[Brave Ulysses]

http://9to5mac.com/2014/08/31/countl...d-icloud-hack/

This is going to get very ugly PR wise for Apple, fast.

The photo leak is huge and extensive.

[torifile]

Quote:

Originally Posted by Brave Ulysses http://9to5mac.com/2014/08/31/countl...d-icloud-hack/ This is going to get very ugly PR wise for Apple, fast. The photo leak is huge and extensive.

The best response I've seen to this was a tweet that said "Always glad to see that Reddit's deep, principled commitment to privacy is applied so consistently."

I don't think it's going to be a huge deal for Apple, honestly. We don't know the details of the breach. If it's systemic, it might be a problem. If it was, as I suspect, something more along the lines of Mat Honan's issues, it's something that could happen to anyone anywhere.

Another point: what is it with people taking all these nude selfies? I don't get it.

[Brave Ulysses]

Quote:

Originally Posted by torifile The best response I've seen to this was a tweet that said "Always glad to see that Reddit's deep, principled commitment to privacy is applied so consistently." I don't think it's going to be a huge deal for Apple, honestly. We don't know the details of the breach. If it's systemic, it might be a problem. If it was, as I suspect, something more along the lines of Mat Honan's issues, it's something that could happen to anyone anywhere. Another point: what is it with people taking all these nude selfies? I don't get it.

This is going to be huge. It is a severe privacy breach and iCloud and apple are going to be the buzzwords in every headline, video feature, article, etc.

All a week before apple is about to unveil new phones and a possible wearable device that are all going to store more personal information about you than ever before, including all of your health and financial information.

Over 100 celebrities have had heir accounts hacked thus far.

Apple patched a hole in Find My iPhone a few hours after the leak became public. Pretty damning preliminary information.

[Bryson]

I don't see any evidence that this was an iCloud breach. For a start, many of the pictures are pretty clearly taken with an Android device. It's all a lot of supposition.

[psmith2.0]

Quote:

Originally Posted by torifile Another point: what is it with people taking all these nude selfies? I don't get it.

I know. Weird/funny, isn't it? This is a part of the 24/7 mobile/app culture that we don't talk about.

[Ebby]

Quote:

Originally Posted by pscates2.0 I know. Weird/funny, isn't it? This is a part of the 24/7 mobile/app culture that we don't talk about.

Meh, people are into that kinda stuff and I imagine it can be kinda thrilling, but people have to know how data travels and sending a picture to someone also sends it to many, many servers for processing and storage. Cloud storage included. Without taking security precautions, you lose control over data transmitted via 3rd party networks.

I send text messages to my own number and they come back compressed and modified. That happened on a server somewhere in internet-land and I betcha a cache, log, or archive of that picture still exists.

Private clouds are my way to go IMO, and I have my own encrypted jabber server if need be. Not that I have anything to hide, but I don't like snooping.

[turtle]

^ This.

There is a balance of using the great features of the Cloud, but there are so many pitfalls too. Working for a hosting company I can tell you I'm shocked at some of the stuff people put on their web servers for ease of their access. Thing is they don't think about Google and other international search engines indexing them!

Sure I use the Cloud for stuff personally, but I do limit it too.

It's also hard to limit photos from hitting iCloud without being intentional though. One easy example is my wife's Point and Shoot camera. We equipped it with Eye-fi so it loads to her computer easier. This means we can sort through them before they hit iCloud as opposed to the iPhone that sends them immediately. Nope, iPhoto and Aperture send them to iCloud right away too.

Sure we can get around this, but we have to be intentional about it. A minor pain, but not horrid given our usage. We are also not taking nude selfies.

[psmith2.0]

Well that's kinda what I was getting at. If you want to be smart, there are ways around this. How many of these people get a phone and don't really know what they're doing (or whatever features they've got turned on or off, or what they're allowing, or where they have images and other data going, etc.). These are Hollywood actors, not WWDC attendees. I doubt many (if any) of them give a second's thought to any of the behind-the-scenes "why and how" of it all. It's my experience that most normal folks I know in real life don't either, so it's not hard to imagine.

"Hey, I got a new phone...woo-hoo!" SNAP**CLICK**SPREAD**TIT**SNAP**UPLOAD**CLICK**THO NG**SHOWER**SNAP**SUCK***

To be clear, I'm not a prude by any stretch. I'm not poo-pooing "nekkid picktures" at all. I'm just saying educate yourselves (or, in the case of the folks currently being talked about, maybe the assistants or handlers educate themselves and then set their clients' gadgets up a little better).

Although I find the constant attention-seeking, narcissism and compliment-fishing of the "selfie culture" off-putting and unhealthy, it's really not a moral issue with me - I don't care what people (total strangers, in this case) do - but if these people are going to take these types of pics, they should do a little bit of research and learning on the front end to protect themselves a little better. That goes for anyone. This stuff is out there, and it's easier than ever to snap/upload/share. And if you're being smart about it (and you're the type who enjoys taking certain types of pics) there's always the chance you're gonna get embarrassed at some point.

I don't think this is something Apple and iCloud get singled out for. The numbers, logistics and evidence seem to point to a wider breach.

[turtle]

That's the thing, no one wants to educate themselves in this microwave world. They want it all and it all to be assumed private. Nothing online is private. Period. Even if they had assistants to help them learn to keep stuff off the web, that's not going to really help unless they are very intentional about keeping it off the web.

The really sad part is that this makes technology look bad rather than the people who trusted it. Sure there is an assumed level of trust, but I'm guessing the Terms of Service for most Cloud storage say they aren't liable for leaks and if something does get out then it's your own fault.

In the end I do agree with you though, they should learn what they are really signing up for an take the needed precautions with it. If you were to use visuals of what they were doing then the would be less likely to just hand things over.

"Here, hand that man in a mask a stack of your private pictures for safe keeping."

[psmith2.0]

Ha...exactly. On one hand, you kinda feel bad/embarrassed for these people. But on the other, you're like "you've got more money and access than a schmo like me will have in 10 lifetimes; you, more than most, have no excuse to be this careless and clueless."

You're almost think by now - and maybe it has, and we just don't hear about it - there would be little hipster, tech-oriented "consulting" firms throughout L.A. and Hollywood whose sole purpose is to educate and configure the "digital lifestyle" of their celebrity clients in an effort to prevent stuff like this.

"Okay, welcome, everyone. And nice to see you back, Ms. Lopez! This afternoon's session, Cooter in the Cloud, will cover the do's and don'ts of online storage and how it relates to your photo-taking with your smartphone of choice. Please turn to page 14 in your provided study guide...".

[Eugene]

There are fakes mixed in with real photos, so the assumption is this is someone's stash collected over time. Whether he leaked them on purpose or someone else liberated them is anyone's guess.

iCloud is probably the source of many of these photos, but not all. I'm guessing it's a really dumb, obvious photostream vulnerability...predictable public URLs or something like that.

[Brave Ulysses]

Quote:

Originally Posted by pscates2.0 Ha...exactly. On one hand, you kinda feel bad/embarrassed for these people. But on the other, you're like "you've got more money and access than a schmo like me will have in 10 lifetimes; you, more than most, have no excuse to be this careless and clueless."

What does money have to do with anything?

Celebrities are weird in many ways... themselves, and more so, in the way people think of them. It's been very evident in this thread.

Reality is that they are human, they have been very fortunate to get lucky and make a lot of money doing something they are good at. For most of them that is acting. But it doesn't make them some kind of super being. They all have their own every day private lives. Those lives may be different than yours and mine as far as what perks and tangible goods they can afford and own but most would be surprised that they experience the same emotions, struggles, and everyday mundane things that we all experience. It's no surprise that "celebrities" take private photos to share with their loved ones, because most people do these days.

It's not unreasonable at all for those "celebrities" to think that if they take those photos and no one steals their phone or computer that those photos will be their own and only their own. Even if they send them via iMessage or some other private messaging service.

This case is no different than if you or I had done this. And just because they are famous they shouldn't be dismissed as idiots for putting themselves in this situation. That's simply a lazy and stupid argument.


We all take the internet, information sharing, etc a little too for granted these days. We have put our trust into these companies, and the only way you and I survive with our privacy somewhat intact is because no one gives a shit about you and I. The fact that private property like this can easily be stolen on the internet from our trusted data collectors (Apple) when someone actually gives a shit about you is very disconcerting to me, and I am sure it will be to many others.

It's all very ironic with Apple on the brink of announcing significantly more invasive personal data collecting which will undoubtedly be accompanied with slides discussing their "high level" of security and concern for our privacy

[Eugene]

There's still no proof that this leak was the direct result of an iCloud security hole, but it's pretty likely that the collector did use multiple exploits.

Hearsay, grapevine bullshit, but there is this: https://twitter.com/SwiftOnSecurity/...51562147389441

[torifile]

Quote:

Originally Posted by Eugene There's still no proof that this leak was the direct result of an iCloud security hole, but it's pretty likely that the collector did use multiple exploits. Hearsay, grapevine bullshit, but there is this: https://twitter.com/SwiftOnSecurity/...51562147389441

That's the most FUD statement I've seen regarding this situation. Who is that guy? Is he for real?

[Brave Ulysses]

Quote:

Originally Posted by Eugene There's still no proof that this leak was the direct result of an iCloud security hole, but it's pretty likely that the collector did use multiple exploits. Hearsay, grapevine bullshit, but there is this: https://twitter.com/SwiftOnSecurity/...51562147389441

Well, the security hole in Find my iPhone would have allowed the hacker(s) to use a brute force password guessing on all their accounts as long as he/she could determine their email address/apple ID. That's pretty easy.

Once they get the match, it's very likely that those people used the same password for many other services, and/or the hacker(s) began changing the passwords of their other accounts.

Early signs suggest that iCloud was the gateway, and once they received access to iCloud, they were able to gain access to many other services.

Also note, many were taken with Android, but the significant other or recipient of the photo was on an iPhone.

[Mugge]

Quote:

Originally Posted by torifile Another point: what is it with people taking all these nude selfies? I don't get it.

But you are a psychologist. It's your business to know such things!

Quote:

Originally Posted by Brave Ulysses Well, the security hole in Find my iPhone would have allowed the hacker(s) to use a brute force password guessing on all their accounts as long as he/she could determine their email address/apple ID. That's pretty easy.

It's a really good reminder about not reusing passwords and using complex non-dictionary ones. It's not a perfect solution, but it get's you above the low hanging fruit. 21st century starlets should be savvy about this.

What worries me most about my Apple ID is that I use it for so many things and pretty much every other account I have is tied up to it. It's literally the one password that can bring my whole iLife down. If I had been a more high profile person, I would probably not have allowed it to come to this.

[psmith2.0]

Quote:

Originally Posted by Mugge It's a really good reminder about not reusing passwords and using complex non-dictionary ones. It's not a perfect solution, but it get's you above the low hanging fruit. 21st century starlets should be savvy about this.

Me too. Or they'd at least hire assistants or handlers (or even a one-time consultation/setup session) with people who were good at this sort of stuff...even if it was to simply suggest "you know, considering your occupation/status/fame, maybe you shouldn't keep extremely sensitive, potentially embarrassing stuff in the cloud"? That's where the "money" thing came in, BU (since you asked last night). A high-profile person making a good living in the entertainment industry would have the access and means to find someone who can set their stuff up the best way (assuming they don't know much about this stuff or don't want to take the time to learn), or to simply provide advice or suggestions, tailored to that sort of clientele.

Even regular, non-celebrity people - if they feel vulnerable or clueless enough - will turn to a "guru" type (even if it's just a trip to the Genius Bar or Geek Squad) to help them out with this stuff. But a well-known person for whom(?) money is no real object (who is automatically a target for such stuff, and is already under the microscope in this celebrity-obsessed culture) certainly should be thinking a little harder - and being a little smarter and more pro-active - on all this stuff. At the very least, they should make sure they're doing all they can to not make it easy for those who want to intrude, prowl and steal.

That may not have mattered in this specific scenario, I don't know. Does anyone truly know what happened yet? But not storing sensitive, private stuff in such a way might...and that would be just the type of advice a tech/mobile "guru" or consultant suggests to a high-profile client.

"Okay, here's how the cloud works and these are the risks and downsides involved..." might be all it takes for some people to tweak/alter their habits or approaches. Because I'm failing to see how "taking private photos for loved ones" automatically has to mean storing them in a risky, accessible place that could get hacked. There are safer, more secure ways to go about that.

Sometimes people who aren't savvy in a particular area just need to be told the plain English basics or "what's what" about it all so it registers with them. Personally, I think it's unwise to fully trust your life to this stuff at this point. I don't think we're there yet, and there are just too many malicious shitheads - who are really dedicated to their "craft" - for me to feel 100% secure about just putting my entire life "in the cloud". And I'm not even famous. So I really think those in the public eye should be thinking along those same lines (or be fully aware, and accepting, of any consequences). Yes, in theory, we should feel secure and able to put whatever we want, anywhere we want, and not worry about it. But I think that is supremely foolish and naive, considering. Real life, and the world, proves this on an ongoing basis...think back on what's happened in just the past 12-24 or so months with online tech, storage, emails, files, scandals, embarrassments/shortcomings, banking/credit card snafus, celebrity leaks (this isn't the first one), etc.

"I'm gonna put everything important to me in this shoebox with a missing lid, and then set it on the roof of my tool shed without securing it. What's the worst that could happen?"

That's about how I've come to see all this stuff.

While the outcomes of any breaches or leaks are different from celebrity to "regular person" (nobody cares if our naked photos got leaked), the "getting there" part is all the same. It's all the same devices, services, etc. Technology is the great equalizer and people aren't going to get a pass or escape trouble/embarrassment just because they're famous (if anything, it's magnified). If weird, bad things can happen to my neighbor's iPhone and iCloud account, they can happen to Jennifer Lawrence's. And vice versa. If I can be thinking about this stuff, and concerned about security or "what if" scenarios, so can they (or, at the very least, their assistants and handlers).

I just wouldn't feel comfortable putting that sort of stuff into online storage/access. That's what it comes down to. And until that becomes more the default thinking, this kind of thing could happen again at any time. It's just not that important that I have several dozen filtered JPEGs of my wang in the cloud, available at a moment's notice, to send to my loved ones. While some of this is technical, some of it is personal and more along the lines of "why?!" But try telling/asking that of anyone in 2014. We all want what we want, when we want it (usually yesterday) and we don't want to hear any nonsense about "consequences", "risks" or "downsides" (and definitely none of that "being responsible" and "prudent" horseshit).

"Don't dare tell me how to live my life and use my stuff!"

Okay. Nice cans, BTW.

[Wrao]

On a good day, many of the actresses that were targeted are relentlessly creeped on by large swaths of internet dwellers. It's sick the way that this spills over into the real world and people insist on blaming the victims or otherwise not looking for any culpability from the sites that, not surprisingly, are right in the midst of it.

The Verge did a piece that I agree with. The amount of misogyny, hypocrisy, and just utter tone deaf missing-the-point coming from the average internet keyboard warrior and comments section is stupefying. That we live with this stuff day by day in a casual, low dosage radiation sense and only take issue when irreversible damage is done is inexcusable and hiding behind 'it's just the internet' or whatever is no longer acceptable.

[psmith2.0]

Apple released a statement earlier about it all.

It's a two-sided thing. Companies have to have strong, secure networks and services. Of course. But I think people have to be realistic and cautious (and assume that there's going to be people doing all they can to break that; and should they succeed, are you going to be okay with the type of files they could access or put out into the world?). If so, then don't worry about it. If not, then take appropriate steps and be careful about the private stuff you place online. That's kinda been a rule (not mine) for some time now. People are free to do whatever they want, but man...I'd just prefer not having that particular safe hanging over my head, day to day.

There are people who wake up every day, looking for a way into our accounts, finances, backups, computers, storage, etc. That's not going to go away. If you're famous, multiply that x20.

Ignore those facts at your peril. Placing blind trust in a company - any company - to keep your important, sensitive stuff 100% safe and secure in the face of all this (especially a free service) is taking a big chance. I've just kinda come to view all this stuff as hanging by a thread. I don't think we're as "advanced", secure and bulletproof as we like to think.

I only advocate being choosy and smart with what you share or put out there, because the system makes no guarantees.

[709]

That release came off pretty blame-ey and worded so strangely I had to read it a few times. wtf Apple? New PR team?

[Wrao]

The "all too common" line does stand out pretty oddly to me

[Eugene]

Apple *is* way too lenient with its "Forgotten Password" protocol.

[psmith2.0]

Quote:

Originally Posted by 709 That release came off pretty blame-ey and worded so strangely I had to read it a few times. wtf Apple? New PR team?

Yeah, that Katie person left a while back. Wasn't she on the PR staff? I know she'd been there for a very long time.

[turtle]

Quote:

Originally Posted by 709 That release came off pretty blame-ey and worded so strangely I had to read it a few times. ...

I didn't read it as blame-ey but rather non-compasionate and jaded. As someone who deals with compromised accounts all the time with my job I know the feeling and it reads like I would address a customer for the 14th time who is blaming the hosting for their account being compromised. I'm not in Public Relations though, I'm an admin.

That statement was written by techs who said it's not us but the dumb end user. The PR group sure should have added some marketing spin to it. That reads like it was written by my coworkers though.