After Naked picture scandal, apple now wants you to get into the Celebs hotell rooms

[ManWhoJaped]

A few things:
- It isn't a 'security flaw' as much as targeted attacks that demonstrate vulnerabilities - someone deliberately targeted celebrities, found their email address, obtained basic personal information online, and used a password retrieval tool to get into their accounts. People in the weeks since have shown how easy this is to do ON EVERY ONLINE SYSTEM!

If you don't work with computers for a living you should not even be talking on the subject let alone berating someone.

It shouldn't even be possible to access someone's cloud data without the phone itself. You could easily make it work tat way, they don't. Of course if you get a hand chip then they are going to allow it to work this way, though this is a really completely pointless security measure.

- Google does NOT force this increased security … I have no clue why you have this dogged insistence about Google. Basically - they are not necessarily more secure.

They do force more security though mostly in a bad way.

More specifically … once you have managed to gain access to an email account …
- Yahoo - you have all Flickr files
- Microsoft - entire SkyDrive is yours
- Facebook - Instagram, etc are yours
- Google - everything is one-click away
- Apple - same …

Technically true but there is no reason for this to be true.

As you note, it really becomes a different type of issue when people use the 'login with Google' or 'login with Facebook' and link up accounts … but the reality is that for most people, they can hit up dozens of sites with their personal info stored authenticated by Google or Facebook, meaning that if snooped over a public WiFi area it is possible to grab the login details.

That is actually one potential way for the celebs to have been attacked - at the Emmy awards, they had access to WiFi, and supposedly this could have been where the account details were snooped. This isn't an Apple thing, but rather a general internet issue.



My point is that the ability to obtain millions of GMail addresses, and then turn around and from any computer or phone (unless you have two-factor enabled) simply login and access everything … is really no different than what we are seeing with the celebs.

Assuming WiFi was used, basically someone grabbed credentials and used them to login. This is how much of the list put up on the Russian bitcoin site was generated, also through hacks and phishing … but regardless, if the user in question hasn't taken additional steps, the outcome is identical.

As for Google, they are a great company, and I think they are amongst the best in terms of security … but there are different reasons they shouldn't be trusted. Apple makes money selling THINGS. Google makes money by selling … your private data, the contents of your emails, your search history, by compromising browser security to track your activity, and so on. Google 'sells' some things, but they make a few % on it … it is by monetizing search and app activity through targeted ads, made better because they have SO MUCH information about you.

The phone is a physical device on a custom network, therefore it has the inherent potential to be more secure. Completely secure, really. However they are not bothering to use it.

Most people don't have much attached to their emails anyway, but obviously they often have a lot attached to phones. If your cc gets hacked you can get a new one, but having your contacts rifled through is much more serious and having naked pics leaked is even worse.

 

[txa1265]

If you don't work with computers for a living you should not even be talking on the subject let alone berating someone.

Given the number of areas you spout off about and things you say, you can't even remotely be serious ... this is a discussion forum. There was an immediately conclusion jumping based on some erroneous information that was easily found.

It shouldn't even be possible to access someone's cloud data without the phone itself. You could easily make it work tat way, they don't. Of course if you get a hand chip then they are going to allow it to work this way, though this is a really completely pointless security measure.

The problem is that none of this stuff is really limited to a single device. Look at iCloud as an example - when anyone in my family takes a picture, it goes to iCloud and our photo stream, and is them downloaded to our main computer. This involves hand-offs and transfers and devices.

 

[Turjan]

It's more or less always a trade-off between convenience on one side and privacy on the other. It's difficult to have it both ways.

 

[ManWhoJaped]

Given the number of areas you spout off about and things you say, you can't even remotely be serious … this is a discussion forum. There was an immediately conclusion jumping based on some erroneous information that was easily found.

Everyone has opinions on current events etc. but I don't talk about technical subjects I don't know anything about. I also try not to talk about current events and politics unless I know about them, either.

I don't say this to be rude but you just don't know what you are saying, on a very complicated subject. It's like someone starts a thread on the Russian language and I started to talk in there about how great/terrible a language it is when I don't speak it and never took a single lesson.

Like I said, no offense and I really mean that. Sometimes you can't even know how complicated the subject you are talking about really is.

The problem is that none of this stuff is really limited to a single device. Look at iCloud as an example - when anyone in my family takes a picture, it goes to iCloud and our photo stream, and is them downloaded to our main computer. This involves hand-offs and transfers and devices.

Like I said in the last post, just because things work in certain way doesn't mean they have to. There's a lot of ways things could be much different. You want to learn how, go get a degree in computer science and do a project/thesis on computer security or encryption. HHR pointed out one way things could easily be different. There are many other changes that could be implemented.

Security comes up constantly for programmers. For most if your company screws up it means you go out of business. With these big companies mainly they just have 3rd party info. If their customers get screwed over I guess they will come back for more anyway and so sad for them. They really just don't seem to give a crap.

 

[txa1265]

I don't say this to be rude but you just don't know what you are saying, on a very complicated subject.

I disagree - are there nuances of cloud security I know nothing about? Definitely true. But about the nature and mechanics of the operation of various mobile devices, and the way they interoperate? I absolutely do know much. My corrections of the OP were factually accurate. My assertions on several things were factually accurate. You telling me 'I have know clue' but neither being specific or detailed ...well, it is just not helpful to either me or the thread.

 

[crpgnut]

I always listen to Mike about Apple stuff. I barely know how to use my iphone, but Mike has given some good advices about it in the past. Yes, I do purposely type incorrect grammar. I like to fit in with our non-native English typers

 

[Morrandir]

(Haven't read all postings in detail, so I hope the following hasn't been stated before.)

I don't like Apple as a company and don't use or buy their products, but I don't think that what happened here is a an exclusive Apple problem. The same could have happened (and will happen) to celebs who use Android/Windows or whatever. (Do we btw actually know that these celebs used iOS and iCloud or is it mere speculation?)

Most likely the security gap that has been exploited here is the user. I'm not a security expert, but from all I know and hear, this is quite accurate. So I'd indeed be careful to blame Apple here (although I really like justified Apple bashing ).

I hope this little scandal has an educational effect on today's young internet users, where I'm the opinion that there's a dramatic lack of media competence, especially when it comes to online media. They need to understand that every bit of information they put on a device that isn't under their full (!) control, may somehow leak, no matter how advanced technology is or how waterproof the appropriate law is. It can always happen on accident or by criminal intent.
Our generation lived through the very first years of the internet, where everybody had a healthy suspicion about sharing personal information. But today's youth has grown up with Facebook, Twitter and Instagramm, so they think that sharing personal things in a social networks, where the borders of personal and public space are blurry, is a very normal thing to do. It isn't.

 

[txa1265]

I don't like Apple as a company and don't use or buy their products, but I don't think that what happened here is a an exclusive Apple problem. The same could have happened (and will happen) to celebs who use Android/Windows or whatever.

That has been a main point for me - separate the anti-Apple bias, the victim blaming, and so on ... and focus on what actually happened.

(Do we btw actually know that these celebs used iOS and iCloud or is it mere speculation?)

No - it is known, and Jennifer Lawrence in particular has said so and pretty much identified her email address publicly ... so brute-forcing was much more do-able.

Most likely the security gap that has been exploited here is the user.

That is the key thing "as fast as we can idiot-proof systems, the universe produces bigger idiots".

The reality is that online social media is inherently insecure to at least some extent. As to how hard it is to break into stuff, that all depends ...

 

[JemyM]

Yep, my company uses the iphone and I accidentally snapped a shot of me and family members sunbathing

That cracked me up!