11 comments

[ 3.6 ms ] story [ 20.1 ms ] thread
I would be interested to see if Apple have covered themselves against liability here in the Terms & Conditions associated with iCloud.
It's nothing to do with iCloud
(comment deleted)
Nobody knows anything about the real origin of the leaks yet. If nudes of famous people are the only thing that come out of an iCloud bug that massive, then some people have really lucked out. It seems like a silly thing to waste this kind of exploit on, when it could be used to read all of the files of virtually any OS X or iPhone user. That makes me think this isn't really an iCloud exploit.
There might be further reaching impacts that we don't know about yet.
True, but this is the kind of bug that one would never want to expose. A smart person (of the personality type to go into other people's private files instead of performing a responsible disclosure to Apple) would ride it out for years and leak content slowly, so that he continues to have unfettered access to the data of the 70 million+ Americans who use Apple computers or phones.

Something like this would be worth millions. It's not something that gets thrown away unless the possessor is just absolutely, completely, ridiculously naive.

My guess is that the photos in question came from a much more basic password guessing attack, which has historically been the case in these high-profile leaks, like the Scarlett Johansson leak that landed this guy in jail for 10 years: http://www.cbsnews.com/news/christopher-chaney-so-called-hol...

> A smart person

I don't think a smart person would do this.

>I don't think a smart person would do this.

I don't think a dumb person would be able to find a bug of this type in iCloud, which undoubtedly has thousands of people trying to break in around the clock. That's part of why I believe this was probably done with a much more basic, script-kiddie-accessible attack that essentially boils down to weak passwords and not a server-side technical flaw.

Another interesting potential attack vector of a more accessible character would be sniffing the air in areas where celebrities congregate and looking for plaintext credentials going over http. That'd be a fairly basic way to perpetrate this kind of hack.

(comment deleted)
Could it be a poorly-disciplined employee somewhere? At one of the phone companies? (Or, dare I say it, the NSA?)
(comment deleted)