Posts with tag icloud
iCloud lacked brute force detection
By now, you probably know that a number of celebrities have been the target of a nude photo leak that has said to have lead to the leak of potentially hundreds of photos and videos. Of course, this vehement violation of human privacy is a despicable act in and of itself – the thought that there are individuals out there who would go to any length to obtain such photos and violate women (and men) is nauseating. But where there’s a will, there’s a way – and unfortunately, Apple seems to be at the center of that way.
According to new reports, the leak stem from a security issue that was previously present in Apple’s iCloud cloud storage system. iCloud automatically backs up a user’s photos (among other data) into the cloud, which can then be downloaded to any authorized computer capable of logging into the iCloud account. Hackers claim that Apple had failed to implement any sort of brute force detection software into iCloud’s login authorization, a loophole that enterprising hackers worked around using software called iBrute, which “guessed” at password combinations at a dizzying speed.
Essentially, in layman’s terms, that means that anybody with the knowledge of a celebrity’s iCloud email address would be able to keep guessing at their password until they hit on the correct password by chance, forever. A simple loophole, which Apple has reportedly now implemented, stops users from trying passwords after a couple of incorrect guesses. The new protection is similar to how Apple’s iOS software locks users out of devices after a number of incorrect passcode guesses.
While there’s yet to be any confirmation from either Apple or the supposed hacker that this method was the one used to illegally obtain the celebrity’s passwords, Apple has confirmed that they are investigating their role in the issue, if any. Still, the fact that this loophole existed and had been easily exploitable up until just today indirectly implies it could have been the root cause.
Still the early days
It should come as no shock or surprise that Apple is plowing ahead with the next major version of their mobile operating system, iOS 8. Though iOS 7.1 was just released to much fanfare over the past couple of days, iOS 8 promises to be a much larger release with a further emphasis on new functionality rather than just simple refinements. Today we’re getting one of our first looks at Apple’s next OS as numerous screenshots of an early pre-release build has leaked onto the web.
If the images are to be trusted, and popular and often reliable Apple blog 9to5Mac believes that they are, iOS 8 will be focusing quite a bit on two things – feature parity with OS X, particularly in regards to iCloud integration – and health monitoring. A new application called “Healthbook” can now be seen on the home screen, and many are already speculating that this could serve as a point of integration between the iPhone and Apple’s oft rumored iWatch.
Also new are three new applications – Preview, TextEdit, and Tips – the latter two which should be immediately recognizable to anybody who has ever used a Mac computer for more than a couple of minutes. Both Preview and TextEdit feature iCloud integration on OS X, however iOS users have been unable to access Preview and TextEdit data from their mobile devices somewhat limiting its usefulness. Hopefully iOS 8 seeks to remove this gap.
iOS 8 is expected to be announced at the WWDC 2014 developer conference sometime this summer. Apple has traditionally hosted the conference around early June with an announcement and registration a short while before, so stay tuned for more on iOS 8 and WWDC.
Get your iWork on
If you’re a member of iCloud, you got a new surprise today – Apple has just released iWork for iCloud as an open beta public and available for all. Users will now be able to open, save, and export iWork documents right from their web browsers, whether you’ve got a Mac or a PC. iWork’s full suite of editing tools is available, including the usual suspect of OS X fonts, Microsoft Word support, formatting, etc. and so forth.
Previously, iWork for iCloud had been in a limited private beta available to only those special folk (and registered developers) while Apple tweaked and polished the service. Interested? Head over to Apple’s iCloud portal and try it out. It’s free as in… well, something that’s free.
Available now in beta
iCloud.com, Apple’s dashboard for all (or, well, most) iCloud services used by OS X and iOS, has just received a significant redesign ahead of the launch of iOS 7 on September 10th. The redesigned site gets many elements of iOS 7’s new user interface, bringing the site in line with Apple’s new iOS design language. iWork web apps have yet to receive an update with the site still displaying the apps’ old iOS 6-era icons.
Though regular users won’t be able to see the site just yet, the iCloud Beta site has been updated with the new design for you to try out now. Or if you just want a little sneak peak at the user interface without going through all the trouble of clicking through the link, you can just check out our screenshot below.
We love you too, Apple
It seems Apple hasn’t been very secure lately. First a few rounds of iOS lock screen bypasses, and now someone has figured out how to reset your Apple ID’s password with just your date of birth and your email address.
The exploit comes after Apple added two-step verification to their Apple ID and iCloud services. Unfortunately, the change also introduced said reset method for anyone who hasn’t yet migrated their account which at this point will be most people. To perform the reset, all one needs to do is use a malformed URL when visiting the iForgot page, and then entering your date of birth. That’s it.
Scary, right? We hope that this huge flaw will be fixed soon and will keep you up-to-date when it is.
Update 3:28PM CST – Engadget is now reporting that the password reset page has been taken offline. Hopefully when it returns, the hole will be patched.
Source: The Verge
Apple may be on track to announcing updated versions of their iPhone and iPod product line later today, but unfortunately there’s something else going on in Cupertino – something slightly less awesome. Users of Apple’s free iCloud Mail service have been coming in thick and heavy reporting that they can’t access their mailbox, and some haven’t been able to since as early as yesterday morning.
Apple claims that the outage is only affecting “1.1% of users”, however Twitter (and other social networks) has been literally overflowing with tweets complaining about the outage at an alarming rate, suggesting to me that this is perhaps affecting more than just a small group of people.