It’s been a week since the Great Fappening rocked Hollywood and the rest of the internet, and true to Tim Cook’s promise, Apple is already adding extra security to iCloud.com.
Apple is now sending email alerts when an iCloud is accessed by a web browser. The alerts are being sent even if you’ve already accessed iCloud.com from the browser previously, but only occurs on the first login.
Here’s a copy of the email Apple notification:
The extra email alert is just one of many small, but important measures of security Apple plans to add to the iCloud experience, after a rash of celeb hackings led to one of the biggest celebrity nude photo leaks of all-time. In an interview last week, Tim Cook said Apple would also start alerting users whenever someone has attempted to change a password, restore a device from the account, or login from a new device.
Mobile users have already begun to act after the events of the Fappening. According to a survey from security firm Tresorit, 35% of users have beefed up their account’s security, whether it be by creating strong passwords, new passwords, or modifying privacy settings on social media.
Source: LetemSvetem Apple
Buster Hein is a freelance writer who lives in Phoenix, Arizona. Twitter: @bst3r.
9 responses to “Apple takes simple step to help secure iCloud”
When are Fapple going to apologize? Can’t take them seriously until they do.
What exactly do you want them to apologize for? Even though it was clearly not their fault that people were not careful with their passwords and/or security questions, they went ahead to take even extra measures, adding even more notifications you get when someone tries something (which led some to think of that as an admission of guilt). The fact that they said “ok, they clearly made their security answers too easy to guess or find online, so it’s clearly their own fault; but what could we do to make it unlikely to happen again?” is to me the best possible response I would expect from a giant company like this.
Fapple allowed infinite password attempts and then to reset the password with some simple questions with no additional controls, not even an email.
It’s about doing the decent thing and showing some integrity by owning up to the fault.
Ok, don’t just spew out inaccurate accusations; Apple does not allow infinite password attempts. It allows 10 password attempts, then the account locks (“locked for security reasons”), then the accountholder needs to reset the password to regain access to the account. This is reasonable, because people honestly forget their passwords, and there is no easy way around this. And it’s simply not true that they offer “no additional controls, not even an email”, as you say. If you cannot remember your password, the system offers you to reset it by sending a reset password email to your Rescue email or answering your security questions (which again does not allow infinite guesses).
On the other hand, if you make your security answers easy to guess, your account will be easily ‘hacked’ (which is obvious to most that you should not do this, as we are after all talking about ‘security questions’, as the name suggests).
And, by the way, the fact that you keep referring to them as Fapple does not increase the chances that you’re right about what you’re saying, it just shows you’re an idiot.
Apparently the ‘find my phone’ utility did allow unlimited password attempts, without any rate limiting.
And going the security questions route (rather than reset password email) didn’t have any additional controls such as email/text notification or link to reset. It is entirely reasonable that people provide accurate answers to the security questions used by a trusted party (in this case Fapple), under the understanding that suitable additional controls are used. If they start making up answers then it isn’t much use is it as they can be easily forgotten?
These were the two key vulnerabilities which were exploited to such dramatic effect, and have now been closed.
Fapple will remain Fapple until they apologise and take responsibility for the debacle.
What you are referring to is a certain hack that you read about online. But, even if that hack works for some (and a lot of people have tried it and it simply does not work), it was not the way these celebrities’ accounts were ‘hacked’. So, again, there is nothing for them to apologize for.
Feel free to refer to all major companies as Fapple, Ficrosoft, Foogle, Famsung, whatever you want, I couldn’t care less. It just degrades the conversation, that’s all.
Who the hell is this Buster Hein? Somebody tell him it’s not “Frappening,” but “The Fappening.” There’s a reason why these names stick. What the motherfuck is a “frap” for fuck’s sake?
A frap is a frappuccino, dummy.
So let’s see. I use a simple password and don’t turn on 2-step authorization. My account is easily hacked. And that’s Apple’s fault? Pffftt.