TR Forums

derFunkenstein wrote:

The iCloud accounts weren't "hacked",

They were in the sense that they were using a python script dictionary attack of the top 500 passwords.

I don't consider that a hack. There wasn't some security flaw ripe for the picking, it was a semi-sophisticated guessing game. And then once you can restore a backup to an iPhone, you can get to Photo Stream and voila.

derFunkenstein wrote:

I don't consider that a hack. There wasn't some security flaw ripe for the picking, it was a semi-sophisticated guessing game. And then once you can restore a backup to an iPhone, you can get to Photo Stream and voila.

I wish there was a way to 'like' this comment. Seriously, in what world do we consider password guessing hacking?

http://www.theguardian.com/technology/2 ... r-lawrence
This was the last i'd read of it. Did they figure more out?

derFunkenstein wrote:

I don't consider that a hack. There wasn't some security flaw ripe for the picking, it was a semi-sophisticated guessing game. And then once you can restore a backup to an iPhone, you can get to Photo Stream and voila.

You don't even have to restore to an iDevice. Just use the same credentials in the iCloud application for Windows or Mac.

derFunkenstein wrote:

I don't consider that a hack. There wasn't some security flaw ripe for the picking, it was a semi-sophisticated guessing game. And then once you can restore a backup to an iPhone, you can get to Photo Stream and voila.

I would consider being able to brute force without the site being able to lock out subsequent attempts a HUGE security flaw that was being exploited. There is also the age old argument that either way it should be considered "cracking" more than "hacking".

adampk17 wrote:

Seriously, in what world do we consider password guessing hacking?

Are you new to the US? When people here say "news", it's a bit tongue-in-cheek.

Deanjo wrote:

I would consider being able to brute force without the site being able to lock out subsequent attempts a HUGE security flaw that was being exploited. There is also the age old argument that either way it should be considered "cracking" more than "hacking".

This attack supposedly happened over the course of several years. Who's to say that the attacker didn't take in to account the site's incorrect password tolerance and stayed below it's radar. It wouldn't really take that long to guess 500 passwords that way.

auxy wrote:

Wow! Soooo glad I don't use Apple products. What an irritation! (´д⊂)

This whole thread has been fanboys shouting "but that's how it's supposed to work!" as if that has any relevance to anything. Who cares? That may be intended functionality, but that doesn't make it any less brain dead. Who the hell would put sensitive data on an ipad anyway?ヽ(´ー｀)ノ

Yet another Apple "feature" the cultists spin as a good thing while normal people scratch their heads in disbelief. Σ(´∀｀；)

I've been using iOS since 2008 and what Axuy wrote is so wrong. I'm currently on a brief vacation to NYC and, for the first time, I am relying solely on iOS devices to manage work related issues while I am on the road. I manage vSphere, Linux, Windows and OS X. I'm not even going to say iOS is the only option. Android is there as long as the apps give me what I need. Windows and OS X are no longer the only games in town. F@ck the desktop.

THANKS EU. YOU'VE NEVER MENTIONED YOU LOVE APPLE BEFORE. IT'S GREAT TO HEAR.

End User wrote:

auxy wrote:

Wow! Soooo glad I don't use Apple products. What an irritation! (´д⊂)

This whole thread has been fanboys shouting "but that's how it's supposed to work!" as if that has any relevance to anything. Who cares? That may be intended functionality, but that doesn't make it any less brain dead. Who the hell would put sensitive data on an ipad anyway?ヽ(´ー｀)ノ

Yet another Apple "feature" the cultists spin as a good thing while normal people scratch their heads in disbelief. Σ(´∀｀；)

I've been using iOS since 2008 and what Axuy wrote is so wrong. I'm currently on a brief vacation to NYC and, for the first time, I am relying solely on iOS devices to manage work related issues while I am on the road. I manage vSphere, Linux, Windows and OS X. I'm not even going to say iOS is the only option. Android is there as long as the apps give me what I need. Windows and OS X are no longer the only games in town. F@ck the desktop.

I know of people who use iPads when they're at other sites at work, using RDC into servers and checking their email. I'd rather use a laptop for RDC, but hey, at least the iPad is a ton lighter.

cynan wrote:

If you aren't enamored with the prospect of dealing with iTunes, then iDevices are probably not for you anyway. The iOS usage model is heavily centered around iTunes (though perhaps less and less so with the growing dependence on the cloud). All firmware updates are managed through iTunes and it's pretty much the only way to transfer files between a PC and the device (at least if it isn't jail broken). Dependence on software such as iTunes to reset the password is therefore a bit more excusable for an iDevice than, say, for an Android.

But yeah, I hate the necessity of iTunes for the local transferring of files - and only files, no less, that Apple deems you should be putting on their device. A major reason why I personal shy away from Apple mobile devices, at least historically.

This is out of date by several years. Let my experiences inform you.

We've been doing OTA firmware updates with one surprise, my wife's iPhone 4S contacts went missing once upgraded to iOS 5.x - I told her that's a no-no while travelling. Once re-synced via hotel wi-fi it restored fully anyway. So, device-only problem detection, mitigation, and recovery via standard, in-band methods on unsecured wireless networks, all in an afternoon. I only needed iTunes for external backup as I then wouldn't rely solely on Apple ID sync. These days she does by herself systems configuration, apps discovery/installs/updates, image/config/file backups, file grooming/sharing, and client/bridge networking easily using standard methods, and hasn't used iTunes at all. Like her fashionable friends, she's the farthest thing from an admin. And yet they've each been running clusters of Apple mobiles with little help for the past few years. Every friend or family using iOS sooner or later stopped asking for involved support, most have become proficient at tasks which would have been considered undelegatable and even dangerous to desktop users a few years ago.

The last time I had to deploy a new Apple mobile via iTunes activation was back in 2011 with iOS5. I mainly use iTunes for fast USB backups and transfers. But it's hardly necessary as there are many ways to exchange and store *all* types of files and execute common ones like Office and mkv. All appdata exchanges are rigorously siloed in repository and interprocess operations for traversal security. There are non-Apple cloud sharers like Dropbox and GoogleDrive and OneDrive and in/out file hubs like File App and Phone Drive. Many filehubs and media players/readers like AVPlayerHD directly access not just /http /ftp /sharepoint but also work as ad hoc /streaming /WebDAV /uPnP-DLNA clients and servers (no t*rrents though).

My favorite Goodreader app even authenticates on SMB fileservers. I use the networked filesystem it exposes to grab all kinds of stuff from windows and router NAS shares, to pass on to other apps or ping to other WLAN devices. Or else use NAS hybrids like Tripmate which has Android and x86 Windows frontends, although iOS still doesn't expose systemwide iOS fileshares AFAIK. About the only other access biggie one can't do is download files attached to e-mails, but even then many content types can be onscreened with built-in viewers.