Let me let you in on a little secret, it’s not just singles looking to hook up who take naked pictures of themselves. Couples do it too. Of all ages. No snark meant but you must live a very sheltered life. There are none of me floating around but it’s very common in the era of digital photography. Celebrities are in most ways regular people who do the things that regular people do.
Yup. As I noted in another thread, my husband still has some Polaroids of me from when we were in college. (Edit: Removed non-GQ content.) Naked pictures are generally considered sexy, good wank/turn-on material, etc., even for a couple.
There’s probably more to it than that - icloud will alert you when a new device is used to access your stuff.
Celebrities are just like regular people except better looking.
If you’re trying to maintain a long term relationship while doing a job that keeps you away filming three or four months at a time, maybe you do what you gotta do.
Mary Winstead has been with the same man almost her entire adult life. I cannot imagine them being apart for huge stretches of time is a lot of fun. Hell, I miss my fiancee if we’re apart for two days. After two months I might start thinking about us making some sexy pictures.
The huge iCloud hacking, revealing revealing nudie shots, is pretty scary to me. The presumed method is discussed here.
Would any security types here care to comment on the article’s claims? It’s too technical for me, but what should I take away?
Also,How bad or novel is this type of crime on cloud servers?
The method described in the article did work. It was blocked by Apple soon after it became public knowledge.
In a nutshell: most methods of logging in to an iCloud account have rate limiting to prevent someone from repeatedly guessing passwords. They missed a spot, and someone wrote a brute force tool to take advantage of the lack of rate limiting.
It only worked if you already knew the account’s email address, and if the account’s password is weak enough to appear in a password dictionary.
No one knows yet if this was used in the celebrity scandal hack.
It should also be noted that there’s no evidence this was some single or concerted “huge” hacking event. It looks like there were likely multiple hackers working independently and over different time periods. There are also suggestions not all hacking was done through iCloud:
Agreed.
As for how novel the brute force attack is: it’s extremely common. Virtually anything with a login form gets hit frequently by bots guessing common passwords. It’s standard practice for server admins to limit the rate of attempted logins to frustrate those attempts. And it’s common for the smarter bad guys to seek out alternate, obscure interfaces that might not enforce rate limiting (which is what happened with the brute force attack here).
Take away:
Do not use weak passwords. Do not reuse passwords. Enable 2-step verification.
There’s another thread that asks basically the same question.
I’m hoping we learn the details of how this was done one day. I just don’t get how they not only hacked in, but located the actual celeb’s phones.
I mentioned this in my earlier post, but you don’t need to locate anyone’s phones to download their iCloud files if you can access them.
I think the problem is that the word “hacked” somehow suggests a level of technical sophistication that may not necesarily have been involved here. The most basic way to “hack” into someone’s iCloud account is to guess or somehow find out their ID and password. I’m not going to link to the page that lists the instructions on how to do this, but it’s easily searchable by anyone with basic google skills. You basically need to figure out the target’s email address, birthdays, or other relevant personal information to answer security questions, much of which is easily assessible thanks to the targets themselves via public postings on Facebook, etc. The instructions even suggest you do this at night because there’s a lower chance of the target discovering this and resetting the password. Of course, it’s not as simple as I’ve just described, but it’s not rocket science.
OP wasn’t asking about physical phones. The question is, how did they find out the celebrities’ account IDs? They didn’t simply guess them.
Why does everyone assume it’s hackers and not the celebs leaking it themselves for marketing? It worked for Paris Hilton, didn’t it?
I addressed this in one of the other threads with my opinion:
Because the celebrities have nothing to do with each other and no connection with themselves to “allow” it to happen all at the same time.
It would be a level of collusion that would raise even more questions than the hack is
Because when someone tells you they didn’t consent to some sort of sexual event, and is angry about it, the default assumption is not that they’re secretly whores, attention- or otherwise.
Yes, this is what I meant.
I think the responses to the leak this time seem genuine. They were shocked and disappointed.
Jennifer Lawrence sleeps on a pile of acting awards and blockbuster money. Her launching a faux-scandal to keep herself in the public eye doesn’t make much sense, she’s already there.
Moderator Note: I have merged two threads on the same topic.
Colibri
General Questions Moderator
It’s not looking good for Apple. A good friend of mine examined all of the leaked photos in detail. In a large number of them, the photo was a selfie taken in front of the mirror by an iPhone of some sort.
Youch. Apple should have used better encryption.
Also, my friend says the photos themselves are mostly nothing special. If these were random women instead of famous ones, no one would blink. The photos aren’t particularly “hot” - other internet models are physically more attractive. They are also usually taken under suboptimal conditions.