Apple says iCloud not broken, that’s why they fixed it



Apple is denying there was anything wrong with iCloud yet they finally patched a gaping security flaw.

After a bevy of nude celebrity photos were stolen from iCloud accounts and posted on the web, Apple insisted that it wasn’t their fault, no one hacked their system, the celebs were careless about their passwords, the hackers didn’t take advantage of ‘find my iPhone’ and besides they fixed a gigantic security flaw within days of finding out about it…well, maybe a month or two after finding out about it…well, at least after somebody took advantage of the flaw anyway. So obviously it wasn’t Apple’s fault.

That’s a bit like saying ‘I categorically deny having anything to do with this and I promise never to do it again.’

The security issue that wasn’t Apple’s fault that they finally fixed after this whole mess hit the press was shockingly stupid and bordered on negligent. On most systems – at least those built by people who know even the most basic things about security – they only let you try to log in two or three times in a single login attempt. If you don’t enter the correct password or user name in those three attempts they system blocks you from trying again and usually prompts you to either answer additional security questions or offers to email your forgotten password to your email account.

This prevents a hacker from sitting at a keyboard all night trying hundreds of different passwords until they get lucky or more likely run an automated password guessing program that can cycle through thousands of different combinations of letters and numbers until it guesses the right one. These are knows as brute force attacks. No subtlety at all – just keep guessing until you find a password that works. In fact a hacker group pointed this out last May and suggested using brute force attacks to hack iPhone and iCloud accounts. But Apple didn’t do anything about it until after someone exploited the flaw.

Apple didn’t have this simple blocking procedure in place when the celeb’s pictures were stolen so hackers could simply run a password guessing program over and over again until it found the celebrity’s iPhone passwords. And since the iPhone password is usually the same password used to access iCloud accounts (Apple support actually recommends you use the same Apple ID for both) …well, it’s pretty easy to put two and two together here.

Apple does allow users to set up a more secure process they call two-step verification (sometimes known as two-stage authentication) where it sends a text message to your iPhone when you try to log into your account and you have to enter that code number as well as your password. This helps mitigate hacking attempts since a hacker would need to have both your password and your iPhone. But this security feature is not implemented by default and according to some reports it actually takes days to activate.

In fact there all sorts of security things in the world of Apple that aren’t activated unless the user goes out of their way to set them up and there are other things that could be risky that are activated by default and also require user intervention to turn them off.

Now if all those silly celebs had used better passwords and gone through all the steps necessary to activate two-step verification then perhaps none of this would have happened. Maybe they didn’t read the manual carefully enough…oh wait, the iPhone user guide doesn’t actually mention two-step verification anywhere. Well that’s not Apple’s fault is it?



Guy Wright

Guy Wright has been covering the technology space since the days when computers had cranks and networks were steam powered. He has been a writer and editor for more years then he cares to admit.


More

Black Holes are sending quantum messages in the universe

Spinning black holes are capable of complex quantum information processes encoded in the X-ray photons emitted by the accretion disk.

5 In-Demand Online Money Making Ideas That Require More Than Just Geeky Brainpower

There’s certainly no shortage of money making ideas on the Internet. These ideas require a combination of skills that are so far apart in nature, that not many people boast them. In fact, 51% of jobs now require a combination of creative and technical skills.

Top Ways to Make IT Helpdesk Operations

For a lot of companies in the modern world, the end-user community features a broad range of technology sophistication. Many users turn to the web to seek web-based answers, while a significant percentage still rely on the IT helpdesk. It is imperative that every business develops a service desk strategy that works well with the corporate and IT plan. There is no channel that is self-sufficient and without problems. For this reason, businesses need to implement only the top best service desk channels so as to maximize their performance. An IT helpdesk is take into account so many factors so...