Apple knew of iCloud security hole 6 months before Celebgate
..
The emails, obtained earlier this month by the Daily Dot and reviewed by multiple security experts, show Ibrahim Balic, a London-based software developer, informing Apple of a method hed discovered for infiltrating iCloud accounts.
The strength of Apples security came under fire earlier this month after hundreds of celebrity nude photos, allegedly stolen from iCloud servers, flooded the Internet. While the exploit Balic says he reported to Apple shares a stark resemblance to the exploit allegedly used in the so-called "Celebgate" hack, it is currently unclear if they are the same vulnerability.
In a March 26 email, Balic tells an Apple official that hes successfully bypassed a security feature designed to prevent brute-force attacksa method used by hackers to crack passwords by exhaustively trying thousands of key combinations. Typically, this kind of attack is defeated by limiting the number of times users can try to log in.
Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account. I would like to inform you for it to be fix, he wrote. (Editors note: Balics emails were written in English, which is not his first language.)
http://www.dailydot.com/technology/apple-icloud-brute-force-attack-march/
..
Sherman A1
(38,958 posts)this will not go well for Apple, if proven to be true.
I see a large number of lawyers in their future.
corkhead
(6,119 posts)It requires more effort to disable it than most people probably care to put into it.
yeoman6987
(14,449 posts)A better security for the cloud. Overall, I like the idea of the cloud to keep items on that are accessible at anytime regardless of switching to a new computer and not having a portable hard drive that may not be access able to future computers. However, I would never put personal information and especially financial items on a cloud. And for nude pics of me....the last thing I would want to do is scare the poor little hacker.