As dozens of celebrities dismiss, deny, explain or fire back over the leak of an untold number of nude or compromising photos reportedly stolen from their Apple iCloud accounts, some security experts think they know how the leak started.
See also: The 25 Worst Passwords of 2013
According to a report in TheNextWeb, a hack called iBrute was posted Saturday on GitHub by mobile security firm HackApp. Though technically a mere proof of concept, it showed hackers how to exploit an apparent “brute force” vulnerability in the Find My iPhone API.
Find My iPhone is part of a trio of services connected to iCloud, including Photo Stream and Apple’s password manager, iCloud KeychainA brute-force security attack is essentially a trial-and-error-way of breaking through security, and it usually only works if there is a weakness in the security of a system that allows an unlimited number (or a very high number) of login attempts. Read more…
via Mashable http://ift.tt/W2Mgqd