Posted on 01/02/2015 6:34:45 AM PST by SeekAndFind
A hacker has released a tool that he says can break into any iCloud account.
The tool, iDict, uses an exploit in Apple's security to bypass restrictions that stop most hackers from gaining access to accounts.
On iDict's GitHub page, user "Pr0x13" says the exploit used to create the hacking tool is "painfully obvious" and that it "was only a matter of time" before hackers used it to break into iCloud accounts.
The tool is described as a "100% working iCloud Apple ID dictionary attack that bypasses account lockout restrictions and secondary authentication on any account."
(Excerpt) Read more at businessinsider.com ...
btt
Why anyone uses the cloud is beyond me.
Go ahead, put your data out there.
Suckers.
Death to hackers!
Going on 25 years with AOL. Simple and no hacker will waste his time hacking into it.
Yep.... if they hack my account they’re gonna get a lot of pictures of Bentley the dog..... and a bunch of vintage music.
All my pix and documents are in one drive or another. I avoid stuff like the cloud.
Obviously there are issues with cloud storage, mostly with companies who say they’re secure and refuse to do whats necessary.
Most cloud companies are significantly more secure in many ways than your computer.
The reason I never put anything in the cloud. Carbonite backups will probably be targeted too. I predicted this long ago (at least 12 years ago). I always figured the government was one of the forces for making people want to back up to the cloud so they could data mine it.
” But yes, my own personal data goes into an external HD for backups, and that’s it. “
Some time I would like to to see a really good thread on the best way to back up photos for long term storage. Considering data formats changing and electronic methods degrading over time. Maybe not the best topic for a conservative website; but a topic I need to get figured out.
If it’s not on an encrypted drive in your physical possession you might as well post it on facebook or twitter.
Access to any cloud based repository or any server for that matter should be nailed to registered devices or the end user should have the option of turning a registry on. For example, in developing apps for the mobile platforms we built code that looks at the data on each mobile device. There are numerous things in your phone that can be used to fingerprint the phone. A unique fingerprint can be built for that phone and it cannot be spoofed. Once the fingerprint is sent to the server only that device can use the credentials the user has in combination with the fingerprint. This technique means that there are additional layers of hassle, when the user buys a new phone for example. But that can be handled pretty easily.
Why companies don’t implement simple things like this makes no sense.
>!Most cloud companies are significantly more secure in many ways than your computer.
That may be true but it’s like putting a vault of marijuana and crack in a thug neighborhood.
Seems pretty obvious, but people swear that’s just tinfoil talk. I guess having been around since the semi old days of computing gives a different perspective on reality.
When someone tells me that their computer has been hacked and everything has been stolen because someone sent them a joke and it was a hacker scam, I always say the same thing ......... “what.... you only have one computer???”
This sounds like good news for Apple Pay users.
Because of the way it works, Apple Pay is not affected by this.
From what I can tell, it is a crude, brute force approach that will work if you use simple dictionary words as your password, and your email address is known (a given). It apparently samples a known email account and goes through a list of words in a list or dictionary.
If you use a secure password, with random characters, upper/lower case, and symbols, the account will be safe.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.