Posted on 09/03/2014 11:51:20 PM PDT by Swordmaker
Thank you for the tip. I’ll look into using that method coupled with my procedure. Currently I use a thumb drive with a password sheet. Copy and paste routine eliminates the problem of the eventual onset of Alzheimer’s. The thumb drive is pulled following internet uses. This is no country for old men with bad memories.
You might want to look into "Password Safe". It is a great program for keeping track of logins and passwords, and stores the data in an encrypted file. Originally written by Bruce Schneier, the crypto is good, and as it was open-sourced several years ago, there are programs for Mac, Linux and Windows available for it.
That’s not really breaking in, that’s hijacking. If you go that route not only are you in they’re out, it’s an OK way to go if you can’t simply break in for whatever reason, but it is different. Breaking in is the same basic process as any other online resource: figure out their login. It’s probably e-mail and password, maybe ID and password. The hard part is generally the password... unless the person in question ain’t that bright.
When you’re the smartest company in the world and you know damn well that your default security is easy to crack, then why is it still the default? Apple has been passing itself off as the most secure operating system for years, both on the desktop and on your mobile. Why would the average user even think to do anything beyond what the most secure system in the world is already doing?
Apple and their sycophantic fanboys created this mess and now they want to blame the celebs for not doing something that no one was saying they needed to do. The dillholes are Apple execs and their fawning fanbois.
These two Aussies say they couldn’t crack iCloud, but this woman says is was terribly easy.
“All you need is someone’s iCloud password and then, two-factor authentication or not, you can download the content of their iCloud backups in minutes.”
How I Hacked My Own iCloud Account, for Just $200
http://mashable.com/2014/09/04/i-hacked-my-own-icloud-account/
This is all about fanbois running interference for the most secure OS in the world that needed extra effort to actually secure but they couldn’t say that ‘cause it would give the impression that Apple screwed up.
And now it’s coming out that two-part verification wouldn’t have secured these accounts anyway.
“While Apple has offered two-factor authentication on accounts for some time now, there is an omission in that system that hackers are taking advantage of. iCloud backups are not protected by two-factor authentication, and can be installed on new devices with only an Apple ID and password.”
Apple’s Two Factor Authentication Doesn’t Protect iCloud Backups Or Photo Streams
http://techcrunch.com/2014/09/02/apples-two-factor-authentication-doesnt-protect-icloud-backups-or-photo-streams/
If you HAVE anyone's password then of course you've got access.
Let's look at what your linked article claims. . .
In fact, I was able to use an iBrute-like tool to crack my own password (which, to be clear, was chosen to be extremely easy to crack. Like, it was Passw0rd1. Apple wouldn't let me use Passw0rd, but Passw0rd1 was just fine.).
That Passw0rd1 is on the list of the twenty most commonly used passwords. IBrute uses the 500 most commonly used passwords to attempt its breakins. She knew this, so she used one. Whoop-do-doo. Apple warns users who attempt to use passwords such as hers that it is too weak. They have a tool right when you input your proposed password testing its strength. Anyone can SEE immediately how robust their password is.
Had either she or her sister used two-factor authentication, none of this could have worked. I use it. Her sister would have gotten a text on a trusted device with a PIN number that had to be input before going further. NO SECURITY QUESTIONS TO GUESS. A text to her sister telling her someone was trying to access her account, and if it was her, she could continue by entering the PIN. Three chances to get it right, or it's locked. That's it.
It is also noted that the EPPB software she then used also works for multiple platforms, not just Apple.
The application, which costs between $79.99 and $400 depending on the version, can also be used to retrieve backups from Windows Live (now OneDrive) and to unlock access to BlackBerry, BlackBerry 10 and iOS backups.
And again requires the user name and an easily cracked password password. She used her sister's account to break into by changing her password. . . as if she doesn't know the secret details that might be in the security question of her sister, right, sure. That was easy. Try that with a complete stranger. Not so easy, is it?
Then she claims she could sneaker net a USB stick and steal the "iCloud access Token" from all of her colleagues computers and easily break into their personal iCloud accounts with the $400 EPPB Pro version. But, there is a caveat she mentions only in passing as though it's just a minor trivial issue. The target of her nefarious theft—I'm certain she would want to steal this data surreptitiously—must be logged onto his or her iCloud account on their computer with their user name and password for her to steal the Token! Most people are not logged in except rarely. I have logged into my iCloud account on my Mac exactly twice in two years. . . both times to check for a lost email. Other than that, nope. Everything else, I handle on my iPad or iPhone. She's not going to get my Token off my encrypted Macs. . . and not off most anyone else's for the same reason. The odds they will be logged onto iCloud are slim and none. If she's going to rely on a remote malware invasion to get it from a Mac which would lie and wait for some future iCloud connection . . . that's even harder. So BZZZZT! Not happening as easily as she implies.
Guess what, I just tried logging on from my Mac. . . it required Two-factor authentication. . . and I have the token. So that's out too. Oh, well. EPPB is out of options.
So if two-part authentication is the cure, why is it not the default? How did the most brilliant company in the world fail to include, at the most basic level, the one thing that would actually make their system, ya know, secure? And then blame the user of that system? What a bunch of iHoles.
No, for-q, it wasn't. You, because of your irrational anti-Apple bias ignore the facts that have come out and prefer the FUD. Any accounts that were compromised did not get hacked by brute force. The photos were being shown on the anon-ib and 4chan at least five days before IBrute was posted and made available to be used. Apple put the fix on FindMyiPhone a mere twelve hours (at 3:00 AM Monday morning) after IBrute was posted into the wild. The photos didn't gain much attention at first because people thought they were fakes. IBrute, however, suddenly gave them a possible provenance when the guy trying to sell them on 4Chan started claiming he got them by cracking iCloud—a claim he later retracted in a fit of panic when it was pointed out there was a five year FEDERAL prison rap per each stolen pic—and people started looking at them.
Analysis shows the compromised accounts had their passwords changed. They were hi-jacked by having weak, easily discovered answers to their security questions that could be learned through any Fanzine biography. In addition, analysis of the photos on anon-ib and 4chan show they did not all come from Apple's iCloud, but rather from multiple sources, many of them predating iCloud. The photos include pictures taken with non-Apple devices including Windows PC webcams, Android phone selfies, regular digital cameras, some have Tumblr watermarks, etc. They have the hallmarks of being someone's private collection that was being offered for sale. . . and that is what is now being uncovered. Read the following for a better understanding of what's going on in an underground community of perverts who've been privately stealing and trading celebrity nudes for years, and how one of them decided to go outside the network to make more money.
And you didn't bother to read the article. FUD SPINNER.
Of course, that’s still a very big ‘only’. Your email and password are as much protection as almost any service on earth offers you by default — and once a hacker obtains those you’re probably in trouble in any case. The early evidence, and Apple’s statement on the matter, indicates that hackers obtained passwords through guessing security questions, social engineering, phishing or other ‘targeted’ attacks — rather than a leak of the password data itself by Apple. Notably, access to iPhone backups can also be accessed using an authentication token (a file created by iTunes) which can be obtained using malware or phishing — and which does not require a password at all.
There is absolutely no way that anyone could get that token by phishing, because the target of the phishing expedition does not know it! If the target doesn't know the information, and it's not in user files, he cannot give it to a phisher. So that is just pure nonsense!
Getting malware onto a Mac has been a singularly difficult thing to do. The operating system blocks Trojans. . . and if they could get a Trojan on, they'd have access to the photos on the computer directly. Why go through circumlocution to get the backup? We are STILL looking for members of that mythical 600,000 member Macbot that no one has yet seen. And there are still ZERO OSX computer viruses after sixteen years. Perhaps they'll have better luck on Windows.
How about the fact that, like quite a few Freepers who've posted on these threads, not all people have message capable devices. others who have iCloud accounts are children. No devices. Etc. lots of reasons. Choice. Apple strongly recommends it. They regularly send emails extolling its benefits and explaining how to set it up.
“How about the fact that, like quite a few Freepers who’ve posted on these threads, not all people have message capable devices. others who have iCloud accounts are children. No devices. Etc. lots of reasons. Choice. Apple strongly recommends it. They regularly send emails extolling its benefits and explaining how to set it up.”
Choice. That’s your answer. Apple chose to leave their customers iCloud accounts at risk so they could parade around with a “Pro-Choice” banner. After a while you just stop making sense but somehow that doesn’t stop you from posting.
Apple will eventually make two-factor authentication the default and act like they were planning to do that all along. That’s actually good news for Apple fans. Instead of making excuses, you should be celebrating.
You always find the negative when it comes to Apple, Leonard. For you, the glass is always half empty. How did you like the donations Gates and Balmer made to the Gun Grabbers.
Now sword, personal attacks are not rational. But no one is attacking you or apple. You seem to have more faith on the mainstream press than the rest of us.
For example, it been reported that healthcare.gov was hacked. But they assure us no prsonal data was comprimised. Do you believe this?
Cause even though we all knew there were flaws, are we now to believe no data was comprimized.
See the point?
Quimby, Leonard has a long history. His attitude toward Apple is long, and always negative.
“You always find the negative when it comes to Apple, Leonard. For you, the glass is always half empty. How did you like the donations Gates and Balmer made to the Gun Grabbers.”
My opinion is always honest about Apple, Microsoft, Samsung, et al. I refuse to lie for a them. You, on the other hand...
The application, which costs between $79.99 and $400 depending on the version, can also be used to retrieve backups from Windows Live (now OneDrive) and to unlock access to BlackBerry, BlackBerry 10 and iOS backups.
All you need is someone's iCloud password and then, two-factor authentication or not, you can download the content of their iCloud backups in minutes..
Seriously? What service can one NOT "hack" an account if you HAVE THE PASSWORD???? Ugh. So lets read down a bit farther:
As Nik Cubrilovic outlines in his excellent post on the data theft, there are a few common vectors (that is, attack holes) for obtaining an iCloud password. Cubrilovic lists them in order of popularity and effectiveness:
Password reset (secret questions / answers)
Phishing email
Password recovery (email account hacked)
Social engineering / RAT install / authentication keys
In other words - the EXACT same methods that prey on idiots that are totally effective on ANY and ALL services - regardless of platform, computer, or software company.
+1. The Apple cult is in full damage control mode.
Actually, with the two-factor system, the attacker would also have to have in his possession one of the target's designated secure devices capable of receiving a text message to receive the unlocking PIN number. That's a totally higher level of difficulty to overcome than just acquiring the password and security question answers. Not impossible, but extremely difficult.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.