Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Celebrity photo hacking & iPhone vulnerability

  • 03-09-2014 1:54pm
    #1
    Closed Accounts Posts: 39,022 ✭✭✭✭


    This post has been deleted.


Comments

  • Closed Accounts Posts: 34,809 ✭✭✭✭smash


    Permabear wrote: »
    This post had been deleted.
    Not true.
    Permabear wrote: »
    This post had been deleted.
    Apple was not attacked. For those using the iCloud service, they had weak passwords so I assume it was the same for others using similar services.


  • Closed Accounts Posts: 422 ✭✭wrt40


    Permabear wrote: »
    This post had been deleted.

    Apple are saying it was just good old fashioned phishing:

    http://www.pocket-lint.com/news/130661-apple-blames-celeb-nude-photo-hack-on-weak-passwords-not-a-breach

    Moral of the story is don't put any sensitive information or files on the internet. Period. But if you must do so then at least use strong passwords and 2 step verification.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Permabear wrote: »
    This post had been deleted.

    Here is my theory. Said theory is 24 hours old and a lot more information has come to light. I will be updating it with the more up to date info this evening.


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Permabear wrote: »
    This post had been deleted.
    Regardless of how they (as above, it's extremely unlikely to be a single attack) got in, to secure iCloud, enable 2 step verification and lie on your security questions as, for example, it took me less than 5 seconds to find out Jennifer Lawrence's mother's maiden name.


  • Closed Accounts Posts: 34,809 ✭✭✭✭smash


    Blowfish wrote: »
    it took me less than 5 seconds to find out Jennifer Lawrence's mother's maiden name.

    What's your pornstar name? take your first pet's name and your mothers maiden name and post it here...

    All of these things were invented by hackers to get info which would allow them to bypass security questions.


  • Advertisement
  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    smash wrote: »
    Not true.
    Whose wasn't?
    smash wrote: »
    Apple was not attacked. For those using the iCloud service, they had weak passwords so I assume it was the same for others using similar services.
    Something like iBrute (just patched by Apple today or yesterday) to get the Password and then Elcomsoft Phone Password Breaker ( to download the whole phone backup), this is meant for law enforcement but anyone can download it. Fact it's knowingly out there should be enough not to use Icloud Apple.

    The Apple IDs are out there...no doubt.

    After 40 hours of investigation Apple could tell something fishy was going on with some accounts...why havn't they a system in place to lock those accounts down when this is happening?? They don't give a sh1t.


  • Closed Accounts Posts: 34,809 ✭✭✭✭smash


    Whose wasn't?
    The celebs who were on android, the celebs who has Skype videos intercepted....
    Something like iBrute (just patched by Apple today or yesterday) to get the Password and then Elcomsoft Phone Password Breaker ( to download the whole phone backup), this is meant for law enforcement but anyone can download it. Fact it's knowingly out there should be enough not to use Icloud Apple.

    The Apple IDs are out there...no doubt.

    After 40 hours of investigation Apple could tell something fishy was going on with some accounts...why havn't they a system in place to lock those accounts down when this is happening?? They don't give a sh1t.
    The iBrute attack was just a brute force attack which can be done on any site, and it wasn't done on iCloud because it would have been caught. It was done through a security flaw in findmyphone which allowed multiple tries and it was patched within 24hours of iBrute being released. This was an attack by a group and it's been going on a long time as iCloud doesn't hold full phone backups and space is limited to 5gb unless you subscribe. So I'm guessing the hackers gained access ages ago and checked for new content regularly.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Closed Accounts Posts: 1,837 ✭✭✭same ol sh1te



    Just came to post that, very poor security by Apple


  • Closed Accounts Posts: 34,809 ✭✭✭✭smash


    The basic "professional" version of Elcomsoft's EPPB allows users to download iCloud data with a username and password.
    It's still down to poor password choices by people and they way he's explained it, you do all the work to get the password and then just feed it to the software so it can download.
    For $400, the forensic version of the software goes one step further: You don't even need access to the password. You just need to have remote or physical access to a machine where someone is logged into the iCloud control panel.
    If you had this access, then you can access the physical backups on the machine so you wouldn't need iCloud at all.


  • Advertisement
  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    smash wrote: »
    .
    How much Apple stuff do you have????

    Tim Cook Says Apple to Add Security Alerts for iCloud Users
    To make such leaks less likely, Mr. Cook said Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time.

    Until now, users got an email when someone tried to change a password or log in for the first time from an unknown Apple device; there were no notifications for restoring iCloud data.


    Apple said it plans to start sending the notifications in two weeks. It said the new system will allow users to take action immediately, including changing the password to retake control of the account, or alerting Apple's security team.
    Blah Blah, should've been done before hand.

    "We want to do everything we can do to protect our customers, because we are as outraged if not more so than they are," said Mr. Cook.


    Apple is battling to preserve its reputation for looking after its users ahead of a major product announcement next week. The company is facing the type of negative publicity that it usually has managed to avoid, a situation magnified by the popularity of the victims.
    Outraged, this is priceless stuff. Pissing off a few Celebs rages (frightens) them.

    Nothing about another year of poor working conditions in far off china, Aluminium shavings in the air, forced unpaid overtime on 16 year olds, dumping of industrial fluids and waste into groundwater and nearby rivers.

    Having workers still use Benzene when theirs perfectly good safe alternatives, just so they can make an extra dollar profit per phone.

    Dirty rotten company.

    What to say about brain washed folk that buy their stuff....mercy....


  • Closed Accounts Posts: 1,837 ✭✭✭same ol sh1te


    Tim Cook should hang his head in shame like Sony did, hopefully people will open their eyes and not blindly trust any company


  • Registered Users, Registered Users 2 Posts: 203 ✭✭industrialhorse


    I have never used nor was ever interested in any Apple product, even their futuristic looking iMacs back in the late 90's. It is fair to say I will never bring myself to using one, even if they are somehow enforced on people by a new world order in 2025 (I shall be armed with a Nokia 3210 to fend off the iNazi's):pac:


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Apple knew of iCloud security hole 6 months before Celebgate
    Balic’s brute-force iCloud attack is not his first vulnerability report to Apple. In June 2013, he identified a security flaw in the Apple Developer Center. According to Balic, the website was almost immediately taken down, but he says his report received no response from the company. In a press release issued a few days later, Apple described a “security threat” and claimed that “an intruder attempted to secure personal information of [registered developers.]”

    Unhappy with how Apple handled his report and concerned that law enforcement was investigating their accusations, Balic went public in the form of a comment on a TechCrunch article. He later uploaded a YouTube video, which he says contains proof of his discovery.

    Apple later acknowledged Balic for reporting a cross-site scripting (XSS) vulnerability on its Web Server notification page.

    Screen_Shot_2014-09-23_at_3.57.50_AM.png

    lol at this bit, never mind their millions of users Data, a whiff of their own developers Data at risk though and the site is down in a flash.

    And then the Rotten fruit company tries to say they had an attempted breach when in fact they were responsibly notified. Scumbags.


  • Closed Accounts Posts: 34,809 ✭✭✭✭smash


    While the exploit Balic says he reported to Apple shares a stark resemblance to the exploit allegedly used in the so-called "Celebgate" hack, it is currently unclear if they are the same vulnerability.

    So did they know about it? Not if it wasn't the same vulnerability!
    Well was it the same vulnerability? Nobody knows, but hey... don't let the truth get in the way of a good news story.


Advertisement