Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I said iCloud could not be hacked today, given 2fa.

2fa is definitely a good way to go, it's smart and requires an extra layer of "something that you have, something that you know." As it will thwart many potential hackers, it is not completely fool proof. I had to take a hacking tools class during my Bachelors program to learn how these tools worked so we would understand what is necessary to defeat these tools.

The first thing my teacher said and I'm sure many others will agree with this statement is "If you can touch it, you can hack it."

The second thing he followed up with was "Depending on how hardened the system is, depends on how long it will take you."

2fa is nothing more than putting a fence within your existing fence (going with my previous analogy). There may be a hole in the first fence, but you still have to break through the 2fa fence behind it, if there is a known vulnerability in 2fa, the entire system is defeated, by hardening the outside fence (your stuff), you can reduce the number of known vulnerabilities in 2fa.
 

jamezr

macrumors P6
Aug 7, 2011
16,079
19,072
US
Which doesn't mean that a service/product itself as insecure, as you mentioned yourself in this discussion by mentioning that you "didn't say that there was anything wrong with iClouds security" (using iCloud as an example of this).
I have stated this from the beginning so not sure what your point is except to argue. You seem to want to defend iCloud for some reason. Not sure why. I never said icloud was not secure.
I will state my position again.
Anything can be hacked.

Security is only as strong as it's weakest link. Most of the time that is the humans involved in the equation.
 
  • Like
Reactions: mildocjr
Based on Jamezr's disagreement about people giving out information, security of personal data also requires good security habits from the owner of that data. I cringe when people put up things like their pornstar name, or their ghetto name because they all ask questions like, what's the name of the street you grew up on, or what is your mothers maiden name. Some of the common security questions. This is where educating the masses is in high demand, however, none of the masses think it's that important, so I'm left thinking, yep just pay me $600 to fix your stupidity once a month. Eventually you'll get it or be broke. (I feel like I'm repeating one of my posts from the JB community forums)
 
  • Like
Reactions: jamezr

jamezr

macrumors P6
Aug 7, 2011
16,079
19,072
US
2fa is definitely a good way to go, it's smart and requires an extra layer of "something that you have, something that you know." As it will thwart many potential hackers, it is not completely fool proof. I had to take a hacking tools class during my Bachelors program to learn how these tools worked so we would understand what is necessary to defeat these tools.

The first thing my teacher said and I'm sure many others will agree with this statement is "If you can touch it, you can hack it."

The second thing he followed up with was "Depending on how hardened the system is, depends on how long it will take you."

2fa is nothing more than putting a fence within your existing fence (going with my previous analogy). There may be a hole in the first fence, but you still have to break through the 2fa fence behind it, if there is a known vulnerability in 2fa, the entire system is defeated, by hardening the outside fence (your stuff), you can reduce the number of known vulnerabilities in 2fa.
Exactly!!!! Anything can be hacked. It might take more time depending on the security solution. But if a hacker wants into a system he/they will gain access.
 
@C DM @I7guy @jamezr

Based on all of our posts we are all on the same page.

We all agree that any service can be hacked given enough time and effort.
We all agree that user stupidity is a high valued target.
All of our posts revert back to bits and pieces of what I7guy said earlier about 2FA making iCloud unbreakable.

2FA may make iCloud unhackable today, but the world hasn't had enough time with 2FA to say it will be unhackable forever.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
I have stated this from the beginning so not sure what your point is except to argue. You seem to want to defend iCloud for some reason. Not sure why. I never said icloud was not secure.
I will state my position again.
Anything can be hacked.

Security is only as strong as it's weakest link. Most of the time that is the humans involved in the equation.
And I wasn't talking about iCloud until I referenced what you said about it as an example of what I was saying. So I'm not sure where this iCloud "defending" is coming from on my part.

What I've been saying has been pretty straightforward and mentioned a few times, that the genetic phrasing of saying "<service> was hacked" for most people implies there's some issue with that service and that their presence in that service have been compromised, when in cases like special engineering that isn't really the case as the system itself is still secure and doesn't have any issues in relation to that "hack".
 
  • Like
Reactions: aristobrat

I7guy

macrumors Nehalem
Nov 30, 2013
35,157
25,268
Gotta be in it to win it
@C DM @I7guy @jamezr

Based on all of our posts we are all on the same page.

We all agree that any service can be hacked given enough time and effort.
We all agree that user stupidity is a high valued target.
All of our posts revert back to bits and pieces of what I7guy said earlier about 2FA making iCloud unbreakable.

2FA may make iCloud unhackable today, but the world hasn't had enough time with 2FA to say it will be unhackable forever.
We're debating semantics, but the distinction is important. One vector depends on compromising the user the other vector is compromising the system and/or a combination of both.

Anything is crackable given enough money, time and resources...but hopefully secure enough to withstand some kiddie script attacks.

2fa is like my house, if you get in you have to contend with my Rottweiler.

Security is a process not an end goal.
 
  • Like
Reactions: 997440 and mildocjr

Zaft

macrumors 601
Jun 16, 2009
4,570
4,049
Brooklyn, NY
But whether you give me your passwords or not it is still a hack. I didn't change the goal posts at all.
I still stand by my statement that any and all things can be hacked. A hack can be multiple things.
Security is only as good as the person using it.

It was not a brute force hack discussion......
You said iCloud could not be hacked...............I disagree. Anything can be hacked.
Yes but hacked usually refers to breaking the system some way. This is breaking the people.
 

jamezr

macrumors P6
Aug 7, 2011
16,079
19,072
US
That's what I'm saying. If you leave your keys under the door mat and the thief finds them and enters your house...do you blame the lock manufacturers?
But I wasn't blaming the manufacturer. I was just stating the truth that anything can be hacked. You are too quick to take the defensive posture of defending Apple here.....
[doublepost=1467810511][/doublepost]
Yes but hacked usually refers to breaking the system some way. This is breaking the people.
But that is part of the hacking process.....it is called social engineering.
 

I7guy

macrumors Nehalem
Nov 30, 2013
35,157
25,268
Gotta be in it to win it
But I wasn't blaming the manufacturer. I was just stating the truth that anything can be hacked. You are too quick to take the defensive posture of defending Apple here.....
[doublepost=1467810511][/doublepost]
But that is part of the hacking process.....it is called social engineering.
Seems like a deflection. Nothing in my reply indicated it was vendor specific, especially with me agreeing anything can be hacked, with the definition of hacked being breaking the system, not the person...hence my analogy with the keys. To hack something all that is needed is time, effort and money. Easy-peasy.
 
  • Like
Reactions: aristobrat

Zaft

macrumors 601
Jun 16, 2009
4,570
4,049
Brooklyn, NY
But I wasn't blaming the manufacturer. I was just stating the truth that anything can be hacked. You are too quick to take the defensive posture of defending Apple here.....
[doublepost=1467810511][/doublepost]
But that is part of the hacking process.....it is called social engineering.
But I wasn't blaming the manufacturer. I was just stating the truth that anything can be hacked. You are too quick to take the defensive posture of defending Apple here.....
[doublepost=1467810511][/doublepost]
But that is part of the hacking process.....it is called social engineering.
Yes I know all the types of hacking including social engineering, spear phishing etc. Most average people see Hacked into apple and think right away the system has been broken into. Headlines i guess..
 
  • Like
Reactions: jamezr

aristobrat

macrumors G5
Oct 14, 2005
12,292
1,403
But I wasn't blaming the manufacturer. I was just stating the truth that anything can be hacked. You are too quick to take the defensive posture of defending Apple here.....
The way your truth works is tedious (IMO) because it uses the term "hack" so generically that it takes a bunch of clarifying questions to figure out if you're referring to an exploitable vulnerability on the system itself that makes everyone susceptible (uh-oh, this could affect me, I need to pay attention) vs. if you're talking about some users that fell for a phishing attack and gave up their credentials (derp, this doesn't affect me, why did I just have to waste my time reading this?).

I know it's "just semantics", but it'd be great if someone could come up with a clear term to differentiate between the two scenarios, since they're both so commonplace but require entirely different responses from users.
 
Last edited:

jamezr

macrumors P6
Aug 7, 2011
16,079
19,072
US
The way your truth works is tedious (IMO) because it uses the term "hack" so generically that it takes a bunch of clarifying questions to figure out if you're referring to an exploitable vulnerability on the system itself that makes everyone susceptible (uh-oh, this could affect me, I need to pay attention) vs. if you're talking about some users that user fell for a phishing attack and gave up their credentials (derp, this doesn't affect me, why did I just have to waste my time reading this).

I know it's all semantics, but "XXXX hacked" because of a system vulnerability is a completely different scenario than "XXXX hacked" because users were tricked into giving up their credentials.

It'd be great if someone could come up with a clear term to different between the two scenarios, since they're both so commonplace.
That makes sense...but it is all still part of the process. Sometimes it takes the social engineering part and an exploit for the whole hack to happen.
The hacker apparently took advantage of a security flaw in Apple's online backup service, iCloud. Many online services lock someone out after several unsuccessful attempts to log in, but not Apple's "Find My iPhone" app and iCloud. That has been changed by Apple in the aftermath of the nude celebrity photo scandal. But with unlimited guesses, a computer program can generate and test thousands of potential passwords until an account is entered. It is called a "brute force" attack.
http://www.cnn.com/2014/09/02/showbiz/hacked-nude-photos-five-things/
Apple patched it right away and added 2FA
 
Yes but hacked usually refers to breaking the system some way. This is breaking the people.

Hacking is making something (person or object) do something it wasn't originally intended to do.

Unfortunately movies have made it seem like it's all done remotely.
hackers-film-crash-overide-computer-yospos-1359681906e.gif
 

I7guy

macrumors Nehalem
Nov 30, 2013
35,157
25,268
Gotta be in it to win it
That makes sense...but it is all still part of the process. Sometimes it takes the social engineering part and an exploit for the whole hack to happen.

http://www.cnn.com/2014/09/02/showbiz/hacked-nude-photos-five-things/
Apple patched it right away and added 2FA
Yes, a two year old vulnerability that was patched. A good example of exploiting a system vulnerability. I wonder though how many times the same two year old hack is going to be quoted as an example of a current iCloud vulnerability.
 

jamezr

macrumors P6
Aug 7, 2011
16,079
19,072
US
Yes, a two year old vulnerability that was patched. A good example of exploiting a system vulnerability. I wonder though how many times the same two year old hack is going to be quoted as an example of a current iCloud vulnerability.
No one said it was a current vulnerability. I said it was patched right away and they added 2FA.
 
Yes, a two year old vulnerability that was patched. A good example of exploiting a system vulnerability. I wonder though how many times the same two year old hack is going to be quoted as an example of a current iCloud vulnerability.

I always think it's great when someone says "my home network is hack proof" and want to bet money while I'm standing in their living room with a thumb drive and 20 questions.
 
  • Like
Reactions: jamezr and I7guy

jamezr

macrumors P6
Aug 7, 2011
16,079
19,072
US
I always think it's great when someone says "my home network is hack proof" and want to bet money while I'm standing in their living room with a thumb drive and 20 questions.
lol....like letting the fox in the henhouse :)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.