If you haven't already, DO activate two factor authentication for Apple iCloud account access. — PING!
Apple Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 01/02/2015 8:37:14 PM PST by Swordmaker
“All iCloud accounts could be vulnerable to hacking by a new tool that claims it can break into any user’s login,” Andrew Griffin reports for The Independent. “The tool claims to use an exploit to get through Apple’s security.”
“It uses a ‘dictionary attack’ to get into accounts — a hack that involves automatically trying a number of passwords until the right one is found. Sites usually have locks in place to stop such an attack, by only allowing a certain number of tries of one password, but the tool claims to be able to bypass those,” Griffin reports. “A number of posters on Twitter and Reddit claimed to have used the tool successfully.”
“If it does work, setting up two-step verification — which requires users to enter a code sent to their phone — could keep such an attack at bay,” Griffin reports. “The creator of the tool said that they had released the ‘so Apple will patch it.’ But other security activists criticised the leak, and said that the user, who calls themselves pr0x13, should have informed Apple of the problem… iCloud vulnerabilities were also thought to be used to steal hundreds of leaked pictures of celebrities in what was called ‘The Fappening,’ in August and September.”
(Excerpt) Read more at macdailynews.com ...
Even the "Fappening" was not accomplished by breaking the passwords to iCloud. . . and most of the images that were leaked did not come from iCloud, but rather from a community of perverts who trade celebrity compromising photos among themselves and work to hack into the celebrities' computers and phones directly by researching their bios to get clues to passwords and security questions. — Swordmaker
If you want on or off the Mac Ping List, Freepmail me.
Have a linky to that process? I have no idea what my iCloud pswd is or when I would even use iCloud, except as a backup when I get a new phone.
Hey texas booster, how are ya?
If you want to change your iCloud password, try this on your iPhone:
1.) Touch gear icon (setting) to open
2.) Scroll down under Privacy to iCloud, touch to open
3.) If you don’t remember your password, you can click on the “Forgot Apple ID or Password” link, and it will email a message to help you reset your password. If you set up an iCloud account, I think you have to give them an email, so if you don’t get an email back, then you either never set up an account, or don’t have that email address anymore.
Go to iCloud.com. . . and recover your password using your security questions. Then there will be an option to setup two factor authentication. You will need a way to get the authentication code. . . a phone that can receive a code by instant messaging or by email to a computer that Apple knows is yours. . . or I believe a phone call.
This link might help to re-set Apple ID password.
https://iforgot.apple.com/password/verify/appleid
The Five Hundred Most Commonly Used Passwords
Out of the 500 passwords, only 18 would pass Apple's test to be acceptable passwords for iCloud use, containing a number, upper and lowercase letters and a symbol.. . . and those 18 use the @, $, !, or comma as their symbol. No imagination at all. The rest do not pass muster and would be rejected.
I really want to know why the password
1941.Salembbb.41
Is on the list. Who belongs to that password that it is so ubiquitous?
Is it possible this is the password of the hacker who wrote this thing?
General comment — I wish it wasn’t so darned difficult to switch to numbers and symbols on the iPad. My fingers work a pattern/rhythm on a PC keyboard which soesnt work on the phone or iPad.
This is about #300 on the Github common pw list: 1941.Salembbb.41
If THAT is common, then I’m a billionaire.
Who backs up anything except itunes and pictures to the iCloud anyway? Will they steal my big music library? Good luck with them clogging up their servers with that gigantic eclectic media collection.
The more than 6,000 hiking pictures are scary even to me when I sync to a new devide.
I think it might be the "hacker's" password that he put in the list to test his script. . .
Don’t sync to anything....They’ve spent tens of millions developing and creating Cloud etc and they offer it for free?
Ya think if it was secure it would be free?
lol....
They want your stuff, your data, your info, everything.
Don’t sync to anything...
Good assessment, and the same as my own. I stopped reading after I saw “dictionary”, and jumped right to the comments.
It could possibly be a hoax. To me though it (using iCloud) might as well be an invitation to the NSA to go to iCloud for one-stop data shopping instead of having to pilfer through all the millions of individual data sources out there. Much cheaper.
Yes, it is secure. Apple is in the business of selling hardware and their ecosystem. This is one way they ad value to their hardware. The first 5GBs are free. They charge for upgrades in that capacity. . . but it is fairly reasonable and coming down.
Apple is NOT in the business of selling your data or information like Google is. They have no interest in it except to store it for you, unseen. For Google, YOU are the product they sell. . . their primary product. For Apple, you are their valued customer, and the last thing they want is to make you angry or upset.
As for secure? Apple itself does not have access to your data, nor can it decipher it without your passcode, which you don't even keep on your devices. Apple adds a 256bit AES grade encryption on top of your own 256 bit encryption which uses your own passcode which is entangled with your device's UUID, before it is uploaded to the iCloud. When received it is anonymized, split into four chunks, mixed with other people's data, and then encrypted and stored. Only YOU can retrieve your data. Apple cannot give your data to anyone because they cannot decrypt it to give it to anyone. While they can pull chunks of data in response to a subpoena, all they can provide is encrypted gobbledegook.
If they were forced to give the authorities their own decryption key. . . they could decrypt the already encrypted stuff. . . and have MORE gobbledegook. Which without YOUR key, they cannot even tell which is your data. Do you know how long it would take to brute force decipher your passcode from all that? Even using the fastest supercomputer in the world, it would take more time than there is left before the Universe dies from heat loss. . . but it is even worse than that. Remember I told you your passcode is entangled with your devices UUID? The only way it can work is FROM your device. . . so that cannot even attempt it except from your device, which is NOT a supercomputer.
It is secure.
The government is ticked off at Apple because they refuse to play ball with the government's various surveillance programs, or even let them look at the data that is stored in the iCloud, even with a search warrant, now. Apple itself cannot decipher users' data. They simply do not have the keys. The users' keep their own keys.
I use my own “on-line” backup. I have one of those Net storage drives I can access from my devises over the ‘net.
Wow! Being an Apple disciple I was sure their iCloud service went to great lengths to be secure, but I had no idea how sophisticated it is. Thanks for the easy-to-understand explanation!
Yes, it is secure.
If ya believe that you'll believe anything. A sucker born every minute...
Only YOU can retrieve your data
Feel free to sync your stuff and keep telling yourself Apple and others are spending tens of millions developing this stuff and then offering it for free of charge because they are such nice corporate people...
yukyuk
Someone gets it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.