Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

iCloud accounts at risk after hacker releases tool allowing access to any login
MacDailyNews ^ | Friday 02 January 2015

Posted on 01/02/2015 8:37:14 PM PST by Swordmaker

“All iCloud accounts could be vulnerable to hacking by a new tool that claims it can break into any user’s login,” Andrew Griffin reports for The Independent. “The tool claims to use an exploit to get through Apple’s security.”

“It uses a ‘dictionary attack’ to get into accounts — a hack that involves automatically trying a number of passwords until the right one is found. Sites usually have locks in place to stop such an attack, by only allowing a certain number of tries of one password, but the tool claims to be able to bypass those,” Griffin reports. “A number of posters on Twitter and Reddit claimed to have used the tool successfully.”

“If it does work, setting up two-step verification — which requires users to enter a code sent to their phone — could keep such an attack at bay,” Griffin reports. “The creator of the tool said that they had released the ‘so Apple will patch it.’ But other security activists criticised the leak, and said that the user, who calls themselves pr0x13, should have informed Apple of the problem… iCloud vulnerabilities were also thought to be used to steal hundreds of leaked pictures of celebrities in what was called ‘The Fappening,’ in August and September.”

(Excerpt) Read more at macdailynews.com ...


TOPICS: Business/Economy; Computers/Internet
KEYWORDS: hackers; icloud; maccult; privacyrights
Navigation: use the links below to view more comments.
first previous 1-2021-4041 next last
To: dragnet2
If ya believe that you'll believe anything. A sucker born every minute...

No, I know what I am talking about. You, obviously, don't. You will assume the worst. The fact is that the government is trying their damnedest to get Apple to open up the iCloud accounts and are royally p!ssed off that they will not do so. They have threatened all kinds of legal action about it. Apple has just told them they literally cannot comply because they simply DO NOT HAVE THE KEYS or the means to decipher the data they have stored. "Gee, we'd like to help you, but we can't." and "No, we don't own this data, talk to the owners."

You can "Yukyuk" all you want, but you have no clue about Apple's business model and fail to understand their history. They have done such things in the past. Dragnet2, "tens of millions" is mere chicken feed for a company that has $170 BILLION in cash on hand, more liquid cash than the US Government has on hand. Apple is worth more than every business in Russia. . . Apple looks on this as an enhancement of their ecosystem that causes their customers to buy their products and stay with them as customers. For Apple, customer satisfaction and delight is the goal. They understand that if you take care of that, profits will take care of themselves.

You and all the other corporations who chase the bottom line have chosen to forget that pleasing customer is the purpose that keeps the money flowing in. Tick off the customer by abusing them, and they will flee your company. That means ABUSING them by using their data for anything that will compromise their privacy. . . or sharing it with anyone else—including the government—when you tell them you will not. Apple understands this.

21 posted on 01/03/2015 2:10:58 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Swordmaker
Apple is all about pleasing the customer

Uh huh..No sale.

Nothing is secure and when ya sync using icloud or whatever, it's even less secure. Nothing is free, and if it were even relatively secure, you'd be charged for it. Bet the rent.

Nothing is secure, learn it.

22 posted on 01/03/2015 2:22:13 PM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Swordmaker

BTW, I use some Apple products, but none of them, or anything else I own are voluntarily synced to icloud or anyone else offering those remote data storage services in the clouds.

But feel free use your electronic devices as you wish.


23 posted on 01/03/2015 2:31:43 PM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 21 | View Replies]

To: dragnet2
BTW, I use some Apple products, but none of them, or anything else I own are voluntarily synced to icloud or anyone else offering those remote data storage services in the clouds.

Then you are not getting the full functionality of your Apple devices. Too bad.

24 posted on 01/03/2015 5:04:25 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 23 | View Replies]

To: Swordmaker

It is a hoax. I install T5 systems and 26 variations are required to get in.

Not gonna happen.


25 posted on 01/03/2015 5:12:00 PM PST by eyedigress
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Full functionality comes with a price. It’s why it’s provided to you free of charge.

As I told ya, nothing is free.


26 posted on 01/03/2015 5:22:29 PM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Swordmaker

I don’t know about iCloud but ever since I upgraded to Yosemite, I have lost the ability to get e-mail on my AT&T account. Any help getting that back would be appreciated. Thanks in advance.


27 posted on 01/03/2015 6:02:51 PM PST by NCC-1701 (You have your fear, which might become reality; and you have Godzilla, which IS reality.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: dragnet2
Nothing is secure and when ya sync using icloud or whatever, it's even less secure. Nothing is free, and if it were even relatively secure, you'd be charged for it. Bet the rent.

Don't you know anything at all about modern encryption? Apparently not.

Too bad. If you did and if you knew that your Apple devices automatically encrypt your data to a 256 bit AES standard BEFORE you upload to the iCloud, you wouldn't be so paranoid. Use a good non-dictionariable passcode and there is NO WAY anyone can decrypt your data. None.

It is obvious, YOU do not know what you are talking about through your hat when you say that "nothing is secure."

There are levels of security, dragnet2.

Apple allows us to use every single character one of the 220 characters accessible from the keyboard in our passcode. . . and your passcode can be up to 256 characters long.

Although Apple does prohibit having any two characters sequentially identical, you are free to do anything else. Essentially, your passcode can be any character string combination. That gives you the possibility of having up to 256220 passcode combinations. Think about that very huge number. Just 16 numeric numbers plus a four digit date code makes it almost impossible for fraudsters to hit on a valid credit card number. Nine numbers in our Social Security numbers makes it almost impossible to hit valid SSNs. Here we have a possible combinations almost infinitely larger than either of those that can be used to encrypt your data.

But it is even better than that, dragnet2. . . because after YOU select your passcode to use, your Apple computer or device entangles that passcode with the 128 bit Universally Unique Identifier (UUID) assigned to your device. Now, that gives 384220 possible passcode combinations. That combined, entangled KEY is then converted to a HASH on your device so that it cannot be reverse calculated from the HASH, and then used to encrypt your data to a 256 bit Advanced Encryption Standard file, unlockable only with the original key. . . which is kept only device.

A Googol, is 10100, a very large number indeed. This number of possible passcode combinations is FAR larger than a Googol.

It is then uploaded by YOU to the iCloud as that encrypted file. Apple does NOT have a key that can unlock it. No one but you can unlock it. THAT, my FReep friend is what is known as secure. If your upload is intercepted by anyone, all they see or record, is gobbledegook, garbage code. Un-intelligible noise.

Most people are NOT going to use a 256 character passcode. But a sufficiently complex shorter one is sufficient.

You are right in that Apple may be required to hand over to the government what they are holding. . . and even be required to help the government gain access to what they have. But what can they do if they do not have the technology to do ANYTHING to gain access to the data they have stored?That is the situation as it stands.

How long would it take to try every possible combination of characters and numbers and symbols that could have been used to encrypt your databy brute force? Good question. Because that is what would be required, unless they can force YOU to reveal your passcode.

Let's assume your Passcode was a short, but complex, 16 character code. Recall, however, that it was entangled with your computer's or device's 128 character UUID, so the base is now 16 + 128 or 220144, not quite so large as the that previous number, but still huge. . . and quite a bit larger than a Googol.

985,624,295,028,035,000,000,000,000,000,000,000,000,000,000,000,000 possible combinations. That's 985 Quindecillion, give or take a few.

If the government's supercomputer could check 50,000 passcodes every second, It therefore test 1.5 TRILLION possible passcodes a year. Let's grant the government agency a 33% faster supercomputer and say they could check 2 TRILLION passcodes a year, OK? That means it would take their supercomputer only a mere. . .

49,281,214,751,401,700,000,000,000,000,000,000,000 YEARS

to check all the possible passcodes to decipher your encrypted file that had been encoded with your 16 character complex passcode entangled with a 128 character UUID. It is possible they could, if they were outrageously lucky, get the data deciphered next week, but it more likely will take them a good portion of 49 Undecillion (1035 Years to break into your data. Double, triple, quintuple, or even multiply the speed of the government's super computer by a factor of 1000. . . it makes only infinitesimal differences in the amount of time it would take to break your passcode. That's the law of very large numbers at work.

Do you expect to still be around for the unveiling of your data? Certainly any pressing reason to know what you have in your files would be long forgotten. . . as would be the human race, the planet Earth, and even our Galaxy!

Me? I kind of doubt it will matter to you, because some Cosmologists and Physicists theorize that at around just one thousand decillion (1033) years from now, proton decay will convert the remaining interstellar gas and stellar remnants into leptons (such as positrons and electrons) and photons. . . and there will be no matter left at all. . . so nothing will matter at all.

Keep your passcode complex and don't let it out of your control. . . and your data is safe and secure on the iCloud. Don't believe the hype about insecurity you are hearing. It is far easier you to LOSE your data than it is for them to steal it from Apple.

Now, do you understand???

28 posted on 01/03/2015 8:13:17 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 22 | View Replies]

To: NCC-1701
I don’t know about iCloud but ever since I upgraded to Yosemite, I have lost the ability to get e-mail on my AT&T account. Any help getting that back would be appreciated. Thanks in advance.

That's odd. What message are you getting? Anything?

29 posted on 01/03/2015 8:19:57 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 27 | View Replies]

To: dragnet2
As I told ya, nothing is free.

As someone with a degree in Economics, I am well aware of that. . . but why do you think Apple charges a higher price for their hardware than other the manufacturers who DON'T provide free services such as 5GBs of storage to their customers but who DO sell space on their products for crap-ware, sell their customers' private information to 3rd parties for profit, use the least costly components with the highest failure rates, and provide only over-seas based tech support because they are selling their hardware at break even or below cost? THOSE manufacturers cannot afford to provide quality no cost services to their customers. . .because they are just barely keeping the doors open as they have chosen to compete for the bottom-of-the-barrel market and are chasing the cut-rate bargain basement competition into oblivion by thinking that PRICE is the only edge in competition. Apple has NEVER bought into that canard. You shouldn't either.

30 posted on 01/03/2015 8:31:25 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Swordmaker
It is far easier you to LOSE your data than it is for them to steal it from Apple.

Read back, I never once implied or suggested it was easy.

I stated nothing is secure, nor is your data you're loading up on icloud, or whatever remote storage system you're syncing to.

You don't have to believe me. As I told ya, you're free to use your electronic devises as you see fit.

31 posted on 01/03/2015 8:35:08 PM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Swordmaker
why do you think Apple charges a higher price for their hardware than other the manufacturers who DON'T provide free services such as 5GBs of storage to their customers

Uh, Apple was charging higher prices for their stuff way before icloud was ever implemented.

But it all don't matter to me as I don't sync and use anyone's remote storage server schemes.

Feel free to do so.

32 posted on 01/03/2015 9:51:51 PM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 30 | View Replies]

To: dragnet2
Uh, Apple was charging higher prices for their stuff way before icloud was ever implemented.

Uh, Apple was always providing free things for their customers as enhancements with their hardware way before anyone else was going bankrupt. . . iCloud is merely another enhancement to their ecosystem. You are MISSING THE POINT.

But it all don't matter to me as I don't sync and use anyone's remote storage server schemes.

Feel free to waste the potential because you are paranoid about it and cannot believe the facts I have outlined for you. . . and swallow the lies. Do some research.

33 posted on 01/03/2015 11:19:21 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 32 | View Replies]

To: dragnet2
Read back, I never once implied or suggested it was easy.

No, you said it was do-able. Tell me how.

34 posted on 01/03/2015 11:20:23 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Swordmaker

There are no lies...Fact is nothing is secure, not NSA, the FBI, Bank of America, Pentagon and or fatcorps like Sony and....Apple.

Get it?


35 posted on 01/03/2015 11:22:24 PM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 33 | View Replies]

To: dragnet2
There are no lies...Fact is nothing is secure, not NSA, the FBI, Bank of America, Pentagon and or fatcorps like Sony and....Apple.

You aren't paying attention, dragnet2. You apparently are a true believer in what you believe. Sad. Paranoia is an illness. Not everyone is out to get you. . . and sometimes they simply do not have the capability to do it. Sony was an inside job by someone who had the passwords.

Even if an insider at Apple has the passwords, and the will and intent to break into your data, if they don't have YOUR passcode, they CANNOT get into your data. That makes it an impossibility for them to get anything out of the files they hold for you. They cannot be decrypted until they are back on your device or in your computer and YOU input YOUR passcode. Only THEN can your data be unscrambled and you can access what you put in there in the first place.

What do you fail to understand about that? Even Apple CANNOT GET INTO YOUR DATA! Only YOU have the key. ONLY YOU! NO ONE ELSE! There is no way to decrypt it with out your key. You simply cannot be that dense. But, I guess, maybe you are.

36 posted on 01/03/2015 11:54:33 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 35 | View Replies]

To: dragnet2

I have explained how your files are LOCKED. You hold the key. Again, I have challenged you. You assert they are not secure. I say they are. The ball is in your court: HOW ARE THEY GOING TO UNLOCK THEM WITHOUT THE KEY KNOWN ONLY TO YOU????

You don’t answer because you don’t have one.


37 posted on 01/03/2015 11:58:12 PM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 35 | View Replies]

To: Swordmaker

OK, Apple is totally 100% secure and has nor will ever be compromised. It’s a convenient service, offered by people who care more about them than profit.

I understand. OK~


38 posted on 01/04/2015 12:05:58 AM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Swordmaker
HOW ARE THEY GOING TO UNLOCK THEM WITHOUT THE KEY KNOWN ONLY TO YOU????

You don’t answer because you don’t have one.

Relax, this is not about me. I'm not part of the hacker community and certainly not involved at the professional level in compromising systems/networks biz. I'm an innocent spectator. I'm simply telling you the basic facts of life. Nothing is secure. Learn it.

39 posted on 01/04/2015 12:20:18 AM PST by dragnet2 (Diversion and evasion are tools of deceit)
[ Post Reply | Private Reply | To 37 | View Replies]

To: dragnet2
Relax, this is not about me. I'm not part of the hacker community and certainly not involved at the professional level in compromising systems/networks biz. I'm an innocent spectator. I'm simply telling you the basic facts of life. Nothing is secure. Learn it.

I am quite relaxed, dragnet2. I am amused at your ignorant attitude. I challenged you because I was certain of my educated position and knew that you did not have any evidence to back up your position. None, nada, nothing, except your unsupported, irrational fear and paranoia about using something that is actually safer than keeping your data on your own computer and devices. . . where the authorities KNOW they can find it and can get at it easily by the simple means of taking it from you, either legally or not.

So, now, in other words, you, a dilettante, an amateur, is telling someone who has worked with computers and computer security for 30 YEARS, that YOU KNOW BETTER than he does his line of work. . .

Do you know how arrogant you are? "LEARN IT," you say?

I'm trying to educate YOU, dragnet2, and anyone on this thread who may still be reading this thread who holds to the myths that there are such all powerful hackers out there who can break this type of storage encryption that YOU seem to think they can! They cannot. I have been trying to show you and them that that ability is mathematically beyond us and the capability of any theory we know.

The point is that just because you repeatedly assert "Nothing is secure" does NOT make it true. Your ignorance is curable by the willingness to learn. . . but stubborn ignorance boarders on stupidity, dragnet2. Stupidity is not curable.

Your computer at your house, your devices sitting in your bedroom are far LESS secure than the data you place in the care of Apple with iCloud.

I told you there are degrees of security, and demonstrated why the data security in place with Apple devices and iCloud is state of the art. . . and you have the unmitigated gall to tell me that you have been smugly arguing with me, who knows what I am talking about and has shown you that I do, from your position of complete ignorance of your position. . . and you remain proud of it. . . and then tell ME to LEARN what you really don't know, to essentially become as ignorant as you????

No, sir, it is NOT going to happen. Enjoy your arrogant ignorance. I am not going to join you in your ignorance or to hunker down in your fear filled bunker.

40 posted on 01/04/2015 11:28:17 AM PST by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 39 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson