| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 137892 | 2014-09-03 00:18:00 | Dont put all your eggs into the one cloud basket | 1101 (13337) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1383181 | 2014-09-03 05:12:00 | We Still Don't Have Assurance From Apple That iCloud Is Safe (finance.yahoo.com) ... But Apple's response still leaves some unanswered questions. If the culprits weren't able to infiltrate iCloud, then how were they able to target individuals? And what, if anything, can Apple do to prevent it? As soon as the statement was released, several journalists and tech pundits pointed out that Apple appeared to be placing the blame on the user, not the fact that Apple IDs seem to be easy to crack if you have the right tools. Apple sure is passing the buck with that statement. — danprimack (@danprimack) September 2, 2014 basically, Apple’s denial of an iCloud breach is that the vulnerability that allowed accounts to be hacked doesn’t count as a “breach" — The real Jon Brodkin (@jbrodkin) September 2, 2014 Apple basically says "You don't know how to do passwords." t.co — Alex Medina (@mrmedina) September 2, 2014 There are several theories as to how the hackers were able to access iCloud accounts. The most prominent one is the so-called "brute force" tactic, which means hackers use advanced software and other maneuvers to guess an individual user's ID and password. Apple's statement implies that hackers did use a "brute force" method or something similar in the recent celebrity photo hack. Here's that excerpt from the statement: After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. But what Apple doesn't say is whether a flaw on its end allowed the hackers to employ brute force methods. Other than enabling 2-step authentication, which requires you to validate your password through a secondary device, there's not much assurance that you're safe from being targeted. Still, as TechCrunch's Matthew Panzarino points out, 2-step authentication won't protect your photos and some other personal data. An Apple spokesperson declined to comment beyond the prepared statement. There's more. As Sam Biddle of Valleywag discovered, celebrities aren't the only victims of iCloud photo hacking. There's an entire message board on a site called AnonIB dedicated to "iCloud rippers" who apparently use similar techniques to steal nude photos from random women. This was going on long before nude photos of celebrities leaked over the weekend. So it shouldn't be a surprise that the narrative has shifted against Apple. Instead of explaining how iCloud user IDs are vulnerable, or why it hasn't heavily promoted 2-step verification, Apple only delivered a delicate statement for the public to go on. We could learn more as Apple's investigations continue, but what we have today isn't very reassuring. Still, this kind of problem isn't exclusive to Apple. Home Depot said Tuesday it was investigating a potential security breach. And the same methods hackers used to access iCloud accounts can be applied to Android phones, Windows Phones, BlackBerrys ... whatever. Until a better solution comes out, your best bet is to enable 2-step (some services call it 2-factor) verification on everything you can. It's not perfect, but it's better than nothing. |
Geek4414 (12000) | ||
| 1383182 | 2014-09-03 05:22:00 | Anybody mad enough to store their personal material on a machine other than their own, deserves what they get. Check out #5 to #7. ;) www.nzherald.co.nz |
pcuser42 (130) | ||
| 1383183 | 2014-09-03 05:39:00 | The old saying, photos or it didn't happen. So seen the photos and so it did happen | plod (107) | ||
| 1383184 | 2014-09-03 08:24:00 | Check out #5 to #7. ;) www.nzherald.co.nz And those wonderful tips came from.................??? :D |
Zippity (58) | ||
| 1383185 | 2014-09-03 08:42:00 | I can't understand why anyone would wish to place documents on someone else's computer for safe keeping. Would you place a lot of cash in a strangers bank account for safe keeping? Hard drives are very cheap these days, so why trust someone else? | mzee (3324) | ||
| 1383186 | 2014-09-03 09:30:00 | Would you place a lot of cash in a strangers bank account for safe keeping? Most of us already do ;) |
pcuser42 (130) | ||
| 1383187 | 2014-09-03 15:29:00 | On The Eve Of What Was Supposed To Be Tim Cook's Greatest Triumph, Apple Is In Disarray finance.yahoo.com Apple Hit By Six-Hour iTunes Store Outage In Midst Of iCloud Crisis finance.yahoo.com |
Geek4414 (12000) | ||
| 1383188 | 2014-09-03 22:15:00 | I cant understand how 'cloud' services would allow brute force password attacks. Am I missing something, is it not that simple ? Surely its security rule no1 that you simple dont allow hundreds/thousands of repeated failed logins trying to guess passwords Surely its security rule no2 that you dont let 'cloud' low level staff have easy access to clients login & pass Surely its security rule no3 that a 'cloud' service would not let its low level staff plug USB sticks into the PC's , and not allow them take list of clients logins & passes home !!!!! |
1101 (13337) | ||
| 1383189 | 2014-09-03 22:19:00 | 2 Step verification....yeah. Whats your mothers maiden name? Whats your pets name? Etc.... As they said on the news, that's easy to find out with celebrities. So shame on all these places that make you use one of these stupid questions. And shame on idiots who put nude pics of themselves on the Internet....cause that's all cloud is, the net. Nothing private on the net as we all know. |
pctek (84) | ||
| 1 2 | |||||