“The 4chan leak of nude celebrity photos, allegedly stolen via Apple’s iCloud, shows your data are never fully secure,” Deutsche Welle reports. “But with an iPhone payment feature expected to launch, it’s time see what you can do.”
“Rumor suggests – and when it comes to Apple, rumors are an acknowledged fine art – Apple has made agreements with leading credit card financial services,” DW reports. “But the question is: how secure is that? Will it become another piece of technology that we rely on, but which is easily hacked?”
“This past Monday a gang of hackers released nude photos of celebrities, which they had allegedly spent years harvesting from iCloud accounts, and trading elsewhere online,” DW reports. “It appears the hackers were able to gain access to individual accounts simply by figuring out the passwords and answers to security questions. Apple says their systems have not been compromised – they say this was a targeted attack on certain celebrity accounts.”
“Most important: take good care of your passwords… [and] put a little more effort into the passwords you choose,” DW reports. “Cyber security researcher Dr. Sandro Gaycken of the Freie Universität Berlin advises it is best not to use names or birth dates as passwords or as part of passwords – ‘and no dog names either. It is best not to use words out of a dictionary but instead mix up numbers, letters and additional characters to creatively make up artificial, non-existing words. And yes, it is a lot of work. But try to come up with a new password for every new account you create.”
Read more in the full article here.
MacDailyNews Note: Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.
Always use unique passwords, do not reuse passwords for different services, and use Apple’s Keychain Access and iCloud Keychain to create and manage your passwords. When used properly, this system works like a dream.
Damn Straight.
I could lay out nude photos of me all over the subway and people wouldn’t touch them with ten foot poles.
Mine would be, if the tips are pointy enough….
I guess these celebrities didn’t become celebrities because of their deep understanding of secure IT behaviour, As a matter of fact, I think the exploit can be seen as a sort of flattery and sure as hell, it has increased the brand value of these chicks!
My version of likely events in the news:
1. Users who were compromised did not make use of some or all
a. secure passwords
b. two step verification
c. encrypted data or photos
d. keeping data to be verified out of public access such as “name of favorite teacher”
2. Apple’s side of the issue (says the armchair quarterback)
a. Apple did not require two step verification
b. Apple may have allowed some overly insecure passwords
c. Apple verification process was too easy to reverse social engineer (is that the term ?).
——————————–
Social result:
1. Apple scrambles.
2. Lawyers scramble.
3. Pundits scramble.
4. Some users scramble.
5. Investors scramble.
6. Competitors gloat.
7. Security pundits say I told u so.
Future
1. Apple makes modest changes but falls short.
2. More hacks in the future.
3. More “I told u so”
You need some tetrachloride in your blood. That will cure it. IDIOT
Give me a Islay single malt for my blood.
If u have something tangible to say, then you should contribute.
If u don’t, then go find your sandbox.
I think you got it mostly right, but I’d bet Apple takes this very seriously regardless of how they downplay this in the media, and more so, the changes Apple needs to make are modest.
Really, this wasn’t some major data breach. It was a handful of people… maybe even less. It’s not clear who’s photos are real, and it’s not clear that iCloud was even the source of all of the photos that are real.
It could be just a couple of people who didn’t enable two-step verification who were phished or provided stupid passwords or obvious verification answers.
I’ve got a picture of my hairy butt they can download.
A new password for every account? Are you on freaking crack? And how are we supposed remember them all?
This is obviously good security advice but completely out of touch and unrealistic. I lost count of how many times I forgot passwords to sites that I don’t use very often, because I used some “new” password.
Two-steps verification is a nightmare. I used it this week and I couldn’t buy ANYTHING from App Store from iPad or iPhone. It was asking me more data needed and it was taking me to apple web page to do I didn’t know what, because there’s no instruction once in the web page but sign and make changes to your account. Well, I did make changes: I disabled Two-steps verification. Ugly system.