The lesson here: everyone should enable 2-factor authentication for your Apple ID, and Apple should step up and have this it be on by default.
But they would not be able to get your password if you have 2-step verification in place. So if you have it enabled, they should not be able to get your password. So they should not be able to get your backup.
Maybe if people just stopped storing nude pictures of themselves online on third party sites or on devices connected to the internet . . .
Again, having 2 factor authentication on does not matter. You can access iCloud backups without a need to authenticate other than with a username/password. This is the whole problem. Apple 2-factor authentication has serious loopholes because they don't always require it.
----------
Again, not true. As has been reported in many places, some of Apple's servers allowed brute force password attacks and did not lock you out. So all a hacker really needed as a username and they could run a script to figure out the password.
Again, having 2 factor authentication on does not matter. You can access iCloud backups without a need to authenticate other than with a username/password. This is the whole problem. Apple 2-factor authentication has serious loopholes because they don't always require it.
----------
Again, not true. As has been reported in many places, some of Apple's servers allowed brute force password attacks and did not lock you out. So all a hacker really needed as a username and they could run a script to figure out the password.
So the real problem is this brute force attack. Making the verification pop up on every task is not the solution.
Apple has to patch this brute force hack. I honestly didn't even know they have this problem. Usually it locks your account after a number of fails.
I was simply responding to the article and the steps that were posted on here to get your password can be avoided by 2-step verification.
According to the article, Apple said that they patched the "Find My iPhone" brute force attack vulnerability and iBrute was not a factor. My question to that response would be, when did they patch the vulnerability and did the attackers use some other brute force technique other than iBrute?
Just tried the step suggested by these guys.
Well, the security questions are really dumb! I entered an e-mail address of a friend and entered the birthday. Then I was asked: what is your hometown? WTF everybody knows this guy's hometown! I didn't go any further but it made me very worried about my security questions. I'd better enter some password like stuff in the answer fields.
I think you need to change the headline for this article, so you are not claiming that someones opinion is fact.
Hackers Using Law Enforcement Tools to Access iCloud Backups Unprotected by Two-Factor Authentication
Should be changed to:
Hackers May Be Using Law Enforcement Tools to Access iCloud Backups Unprotected by Two-Factor Authentication
OR: Of course they can pretend people just don't do that, everyone is living in a Disney world where nudity doesn't even exist and keep on going the same way.
Glassed Silver:mac
<snip>
While I have some sympathy for the victims, I also believe ignorance is not really an excuse these days.
People have to accept more responsibility for their actions, even if the consequences are far beyond what they initially imagined. The sad fact is in our cottonwool society is far easier to blame everyone else for everything than accept some responsibility personally. If you don't agree then you're part of the problem.
fixed.
people are just plain stupid
Nice little read here. I guess we can say "You're locking it wrong." is the new "You're holding it wrong." catch phrase for the year. Classic Apple stuff folks.
http://www.ibtimes.com/apples-blame...oto-breach-wont-fix-its-trust-problem-1676436
"This is a distinction that customers don’t care about. They will hear, in effect, “It’s not our fault hackers guessed your password.” This blame-the-user mentality is reminiscent of the 2010 release of iPhone 4. The phone’s antenna was exposed externally, and gripping the phone a certain way might cause your call to disconnect. Apple dismissed loads of complaints with what became a party line amounting to a joke: “You’re holding it wrong.”
This is 2014’s “You’re holding it wrong.” Blogger Michael Arrington thinks this is a big problem going forward. “Even if Apple fixes the problem, or has fixed the problem with the patch they just released, they’re still screwed, The damage, the massive damage, has already been done. Because everyone now understands that their phones aren’t secure. Even things they thought they deleted are vulnerable. That’s something that will haunt Apple for a decade.”
the plot thickens
I'm surprised backups don't use two step authentication. This is a bad move by Apple.
Sigh. No.
The 2-factor authentication Apple has set up works specifically to stop people from guessing/researching/finding answers to your "security questions" (by actually eliminating all security questions). This stops them from resetting your password, thus gaining access to your iCloud account, thus gaining access to your iPhone backups.
Therefore it WOULD in fact have stopped the iCloud backup "hacks" conducted, at least those conducted by the n00bs on AnonIB.
It's just one word, what is the bigg diff?
People are going a little overboard here.
If you have 2-step verification it stops the hackers at step 4.
Instead of getting simple security questions, they will get the only option of putting in your recovery key. Which they cant get.
To reset your recovery key you would need one of the verified devices. And if they have your device they can probably just plug the phone to iPhoto unless you lock it with FindMyiPhone.
So to be protected ENABLE 2-STEP VERIFICATION!!
Then set up 2-factor authentication. There will no longer exist any security questions for your account. Problem solved.
If, and that obviously is an IF, that is what happened then Apple should not claim that the images were not stolen due to weaknesses in their security. In fact, this is an even bigger potential hole in their security in my opinion. And to those who want to make it the victims fault that these photos were stolen: You are messed up in the head.
Just tried the step suggested by these guys.
Well, the security questions are really dumb! I entered an e-mail address of a friend and entered the birthday. Then I was asked: what is your hometown? WTF everybody knows this guy's hometown! I didn't go any further but it made me very worried about my security questions. I'd better enter some password like stuff in the answer fields.