Posted on 09/01/2014 8:12:52 AM PDT by ConservativeMind
Engadget reports that Apple has fixed a major bug in its Find My iPhone software that allowed hackers to gain access to iCloud accounts. The fix comes just hours after a hacker leaked hundreds of nude celebrity photos on 4chan in return for Bitcoin donations.
Apple's Find My iPhone login page was discovered to have been vulnerable to so-called "brute force" hacks. Hackers are usually locked out of sites if they try to gain access using multiple passwords, but it was discovered that the Find My iPhone API allows users to repeatedly try different passwords. Security researcher Alexey Troshichev revealed that it's possible to combine this exploit with a list of common passwords in order to make a tool that can gain access to iCloud accounts.
(Excerpt) Read more at businessinsider.com ...
Sadly, it's not known if this is what was used.
Apple is going to have a huge black eye for a long while from this. I wonder what the settlements will cost with all the actresses.
I’ll, of course, have to see the photos in question in order to determine the severity of the breech.
I can’t believe they didn’t have some kind of lockout policy. Even a ten-try maximum would be effective against brute-force; you could also establish a modest lockout duration so legitimate users could try again after a set amount of time.
I got an iphone last week. Coincidentally they pushed me a message that I should back it up to iCloud on friday, just before this hit.
Bob Barker and George Clooney can keep it to themselves.
ping
Apparently Justin Verlander cannot.
bkm
Apple has a “ten try” option for our phones to force erasure in the wrong hands, if my memory is correct. But it is optional per phone and does not begin to cover security on APIs and other environmets like iCloud.
These ladies will be dealing with the fallout the rest of their lives. The pics were meant for a specific person. As iPhones default to uploading to the free 5 GB drive space (encouraging us to purchase more to cover our growning data), these women probably didn’t think there was even a concern.
Apple is looking really bad, now. We will still buy the new iPhone 6s, but we will also continue to keep iCloud off.
My new ipad has icloud as my new email address but I don’t have any naked pictures on it. No pictures at all. What else could happen?
There are much better phones out there. Apple has never taken security protocols seriously, so why buy their products?
Your phone contacts, address, notes, email, Passbook credit cards, etc get backed up.
This post will help you understand more:
http://www.freerepublic.com/focus/f-news/3199158/posts?page=44#44
No, there are not any better phones out there. Apple is the top.
I don’t bank, shop or pay bills on line. Personal emails, forwarded jokes and Free Republic, Drudge and occasionally DU. that’s all I do!
In Kate Upton's case, the breech was pretty severe. In the cases of Jennifer Lawrence, Ariana Grande and Victoria Justice, the breech was tasteful, not too over the top, but embarrassing nonetheless.
They probably didn’t overtly think that the automatic backup Apple does would be insecure. The phone has a fingerprint reader, which will “ensure” only you can make payments, when that is unveiled this month.
Each lady is thinking:
“If I don’t specifically share my pictures, why did Apple let them be taken?”
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.