Painful Lessons from the Cloud

Sad-Cloud-Partly-Cloudy-iThe media is in a tizzy over the latest celebrity kerfuffle. Seems that nude photos of some prominent actresses were posted on 4Chan on August 31st. The interesting part of the story is the claim that hackers obtained the material through an iCloud hack. Media reports have focused on a (recently patched) vulnerability in the “Find My iPhone” service to brute force password attacks, leading to the compromise of AppleIDs. Apple fixed the bug two days after security researcher, Alexey Troshichev, reported the vulnerability and released an exploit called iBrute.

What’s the key takeaway from this incident? Don’t put anything sensitive in the cloud without first encrypting it. Additionally, multi-factor authentication is your friend.

From Engadget:

The potential exploit relates to a project on the code hosting site Github called, imaginatively, ibrute. Just a day before the images leaked, the developers of ibrute announced a bug in the Find My iPhone service means it doesn’t employ bruteforce protection (i.e. an attack can continue using different passwords until the right one if found). The implication is that this could give access to AppleIDs, and from there any number of avenues to compromise accounts become significantly more viable.

Continued here with and additional article on Business Insider. Looks like the presentation slides referenced have been pulled from Slideshare though.


Today’s post pic is from

2 comments for “Painful Lessons from the Cloud

  1. September 1, 2014 at 1:33 pm

    #NOVABLOGGER: Painful Lessons from the Cloud

  2. September 1, 2014 at 4:14 pm

    BLOGGED: Painful Lessons from the Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.