z*******n
发帖数: 1034 | 1 Apple Just Patched A Security Flaw In iCloud That Could've Been Used To Hack
Celebrity Accounts
James Cook
Sep. 1, 2014, 10:20 AM
Engadget reports that Apple has fixed a major bug in its Find My iPhone
software that allowed hackers to gain access to iCloud accounts. The fix
comes just hours after a hacker leaked hundreds of nude celebrity photos on
4chan in return for Bitcoin donations.
Apple's Find My iPhone login page was discovered to have been vulnerable to
so-called "brute force" hacks. Hackers are usually locked out of sites if
they try to gain access using multiple passwords, but it was discovered that
the Find My iPhone API allows users to repeatedly try different passwords.
Security researcher Alexey Troshichev revealed that it's possible to combine
this exploit with a list of common passwords in order to make a tool that
can gain access to iCloud accounts.
Just two days after the security flaw was detailed on GitHub, Apple moved to
fix the exploit. The "iBrute" vulnerability was patched after the news of
the leaked celebrity photos emerged, although some Apple services in Europe
remained open to brute force attacks.
So was Apple's Find My iPhone vulnerability to blame for the iCloud hack?
The speech that outlined the vulnerability took place at the Def Con
conference in Russia on Aug. 30, leaving potential hackers only a small
period of time to exploit the vulnerability, unless they were already aware
of the brute force exploit. Evidence suggests that the leaked celebrity
photos were gathered over a period of weeks, or even years, instead of a
quick one-day attack, meaning that there may be a completely different
vulnerability in iCloud that has yet to be discovered. | h********o
发帖数: 2316 | 2 我以为啥黑客高手,搞了半天还是穷举法试密码,
黑客怎么知道劳伦斯的login name的? | z*******n
发帖数: 1034 | 3 名人的信息容易获取,他们的安全问题大多也比较容易破解,
像google这种公司,自己就是靠作恶活的,安全都是第一位的,像iCloud这么低级的漏
洞一定不会存在,
Eddy Cue应该辞职,学历过低
【在 h********o 的大作中提到】
: 我以为啥黑客高手,搞了半天还是穷举法试密码,
: 黑客怎么知道劳伦斯的login name的?
|
|
