Celebrity Photo Leak (Nothing inappropriate in here)

DevilWAH

MagnumOpus wrote: »

It's illegal to leave your car running unattended and if its stolen, both parties are at at fault.

I think though this is more like taking you car to a secure lock up garage. And then they simple park your car on the street with the engine running.

I have a thing at work that we put in place systems that are "idiot" proof, so if some one wants to use a system correctly they do not need common sense, because the system will not let them use it incorrectly. So if a could based service is advertising it as secure, then it should force uses to take the steps to make it secure. And it should not be easily exploitable by known / common security exploits. IF a phone is going to automaticly upload pictures to the cloud, it should do so in a secure manor and force the user to set it up correctly, not just ask them to click and "OK" button with a link to an essay of terms and conditions.

What most of us think of as common sense when it comes to IT security is not common sense at all, its general knowledge we have learnt from working in IT. Its common sense to me that you cant measure the speed and position of an atom (Heisenberg's Uncertainty Principle), I mean the theory behind it is basic physics, surely every one should understand that. But no people should not have to understand security to be secure, the Key to my house is a security system, but I should not have to learn about locks to be secure. I can go to the local hardware store, take a lock of the shelf (one that's advertised for an external door) and I should be able to expect it to be secure. I would be extremely annoyed to buy a lock that said it was secure and then to find out that it was simple to pick and all around the country any one who had it was getting burgled!

Yes now if I was protecting a Bank I owned I would hire a lock smith and security expert who would know exactly how to compare the strength of locks and systems and insure the best on the plant was fitted. But for personal data security companies should provided the same as physical security companies provided. Straight forward and requiring as little "IT" know how as possible.

tpatt100

From what I am reading it appears the photos and videos were from iPhone backups stored on iCloud that were compromised by brute force attempts and maybe some phishing to get the email addresses and question answers.

The failure by Apple to disable after several failed attempts I guess is like you renting a spot at a storage lot and the owners failing to monitor the security cameras in place to catch the people repeatedly ramming their truck into the perimeter wall until it falls down.

Shdwmage

tpatt100 wrote: »

The failure by Apple to disable after several failed attempts I guess is like you renting a spot at a storage lot and the owners failing to monitor the security cameras in place to catch the people repeatedly ramming their truck into the perimeter wall until it falls down.

This is a fantastic quote.

tpatt100

Some good information:

Meet The iCloud Hacker Who Leaked Naked Celebrity Photos - Business Insider

As well as hosting vast amounts of pornography, AnonIB also plays host to a ring of skilled hackers who have learned how to obtain naked photographs of women by breaking into iCloud accounts.

The /stol/ board on AnonIB (short for "Stolen" or "Obtained Photos") serves as a global meeting hub for iCloud hackers. Using specialist password-cracking tools and guessing targets' security questions through Apple's iForgot password reset form, AnonIB hackers are consistently able to gain access to iCloud accounts with only an email address.

Read more: Meet The iCloud Hacker Who Leaked Naked Celebrity Photos - Business Insider

MagnumOpus

DevilWAH wrote: »

I think though this is more like taking you car to a secure lock up garage. And then they simple park your car on the street with the engine running.

I have a thing at work that we put in place systems that are "idiot" proof, so if some one wants to use a system correctly they do not need common sense, because the system will not let them use it incorrectly. So if a could based service is advertising it as secure, then it should force uses to take the steps to make it secure. And it should not be easily exploitable by known / common security exploits. IF a phone is going to automaticly upload pictures to the cloud, it should do so in a secure manor and force the user to set it up correctly, not just ask them to click and "OK" button with a link to an essay of terms and conditions.

What most of us think of as common sense when it comes to IT security is not common sense at all, its general knowledge we have learnt from working in IT. Its common sense to me that you cant measure the speed and position of an atom (Heisenberg's Uncertainty Principle), I mean the theory behind it is basic physics, surely every one should understand that. But no people should not have to understand security to be secure, the Key to my house is a security system, but I should not have to learn about locks to be secure. I can go to the local hardware store, take a lock of the shelf (one that's advertised for an external door) and I should be able to expect it to be secure. I would be extremely annoyed to buy a lock that said it was secure and then to find out that it was simple to pick and all around the country any one who had it was getting burgled!

Yes now if I was protecting a Bank I owned I would hire a lock smith and security expert who would know exactly how to compare the strength of locks and systems and insure the best on the plant was fitted. But for personal data security companies should provided the same as physical security companies provided. Straight forward and requiring as little "IT" know how as possible.

I wasn't speaking on IT common sense, I was speaking on general common sense. Snapping an intimate picture of yourself should set off a few red flags of "What ifs". We've been dealing with these issues since the camera was integrated with the phone and people still don't get it. If you don't want something spreading beyond the means of your control, then be careful how you share it. If I remember correctly, there was a fraud fiasco regarding people taking pictures of their credit card numbers minus the last four digits, in which led to their accounts being compromised. Who's at fault in these cases? The hacker, the bank or the account holder?

jahsoul

MagnumOpus wrote: »

I wasn't speaking on IT common sense, I was speaking on general common sense. Snapping an intimate picture of yourself should set off a few red flags of "What ifs". We've been dealing with these issues since the camera was integrated with the phone and people still don't get it. If you don't want something spreading beyond the means of your control, then be careful how you share it. If I remember correctly, there was a fraud fiasco regarding people taking pictures of their credit card numbers minus the last four digits, in which led to their accounts being compromised. Who's at fault in these cases? The hacker, the bank or the account holder?

That is my view of it. At the end of the day, no one is without fault in this. Those who felt the need to take pics of themselves (my Sybil ), Apple, or the hackers.

YFZblu

For sure, all blame should be pointed at the person breaking the law.

That being said, taking naked photos of ones self is a risk. It seems the celebrities in question accepted the risk, but got burned in this case. I don't blame them or think they deserved it; but I also don't explicitly feel bad for them. I haven't been paying super close attention to their reactions, but thus far I have not heard of any of these celebrities using the opportunity to educate others regarding 'lessons learned'. This is an excellent opportunity to educate young people about these risks and possible outcomes.

Lastly, I think it's worth noting a double-standard taking place. The often annoying mainstream media has been on a spree lately, suggesting that this case can be compared to sexual assault and other serious sex crimes. If the photos leaked were men, particularly men that were not giant celebrities, I doubt this would have garnered so much traction and most certainly would not be considered sexual assault. How many relatively famous athletes have their nudes exposed to the internet without a peep from the mainstream media? It happens quite often. To me, this is an unfortunate event being greatly amplified because the victims in this instance were female media darlings and a tech giant that is also a media darling in its own right.

DevilWAH

YFZblu wrote: »

For sure, all blame should be pointed at the person breaking the law.

That being said, taking naked photos of ones self is a risk. It seems the celebrities in question accepted the risk, but got burned in this case. I don't blame them or think they deserved it; but I also don't explicitly feel bad for them. I haven't been paying super close attention to their reactions, but thus far I have not heard of any of these celebrities using the opportunity to educate others regarding 'lessons learned'. This is an excellent opportunity to educate young people about these risks and possible outcomes.

Lastly, I think it's worth noting a double-standard taking place. The often annoying mainstream media has been on a spree lately, suggesting that this case can be compared to sexual assault and other serious sex crimes. If the photos leaked were men, particularly men that were not giant celebrities, I doubt this would have garnered so much traction and most certainly would not be considered sexual assault. How many relatively famous athletes have their nudes exposed to the internet without a peep from the mainstream media? It happens quite often. To me, this is an unfortunate event being greatly amplified because the victims in this instance were female media darlings and a tech giant that is also a media darling in its own right.

To be honest the Media has been guilty of leaking private photos in the past many times. How many sex scandles have the media dug up often with dubious methods to get people reading/viewing. In fact the only reason the media has followed this so closely is to draw reads in. If this had not been on the news how many people would actually know about it. A few minority that follow the kinds of sites it was leaked on.

Shdwmage

YFZblu wrote: »

For sure, all blame should be pointed at the person breaking the law.

That being said, taking naked photos of ones self is a risk. It seems the celebrities in question accepted the risk, but got burned in this case. I don't blame them or think they deserved it; but I also don't explicitly feel bad for them. I haven't been paying super close attention to their reactions, but thus far I have not heard of any of these celebrities using the opportunity to educate others regarding 'lessons learned'. This is an excellent opportunity to educate young people about these risks and possible outcomes.

Lastly, I think it's worth noting a double-standard taking place. The often annoying mainstream media has been on a spree lately, suggesting that this case can be compared to sexual assault and other serious sex crimes. If the photos leaked were men, particularly men that were not giant celebrities, I doubt this would have garnered so much traction and most certainly would not be considered sexual assault. How many relatively famous athletes have their nudes exposed to the internet without a peep from the mainstream media? It happens quite often. To me, this is an unfortunate event being greatly amplified because the victims in this instance were female media darlings and a tech giant that is also a media darling in its own right.

You forgot about Anthony Weiner. Anthony Weiner sexting scandals - Wikipedia, the free encyclopedia, Jesse James, Tiger Woods, Kanye, to name a few.
Even if it wasn't some hacker, they still could have gotten out

tpatt100

Shdwmage wrote: »

You forgot about Anthony Weiner. Anthony Weiner sexting scandals - Wikipedia, the free encyclopedia, Jesse James, Tiger Woods, Kanye, to name a few.
Even if it wasn't some hacker, they still could have gotten out

Exactly and reading the comments online by the people who took part in this, females were explicitly targeted and it became an online "hunt" of sorts. Your examples were more about people who had somebody intentionally leak their photos in order to gain attention where as this case were people who had no involvement at all with the people in the photos. One is a violation of trust the other is a violation of privacy and intentional theft of personal property.

Shdwmage

You missed my point tpatt, you can't trust anyone with your nude photos, whether they are good intended or not! These girls run just as much risk of the guy leaking the photos as they did of having them stolen. It only takes 1 bad break up. Ever heard of revenge ****?

MTciscoguy

Anyone that believes your data is private property, once it is on an internet server or cloud is simply fooling themselves, there are just to many ways to get exposed these days.

MagnumOpus

MTciscoguy wrote: »

Anyone that believes your data is private property, once it is on an internet server or cloud is simply fooling themselves, there are just to many ways to get exposed these days.

Exactly. In this day in age you no longer own the contents of your phone. It's all for sale. We have yet to discuss who owns your data when you uploaded to a free cloud provider. Heck, even Apple gives you 5 gigs for free.

tpatt100

Shdwmage wrote: »

You missed my point tpatt, you can't trust anyone with your nude photos, whether they are good intended or not! These girls run just as much risk of the guy leaking the photos as they did of having them stolen. It only takes 1 bad break up. Ever heard of revenge ****?

I would trust somebody I know more because I know them. There is no established trust at all when a complete stranger steals your property. Your spouse who shares your home could take all of your stuff when you are at work, sell it and completely disappear doesn't mean you should lock up your stuff when you leave your home.

We trust people we know with way more things, information that could completely destroy us. A complete stranger who is stalking you online because they want to find embarrassing stuff is not part of the "trust" system established between your property and those in your circle of trust like a bank, your spouse, your children, etc.

I am sure plenty of people reveal possible embarrassing sexual information after a break up to get revenge, doesn't mean I am going to abstain from sex.