One new article link has been added to our Related News page. Ars Technica published an article titled Update: What Jennifer Lawrence can teach you about cloud security.
This breach appears different from other recent celebrity “hacks” in that it used a near-zero-day vulnerability in an Apple cloud interface. Instead of using social engineering or some low-tech research to gain control of the victims’ cloud accounts, the attacker basically bashed in the front door—and Apple didn’t find out until the attack was over. While an unusual, long, convoluted password may have prevented the attack from being successful, the only real defense against this assault was never to put photos in Apple’s cloud in the first place. Even Apple’s two-factor authentication would not have helped, if the attack was the one now being investigated.
Source: Ars Technica