Stolen Pictures – Who’s To Blame?

Posted by:

Apple announced there had been a cyber attack targeted on some users’ passwords on its iCloud but none of its systems had been hacked. The specific users, whose personal pics were compromised, appear to be confined to celebrities, music stars, models and the like.

What can be done and can we presume that companies are protecting our data? I think we have to presume “not completely.”

So how was Apple’s iCloud compromised? According to Industry expert, David Emm, Senior Regional Researcher at Kaspersky Lab, we cannot assume that our online services are not going to be completely safe and that as individuals we have to ensure that the passwords we use are strong and that way we are not reliant totally on somebody else[1].

So, what about the most recent breach on Apple’s iCloud?

During the week there was a rumor that this attack was the result of a brute force attack on people’s passwords. This is where a piece of software constantly bombards a login with passwords until it gets a correct hit and can then gain entry to a person’s account. If this is the case, then there should have been some sort of security that blocked the continued assault, and immediately sent an email to the subscriber that they had tried more than 3 times to try their password. To me, that makes perfect sense.

What I don’t get is that often I have forgotten my Apple password and if I try to identify the correct password on my account more than 3 times, it bombs me out for 15 minutes. I suppose these bots are more patient than I am.

The biggest problem we have as consumers is that we are too trusting of our providers. Emm recommends before signing up for any service to read the small print. If a provider cannot provide any form of two-factor authentication perhaps we should think twice about using that provider. I think he is being too polite. If it was me, I would say dump it.

Whoa, I hear you shout. Too much techie-talk.

OK. You do all know about two-factor authentication (2FA). In simple speak it’s those annoying pictures you have to verify before you hit a send button and which in most cases are unreadable. We call them captcha coding. Another form of two-factor authentication is a pin number. It adds a second layer of security to, for example, a credit card or a login.

In the case of the iCloud user attack, its 2FA may not have been enough if it involved account recovery to reset current passwords. In this case, password recovery bypasses 2FA. Yick!

No one has mentioned the theft of 1 billion email accounts and passwords recently but I am beginning to wonder if there is a connection. And my own thoughts are that the iCloud hackers were not only relying on bots but may have also had other sophisticated codes to access so many accounts in such a short time. But that’s just my theory. Target and now Home Depot have both had their customers accounts compromised.  As quick as one can introduce another safety mechanism, we are learning that these will be overcome by hackers.

What can we do is the billion dollar question?

  • Just be better educated. When you hear about a global attack on accounts or passwords CHANGE THEM immediately
  • Know how providers protect our accounts by reading the small print when you sign up
  • Use strong passwords. Yeah STRONG passwords
  • Don’t use the same password on every account
  • Never use your email address, the words ‘admin’ or ‘register,’ your name or family name as a login
  • Don’t rely on those secret questions for protecting your account. In most cases they can easily be found.
If I’ve missed out anything else let me know.

There is some good news~ banks are coming up with more ways to protect our accounts. Soon we will have new bank cards that have super encryption which will make the card much harder to copy.

Now that we all know that our smart phone stuff is on the cloud (if we did the easy, recommended option when we signed up for the service) how do we remove those items we DON’T WANT THERE?

A big, big warning here. When your remove stuff off the iCloud it will also remove the same data off every other device you have connected to your iCloud account. So, anything you want to save first, do so by sending that data to an external USB drive if you don’t want to lose it. Or move them to your Mac, provided it has OS X v10.8 or later.  At least that’s what Apple recommends.

Honestly, anything you have that may be that personal I wouldn’t even leave on your Mac or PC.  Just be savvy and put that kind of stuff on an external USB drive and don’t leave the drive plugged into your computer.

So, here you go to the Apple support site and it will tell you all about deleting files off the iCloud. Do yourselves a favor though, and do a Google search on deleting files off the cloud, because you may actually learn something new from other sources.

And finally – NO DATA IS COMPLETELY SAFE. If you understand this you may think twice about what you put on the cloud or keep on your computer.

 
[1] Emm, David. Tech Tent 34: Cracking the cloud? BBC World Service, Friday, 5 September 2014. Retrieved at http://www.bbc.co.uk/podcasts/series/tech

0
  Related Posts

Add a Comment