Posted on 09/03/2014 11:51:20 PM PDT by Swordmaker
After the nude celebrity pictures leak, two Guardian Australia journalists try to break into each other’s iCloud accounts
Accessing someone’s Apple account requires only three things: their email address, their date of birth, and the answers to two out of three security questions. This is assuming they don’t have two-step verification enabled.
If you have all these, you’re able to reset their Apple ID password to one that only you know and then access their iTunes and iCloud accounts. You don’t require access to their email. Once you have access to their Apple ID, you can access recent photos and back-ups if they have these features enabled.
While we don’t know the exact method people used to access celebrities’ accounts, Apple did release a statement which appears to confirm that a method similar to that described above was used.
The main issue with this setup is that if you’re a celebrity, or are someone who has been using social media for a long time and revealed various details about your life, then the answers to the security questions could be available online. Here are a few of the 21 security questions you can choose:
The Guardian has seen forum threads where people have allegedly used the methods above to access people’s iCloud back-ups to obtain photos.
To see how difficult it is to crack someone’s account, we’re going to try and access each other’s accounts and see how far we get.
(Excerpt) Read more at theguardian.com ...
ANSWER: Not easy at all!
If you want on or off the Mac Ping List, Freepmail me. http://www.worldwidehippies.com/wp-content/uploads/2011/04/Obama_Howdy_Doodat.jpg
Be sure and have two-step verification enabled.
Or supply answers which don’t match the questions asked.
What’s your mothers maiden name? %7!%@#
There are a bunch of naked photos of people floating around that says it is easy enough.
But who cares about that when the real important task is to run cover for Apple?
I personally keep all the nude selfies I take of myself and all my passwords and account information on my government computer at work. (sarc for those who have difficulties thinking I’m serious).
Read the article. But you'd rather believe the FUD, in your preferential bias. The photos did not get out because iCloud was cracked or hacked, VanDeKoik, what few accounts that got compromised were breeched because the users allowed themselves to be phished. Researchers have well established how the bad guys got these pictures. . . and one guy went undercover into the group that did it. Where it became apparent they were all upset that one guy broke their code and went "outside" of their trading circles to try and sell images from his collection. They've been getting into celebrity accounts for years. . . by "social engineering." That's why the photographs included long ago deleted pictures, pictures from Windows PC webcams, and photos taken with Android phones. They weren't all from iCloud. Were some massaged from accounts in Apple's iCloud, you bet, but others came from Google, emails, compromised personal computers, wherever these perverts could steal them.
You WANT it to be from Apple's iCloud because that would tie into your extreme case of anti-Apple derangement. That's known as confirmational bias. . . and you do it all the time on Apple threads.
If you work for the IRS, you have nothing to worry about. They'll never be found.
If you work for the EPA, they'll just be lost among all the other porn the employees have been watching at work.
Tell that to the Celebs who had their accounts hacked. Oh but that was probably through a security hole they recently patched. Time to move to one drive.
“Were some massaged from accounts in Apple’s iCloud”
“what few accounts that got compromised were breeched because the users allowed themselves to be phished”
But of course it has nothing to do with iCloud. Apple said so, and some guys rushed in to give a demo of wha they think might have happened, and the church of the Jobs says amen.
It’s those stupid people “holding it wrong”.
“You WANT it to be from Apple’s iCloud because that would tie into your extreme case of anti-Apple derangement. That’s known as confirmational bias. . . and you do it all the time on Apple threads.”
LOL!
I dont care where it was from, but I can bet that you were clutching your iPhone waiting for someone to give some tortured cover for Apple so you can rush in and say “see, see, all is well. Apple is blameless”. Like you do whenever that company lands in hot water.
Users having guessable passwords is not a security flaw that any company, Apple or otherwise, can fix.
Well... It doesn't. I'm not here to defend Apple but when people are careless with their own passwords and security questions it's their own dumb fault when they get hacked.
I never use actual answer.
Exactly what I was thinking. Choose a different birthday, for instance. Just so long as you can remember.
Hard to remember.
It's better to come up with a system that will generate replicable results, but will somewhat obscure the answers.
One method might be to run your answers through rot13.
echo Zeugma | rot13
Mrhtzn
Yeah rot13 isn't a secure encryption mechanism, but it obfuscates your answer enough to defeat some random joe from guessing it.
Alternately, use a hash program to generate a predictable hash.
echo Zeugma | sha1sum
4a8e7fd115c3b65b01f42fa64c58fc3e8abe960e -
In this case, you can choose the first 8, last 8, or any combination thereof to create a pretty darn good random answer that is yet easily reproducable yet almost completely unguessable.
There are phone apps for hashing text using any of several different hash algorythms.
I'm a nerd, so stuff like this is pretty easy for you, but a little effort expended to obfuscate these kind of answers can go a long way towards ensuring your security from the casual hackers.
No but security holes and unencrypted communications are.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.