uses the same pass on Catch of the Day and iCloud should probably change their passwords pronto.
Unfortunately Apple's implementation of 2-step verification does nothing to prevent things like this. Logging in to icloud.com is still not protected by a secondary code. IMO this is irresponsible, given how much damage can potentially be done through the site (locking/wiping/tracking devices and Macs, accessing emails and iWork cloud documents etc.).
Better advice. If you currently use the same password for any multiple sites change them now and never use the same password for more than one site.
Its safer to user multiple passwords that you have to write down or use a password manager to remember than to use a couple passwords that you can remember.
At the very least use unique passwords for your most important accounts. Banking, cloud services, Email etc.
Not just Oz/NZ ...
There's a couple of people in the Apple Discussions thread that have said they are in the US with no ties to Australia, and they've been hacked in the same manner as well.
There's a couple of people in the Apple Discussions thread that have said they are in the US with no ties to Australia, and they've been hacked in the same manner as well.
I'm not freaking out, but it's concerning. I run my business off my computer and iphone, as well as a host of other docs that are important.
Pretty impressive hack!!
Interestingly it is affecting a few people outside Australia - in Canada, South Korea and the UK.
Apple ID password for some accounts have not been used elsewhere.
The link could be the devices may have been used on a WiFi network configured to use the unblock-us.com DNS service.
People use the service to bypass geoblocking to access ABC iView, BBC and Netflix from outside the restricted area.
Apple ID password for some accounts have not been used elsewhere.
The link could be the devices may have been used on a WiFi network configured to use the unblock-us.com DNS service.
People use the service to bypass geoblocking to access ABC iView, BBC and Netflix from outside the restricted area.
Yeah but almost all of the population live in a very narrow coastal strip of the country that encompasses only a relatively small part of the actual country.
That this guy lives in Russia complicates things. Most people in Australia live a modest distance apart to some places.
Imagine you've just been mugged. You lost your iPhone and wallet. How on earth do you enforce or ask for a second-step here? All someone has is a password. There is no second device, and someone's recovery code is hiding at home (or stolen with the wallet). It's not that easy. Any generic two-step implementation will kill the whole point of Find my iPhone.
Still, it's way too easy to wipe a phone: all you need is a password. Apple should implement a device PIN or something -- you can't wipe your phone without knowing it's PIN, for example. (And, there is a whole host of other issues with Find my iPhone...for a separate thread.)
In terms of iCloud Keychain, there is no need to worry. Here, Apple does indeed have a PIN, so your password is not enough to compromise this data.
Even with all the evidence of hacks even when people never used their passwords elsewhere, there is still no evidence that Apple itself was compromised. There are many more ways to get passwords from a device itself (i.e. compromised PC), even if they haven't been used anywhere else.
Last edited:
What is clear is that "IT security expert Troy Hunt" has no idea what he's talking about, or does not fully understand Apple's implementation. Two-step cannot stop an attack like this--it only reduces the potential for lasting damage. An attacker could lock a victim out of his/her device, but could not actually change the password, which is a critical step to complete the process (seen in many of the "famous" hacks like this in the past year).
Last edited:
Mapping discrepancies
Looks like people are using the first version of Apple Maps for their information. Please upgrade to iOS 7.
Looks like people are using the first version of Apple Maps for their information. Please upgrade to iOS 7.
Oh yea, this reminds me to finish my two-step verification.
I signed up for it, and it told me to come back in like a week, that there was a mandatory wait period to make sure I requested it. This made me forget about it, and not bother coming back. That feels like it was several months ago.
No other two-step site (gmail, paypal, microsoft, etc.) had this wait period. I can see it beneficial, but it made me forget.
I signed up for it, and it told me to come back in like a week, that there was a mandatory wait period to make sure I requested it. This made me forget about it, and not bother coming back. That feels like it was several months ago.
No other two-step site (gmail, paypal, microsoft, etc.) had this wait period. I can see it beneficial, but it made me forget.
I think that is only implemented if you made a recent change, like changed your password a few days prior to adding 2 factor. I remember when I signed up for it, I didn't have that wait period. But this was when it first came out, and idk if anything changed since then.
This hacking of iOS devices makes no sense, so let's think it over again.
Instead of rushing to blame Apple, why not consider these simple possibilities:
1) iCloud passwords that are easy to guess. A lot of uneducated or uneducable people still use dumb passwords like their daughter's name, their dog's name, etc. The username is not secret. All a hacker needs to know is the password, and a few guesses or dictionary attack may be enough.
Now, the most probable cause:
2) A hacker could add code on a website to pop-up a fake iCloud or GameCenter login prompt. The user would then enter the credentials, and the hacker will use them later to take control of the account and lock it.
Here the flaw is in the naive user; some innocent, some stupid.
This is the same approach hackers use to access the big corporations.
Hackers don't try to hack the firewall or the servers directly; instead they find access among the weakest links: the users.
Instead of rushing to blame Apple, why not consider these simple possibilities:
1) iCloud passwords that are easy to guess. A lot of uneducated or uneducable people still use dumb passwords like their daughter's name, their dog's name, etc. The username is not secret. All a hacker needs to know is the password, and a few guesses or dictionary attack may be enough.
Now, the most probable cause:
2) A hacker could add code on a website to pop-up a fake iCloud or GameCenter login prompt. The user would then enter the credentials, and the hacker will use them later to take control of the account and lock it.
Here the flaw is in the naive user; some innocent, some stupid.
This is the same approach hackers use to access the big corporations.
Hackers don't try to hack the firewall or the servers directly; instead they find access among the weakest links: the users.
No, they should fine Apple for allowing people to have passwords like 'password123'. That would be a good incentive to do more for security.
Either that or people should have to have a suitability exam before being allowed to purchase Apple hardware.
If there is no second device, how do you access "Find my iPhone"? Of course you have to have a second device or access to a computer.
And to be able to log in in case you lose your phone, Apple can simply do what every other major implementation of 2-factor authentication (Google, Outlook.com, Dropbox etc. pp) does: Allow multiple different channels for delivery of the secondary authentication code (e.g. Apple push and email).
Exactly. And to make things worse, it's a password that you have to frequently enter on mobile devices, so it's not practical for users to use a secure, long password.