Massive Epic Celebrity Nude Leak

[HawkMan]

Maybe my understanding of password decryption tools are wrong but I was under the impression the tools were smart enough to work out when more than one character were the same therefore knowing that once it's got one character, if there are others with the same value then it makes a safe assumption to repeat that part, therefore making it quicker.

 

I've not used LastPass for Android but I know it's available so I would assume it's available for iOS too which would give you the answer to your iDevice :). Sure it's a premium feature but given the nature of this topic, these victims can probably afford it! In fact I bet LastPass would probably jump at the chance to get anyone of these on board as a "I know use LastPass" to secure my data kinda advertisement and offer it for free.

 

lastpass foe iOS won't have access to system/app logins. 

 

also, a properly salted password hash won't have discernable repeat characters. 

[x-scratch]

The Kate Upton ones were the most embarrassing.

Then again, we live in an age where celebrity sex tapes can actually boost a career.

 

 

nah jennifers were if you know what i mean :)

[Praetor]

Maybe my understanding of password decryption tools are wrong but I was under the impression the tools were smart enough to work out when more than one character were the same therefore knowing that once it's got one character, if there are others with the same value then it makes a safe assumption to repeat that part, therefore making it quicker.

 

I've not used LastPass for Android but I know it's available so I would assume it's available for iOS too which would give you the answer to your iDevice :). Sure it's a premium feature but given the nature of this topic, these victims can probably afford it! In fact I bet LastPass would probably jump at the chance to get anyone of these on board as a "I know use LastPass" to secure my data kinda advertisement and offer it for free.

 

this isn't John Conner ATM hacking, when once you find the first digit you move into the next one :)

 

 

you need to find the whole thing.

[Skiver Veteran]

lastpass foe iOS won't have access to system/app logins. 

 

also, a properly salted password hash won't have discernable repeat characters. 

 

Maybe not in the form of an auto populate for system but for applications it certainly does on android at least. But speaking from a quick trial of it on Android, it did allow me to copy a password to the clipboard and then paste it into things like websites (my Neowin password being the example I did use it for). Being an Android I can only assume the same would work on iOS in a similar way so for the system if an app didn't integrate well.

[DocM]

Does that mean, that according to US law, the underage girl is also guilty of production and possibly distribution (if she sent them to someone) of child porn?

Yes. Also true in Canada,

US

http://www.washingtonpost.com/local/teen-sexting-case-goes-to-trial-in-fairfax-county/2013/04/17/4936b768-a6b7-11e2-b029-8fb7e977ef71_story.html

Canada

http://www.washingtontimes.com/news/2014/jan/12/canadian-teen-girl-charged-child-pornography-sexti/

[HawkMan]

Maybe not in the form of an auto populate for system but for applications it certainly does on android at least. But speaking from a quick trial of it on Android, it did allow me to copy a password to the clipboard and then paste it into things like websites (my Neowin password being the example I did use it for). Being an Android I can only assume the same would work on iOS in a similar way so for the system if an app didn't integrate well.

 

yes, but android isn't iOS, iOS doesn't allow other apps access to other apps like that. a function that would also allow malicious apps to "listen"/snoop for passwords as you input them.  as for pasting, well you can certainly paste to websites, but I'm not sure iOS allows you to paste passwords in apps and system apps. You're talking about the OS that doesn't allow you to save the password so you have to re-enter everything when you buy something on the store. 

[taim]

I didn't even know a few of the celebrities, marketing at its best.

[Skiver Veteran]

this isn't John Conner ATM hacking, when once you find the first digit you move into the next one :)

 

 

you need to find the whole thing.

 

I'm aware of that, ok here's an example to try and explain;

 

Using a stupidly simple Caseer Cipher with a 6 letter shift;

 

Password becomes Vgyycuxj

 

note the ss is now replaced with yy so once an application understands the method of encyption and it's logic it can use that to work out that there is a repeative character in the password making its attempts at figuring out the entire password a bit easier.

 

I know the above encryption method is stupidly simple compared to what online providers are using but I assume there is a logic that can be followed in the same way.

[Skiver Veteran]

yes, but android isn't iOS, iOS doesn't allow other apps access to other apps like that. a function that would also allow malicious apps to "listen"/snoop for passwords as you input them.  as for pasting, well you can certainly paste to websites, but I'm not sure iOS allows you to paste passwords in apps and system apps. You're talking about the OS that doesn't allow you to save the password so you have to re-enter everything when you buy something on the store. 

So my assumptions are horribly wrong!

 

Quite ironic that they were hit by this given that they do seem to go someway to prevent this sort of thing!

[Depicus]

With all the hacks iCloud has suffered, I can't help but picture iCloud as a giant cloud with an old western style swinging door, where anyone can just walk in as they please. I wonder how many more breaches they'll have to suffer before Apple takes security as more than a joke?

 

I'll give you the "Find my iPhone" crass stupidity of allowing brute force attacks but in slight mitigation it was fixed within a day.

 

However I will call you on Apple taking security seriously. As the initial bulls**t dies down and the finger pointing stops let's think about where these pictures actually came from. As has been noted there are Android and Blackberry images in the mix (no Windows Phone as who has one of those !!!) but there are also some very professional looking pictures which look like they were taken with a DSLR. Also some of these images date back a few years. So it looks like a mixture of sources and not just Apple.

 

I suspect most of the images were gained by simply logging into accounts with well known passwords, here it doesn't really matter how long it takes if I have a list of 5000 top passwords and try 50 a day so as to bypass any brute force filters, it may take me a week or a year but once I'm in that's me set.

 

Password sharing probably didn't help either. 

[Praetor]

I'm aware of that, ok here's an example to try and explain;

 

Using a stupidly simple Caseer Cipher with a 6 letter shift;

 

Password becomes Vgyycuxj

 

note the ss is now replaced with yy so once an application understands the method of encyption and it's logic it can use that to work out that there is a repeative character in the password making its attempts at figuring out the entire password a bit easier.

 

I know the above encryption method is stupidly simple compared to what online providers are using but I assume there is a logic that can be followed in the same way.

 

but that would mean that a big number of encrypted passwords had to be gained in order to understand the algorithm used to encrypt them, without any guarantees that is even possible at all.

 

having a big or small password doesn't matter is the encryption algorithm is weak, that's for sure, but assuming the best practices are taking place and a strong algorithm is used then a strong password does make sense.

[Skiver Veteran]

but that would mean that a big number of encrypted passwords had to be gained in order to understand the algorithm used to encrypt them, without any guarantees that is even possible at all.

 

having a big or small password doesn't matter is the encryption algorithm is weak, that's for sure, but assuming the best practices are taking place and a strong algorithm is used then a strong password does make sense.

Agreed, don't get me wrong I'm not trying to suggest "@1bT" is stronger than "ilovemylittlepony", length is obviously a big factor but I think the randomness is probably the better thing to aim for.

[Dot Matrix]

You realise that not everything that's illegal in the US is illegal in other countries, right?

I don't condone the photo leak. But going 'Oh no, she was only 17 when the photo was taken - avert your eyes!' is downright ridiculous.

The laws over here about under aged people are very strict. The difference between 17 and 18 is like night and day. I was just warning people.

[Skiver Veteran]

The laws over here about under aged people are very strict. The difference between 17 and 18 is like night and day. I was just warning people.

 

I have to say I'm with you on this one, it doesn't matter what the laws of other countries state when I'm on an interntional forum, I live by the laws of my country.

 

Secondly, I personally think 17 is a little too young. I know legally it may be ok but it doesn't feel right to me. 

[HawkMan]

Agreed, don't get me wrong I'm not trying to suggest "@1bT" is stronger than "ilovemylittlepony", length is obviously a big factor but I think the randomness is probably the better thing to aim for.

 

Not really, with a password over 8-16 characters there really is no benefit to randomness and special characters, besides the sentence I used as a password above is random enough in itself. 

 

and as far as I know, even in their basic form, the encryptions used on password hashes don't show repeatable patterns, and the best of them haven't been hacked yet either. add in a Salt and you make it really impossible and you remove other ways to exploit the hash directly as well. 

[techbeck]

The laws over here about under aged people are very strict. The difference between 17 and 18 is like night and day. I was just warning people.

 

Agreed.  Not to mention that the underage pics were taken by a US citizen where under the age of 18 is considered illegal.  So have to abide by the laws of the country and where said incident took place.

[Haggis Veteran]

no you dont

 

If the age to make porn here was 16 and the age to make porn in the USA is 18 i would not be jailed for watching two 17yr old americans go at it

[techbeck]

no you dont

 

If the age to make porn here was 16 and the age to make porn in the USA is 18 i would not be jailed for watching two 17yr old americans go at it

 

Not what I meant.  You are an american citizen.  You take a nude pic of yourself underage and put it online or send it to people.  Under US law, that can be considered child porn and you can get in trouble sending it even if it was of yourself and if you took the pic yourself.

[+Warwagon MVC]

what do you think is the safer password,, that impossible to remember mess you put up there or "onedaythehorseateallthecheeseforthewin"

 

it's called "The Death of Clever"

[vcfan]

As has been noted there are Android and Blackberry images in the mix (no Windows Phone as who has one of those !!!) but there are also some very professional looking pictures which look like they were taken with a DSLR. Also some of these images date back a few years. So it looks like a mixture of sources and not just Apple.

or, people are likely to use the same user/pass for all their accounts,and having gained access to one means a high chance that they got access to different services using the same user/pass combos.

[+Warwagon MVC]

As a warning, it's going around now that some of the images might have been taken at a time when some of the people were underage.

 

[Dot Matrix]

What are you doing here? Why don't you have a seat right over there.

[vcfan]

What are you doing here? Why don't you have a seat right over there.

I just came here to talk and only for friendship

[Nagisan]

What are you doing here? Why don't you have a seat right over there.

I just wanted to come here and talk...and warn her about people who might take advantage of her. Nothing bad, just making sure she's safe, I swear.

[Sonne]

yeah and this fifth of gin and box of condoms are just...you know things i keep with me