
Jennifer Lawrence's Nude Photos Leak Online, Other Celebs Targeted - fivedogit
http://www.huffingtonpost.com/2014/08/31/jennifer-lawrence-nude-photos_n_5745260.html
======
cookiecaper
Nobody knows anything about the real origin of the leaks yet. If nudes of
famous people are the only thing that come out of an iCloud bug that massive,
then some people have really lucked out. It seems like a silly thing to waste
this kind of exploit on, when it could be used to read all of the files of
virtually any OS X or iPhone user. That makes me think this isn't really an
iCloud exploit.

~~~
nwh
There might be further reaching impacts that we don't know about yet.

~~~
cookiecaper
True, but this is the kind of bug that one would never want to expose. A smart
person (of the personality type to go into other people's private files
instead of performing a responsible disclosure to Apple) would ride it out for
years and leak content slowly, so that he continues to have unfettered access
to the data of the 70 million+ Americans who use Apple computers or phones.

Something like this would be worth millions. It's not something that gets
thrown away unless the possessor is just absolutely, completely, ridiculously
naive.

My guess is that the photos in question came from a much more basic password
guessing attack, which has historically been the case in these high-profile
leaks, like the Scarlett Johansson leak that landed this guy in jail for 10
years: [http://www.cbsnews.com/news/christopher-chaney-so-called-
hol...](http://www.cbsnews.com/news/christopher-chaney-so-called-hollywood-
hacker-gets-10-years-for-posting-celebrities-personal-photos-online/)

~~~
nwh
> A smart person

I don't think a smart person would do this.

~~~
cookiecaper
>I don't think a smart person would do this.

I don't think a dumb person would be able to find a bug of this type in
iCloud, which undoubtedly has thousands of people trying to break in around
the clock. That's part of why I believe this was probably done with a much
more basic, script-kiddie-accessible attack that essentially boils down to
weak passwords and not a server-side technical flaw.

Another interesting potential attack vector of a more accessible character
would be sniffing the air in areas where celebrities congregate and looking
for plaintext credentials going over http. That'd be a fairly basic way to
perpetrate this kind of hack.

------
ripb
I would be interested to see if Apple have covered themselves against
liability here in the Terms & Conditions associated with iCloud.

~~~
owenwil
It's nothing to do with iCloud

