Michal Ždanský Yesterday in the early hours of the morning on the internet forum 4chan discovered a large number of sensitive photos of famous celebrities, including Jennifer Lawrence, Kate Upton or Kaley Cuoco. Private pictures and videos were obtained by the hacker from the accounts of the affected persons, which in itself has no obvious connection with Apple, however, the attacker allegedly used a security flaw in iCloud to get access to the photos.
So far, it has not been confirmed whether the photo comes directly from Photo Stream, or whether the attacker just used iCloud to obtain the passwords to the accounts in question, however, it is quite possible that an error in one of Apple's Internet services is to blame, which made it possible to obtain the password using the brute force, i.e. by brute force guessing the password. According to the server The Next Web the hacker exploited the Find My iPhone vulnerability, which allowed unlimited password guessing without locking the account after a certain number of failed attempts.
Then it was enough to use specialized software iBrute, developed by Russian security researchers as a demonstration during a conference in St. Petersburg and made it available on the GitHub portal. The software was then able to crack the password to the given Apple ID by trial and error. Once the attacker had access to the email and password, they could easily download photos from Photo Stream or gain access to the victim's email page. Initial reports said the photos were obtained from a hack of Apple's photo storage, but many of the leaked photos were apparently not taken with an iPhone, and many were missing EXIF data. So it is possible that some of the photos come from e-mails of celebrities.
Apple fixed the mentioned vulnerability during the day and said through its press spokesperson that it is investigating the whole situation. The actual way a hacker or group of hackers got hold of intimate photos of actresses and models is likely to be known in a few days. Unfortunately, to their detriment, the celebrities reportedly did not use two-step verification, which would otherwise prevent password-only account access, as an attacker would have to guess a random four-digit code, greatly minimizing the chance of accounts being compromised.
Jennifer Lawrence has never appeared naked in a movie and now we can finally admire her beautiful body. She has very nice tits and the photo where her face is splattered with sperm is the icing on the cake.
Well, there was probably quite a lot of money for photos in swimsuits. At least Jennifer is an actress, but I think that Kate Upton mainly earned her money from photos in swimsuits.... which there probably won't be such an interest now :-D
there is nothing like that there….
...so I heard from a friend and so...
You have to download the complete package, it's splashed on two photos :-) And also Kate Upton all from seed. She also has a video of her being pounded by her charger.
Hmm, only a connoisseur can do this on iCloud :D
I just stole the package, it's over 900mb and I can't open a single photo :(...does anyone know why?
I'm probably going to be a complete troll, but I'll ask anyway:
What is the two-step check for e-mail?
After entering the password, you will receive an SMS with a random code to verify that it is really you and you must copy it into the login. Simple and effective!
And how much does this cost? So is this a paid service?
It's free, it's supported by Google and Microsoft, among others, it can be ticked when authenticating on your own device so you don't have to enter the code every time. If anyone tries this from another device, they're out of luck. I have it turned on not only for Gmail and Outlook, but also for Facebook, Steam and other services. It's even easier to use the Google Authenticator app instead of email.
This comes to me from the bank to pay/change details etc.
I didn't come across that with email.
Every time I try to log in to my e-mail account, do I still receive a verification via SMS?
That's right, but it can also be set so that it remembers the given computer (at home, for example) and when you log in from it, it's without SMS.
Maestro Cook should probably add a couple of Security slides on the ninth, in addition to praising the cloud. I would say that this affair will hurt Apple. It will put off some undecided customers and affect Apple's stock. What about conspiracy theories about competition? Have they appeared yet?
Shouldn't this year's "OME MORE THING" be?
And did you notice the iPhone 6 in those photos? http://globalgrind.com/playlist/celebrities-leaked-pics-photos/item/1800400/