Apple Allegedly Knew of iCloud Brute-Force Vulnerability Since March

blottsie writes Apple knew as early as March 2014 of a security hole that left the personal data of iCloud users vulnerable, according to leaked emails between the company and a noted security researcher. In a March 26 email, security researcher Ibrahim Balic tells an Apple official that he's successfully bypassed a security feature designed to prevent "brute-force" attacks. Balic goes on to explain to Apple that he was able to try over 20,000 passwords combinations on any account.

Re:celebgate

[bobbied]

apple really screwed the pooch with celebgate. protecting against brute force attacks is like security 101

Seriously? I think the celebrities where/are stupid.

Who in their right mind takes compromising photos and allow them to be stored on anybody's cloud, while knowing that said pictures would be of great value to the public? Security 101 says, DON'T TAKE THE PICTURES in the first place, but if you insist on doing so, DON'T PUT THEM ON THE INTERNET.

Apple may have messed up by not notifying their customers of hacking attempts, but you are not thinking if you put things of value in anybody's hands for safe keeping up on the net, even if it's Apple. It's a bad idea to give up control of your data if it is sensitive in any way, unless it's well encrypted.

Celebrities where primarily responsible, they where plain stupid to allow such pictures to be taken, much less store them protected by no more than a password. What do they THINK is going to happen? Putting tens of thousands of dollars worth of "personal photos" online protected by a password? Even if Apple had done all due dalliance, you can bet somebody would have eventually found a way.