Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
iCloud Leak
Old 09-01-2014, 04:23 PM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,883
iCloud Leak

So much for safety in the cloud if the entrance isn't protected

Quote:
The apparent leak of hundreds of naked photos purportedly belonging to more than 100 high-profile singers, actors and celebrities has raised questions of the safety and security of digital services.
Quote:
Although Apple’s encryption on the data itself is considered robust, access could have been gained through more indirect means - such as guessing users' passwords or simply resetting their accounts by finding their email address and then answering traditional ‘security questions’.
Is Apple's iCloud safe after leak of Jennifer Lawrence and other celebrities' nude photos? - Gadgets and Tech - Life and Style - The Independent
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-01-2014, 04:28 PM   #2
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,406
Quote:
Originally Posted by easysurfer View Post
So much for safety in the cloud if the entrance isn't protected
From the article
Quote:
Although the involvement of iCloud has not been confirmed
__________________

__________________
MichaelB is offline   Reply With Quote
Old 09-01-2014, 06:01 PM   #3
Thinks s/he gets paid by the post
powerplay's Avatar
 
Join Date: Oct 2008
Posts: 1,380
Oh my gosh, what a surprise!
__________________
powerplay is offline   Reply With Quote
Old 09-01-2014, 06:05 PM   #4
Moderator Emeritus
aja8888's Avatar
 
Join Date: Apr 2011
Location: The Woodlands, TX
Posts: 7,128
......"hundreds of naked photos purportedly belonging to more than 100 high-profile singers, actors and celebrities....."

Clue me in, but is it common for famous people like above to routinely have naked images of themselves on their cell phones and I pads? Am I missing something here?
__________________
aja8888 is offline   Reply With Quote
Old 09-01-2014, 06:12 PM   #5
Full time employment: Posting here.
MuirWannabe's Avatar
 
Join Date: Oct 2009
Posts: 670
Quote:
Originally Posted by aja8888 View Post
......"hundreds of naked photos purportedly belonging to more than 100 high-profile singers, actors and celebrities....."

Clue me in, but is it common for famous people like above to routinely have naked images of themselves on their cell phones and I pads? Am I missing something here?

It is hard to believe. Guess I need to see the evidence for proof



Sent from my iPad using Early Retirement Forum
__________________
“Of all the paths you take in life, make sure a few of them are dirt.” John Muir
MuirWannabe is offline   Reply With Quote
Old 09-01-2014, 06:18 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,883
There is speculation that the brute force method was used to try a lot of passwords since initially things weren't set up to suspend the account after bad attempts. In otherwords..."nope, didn't work..try again"
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 09-01-2014, 06:21 PM   #7
Moderator
Walt34's Avatar
 
Join Date: Dec 2007
Location: Eastern WV Panhandle
Posts: 16,494
Quote:
Originally Posted by MuirWannabe View Post
It is hard to believe. Guess I need to see the evidence for proof
Be careful what you wish for....
__________________
I heard the call to do nothing. So I answered it.
Walt34 is offline   Reply With Quote
Old 09-01-2014, 06:53 PM   #8
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Hai Guys!

Hint: Don't use yur username as yur passwd!

Also: these ones might not be gud either...

SplashData's "Worst Passwords of 2013":
Code:
Rank               Password        Change   from 2012             
1                     123456                     Up 1                                                           
2                     password                   Down 1                                                           
3                     12345678                  Unchanged                                                           
4                     qwerty                     Up 1                                                          
5                     abc123                     Down 1                                                           
6                     123456789                     New                                                           
7                     111111                     Up 2                                                           
8                     1234567                     Up 5                                                           
9                     iloveyou                     Up 2                                                           
10                     adobe123                     New                                                           
11                     123123                     Up 5                                                           
12                     admin                     New                                                           
13                     1234567890                     New                                                           
14                     letmein                     Down 7                                                           
15                     photoshop                     New                                                          
16                     1234                     New                                                           
17                     monkey                     Down 11                                                           
18                     shadow                     Unchanged                                                           
19                     sunshine                     Down 5                                                           
20                     12345                     New                                                           
21                     password1                     Up 4                                                           
22                     princess                     New                                                           
23                     azerty                     New                                                           
24                     trustno1                     Down 12                                                           
25                     000000                     New
(Any time someone can hack this many accounts using an online dictionary attack, weak, weak passwords are the thing. All a provider can do is slow the attack's progress, and enable a denial of service attack variation.)
__________________
M Paquette is offline   Reply With Quote
Old 09-01-2014, 07:03 PM   #9
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Oh, and the thing about anything 'secret' that exists? It will leak out eventually.

If something is too embarrassing to be let out, perhaps it is best to not do that. Applies to movie stars, athletes, and governments alike.

Everything leaks. Everything.
__________________
M Paquette is offline   Reply With Quote
Old 09-01-2014, 07:25 PM   #10
Thinks s/he gets paid by the post
ls99's Avatar
 
Join Date: May 2008
Posts: 4,792
Years ago at a company I spent some time hired a high priced Computer security consultant company. Their pass word was #24 on the list. I broke it on my fourth try. And I never was a computer geek. Did it for the fun of it.

They were shocked I tell ya. Then they changed it to start with capital letter. I did not not tell them about that. Stupid is as stupid does.
__________________
There must be moderation in everything, including moderation.
ls99 is offline   Reply With Quote
Old 09-01-2014, 09:22 PM   #11
Recycles dryer sheets
jetpack's Avatar
 
Join Date: Aug 2013
Posts: 317
The news on this story has been pretty pitiful. From my tech friends, these seem to be collections from various sources (no one single hacking event) .. All the standard online security measures still hold true. Good Passwords. Don't use unsecured networks with non secure connections. Don't carry around unprotected files. etc.
__________________
jetpack is offline   Reply With Quote
Old 09-02-2014, 06:44 AM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,633
Quote:
Originally Posted by aja8888 View Post
......"hundreds of naked photos purportedly belonging to more than 100 high-profile singers, actors and celebrities....."

Clue me in, but is it common for famous people like above to routinely have naked images of themselves on their cell phones and I pads? Am I missing something here?
+1 That was my reaction too. If these people are don't want to share naked photos why take them in the first place? Even more to the point, why dump them into cloud storage? You know at a minimum NSA techs are looking at them.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 09-02-2014, 12:26 PM   #13
Full time employment: Posting here.
Tailgate's Avatar
 
Join Date: Jul 2013
Location: Texas
Posts: 880
Apple has just changed their logo
Attached Images
File Type: jpg TQAOVkU.jpg (14.6 KB, 13 views)
__________________
Tailgate is offline   Reply With Quote
Old 09-02-2014, 03:23 PM   #14
Thinks s/he gets paid by the post
steelyman's Avatar
 
Join Date: Feb 2011
Location: Triangle
Posts: 3,218
I'm not worried about iCloud at all. I do use it from two devices (iTouch and iPhone) but adjusted the settings on what is backed up for storage reasons.

I wouldn't like to see my contact list stolen for the reason of privacy of family and friends.
__________________

steelyman is offline   Reply With Quote
Old 09-03-2014, 08:11 AM   #15
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,406
Well, it seems Apple has acknowledged some user accounts were hacked Apple - Press Info - Apple Media Advisory
Quote:
After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.
According to Apple, iCloud wasn't compromised. ARS Technica has a different view, they see this as a weakness in the iCloud security architecture Update: What Jennifer Lawrence can teach you about cloud security | Ars Technica

Quote:
brute force attack did was test combinations of e-mail addresses and passwords from two separate “dictionary” files. It required knowledge (or good guesses) of the targets’ iCloud account e-mail addresses and a huge list of potential passwords. Because of this weakness, the Find My iPhone service did not lock out access to the account after a number of failed attempts—so the attacker was able to keep hammering away at targeted accounts until access was granted. Once successful, the attacker could then connect to iCloud and retrieve iPhone backups, images from the iOS Camera Roll, and other data.
Have to agree with ARS on this one. Preventing brute force attacks should be the first line of defense. If this is confirmed, it looks like Apple really dropped the ball.

ER forum members should be careful to store their compromising pics somewhere else.
__________________
MichaelB is offline   Reply With Quote
Old 09-03-2014, 08:20 AM   #16
Thinks s/he gets paid by the post
steelyman's Avatar
 
Join Date: Feb 2011
Location: Triangle
Posts: 3,218
Quote:
Originally Posted by MichaelB View Post
ER forum members should be careful to store their compromising pics somewhere else.

I'd better take down my Anthony Weiner-style shot
__________________

steelyman is offline   Reply With Quote
Old 09-03-2014, 08:36 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,633
Quote:
Originally Posted by MichaelB View Post

Have to agree with ARS on this one. Preventing brute force attacks should be the first line of defense. If this is confirmed, it looks like Apple really dropped the ball.

ER forum members should be careful to store their compromising pics somewhere else.
+1. No one should be able to mount a brute force attack on any site. The only reason for brute force attacks should be that they compromised the system and obtained the shadow password file (or whatever systems use these days). Once they have the encrypted password file and know the encryption methodology in use, they can run dictionary attacks off line to their heart's content. If Apple allowed an external source to pound away at an account access interface they really F'd up. If so, it is outrageous that they are blaming the victims. Lets face it, even with social engineering it is highly unlikely that attackers will guess your password and/or secret questions/answers in three attempts.
__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Old 09-03-2014, 09:50 AM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,315
Interesting. I would think that any decent security system would limit the number of consecutive failed logon attempts. After, a certain number of attempts, the attacker would need to answer a security question (keep those answers weird!), use second factor authentication, or even wait for an hour or two before being able to logon again.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-03-2014, 09:51 AM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,315
The use of dictionary words is a very common way to attack an account. The fact that it was used here is another reason to use a random password generator, or some personal algorithm that depends on information unknown to the outside world.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 09-03-2014, 09:59 AM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,883
Quote:
Originally Posted by Chuckanut View Post
The use of dictionary words is a very common way to attack an account. The fact that it was used here is another reason to use a random password generator, or some personal algorithm that depends on information unknown to the outside world.
I'm a fan of using a random password generator. I just updated a few of my passwords with a longer length password.

Now when I get interrogated as to what's my password I'll say "your guess is as good as mine" and won't be telling a lie
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Trunk Leak Mystery TromboneAl Other topics 21 01-04-2011 08:07 PM
Leak from kitchen sink kaneohe Other topics 13 12-26-2010 11:25 AM
Uh Oh, plumbing leak travelover Other topics 8 07-29-2009 12:26 PM
water leak mystery Khan Other topics 22 11-22-2008 10:21 PM
car has a small fuel leak - options? WM Other topics 14 10-21-2008 09:15 AM

 

 
All times are GMT -6. The time now is 04:02 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.