Celebrity photo hacking & iPhone vulnerability

Permabear · 03-09-2014 2:54pm #1

This post has been deleted.

smash · 03-09-2014 2:57pm

Permabear wrote: »

This post had been deleted.

Not true.

Permabear wrote: »

This post had been deleted.

Apple was not attacked. For those using the iCloud service, they had weak passwords so I assume it was the same for others using similar services.

wrt40 · 03-09-2014 3:08pm

Permabear wrote: »

This post had been deleted.

Apple are saying it was just good old fashioned phishing:

http://www.pocket-lint.com/news/130661-apple-blames-celeb-nude-photo-hack-on-weak-passwords-not-a-breach

Moral of the story is don't put any sensitive information or files on the internet. Period. But if you must do so then at least use strong passwords and 2 step verification.

syklops · 03-09-2014 4:11pm

Permabear wrote: »

This post had been deleted.

Here is my theory. Said theory is 24 hours old and a lot more information has come to light. I will be updating it with the more up to date info this evening.

Blowfish · 03-09-2014 4:43pm

Permabear wrote: »

This post had been deleted.

Regardless of how they (as above, it's extremely unlikely to be a single attack) got in, to secure iCloud, enable 2 step verification and lie on your security questions as, for example, it took me less than 5 seconds to find out Jennifer Lawrence's mother's maiden name.

smash · 03-09-2014 4:50pm

Blowfish wrote: »

it took me less than 5 seconds to find out Jennifer Lawrence's mother's maiden name.

What's your pornstar name? take your first pet's name and your mothers maiden name and post it here...

All of these things were invented by hackers to get info which would allow them to bypass security questions.

Rucking_Fetard · 03-09-2014 7:09pm

smash wrote: »

Not true.

Whose wasn't?

smash wrote: »

Apple was not attacked. For those using the iCloud service, they had weak passwords so I assume it was the same for others using similar services.

Something like iBrute (just patched by Apple today or yesterday) to get the Password and then Elcomsoft Phone Password Breaker ( to download the whole phone backup), this is meant for law enforcement but anyone can download it. Fact it's knowingly out there should be enough not to use Icloud Apple.

The Apple IDs are out there...no doubt.

After 40 hours of investigation Apple could tell something fishy was going on with some accounts...why havn't they a system in place to lock those accounts down when this is happening?? They don't give a sh1t.

smash · 03-09-2014 8:24pm

Rucking_Fetard wrote: »

Whose wasn't?

The celebs who were on android, the celebs who has Skype videos intercepted....

Rucking_Fetard wrote: »

Something like iBrute (just patched by Apple today or yesterday) to get the Password and then Elcomsoft Phone Password Breaker ( to download the whole phone backup), this is meant for law enforcement but anyone can download it. Fact it's knowingly out there should be enough not to use Icloud Apple.

The Apple IDs are out there...no doubt.

After 40 hours of investigation Apple could tell something fishy was going on with some accounts...why havn't they a system in place to lock those accounts down when this is happening?? They don't give a sh1t.

The iBrute attack was just a brute force attack which can be done on any site, and it wasn't done on iCloud because it would have been caught. It was done through a security flaw in findmyphone which allowed multiple tries and it was patched within 24hours of iBrute being released. This was an attack by a group and it's been going on a long time as iCloud doesn't hold full phone backups and space is limited to 5gb unless you subscribe. So I'm guessing the hackers gained access ages ago and checked for new content regularly.

Rucking_Fetard · 05-09-2014 2:15am

How I Hacked My Own iCloud Account, for Just $200

same ol sh1te · 05-09-2014 8:01am

Rucking_Fetard wrote: »

How I Hacked My Own iCloud Account, for Just $200

Just came to post that, very poor security by Apple

smash · 05-09-2014 10:06am

Rucking_Fetard wrote: »

How I Hacked My Own iCloud Account, for Just $200

The basic "professional" version of Elcomsoft's EPPB allows users to download iCloud data with a username and password.

It's still down to poor password choices by people and they way he's explained it, you do all the work to get the password and then just feed it to the software so it can download.

For $400, the forensic version of the software goes one step further: You don't even need access to the password. You just need to have remote or physical access to a machine where someone is logged into the iCloud control panel.

If you had this access, then you can access the physical backups on the machine so you wouldn't need iCloud at all.

Rucking_Fetard · 06-09-2014 2:48am

smash wrote: »

.

How much Apple stuff do you have????

Tim Cook Says Apple to Add Security Alerts for iCloud Users

To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time.

Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.

Apple said it plans to start sending the notifications in two weeks. It said the new system will allow users to take action immediately, including changing the password to retake control of the account, or alerting Apple's security team.

Blah Blah, should've been done before hand.

"We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are," said Mr. Cook.

Apple is battling to preserve its reputation for looking after its users ahead of a major product announcement next week. The company is facing the type of negative publicity that it usually has managed to avoid, a situation magnified by the popularity of the victims.

Outraged, this is priceless stuff. Pissing off a few Celebs rages (frightens) them.

Nothing about another year of poor working conditions in far off china, Aluminium shavings in the air, forced unpaid overtime on 16 year olds, dumping of industrial fluids and waste into groundwater and nearby rivers.

Having workers still use Benzene when theirs perfectly good safe alternatives, just so they can make an extra dollar profit per phone.

Dirty rotten company.

What to say about brain washed folk that buy their stuff....mercy....

same ol sh1te · 06-09-2014 5:41am

Tim Cook should hang his head in shame like Sony did, hopefully people will open their eyes and not blindly trust any company

industrialhorse · 08-09-2014 11:05am

I have never used nor was ever interested in any Apple product, even their futuristic looking iMacs back in the late 90's. It is fair to say I will never bring myself to using one, even if they are somehow enforced on people by a new world order in 2025 (I shall be armed with a Nokia 3210 to fend off the iNazi's):pac:

Rucking_Fetard · 26-09-2014 2:14am

Apple knew of iCloud security hole 6 months before Celebgate

Balic’s brute-force iCloud attack is not his first vulnerability report to Apple. In June 2013, he identified a security flaw in the Apple Developer Center. According to Balic, the website was almost immediately taken down, but he says his report received no response from the company. In a press release issued a few days later, Apple described a “security threat” and claimed that “an intruder attempted to secure personal information of [registered developers.]”

Unhappy with how Apple handled his report and concerned that law enforcement was investigating their accusations, Balic went public in the form of a comment on a TechCrunch article. He later uploaded a YouTube video, which he says contains proof of his discovery.

Apple later acknowledged Balic for reporting a cross-site scripting (XSS) vulnerability on its Web Server notification page.

Screen_Shot_2014-09-23_at_3.57.50_AM.png

lol at this bit, never mind their millions of users Data, a whiff of their own developers Data at risk though and the site is down in a flash.

And then the Rotten fruit company tries to say they had an attempted breach when in fact they were responsibly notified. Scumbags.

smash · 26-09-2014 12:40pm

While the exploit Balic says he reported to Apple shares a stark resemblance to the exploit allegedly used in the so-called "Celebgate" hack, it is currently unclear if they are the same vulnerability.

So did they know about it? Not if it wasn't the same vulnerability!
Well was it the same vulnerability? Nobody knows, but hey... don't let the truth get in the way of a good news story.

Celebrity photo hacking & iPhone vulnerability

Comments