icloud breach that apple kept secret?

krs


Joined
Sep 16, 2008
Messages
3,555
Reaction score
610
Points
113
Location
Canada
The comment that struck me in that article"
"During my researcher, I saw many notes from other Apple users who kept their bank account related information and passwords in the iCloud."

That is really unbelievable!

Reminds me of people who write their PIN on their debit card
 
Joined
Jan 1, 2014
Messages
629
Reaction score
52
Points
28
Your Mac's Specs
MacBookPro 13 v11.1, i5 2.4 GHz, 256 GBs SSD, 8 GBs DDRs
What struck me the most, how Apple downplayed the impact of the flaw and not paying the bounty for the researcher.

There's always a "security flaw" in any cloud, that may have been exploited for an unknown time period prior to acknowledging such flaw(s). Some of the flaws become public, while others are pushed under the "cloud". And of course, the impact of the publicly acknowledged flaw is downplayed by the the cloud provider.

The consumer Google+ shuts down in this April for number of reasons, one of them is this:

https://thehackernews.com/2018/12/google-plus-hacking.html

And people wonder why I don't use iCloud, or any other cloud for storing documents, pictures, or data in general.
 

Rod


Joined
Jun 12, 2011
Messages
9,627
Reaction score
1,833
Points
113
Location
Melbourne, Australia and Ubud, Bali, Indonesia
Your Mac's Specs
2021 M1 MacBook Pro 14" macOS 14.4.1, Mid 2010MacBook 13" iPhone 13 Pro max, iPad 6, Apple Watch SE.
Despite recent threads on this forum I am still a strong believer in keeping backup local wherever possible. It is one of the reasons I resisted using a password manager for so long. Entrusting my security to a remote server somewhere was seemingly a contradiction in terms. Then along came Enpass. Everything stored locally, one master password, password creation, auditing and the ability to sync via iCloud to my iDevices. Even this seemed safe enough because the synced file was 256bit encrypted and could only be read by Enpass using my unique password but, and this is the point, I do not store my credit cards details nor would I. This is in stark contrast to a friend of a friend who's son posted an image of his new passport on Face Book last week. Sheeeesh!


Sent from my ageing iPad Mini iOS 9.3.5 Mac-Forums
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Here here Rod.

The cloud gets nothing of mine!
 
Joined
Jul 6, 2008
Messages
863
Reaction score
52
Points
28
What struck me the most, how Apple downplayed the impact of the flaw and not paying the bounty for the researcher.

The article seems to make arguments from silence vs. actual statements from Apple that "downplay" anything. They fixed the issues. As for the researcher, according to the article, "After patching it in November 2018, Apple acknowledged the issue to Melih but responded that the company had already addressed it before receiving details from him." So unless there's actual evidence that Apple is outright lying, I don't see why they should have paid him anything.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top