Taking Responsibility for Hacks

There have been many stories about the recent Celebgate/Fappening hack of nude photos from the likes of Jennifer Lawrence, Kate Upton, etc.  Another example is Yahoo, where there have been a number of issues with compromised email accounts over the last year.  Unfortunately, many bloggers have blamed the victims ("Those celebrities just shouldn't have naked pictures on their phone!", or "Silly users, don't pick such a simple password.")  Kirsten Dunst summed it up wth her Tweet "Thank you iCloud" .


Of course the worst offenders are the criminals that hacked the accounts.  Their actions are despicable and they should be prosecuted to the full extent of the law.


But the providers of our digital life are also guardians of the data we provide and the history they store. Yahoo has been alerted to numerous flaws, repeatedly citing that the issue was fixed even when it was shown to still be present, and still not making encrypted options the default (see here.)  Apple denied a breach in any of their systems in their online statement, without taking responsibility for their failures, and again downplayed their accountability (Tim Cook here in the Wall Street Journal.)


Some of the things Apple got wrong:

  • iCloud backup turned on automatically, saving pictures/data even for non-savvy users (instead of opt-in)
  • Only requiring answers to 2 security questions (potentially easier to guess with public figures)
  • No limit to 'Find My Phone' failed login attempts, making them susceptible to brute force attacks (patched since the hack)
  • 2-factor authentication difficult and laborious
  • iCloud backup restore outside of 2-factor authentication (supposedly being patched next month)


Google actively encourages their simple, easy to understand 2-step verification process.  Yahoo has seen large scale defection from their service due to their missteps.  Will Apple's iCloud be the next victim of poor security policies?


What To Do Next


Trackback URL:

No comments yet. Be the first.