Unless you’ve been living under a rock (nothing wrong with that, by the way), you would have read/heard of an iCloud hack that led to exposure of several nude celebrity photos. Somehow, almost every article on this prominently features Hunger Games’ and X-Men actor, Jennifer Lawrence, who is simply one of many victims. 4Chan, the fringe and meme-generating site where the photos were posted, subsequently changed its policy to be more DMCA-compliant and will now remove content after an “infringement notice”. It’s most likely a defensive move against possible lawsuits from the victims involved.
I used to have the iPhone, from the first generation up to the iPhone 4s. When iCloud was launched in 2011, I was quite skeptical of Apple as a cloud storage company and did not even think of turning it on my phone. In 2012, around the time when I upgraded to the 4s, I considered turning iCloud on until I read an article about a writer whose digital life was pretty much erased due to security loopholes in his Amazon and Apple iCloud account. To be clear, the author’s way of daisy-chaining several online accounts were far from ideal but that cemented the idea in my mind that Apple’s iCloud is far from secure.
The recent hack turned out to be a targeted effort to gather the celebrities’ usernames, passwords and security questions and not a breach of iCloud itself. However, it brings us again to the vulnerability of using security questions to recover passwords. In fact, just a few days before the hack, security researchers released a Python script on GitHub that would allow for brute force to guess passwords via Apple’s Find My iPhone service. Apple has since patched the vulnerability but denies security flaws with the iCloud. On that note, whenever available, use multi-factor authentication for your online accounts – the pain is more than worth it.
Read on for this week’s most relevant news in tech and retail.
- Celebrity iCloud accounts hacked in a targeted attack leading to nude photo leaks; no security breach on iCloud according to Apple*
- United States installs a new Chief Technology Officer: Google(x)’s Megan Smith
- Motorola’s Android Wear Moto 360 launched and ready to ship while Apple gears up for possible iWatch and iPhone 6 launch next week
- Google rebrands Google Enterprise into Google for Work
- Healthcare.gov was breached; no consumer data were taken or viewed
- LVMH will relinquish most of 23.2% stake in Hérmes after a four-year battle and will not acquire any shares for the next 5 years; LVMH also ends a 10-year dispute over Google’s search results on counterfeit goods online; the two companies will sign a cooperation agreement to fight sales of counterfeit goods online
- Eyewear company, Safilo ends license deal with Gucci two years early after signing a deal with Kering
- Permira sells €850M worth of Hugo Boss shares equivalent to 11.2% of share capital; Hugo Boss AG shares fall
- Amazon partners with US Mail to deliver groceries in Seattle, Los Angeles and San Francisco
- European fashion retailer Zalando, currently valued at $5.3B, announces IPO on the Frankfurt Stock Exchange later this year; IPO offering will sell 10-11% of the company
*For such a large tech company that increasingly handles large amounts of data (iCloud, me.com, mac.com, iTunes), Apple is not transparent about the security features of its services. Worse, the Electronic Frontier Foundation (EFF) has found that Apple does *not* encrypt email transfers in what is known as the STARTTLS protocol. For all its might, Apple is still a hardware company and they better catch up soon especially when it comes to security.