TranceAddict Forums (www.tranceaddict.com/forums)
- Chill Out Room
-- Nude Photo (iCloud?) hack affecting celebs (Jennifer Lawrence/Kate Upton...) via 4chan
Pages (4): « 1 2 [3] 4 »
holy jesus christ. i have no idea how fucking ISIS, NSA or any of that bullshit ends up in a thread like this.
a group/person of hackers pwned apple. leaked a bunch of shit. happens all the time. the only reason this is a big deal is because the severity of the breach. also notice how apple is trying to downplay it? (oh yeah WE didnt get hacked, rather individual users got hacked. yeah you fucking assclowns with your shitty api)
there's a big fucking difference between a bunch of smart kids causing trouble then a government body tapping/sniffing actively for your traffic. hi NSA!
what concerns me more is a significant fucking amount of teir 1/bgp'd providers use Cisco gear. and there's been talk about NSA stealing shipments and dropping chips in Cisco gear. now thats fucked up.
it sucks for the people that got hit but what can you do? oh yeah don't store your naked photos on the "cloud." even then you're still not protected. its a risk you take if you take these photos.
| quote: |
| Originally posted by DJ RANN Yeah, because the pictures were "leaked", weren't they? Like when someone breaks in to your house by trying every possible key combination on your door lock and takes all your shit, it's not theft, it's just you leaking you possessions |
| quote: |
| Originally posted by r5a holy jesus christ. i have no idea how fucking ISIS, NSA or any of that bullshit ends up in a thread like this. a group/person of hackers pwned apple. leaked a bunch of shit. happens all the time. the only reason this is a big deal is because the severity of the breach. also notice how apple is trying to downplay it? (oh yeah WE didnt get hacked, rather individual users got hacked. yeah you fucking assclowns with your shitty api) there's a big fucking difference between a bunch of smart kids causing trouble then a government body tapping/sniffing actively for your traffic. hi NSA! what concerns me more is a significant fucking amount of teir 1/bgp'd providers use Cisco gear. and there's been talk about NSA stealing shipments and dropping chips in Cisco gear. now thats fucked up. it sucks for the people that got hit but what can you do? oh yeah don't store your naked photos on the "cloud." even then you're still not protected. its a risk you take if you take these photos. |
| quote: |
| Originally posted by enydo It also doesn't make sense to me that people lose their shit over a small trove of nudes when the internet is literally filled with porn that was put up with some form of consent. Go get your rocks off somewhere else, ffs. |
| quote: |
| Originally posted by Jon_Snow Now you know how the RIAA feels about you stealing their music. |

| quote: |
| Originally posted by Jon_Snow Until people stop using bad passwords and security practices in general nothing will change. Even if their API had rate limiting people still could have guessed their passwords, just slower. Its like leaving your backdoor open and setting your safe combination to "1111" and expecting robbers to not be able to easily break in and open it... Yeah, its wrong that they got hacked but they neglected nearly all cyber security best practices. I don't have sympathy for anyone who doesn't take their own security seriously, whether that be physical or digital. |
| quote: |
| Originally posted by Spacey Orange So these guys are fapping to jennifer lawrence's saggy tits now. Oh the fucken travesty sweet jesus. |
If you take a picture of yourself nude and upload it to whatever cloud, resulting in you getting hacked it's your own fault. So you're saying putting money in the bank isn't safe? I'd love the internet to be as safe as a bank. Really. It's not.
Want to send nude picture to someone? Do it, but don't upload that shit to a server. If you're ignorant enough to not know what I'm talking about? Well it sucks to be you.
But you're right. Ideally there wouldn't even be anyone watching this. The torrent got 40k seeders on piratebay just about 1 hour after the leak.
Criminuls.
RANN I understand your point but you are misinformed about the actual technical details behind the methods people were using. Using a strong password and hard to guess recovery questions WOULD have stopped brute force attacks against their account. There was no magic exploit. They exploited people who employed poor security practices, plain and simple.
Yes its creepy, but this is a much farther reaching problem in society than just "nude pics"... You can't just look at it from that angle without addressing the root cause of all of this.
People neglect security for far more important things and only address it once shit hits the fan.
| quote: |
| Originally posted by djnitride People neglect security for far more important things and only address it once shit hits the fan. |
| quote: |
| Originally posted by djnitride RANN I understand your point but you are misinformed about the actual technical details behind the methods people were using. Using a strong password and hard to guess recovery questions WOULD have stopped brute force attacks against their account. There was no magic exploit. They exploited people who employed poor security practices, plain and simple. Yes its creepy, but this is a much farther reaching problem in society than just "nude pics"... You can't just look at it from that angle without addressing the root cause of all of this. People neglect security for far more important things and only address it once shit hits the fan. |
| quote: |
| Originally posted by DJ RANN Good passwords don't mean anything. A brute force checks millions of combinations of every possible key combination so whether it's simple or has upper and lower case, with special characters, just means it takes the brute force attack slightly longer, but trust me, these guys were at it for months, if not years. |
In my hacking/wannabe-unix-security-nerd days (circa 1994-1995) I used a spare 486 and it took 2 weeks running 24/7 against a bunch of dictionaries (in multiple languages) before it cracked anything. I used Crackerjack.
I can still remember the audible beep... it was like christmas in july. lol
Good times.
As for password difficulty... have some numbers... mixed case...and a word you know and then vary the numbers within a certain range and that's all you need.
| quote: |
| Originally posted by djnitride Each additional digit adds another power to the potential number of combinations, past a certain point it doesn't matter if they rate limit brute force or not, it simply isn't feasible to crack the password. For example, a 20 char alpha numeric password with capital letters would be 62^20 = 7.0442342554699802296833026461637e+35 possible combinations. Even if the attacker could run 1 million combinations a second, it would take 670113608777585638287985 days to crack if they had to check 50% of combinations before finding the password. Yeah, I am sure some of them used extremely targeted and personalized social engineering techniques to get peoples pictures who had better security. Here is one problem, there is no definitive defense against social engineering attacks besides restricting yourself to a very limited list of service providers. For example, gmail is extremely strict about providing account access if you lose your password. |
| quote: |
| Originally posted by DJ RANN But that's the problem; 20 digit alpha numeric passwords aren't really realistic. I have to use one system for one of ht businesses that requires me (and 4 of my employees) to log in at least 20-40 times a day. Having to type 20 mixed fucking characters is an absolute ballache that many times a day so guess what? Everyone does the minimum (8 chars, 1 num, one spec char). That's really not that difficult to brute force in a couple of days. Average password length is guess what? 8-9 characters (in fact the actual figure is 61% of the worlds population uses a password that is within one digit of the minimum required). But again, this was only part of the breach in question - several of the people involved were phished, some it's now believed were straight up hacked with malware, and one or two others had their phones actually compromised/data copied/stolen. Unless you're going to add two step verification (and still keylogging attacks do nothing against this) or algorithmic dongles, passwords are not going to get more secure. Combine these attacks with just a tiny bit of social engineering, and basically anyone can get access to any normal password protection system. |
^ She's 21? I thought she was like 17.
On the topic of password length, I hate the companies that have a maximum password length, especially one that is only 8-12 characters. Which I find it completely ludicrous to blame those who were hacked, I do try to have my own internet stuff secure (at least banking/email/etc). It's not that hard to remember a line of poetry that can end up being 25-30 characters. Muscle memory easily remembers it, too.
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |

| quote: |
| Originally posted by Lews a line of poetry that can end up being 25-30 characters. Muscle memory easily remembers it, too. |
Lews.
Vegetarians protect the world with haiku's.
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Swamper ^ She's 21? I thought she was like 17. |
| quote: |
Originally posted by Sushipunk |
| quote: |
| Originally posted by Viber That's a brilliant idea |
Are you hacking Tinder, Nou?
I use the Gettysburg address as my password
Powered by: vBulletin
Copyright © 2000-2021, Jelsoft Enterprises Ltd.