Icloud scandal & bs advice surrounding it.

I've been reading about this icloud scandal off & on all day, mainly out of curiosity. (I use droid so I don't care about icloud) I know I shouldn't be surprised by all the stupid advice that is out there, but seeing as how this is my home site for conspiracies, I thought I would seperate the bs from the reality. Three things stand out, so here we go.

1. Don't put photos on the cloud you don't want anyone to see.

Sounds intelligent, but also unnecessary. There are various progs out there (Winrar, Winzip, etc) that allows you to encrypt your files, USE THEM!
Even if the cloud gets hacked, your pics, data is still secure. Which brings us to #2.

2. Use a strong password for your logins.

Most ppl use the same password for a number of sites, this is stupid, as if one gets compromised, so can the others.

USE A PASSWORD MANAGER.

Some have the ability (I assume all but I honestly haven't tested them all) to make a portable storage "key". (like on a usb stick) This way you don't have to remember (read can't) all your strong passwords. You take it with you, install a port version of the prog wherever ur at, (or run it from the stick) and viola automated logins, secure passwords & no worries. Just be sure to clear the cache when you leave/log off.

3. If you have photos already you don't want seen on the cloud, ur screwed cause you can't delete files, blah blah blah...

I may be just a lil off here, but I assume that if I have 2 GB on dropbox, delete a naughty file, and then max out my storage capacity by uploading 2GB of bs, I have effectively zeroed out what I didn't want anyone to see. (I'm obviously not thinking of how raid 5 or 1+0 applies to deleted files, I'm not an IT admin, just trying to help out some ppl with competent advice instead of all the bs that is being passed out as helpful information.

If you have any helpful advice, please share for others.

Thank you.

My Advice?

If you want to keep it private, Don't put it on the net in the first place. If it's out there, it's fair game to anyone who can get it.

Peace

there is no privacy on the web

Kaspersky's blog has a useful password tester that will estimate how long it might take, using what kind of equipment, to crack the password of your choice. Don't use any of your actual passwords, but try a few tricks (combine upper/lower case letters, numbers, symbols, etc) to get some good ideas.

looking into this today I've found a few things of interest.

First off on github there is some code to brute force your way into an icloud account.
I'm not going to post any links to any of that. So don't ask.

It would seem that Apple left a big security hole there to let attackers just hammer a login until they go through.
And just over the weekend did they patch the flaw.
Now if your account is brute forced you get a account disabled message to reset your password.

Secondly there seems to be a bit of a conspiracy around the leaked images themselves. Word is that there is a nood-celeb ring trading pictures. This ring only allows in users that have nood-celeb pictures that they've hacked.
On imgur there is a post detailing more on that. With other leads to sites that talk more about this ring.

If you want to learn more. Do some Googling.

I expect the FBI to get involved and expose members of that ring. So expect another a massive dump of even more images before hard drives are erased.

Eh nothing for me to worry about.

I once had a picture of myself i posted in a forum like place that wound up cached by google. Wasnt a good picture of me didt intend for it to stay as i was going to delete the image off photobucket later. Took me a while to figure how to remove it. It was posted on photobucket so i just deleted the original image and replaced it with another file of the same name which produces the same URL effectively replacing the link so next time googles spider bot went through the site again the image was gone.

a reply to: grey580

Seriously? The FBI wouldnt bother.

Anything you upload to a server is comprised. Period. Even if you delete them, they've akready been copied.

I'm no expert but I would think storing passwords so you can't forget isn't wise either.

I cannot believe now many people use the same password for everything " so they don't forget". Or use their birthdates, birth years, child's name, etc.

Don't assume anything is safe to do. Don't store, post, text anything you wouldn't want seen


I'm not even a professional hacker but am pretty darn good at hacking if need be. My daughter keeps changing her Netflix password. How dare she?! I wanna use it lol. Then once I get it again, usually on the first crack, I save dumb things to her wish list, she has no interest in. Just for a lark. Poor thing got sucked into watching sharknado and a boring black & white world war 2 documentary. I wouldn't hack her Facebook. I'm not nosey. If she went missing or something I would. I'm quite sure it's the new Netflix password.

I once by accident hacked into NORAD website, that was scary, when I read your ip has been logged and an investigation will commence or whatever it said, nothing was there to read. It just said I should not be on that page.

That said if one is determined enough, it can be done.

a reply to: violet

I kind of doubt you hacked NORAD. I mean you sure it was really NORAD?. There are fake government websites out there that say youre being tracked for being on them.I saw one once before.

Anyways, it's a known fact celebrities leak their own stuff, to create controversy because it sells. You really think Colin farrel gave a rats ass his sex tape got leaked? I rather enjoyed that!

a reply to: schadenfreude

So I use a company to store my stuff. Any stuff. And so if I have a crisis and don't have or lose my access....they have NO way for me to recover? The company has NO way to help me after Ive used their product?

Hard to believe. If its anywhere....someone, somewhere, somehow can get it. "Online storage"? HA! "Encription security"? HA!

a reply to: Aural

It said US command Center. I had to google what that was. I typed in random words in google, picked a page I wanted to see, thinking it would be some other website and got in. It's since been changed that you can't do this in google search engine.
It's the truth. It was a real site, not a fake one. The page was all white, except for stuff on the sides.

Anyone who is dumb enough to put pictures (or any other info they want kept private) on a CLOUD server of any kind is asking for trouble. Especially when that person is a female celebrity, and that picture happens to be a nude photo. Let's face it, candid photos of celebrities are a hot commodity for some reason. I'm sure it's embarrassing for some of them, but most are fine being 95% naked on screen/in magazines, so I see this whole situation as a non-issue and just another opportunity for publicity.

originally posted by: violet

I'm not even a professional hacker but am pretty darn good at hacking if need be. My daughter keeps changing her Netflix password. How dare she?! I wanna use it lol. Then once I get it again, usually on the first crack, I save dumb things to her wish list, she has no interest in. Just for a lark. Poor thing got sucked into watching sharknado and a boring black & white world war 2 documentary. I wouldn't hack her Facebook. I'm not nosey. If she went missing or something I would. I'm quite sure it's the new Netflix password.

...Guessing passwords until you get the right one is not 'hacking' anything. This just means that the person creating the passwords needs to rethink their method(s) of coming up with the passwords.

I once by accident hacked into NORAD website

This is the funniest thing I've read in quite some time. Thanks for that much-needed chuckle.

I've done some more digging.

Over on the anon ib /stol board. There are users on there claiming that they can rip iCloud accounts.

It's possible that apple still had a security flaw. A hardware flaw attack which would be more interesting. Or a mitm attack is going on.

a reply to: ChaosComplex

Guessing a password is a simple form of "cracking" but having it been their daughter that is more similar to "phishing" since they have information that helps guesses. So yeah not real hacking although if they used a brute force hacking program rather than manual guessing it technically is hacking in some way I guess but considering a program does all the work it doesn't really fit the meaning by traditional sense.

a reply to: schadenfreude

I may be just a lil off here, but I assume that if I have 2 GB on dropbox, delete a naughty file, and then max out my storage capacity by uploading 2GB of bs, I have effectively zeroed out what I didn't want anyone to see.

This would actually accomplish nothing, because Dropbox doesn't give you some specific space on a specific hard drive, they give you an amount of space and store your junk in the first free space. It also doesn't take into account backups.

Bottom line is once you release something "into the wild" by posting it on the net, it's gone and you no longer have control over it.

a reply to: BuzzCory

Thanks, this was actually most educating.

This is a prime example of why I *DO NOT* use cloud based computing.

My data is MY data. Anytime you upload anything to a third party, it could theoretically be taken down, stolen, hacked, or worse. I keep my data local and off line. It's not as handy, but I make it work.

People seem to be giving up privacy and security for simple convenience these days.

Unless it's work related, I don't upload anything to a dropbox or similar type service.

a reply to: adjensen

Its unlikely they will keep something on a server permanently. Backups are only for in case of data loss but if data is already deleted there is no need for those backups once the backups are updated right? Of course the time they keep information varies.

a reply to: MystikMushroom

This is a prime example of why I *DO NOT* use cloud based computing.

In the case of this hack, it had nothing to do with cloud based computing.

These were all iPhone users, who had "iCloud Backup" turned on in their phone's settings. When that's on, any time your phone is plugged in, locked and connected to WiFi, it backs up your photos, accounts, documents and settings to Apple's servers. Combined with poor passwords chosen by the user (the brute force script was just seeded with 500 of them) and Apple's failure to lock out accounts that were being brute forced, the pics were easy picking.

The part I don't get is how they figured out what the account names for the celebs were, one would think that information would be hard to come by.

a reply to: Aural

Backups are only for in case of data loss but if data is already deleted there is no need for those backups once the backups are updated right?

Not necessarily, as one of the points of having a backup is to restore something that has been (accidentally) deleted.