Apple Just Patched A Security Flaw In iCloud

Business Insider ^ | September 1, 2014 | James Cook

[ConservativeMind]

Engadget reports that Apple has fixed a major bug in its Find My iPhone software that allowed hackers to gain access to iCloud accounts. The fix comes just hours after a hacker leaked hundreds of nude celebrity photos on 4chan in return for Bitcoin donations.

Apple's Find My iPhone login page was discovered to have been vulnerable to so-called "brute force" hacks. Hackers are usually locked out of sites if they try to gain access using multiple passwords, but it was discovered that the Find My iPhone API allows users to repeatedly try different passwords. Security researcher Alexey Troshichev revealed that it's possible to combine this exploit with a list of common passwords in order to make a tool that can gain access to iCloud accounts.

[Swordmaker]

Apple never cornered the market on phones even though they want people to believe they did.

No, Kirkwood, they don't even want to "corner the market on phones." They don't even compete in the low end of the cellular phone market. They've never even implied they've gone after "market share," because Apple is far happier taking home the lion's share of ALL cellular phone manufacturing profits! Jay Yarrow reports in the February 14, 2014, Business Insider:

Analyst Tavis McCourt at Raymond James estimates Apple has 87.4% of smartphone profits. (that's worldwide profits, Kirkwood — Swordmaker)

The next closest is Samsung, with 32.2% of smartphone profits.

Yes, those numbers add up to over 100%. (119.6%—S) That's because everyone else is losing money, and so McCourt gives the rest of the world's phone makers negative profit share. — Apple Collects 87% Of All The Profits In The Smartphone Handset Industry

I should point out that McCourt is not the only analyst who has come to this astonishing conclusion. . . every conclusion from analysts who follow the cellular phone market's financial figures are in the same ballpark.

On the other Market Share hand, in the United States, Apple iPhones were the top selling brand, bar none, with 41.9% of the market last quarter, followed by Samsung at 27.8%, LG with 6.5%, then Motorola at 6.3%, and HTC at 5.1%. Yes, I know those total 45.7% which is more than Apple's 41.9%, but Apple is still the number one top selling brand in the US, regardless of irrelevancies like operating systems.

Incidentally, Kirkwood, in the same period Apple took home 53% of the worldwide personal computer market profits.

That's one of the reasons Apple Inc stock is selling for $102.50 per share ($717.50 pre split adjusted) an all time high!) and it's market cap value is $613.8 Billion, 44.7% higher than the market cap of Exxon Mobile, the second most valuable publicly traded company in the world.

[Swordmaker]

I forgot a category.

Accessories: There is simply no comparison in the sheer number and scope of accessories and devices that can interface with Apple devices compared with the very small numbers made for the various Android devices. These iOS accessories run from cases, audio system, FLIR cameras, professional level medical devices, and all the way to automobiles and smart houses.

[Swordmaker]

More reports on analysis of the picture sources say that a lot have “Tumblr” watermarks on them, for whatever that’s worth. Others show Android phones in the selfies as well as Apple phones. Data that shows varied sourcing. Apple has announced they are “Actively investigating IF the data could have originated from breeches of Apple customer accounts.”

[Citizen Zed]

It could be Apple’s use of Amazon cloud space. It could be the NSA losing it’s secret access codes.

[Swordmaker]

It could be Apple’s use of Amazon cloud space. It could be the NSA losing it’s secret access codes.

Apple states on their website that any iCloud personal data on third party storage such as you've mentioned on Amazon's servers is first individually 128bit encrypted, then anonymized, group block compressed in 256bit hexadecimal encryption with no decipherable identity markers, before being placed on any non-Apple servers, so that's not even possible. While the NSA may have access to Amazon's servers, the Apple data is too anonymous and encrypted to use. That data has to be retrieved from the 3rd party back to Apple and deciphered there before being returned to the user.

[Swordmaker]

The Washington Post just put up this interesting theory by Dan Kaminsky of WhiteOps.com:

A theory offered on Twitter by security expert Dan Kaminsky, chief scientist at WhiteOps.com, is that someone who was collecting a cache of the celebrity nudes may have been hacked by the person or people who spread the images online over the weekend. If the photos were collected by a person from different sources over a long period of time, it could explain why some of the images appear to be genuine and others are allegedly fake.

That would explain the melange of photo types.

[oh8eleven]

You're likely to blow through 500MB of data very quickly.
No, not really. First off, with the additional free 500MB, my total will be 1GB. Second, I've turned off my 4G and only use Wi-Fi.
Third, I'm retired and near a PC 95% of the day ... plus I don't have the on-line habits of today's kids.

[Citizen Zed]

"Apple Just Patched A Security Flaw In iCloud"

Did they or did they not just patch a security flaw that they claimed did not exist? How can you be sure there are no more flaws? Apple must allow the NSA wiretapping access via the PRISM program - this is the biggest inherent security flaw, as the NSA has prooven that access to their secret methods has been compromised. Everything stored locally or communicated remotely is so-called metadata. I don't believe Apple, as they have a history of security flaws on their overpriced and overhyped devices: Unencrypted email attachments. Using a "connected" computer to do a system restore via iTunes. Unencrypted USB cable communication. Issues with Bluetooth devices. Trusting every app you buy through their portal. And doing it all without allowing a third party security solution to protect you.

[PreciousLiberty]

"There are much better phones out there."

Not according to customer satisfaction surveys...

"Apple has never taken security protocols seriously, so why buy their products?"

That is absolutely false. In fact, Apple is going the route of making privacy and security a selling point of their products, the opposite of Google who leverages your private data for sales purposes.

If the breach was in fact due to an Apple software flaw, it would be an isolated incident. Every company has them.

On the other hand, with Google you get ubiquitous app security problems.

[PreciousLiberty]

"I have lots of friends who have tried the Samsung options. Not impressed."

Yes, in fact Apple is seeing a lot of iPhone crossover from Android users.

That should explode when the larger iPhone 6 models arrive. One week to go before the announcement... I'll be going to the 5.5" version when it's available.

[Swordmaker]

Did they or did they not just patch a security flaw that they claimed did not exist? How can you be sure there are no more flaws? Apple must allow the NSA wiretapping access via the PRISM program - this is the biggest inherent security flaw, as the NSA has prooven that access to their secret methods has been compromised. Everything stored locally or communicated remotely is so-called metadata. I don't believe Apple, as they have a history of security flaws on their overpriced and overhyped devices: Unencrypted email attachments. Using a "connected" computer to do a system restore via iTunes. Unencrypted USB cable communication. Issues with Bluetooth devices. Trusting every app you buy through their portal. And doing it all without allowing a third party security solution to protect you.

What a load of FUD, Citizen.

Yes, they did patch a security flaw, every tech company has them.

Apple examined the accounts of every compromised celebrity and found that every single one was compromised in the old fashioned way. . . By the attacker guessing their very weak security question answers and simply resetting their passwords. They didn't use Apple's recommended two-factor security.

Apple has NOT signed on with PRISM. When it was revealed, Apple refused to participate and has continued to refuse. There is no "must." Please show those "security flaws" in UNIX, the most secure OS in use today. Apple OSX is one of the four POSIX compliant, certified UNIX trademarked operating systems allowed to be sold under trademark. Apple email attachments are encrypted with the email. I don't know where you are getting your mis-information, but that's what it is. You obviously don't know what you are talking about.

We Mac users will use a third-party security solution to protect us when there is an observed need. In 15 years there has been not one viable virus in the wild for Apple OSX. There are only seven known Trojan families, with about sixty variations, every one of which the OS will identify and block download, installation, or first run.

Frankly, you are ignorant about Apple products and swallow the FUD, hook, line, and sinker.

[Swordmaker]

No, not really. First off, with the additional free 500MB, my total will be 1GB. Second, I've turned off my 4G and only use Wi-Fi. Third, I'm retired and near a PC 95% of the day ... plus I don't have the on-line habits of today's kids.

Ok. You implied your plan was only 500MB. . . but you should be fine with 1GGB so long as it's not shared with another phone and you'd be OK even on 4G. Just don't watch any HIDEF movies and keep the YouTube addiction down.