Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: for-q-clinton
"But security features that would have prevented the celebrity iCloud episode -- like requiring a text message as a second passcode -- are precisely an engineering problem. To Apple's credit, it eventually added that crucial feature to iCloud."

The "fappening" was not a failure of Apple's security. Apple already had two factor identification in place before any of the others implemented it. . . But the celebrities accounts were NOT compromised by hacking their passwords. They were compromised by social engineering their security questions. . . which only worked because they WERE celebrities and they published the answers to such questions in fanzine biographies. This is an example of this article not having a clue about the topic it is talking about.

8 posted on 06/05/2015 6:30:55 PM PDT by Swordmaker ( This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Swordmaker

“Apple already had two factor identification in place before any of the others implemented it”

A quick search would show this to be false. Google implemented two-factor authentication in 2011, while Apple implemented in 2013:
http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html
http://www.cnet.com/news/apple-adds-two-step-verification-option-for-apple-ids/

Furthermore, the initial implementation of two-factor authentication didn’t apply to iCloud backups:

http://arstechnica.com/security/2013/05/icloud-users-take-note-apple-two-step-protection-wont-protect-your-data/
http://money.cnn.com/2013/05/30/technology/security/apple-security/

Apple actually made it difficult to use two-factor authentication at the time of the fappening (3-day waiting period?):
http://www.dailydot.com/technology/apple-icloud-two-step-verification/

Of course, that all seemed to change once the fappening happened:

http://www.dailymail.co.uk/sciencetech/article-2759293/Apple-beefs-iCloud-s-security-Two-step-verification-adds-extra-layer-security-phone-ups.html

“But the celebrities accounts were NOT compromised by hacking their passwords. They were compromised by social engineering their security questions. . . which only worked because they WERE celebrities and they published the answers to such questions in fanzine biographies. This is an example of this article not having a clue about the topic it is talking about.”

You have no way of knowing this, the only people who know how it was done are the people who did it. Besides vague statements of how it could have been done, there is little evidence floating around about how it was actually done. One way, as even Apple-loving websites admit, was a brute-force attack that exploited a flaw in the “Find My iPhone app”:

http://www.cultofmac.com/297709/apple-aware-icloud-security-flaw-6-months-fappening/
http://www.engadget.com/2014/09/01/find-my-iphone-exploit/

Before you say “it wasn’t the Find My iPhone exploit!” Why did Apple patch it the next day?

http://www.zdnet.com/article/apple-patches-find-my-iphone-exploit/


12 posted on 06/05/2015 7:16:24 PM PDT by Echo4C (We have it in our power to begin the world over again. --Thomas Paine)
[ Post Reply | Private Reply | To 8 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson