Apple is taking steps to improve security in the wake of the furor generated by hackers' posting nude photos of celebs on the Internet, CEO Tim Cook told The Wall Street Journal.Apple will alert users via email and push notifications when someone tries to restore iCloud data to a new device, Cook said.It already does this when someone tries to change an account password or when a device logs in to an account for the first time.Users can respond immediately by changing their passwords or alerting Apple's security team.Apple also will extend its use of two-factor authentication (2FA) to cover access to iCloud accounts from a mobile device, including it in iOS 8, Cook said. Those Darn Users!Cook reportedly also said the victims' accounts were compromised when hackers correctly answered security questions to obtain their passwords, or that the celebs' user IDs and passwords had been stolen through a phishing scam.None of the Apple IDs and passwords leaked from the company's servers, he maintained.That contradicts a statement on the GitHub iBrute page, which claims the celebs' data was taken in a December 2009 breach of advertising network RockYou."If the hacker didn't use iBrute, they were pretty dumb," Jonathan Sander, strategy and research officer at Stealthbits Technologies, told TechNewsWorld. "Hackers don't like work; they ... wait for something like iBrute to appear, set it up, and sit back with a bag of chips to wait for the results."Blaming the victim does not sit well with Richard Blech, CEO of Secure Channels.Technology is the application of scientific knowledge for practical purposes, Blech told TechNewsWorld. "If, at the end of the day, we simply continue to blame the user, why call it 'technology' at all?"Also, Apple "has really awful security questions," Sean Sullivan, a security advisor at F-Secure, pointed out. "They're very easy to research, and [Apple] forces customers to use them."He admitted that Apple could have done more to alert customers to the dangers of hackers targeting their accounts, and to the importance of creating stronger and safer passwords. |