Page 2 of 4
Posted: Wed Sep 10, 2014 9:37 pm
by Orlion
Vraith wrote:Orlion wrote:Vraith wrote:
No, you don't.
Not only do you not gotta, you're wrong if you do.
If you store something at a bank and it gets stolen because they weren't carrying out proper security measures, it would be in part their fault.
Same with the Cloud.
Heh...maybe I should have quoted that a bit more extensively, but I wasn't talking about the Cloud itself. People can hold Apple partly accountable if they want.
But I'm really talking about the people with no sympathy for the actual victims. Which weren't Apple.
Not one person here has a single possession...up to and including their own bodies...that is truly safe or secure. So, no matter what anybody does to you, by any means, it's your fault. Absurd.
It's funny, though, that people think hacking is so much easier than breaking into a house and stealing.
It's a lot SAFER...especially for the criminal.
But almost any fool can break into a house.
Ok, I find that agreeable
I would add that there are ways to discourage such activity. Just because "ideally" such things should not happen does not mean we should not strive to protect ourselves. Hope for peace, prepare for war.
And if you leave the door to your house open and advertise that fact on Facebook, I will judge you accordingly. That does not mean I believe that "Vraith deserved to get robbed" or "Vraith was asking for it!" or that the thief should be absolved of any criminal thing. But it does mean that I will think that "Vraith did something really stupid/foolish".
I use Vraith as an example because the scenario is so unlikely and his skin is so thick, he can take the heat
Posted: Wed Sep 10, 2014 9:37 pm
by Hashi Lebwohl
wayfriend wrote:
The Cloud is not safe.
It is promoted as safe. But it's not.
Half of American adults hacked this year.
They lure you into it with convenience.
And they fail to advise you of the risk.
It's not safe because there's no such thing as a hack-proof server.
It's not safe because anyone can go after your things from anywhere in the world.
It's not safe because millions of people have their information in one place.
This makes it worth almost any amount of investment to hack.
It's not safe because no one knows what is stolen unless someone put what they stole on reddit.
Did Apple tell
you that they cannot prevent what you put in the Cloud from being stolen? I think not.
^ What Wayfriend said times ten. Nothing you send via teh Interwebz, not e-mail, not FB posts, not blogs, not posts on a forum, not pictures....nothing is "safe" on the Internet.
I took this as an opportunity to remind our daughter that she needs to be extremely careful what pictures she posts, both now and as she gets older and transitions into high school. I reiterated this with regard to both the computer and her smartphone. "Never ever ever post a picture that you wouldn't want the entire world to see, including your children as they get old enough to start looking you up on the Internet to see what you did when you were their age."
wayfriend wrote:(Ask Hashi sometime about his computer that has no network connections. And why he wants it.)
Everyone should get a second computer that is never connected to the Internet, not even for a minute, then use it as the safe place upon which to store things you don't want people stealing. Disable the admin and guest accounts, lock down your personal profile with a password, then set up a BIOS password on top of that for pre-boot security. I mention that last part because--and I probably shouldn't admit this but it is already out there--I have a tool that lets me enter a pre-OS environment, enable the local admin account, remove it from any domain of which it may be a member, then reset the password. In short, if I have physical access to a computer then I can log on to it and browse all the files...as can anyone else with a similar tool.
I already have a computer at the house which I killdisked to wipe the MFT, reformatted it, reimaged it, and have never connected it to any network. I will admit to keeping a backup of the files on that computer on a large USB stick but that stick is in the safe deposit box. No, seriously. Who can afford to lose a decades' worth of tax returns, paycheck stubs, receipts, and other important scanned documentation?
Posted: Wed Sep 10, 2014 9:51 pm
by I'm Murrin
May be worth noting that (as far as I've heard) if an iPhone is your main camera, you can't actually opt out of storing your images on the Cloud - it's how the phone is set up. I don't think "don't buy iPhones if you want to take nude pictures for people" is a reasonable answer, though - as I've noted before, Apple is one of those companies that tries to make it hard to leave their services once you're bought in, by making it all exclusive to their own properties.
(Nor is "don't use your phone to take the pictures" reasonable. The whole point, usually, is for these pictures to be sent to a recipient by phone, which is an entirely acceptable use of a private communications device.)
Posted: Wed Sep 10, 2014 10:00 pm
by Hashi Lebwohl
Pictures or files you store or send should be safe, I agree. However, a lot of things should be which are not and this is simply one more of them.
Posted: Wed Sep 10, 2014 10:07 pm
by wayfriend
BTW, in this particular case, Apple was particularly negligent.
Their web access allowed unlimited password guesses.
This is a no-no that you learn in Internet Security 101.
Basically, almost any bozo who gave it a half-hearted try could break in.
Apple failed those celebrities who trusted them.
Not because true security is impossible.
But because basic security was lacking.
Who knows what else was stolen? There's no telling.
Like I said, unless you advertise that you stole it, no one knows.
Apple sure as hell isn't going to admit it.
They probably don't know themselves.
Of course, this whole fiasco prompted them to fix the problem.
It took them about ten minutes to do it.
After the horses had been galloping out of the barn for a good long while.
So, I blame The Cloud here because the Cloud was negligent, and, in that they were not up front about risks while luring people in, fraudulent.
Posted: Wed Sep 10, 2014 10:25 pm
by Vraith
Orlion wrote:
I use Vraith as an example because the scenario is so unlikely and his skin is so thick, he can take the heat
Heh...you can make an example of me whenever you like [or feel tough enough to handle the rebound/counterstrike 
]
There might be one or two people around who enjoy watching me being made and example of...and I wouldn't want to interfere with their pleasure.
After all, [unlike nekkid pics of myself] I'm flaunting it all in public.
Posted: Wed Sep 10, 2014 10:33 pm
by Iolanthe
Hashi Lebwohl wrote:
Everyone should get a second computer that is never connected to the Internet, not even for a minute, then use it as the safe place upon which to store things you don't want people stealing.
Hashi, that is a brilliant idea. We have a lap top that has never been connected to the internet and that we now don't use. I'm going to save all the files I have on this PC onto the laptop at the weekend! I also have an external hard drive, and a stick with all the family history stuff on in the safe at our research centre that is updated monthly, but the lap top as an extra safeguard is something I never thought of. Thank you! I was going to buy some cloud space but now I think not, for the time being anyway.
Posted: Thu Sep 11, 2014 2:35 am
by Hashi Lebwohl
As wayfriend noted, basic computer/internet/cloud security is still sadly lacking at many corporations, including corporations which should know better (like Apple). Personal security at home is usually lacking, as well--you would be surprised how many people don't have even basic, free anti-malware or anti-adware programs like MalwareBytes or SpyBot on their home computers. No, the average black hat isn't going to target a personal user at home--you don't have enough money or valuable information to make it worth their while--but some of them are still bored and like to spread viruses or tap your computer as part of their large bot-based attacks.
Now that I think about it, my mother has photo albums--I don't know how many--which are full of family pictures that have never been scanned into a digital format for posterity. I think I know what I am going to do for her for Christmas this year....
Posted: Thu Sep 11, 2014 4:53 am
by Avatar
Hey Hashi, if I have physical access to your machine, a BIOS password is not gonna stop me...
--A
Posted: Thu Sep 11, 2014 12:39 pm
by michaelm
Iolanthe wrote:Hashi Lebwohl wrote:
Everyone should get a second computer that is never connected to the Internet, not even for a minute, then use it as the safe place upon which to store things you don't want people stealing.
Hashi, that is a brilliant idea. We have a lap top that has never been connected to the internet and that we now don't use. I'm going to save all the files I have on this PC onto the laptop at the weekend! I also have an external hard drive, and a stick with all the family history stuff on in the safe at our research centre that is updated monthly, but the lap top as an extra safeguard is something I never thought of. Thank you! I was going to buy some cloud space but now I think not, for the time being anyway.
We do something similar, but what we do is regularly back things up on a DVD and replace the current copy we have in a safe deposit box at the bank. Even if something catastrophic happened to the house, we would still have a copy of much of our important stuff that is in digital format.
Posted: Thu Sep 11, 2014 6:35 pm
by Hashi Lebwohl
Avatar wrote:Hey Hashi, if I have physical access to your machine, a BIOS password is not gonna stop me...
--A
Well, no--yank the drive and stick it on an external reader, obviating the need for passwords completely. Nothing is absolutely, 100% safe but we can take reasonable precautions to make it more trouble than it is worth to any thief or black hat to try and access our files.
Posted: Thu Sep 11, 2014 8:54 pm
by sgt.null
I stand by my statement. you do something incredibly stupid, you may end up paying for it. if I walk into the Quarters after midnight here in my little town, I can expect to be accosted. does it negate the criminal? no. but what the hell was I doing in that cesspool after dark anyway?
teach your kids not to keep naked pics of themselves on the web. sound advice? get a safe at home, take them with a polaroid, shake the pic, enjoy. store them in the safe.
how many times will people have to be hacked before they realize the internet is not safe?
just because you can do something, does not mean you should.
Posted: Thu Sep 11, 2014 9:35 pm
by I'm Murrin
Posted: Fri Sep 12, 2014 4:23 am
by Avatar
Hashi Lebwohl wrote:Well, no--yank the drive and stick it on an external reader, obviating the need for passwords completely.
Haha, I was thinking of the CMOS reset jumper, or just yanking the battery...that'll wipe your password.
--A
Posted: Fri Sep 12, 2014 4:54 am
by sgt.null
and I refer you to my post you referred me from. or something like that.
if you choose to use a technology that is inherently unsafe, you may experience problems.
Posted: Fri Sep 12, 2014 1:36 pm
by Hashi Lebwohl
Avatar wrote:
Haha, I was thinking of the CMOS reset jumper, or just yanking the battery...that'll wipe your password.
--A
Those would work, too, as they would reset the BIOS. Well played.
Posted: Fri Sep 12, 2014 2:45 pm
by wayfriend
Some people know too much for my own good.
Sarge, you know what to expect when you go into the Quarters after midnight. People using iPhone cameras are not expecting risk, and in fact have been given no fair warning about the risk, and furthermore have been lured into taking on the risk without knowledge.
So a better analogy is: if you tell the noob guard on his first day that he will get a bonus if he goes into the Quarters after midnight, how much is it his fault what happens?
Posted: Fri Sep 12, 2014 7:10 pm
by SoulBiter
I was under the impression that these celebs were Phished for their username and passwords.
Posted: Fri Sep 12, 2014 7:34 pm
by wayfriend
SB: Apple failed to limit failed password attempts on one of it's services. This opens it up to brute forcing passwords via dictionary attacks. Once the password is found, you have access to everything about your iPhone. The security hole was discovered by hackers in May. Programs to exploit the hole emerged on the internet. Apple did nothing about it. [
link]
The phishing theory was put out by ... Apple.
Posted: Fri Sep 12, 2014 11:20 pm
by sgt.null
wf - everytime the treasury creates a new foolproof paper currency that can not be forged. it gets forged. it seems every week some large company gets hacked and info is stolen.
if the noob guard doesn't do any homework on what the quarters are, he gets what is coming to him. the info is out there.
we semi-luddites are right not to fully trust technology.
were you surprised the fappening happened?