明星裸照由 iCloud 流出,一時成全城熱話,不過 Apple 反指這其實不是 iCloud 的問題.. 以下有更多資料
蘋果回應指經過 40 小時的調查這些後,發現這些只是針對性的攻擊,主要是由用戶名、密碼及安全提問所著手,這是種非常普遍網絡攻擊手法。沒有跡象顯示這是因為 iCloud 或 Find my iPhone 漏洞所引起,建議用家設定難猜的密碼及啟動 2 步認證
簡單來說,蘋果回應的意思是這種「亂撞」型式去破 account 很普通的事,被撞中密碼入去拿到個人資料是用家設定的密碼太過簡單,而不是系統有保安漏洞所引起。
天恩覺得整件事件的責任爭論位是,究竟讓第三方無限次嘗試密碼,是否一種保安系統設計上的錯誤呢?
我們 unwire.hk 假設「無限嘗試密碼」不是廠方責任的話,強烈建議各位使用一些超難記的密碼如 w&axanUgA4e ,筆者相信沒有人願意使用這記憶不到的密碼,所以 unwire.pro 早前教了大家一種新的密碼解決方案,讓用家免除記憶密碼之苦
http://unwire.pro/index.php/2014/05/26/new_password_solution/
原文 :
We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.
To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.
來源 : Apple.com
