- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: Apple denies iCloud breach for The Fappening
Posted on 9/2/14 at 2:16 pm to TigerinATL
Posted on 9/2/14 at 2:16 pm to TigerinATL
quote:
I'm just not assuming that these "leaks" are all tied to the recently patched flaw like you seem to be. If they are then it is on Apple, but we have nothing but timing to correlate the two, and the timing angle is suspect because what I've gleaned from the OT threads on the Fappening is that this is a collection of individual hacks being released at once, not one big breach.
oh its absolutely a collections of smaller breaches. it doesnt mean they didnt all use the same attack vector
1
Posted on 9/2/14 at 2:26 pm to gmrkr5
quote:
it doesnt mean they didnt all use the same attack vector
The most recently patched attack vector isn't the only one though. Looking for the password requirements I ran across this article from June on a Forensic tool that was capable of retrieving and cracking iCloud backups, without a password if you had access to their PC.
quote:
It’s not black magic, but works as a command-line tool extracting the iCloud binary authentication token. The “user must’ve been logged in to iCloud Control Panel on that PC at the time the computer is seized. If the user logged out of the Panel, the authentication tokens are then deleted.”
The newest version of Elcomsoft Phone Password Breaker can recover “the original plain-text passwords protecting encrypted backups for Apple and BlackBerry devices.” Those backups “contain address books, call logs, SMS archives, calendars and other organizer data, camera snapshots, voice mail and email account settings, applications, Web browsing history and cache.” Apple users, even if you don’t manually create backups, backups happen automatically every time you sync your device.
iCloud Control Panel is part of iTunes and comes installed on OS X devices, but has to be installed on Windows devices. “The given feature is confirmed to work even for accounts with Apple's two-step verification enabled, but does NOT work for Microsoft Live! accounts that use 2FA.”
LINK
I said in another thread that Apple has taken a bare minimum strategy with the cloud, so they certainly need to be taken to task over any problems caused by that, but I've seen people connect the wrong attack vector dots based solely on time correlation. After reading the article I posted I think I'll uninstall my iCloud control panel. I never really use it and if a security tool can weaponize it then a virus could too.
Page 1 of 1
Popular
Back to top
Follow TigerDroppings for LSU Football News