Apple Has Closed A “Find My iPhone” Exploit That Might Have Led To Celebs Nudie Pix Being Leaked

Posted in Commentary with tags , on September 1, 2014 by itnerd

That didn’t take long.

Engadget is reporting that Apple might have closed an exploit that allowed brute force attacks on the iCloud:

The potential exploit relates to a project on the code hosting site Github called, imaginatively, ibrute. Just a day before the images leaked, the developers of ibrute announced a bug in the Find My iPhone service means it doesn’t employ bruteforce protection (i.e. an attack can continue using different passwords until the right one if found). The implication is that this could give access to AppleIDs, and from there any number of avenues to compromise accounts become significantly more viable. It’s certainly not the first intrusion issue with the service we’ve seen. If this was the flaw used, the hackers would have needed email addresses of celebrities. But, it’s possible that only one address is needed, allowing to search inboxes for those of others in a domino effect.

It is possible that this is how hackers got the nude photos of celebrities that I reported on earlier today. Now if the timing of this fix may be coincidental, but I suspect that it has to do the aforementioned leak. Which makes me wonder why Apple didn’t fix this earlier as I have noted that this problem has been around for a very long time. But knowing Apple, we’ll never find out the reason why.

Apple “Actively” Investigating Hacked iCloud Accounts

Posted in Commentary with tags , on September 1, 2014 by itnerd

According to re/code, Apple is “actively” investigating the hack of celebrity iCloud accounts that I reported on this morning:

“We take user privacy very seriously and are actively investigating this report,” said Apple spokeswoman Natalie Kerris.

You know, I find it really sad that Apple will “actively” investigate reports of iCloud hacking when celebrity iCloud accounts get hacked, but you hear nothing from them when other reports of iCloud accounts being hacked surface. My perception is that Apple only cares when someone famous gets hacked. Perhaps I am reading this wrong. But I am sure that I am not the only one with that perception. Perhaps Apple would care to change my mind on that?

It’s Back: Cybercriminals Are Posing As Tech Support People To Make Your Life Hell

Posted in Commentary with tags on September 1, 2014 by itnerd

I wrote about this a year ago and now it seems that this scam is back. Several of my customers have received calls from people posing as a employee of a legitimate company who claimed that their “Windows PC” was either compromised with viruses or they were trying to protect them from a security threat. These people want to start with a remote control session to try and fix their problem. In one case, the customer got her PC trashed by these scumbags which required me to rebuild her PC from scratch. That was a very expensive mistake on their part.

Let me be clear. No company be it Apple, Microsoft, or anyone else will ever call you to troubleshoot your PC. EVER. Here’s some other tips if you get one of these calls:

  • Do not purchase any software or services from the scammer.
  • Ask if there is a fee or subscription associated with the “service.” If there is, hang up.
  • Never give control of your computer to a third party who calls you out of the blue.
  • Never provide your credit card or financial information to someone who is calling you.

The best advice that I have when you get one of these calls is to hang up. It’s a simple and effective way of dealing with these scumbags.

Celebrities Get Their iCloud Accounts Hacked

Posted in Commentary with tags , on September 1, 2014 by itnerd

If you’re Victoria Justice, Emily Browning, Kate Bosworth, Jenny McCarthy and Kate Upton among others, you’re not having a very good day. I say that because the news is out that those celebrities have allegedly had their iCloud accounts hacked and nude photos are now floating around the Internet. Here’s what Mashable had to say:

Early word of the images began spreading on 4Chan earlier in the day, where posters claimed that the images were the result of a hacker intrusion on a number of iCloud accounts and cell phones and that the images included nude celebrities such as Victoria Justice, Emily Browning, Kate Bosworth, Jenny McCarthy and Kate Upton.

n addition to Lawrence, these are the biggest names on the list posted to 4Chan of alleged victims of the iCloud leak:

Aly and AJ Michalka, Aubrey Plaza, Abby Elliott, Avril Lavigne, Amber Heard, Brie Larson, Candice Swanepoel, Cara Delevigne, Emily Ratjakowski, Farrah Abraham, Gabrielle Union, Hayden Pannettiere, Hope Solo, Hillary Duff, Jenny McCarthy, Kayley Cuoco, Kate Upton, Kate Bosworth, Keke Palmer, Kim Kardashian, Kirsten Dunst, Krysten Ritter, Lea Michele, Lizzy Caplan, Mary Kate Olsen, Mary Elizabeth Winstead, Rihanna, Scarlet Johansson, Selena Gomez, Vanessa Hudgens, Wynona Ryder, Alison Brie and Dave Franco.

Lovely. Some of these celebrities have said that the photos that have been leaked are faked, others have confirmed that the photos are real. Regardless, to keep yourself from being a victim of this, you might want to take my advice about using a strong password as well as using two factor authentication on your iCloud account. In the meantime, I hope that Apple for a change actually makes a comment about this and talks about how they are going to help users protect themselves.

Research Shows That Wi-Fi Protected Setup Is Horrifically Insecure

Posted in Commentary with tags , on August 31, 2014 by itnerd

If you have a router that uses Wi-Fi Protected Setup or WPS, then there’s a good chance that it is insecure. Some research that I came across shows that wireless routers are still quite vulnerable to attack if they don’t use a good implementation of Wi-Fi Protected Setup. Bad implementations do a poor job of randomizing the key used to authenticate hardware PINs. Because of this, the new attack only requires a single guess at the hardware PIN to collect data necessary to break it. After a few hours to process the data, an attacker can access the router’s WPS functionality. Now here’s what makes this really bad:

The Wi-Fi Alliance could not confirm whether the products impacted by the attack were certified, according to spokeswoman Carol Carrubba.

“A vendor implementation that improperly generates random numbers is more susceptible to attack, and it appears as though this is the case with at least two devices,” she said in a statement. “It is likely that the issue lies in the specific vendor implementations rather than the technology itself. As the published research does not identify specific products, we do not know whether any Wi-Fi certified devices are affected, and we are unable to confirm the findings.”

That means that your router might be affected. Or it might not be affected. There’s no way to be sure at the moment. My take? As a matter of course I disable WPS for any customer and I explain why. It is a far to easy way for someone to get access to your network. Thus if you want your network to be secure, you need to keep this feature disabled.

In the meantime, I wonder how many router companies are going to be shipping firmware updates to address this. Assuming that they admit to it at all.



RIP: MSN Messenger

Posted in Commentary with tags on August 31, 2014 by itnerd

After more than 15 years of being live, Microsoft is putting MSN Messenger out to pasture on October 31st. Now most users were flipped over to Skype a while ago. But that didn’t include China as there is still a substantial market for MSN Messenger apparently.

Who knew?

Those users will now be flipped over to Skype as well. As recently as 2010, Windows Live Messenger had about 300 million active users, ranking it as the number one instant messenger platform in the world at the time, according to Microsoft’s blog. But it’s usage plummeted as other services came online.

Do you have any fond memories of MSN Messenger? Post a comment and share them with your fellow readers.

Microsoft Ignores US Order To Release Data Held Overseas

Posted in Commentary with tags on August 31, 2014 by itnerd

You might recall that I posted a story about the US Government wanting data from Microsoft servers located in Ireland. Apparently, Microsoft has said to use a Glee reference “hell to the no:”

“Microsoft will not be turning over the email and plans to appeal,” a Microsoft statement notes. “Everyone agrees this case can and will proceed to the appeals court. This is simply about finding the appropriate procedure for that to happen.”

This is good because I was always under the impression that you cannot serve warrants to search property in other countries. But I am a computer nerd and not a lawyer. Thus I will be watching with interest as to what the outcome of this case is as it has far reaching implications.



Get every new post delivered to your Inbox.

Join 211 other followers