seems like a bad title, suggests there is some proof iCloud was hacked while the article states it wasn't likely.
> While it’s highly unlikely to be a security issue with iCloud, the incident has served to remind us all of the issues around internet security in general.
That is just the typical blather devoid of content we've come to expect from online journalism.
We already know of one significant security issue with iCloud that was just posted on HN this morning. There was an outside API that allowed to trivially bruteforce logins without any apparent rate-limiting.
It might be hard to convince a judge of that, but for a provider like Apple, this is to me gross negligence. I mean, World of Warcraft, of all things, has more meaningful security measures in place than iCloud apparently. Apart from obviously not allowing to bruteforce passwords, they very stricly geofence any logins and will rather suspend and force the original owner to reactivate an account than allow login from an unknown IP range.
I'm a skeptical panda. A hundred different celebrities pictures are leaked, and all the article can do is keep reiterating, with no evidence at all, that it's "unlikely" to be a security problem in iCloud or some similar service. If it were just one or two accounts I'd find the alternate explanations (social engineering, etc) more plausible.
Even if the leaks result from one at a time social engineering, it still really calls into question the practical security of the cloud. I doubt it's much harder to steal, e.g. confidential business documents from executives' cloud accounts than it is to steal pictures from celebrities' cloud accounts.
If I were a big organization with confidential information, I'd really be thinking hard about my cloud policies and my BYOD policies right now. The policy at my previous employer (we handled a lot of extremely sensitive information), was pretty draconian: data never leaves a company desktop, laptop, or blackberry.
Yeah this article is completely awful and was most likely written by someone without any security knowledge whatsoever. Considering the number of victims, all of the possibilities discussed in this article are completely unreasonable.
There's only 2 real possibilities here:
1. iCloud was hacked
2. Someone at Apple can access the data and decided to leak it
Yeah this article is completely awful and was most likely written by someone without any security knowledge whatsoever. Considering the number of victims, all of the possibilities discussed in this article are completely unreasonable.
There's only 2 real possibilities here:
1. iCloud was hacked
2. Someone at Apple can access the data and decided to leak it
"While it’s highly unlikely to be a security issue with iCloud, the incident has served to remind us all of the issues around internet security in general."
Uhhh... pardon me? Potentially 100 high profile users just had their private photos removed from their private accounts and this "likely" isn't an issue with the system? What would be a security issue then?
Edit: Followed by this double negative which is accidental but still makes me smile:
"It’s highly unlikely that the “hacker” (or it may have been a group of hackers) was not able to breach Apple’s security in general..."
> 100 high profile users just had their private photos removed from their private accounts
Can you verifiably prove at this moment that all of the leaked photos only came from iCloud and iCloud alone? Until they've completed their audit or more information becomes available, you can not just make assumptions of guilt like that.
"WAS IT VIA ANOTHER SERVICE?
Since many of the images appear to have been taken with Android devices and webcams, the leaked images may not have originated from the iCloud photo backup service at all. Many services have automatic backup tools, and could be accessed in similar ways to iCloud (as above)."
Ok - let's blame iCloud for some stolen images from iOS devices. But how to explain Android ones? There is no iCloud for Android and never will be. Some apps as G+, DropBox, Box also do "picture backup" and run on many mobile OSes. Why everyone blame iCloud for some hole that can't be used more than 36 hours for hacking over 100s accounts.
My guess - there is fault in some very popular application that have access to your photos. So maybe insider in company owning this app can leak them or hackers take control over app. In all cases this is huge PR crisis for them.
14 comments
[ 3.1 ms ] story [ 50.6 ms ] thread> While it’s highly unlikely to be a security issue with iCloud, the incident has served to remind us all of the issues around internet security in general.
We already know of one significant security issue with iCloud that was just posted on HN this morning. There was an outside API that allowed to trivially bruteforce logins without any apparent rate-limiting.
It might be hard to convince a judge of that, but for a provider like Apple, this is to me gross negligence. I mean, World of Warcraft, of all things, has more meaningful security measures in place than iCloud apparently. Apart from obviously not allowing to bruteforce passwords, they very stricly geofence any logins and will rather suspend and force the original owner to reactivate an account than allow login from an unknown IP range.
Even if the leaks result from one at a time social engineering, it still really calls into question the practical security of the cloud. I doubt it's much harder to steal, e.g. confidential business documents from executives' cloud accounts than it is to steal pictures from celebrities' cloud accounts.
If I were a big organization with confidential information, I'd really be thinking hard about my cloud policies and my BYOD policies right now. The policy at my previous employer (we handled a lot of extremely sensitive information), was pretty draconian: data never leaves a company desktop, laptop, or blackberry.
There's only 2 real possibilities here:
1. iCloud was hacked
2. Someone at Apple can access the data and decided to leak it
I'm leaning towards number 2 myself.
There's only 2 real possibilities here:
1. iCloud was hacked 2. Someone at Apple can access the data and decided to leak it
I'm leaning towards number 2 myself.
> You cannot leak that which does not exist. That's the ultimate answer. But that's the same philosophy as abstinence. We need education. - https://twitter.com/SwiftOnSecurity/status/50629058660991385...
Uhhh... pardon me? Potentially 100 high profile users just had their private photos removed from their private accounts and this "likely" isn't an issue with the system? What would be a security issue then?
Edit: Followed by this double negative which is accidental but still makes me smile:
"It’s highly unlikely that the “hacker” (or it may have been a group of hackers) was not able to breach Apple’s security in general..."
Can you verifiably prove at this moment that all of the leaked photos only came from iCloud and iCloud alone? Until they've completed their audit or more information becomes available, you can not just make assumptions of guilt like that.
Ok - let's blame iCloud for some stolen images from iOS devices. But how to explain Android ones? There is no iCloud for Android and never will be. Some apps as G+, DropBox, Box also do "picture backup" and run on many mobile OSes. Why everyone blame iCloud for some hole that can't be used more than 36 hours for hacking over 100s accounts.
My guess - there is fault in some very popular application that have access to your photos. So maybe insider in company owning this app can leak them or hackers take control over app. In all cases this is huge PR crisis for them.