The affidavit tends to support Apple's insistence at the time that the underlying iCloud technology itself wasn't breached instead, it indicates that users' account names, passwords and security questions were the means of entry, as Apple contended.
As I have described, Reddit and 4Chan user's investigations discovered long before this that the majority of the photos, aside from those that came from iCloud, came from Windows PCs, Android, other digital cameras, and even scanned photographs and would not have been uploaded by Apple Devices to iCloud. It was also found that many of them came from a private group of perverts who traded such pictures after phishing for passwords from the celebrities through other on-line means including befriending the celebrities. The iCloud was only hacked by means of using the "Forgot my password" reset using the answering of security questions and because the celebrities selected questions the answer to which were easily discovered by reading fanzine biographies it was child's play to reset their passwords to something the person breaking in wanted it to be to steal anything he wanted. There was no "hack" of the security of iCloud, but rather a hack of insufficiently difficult questions or answers. Such answers would be almost impossible to learn about the average citizen, but not about celebrities whose publicists put that information out to satisfy the demands of fans.
If you want on or off the Mac Ping List, Freepmail me.
Freepers DID IT! With the help of the Apple Ping list members, the Freepathons went over the top this week! Thanks to all you who dug down deep and gave. . . special thanks to all of you who became regular givers!
Let me guess. Their password was password.
This Thread is useless without Pictures.
Videos would be better though.
The best thing you can do when prompted for these things is to have a system to obfuscate your answers so they'd be unguessable unless someone knows the system you use. It can be as simple as reversing the letters. i.e., 'green' becomes 'neerg'.
Other possibilities would be to rot13 your answer, thus "green" becomes "terra"
or you can hash it using any of several available hash algorithms.
Here is "green" passed through some hashes
md5sum: 9f27410725ab8cc8854a2769c7a516b8
sha1sum: bc74f4f071a5a33f00ab88a6d6385b5e6638b86c
sha224sum: c8b29243e82a83e40317ca514c43b5ceb291abb7bf59c4eafa8e190d
sha256sum: ba4788b226aa8dc2e6dc74248bb9f618cfa8c959e0c26c147be48f6839a0b088
You don't have to use the entire string the first or last 8 or so characters would be sufficient.
Yes, this is a pain.
However, it protects your accounts from malicious folk. It also makes it so that you're not giving valuable information to folks that they can use to hack you.
Picture this: you sign up for a website, and they use "security questions". However, unknown to you the website has been hacked, and the site stores your answers as plain text in a database. Now the malicous individual or organization now has a bunch of your answers to these security questions. Suckage
One thing to keep in mind when using this kind of system is that you should be consistent, or at least have a record for each site you use as to what method you used to generate it. Keep in mind that consistency may sound like a good idea, but it still opens you up to someone getting the string you use. i.e., if you always answer "terra" for when the answer is 'green', then it really doesn't matter what method you use, because someone might know what your answer is.
I'm more paranoid than your average bear, so I have a program that keeps track of all my passwords and stuff. The data used by this password program is maintained in an encrypted file, and I put information about the method used to generate any "security" answers in the comments for the entry for that site. Thus, knowing that 'green' on site A is 'terra', won't help you to know the answer to what 'green' is on another one.
One final note: make absolutely SURE whatever method you use is reproducible, and that you have a record of your method that you're not going to use when your hard drive dies. (You do have backups right?)
If I had any interest in seeing naked “celebrities” I would just go to more movies.