{"id":3475,"date":"2014-09-04T21:42:34","date_gmt":"2014-09-04T21:42:34","guid":{"rendered":"http:\/\/really.zonky.org\/?p=3475"},"modified":"2014-09-04T21:49:47","modified_gmt":"2014-09-04T21:49:47","slug":"naked-celebrities","status":"publish","type":"post","link":"https:\/\/really.zonky.org\/?p=3475","title":{"rendered":"Naked Celebrities!"},"content":{"rendered":"<p>So apparently a whole bunch of celebrities have had their naked selfies <a href=\"http:\/\/www.theregister.co.uk\/2014\/09\/03\/apple_celeb_pic_flap_2fa_bad_advice\/\">leaked<\/a> by some &#8220;hacker&#8221;. As to how this was done, we don&#8217;t really know and will probably never know given that Apple is so secretive. But we can guess some possibilities :-<\/p>\n<ol>\n<li>The hacker built up a list of possible account names &#8211;\u00a0<em>jennifer<\/em> (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Jennifer_Lawrence\">Jennifer Lawrence<\/a>) might be a good one to try &#8211; and then tried the top 100 dumbest passwords against each one in turn. You would not get every single account this way, and a fair few would turn out to be a fan of Jennifer Lawrence rather than the celebrity herself. But you would get a few that way.<\/li>\n<li>The hacker targeted the celebrities with a phishing attack &#8211; basically asking the celebrity what their account password is. This sounds too unlikely to succeed, but with a plausible looking login page it\u00a0<em>does<\/em> work surprisingly often. It&#8217;s not just the terminally stupid that fall victim to such attacks; the victims are really those who are too\u00a0<em>trusting<\/em> and often in too much of a hurry.<\/li>\n<li>The next method a hacker might use is to tackle Apple&#8217;s password reset service which uses &#8220;memorable information&#8221; such as the name of your first school, your mother&#8217;s maiden name, etc. There is always a bit of a problem with &#8220;memorable information&#8221; such as this &#8211; it isn&#8217;t really that private, and a celebrity is likely to have &#8220;leaked&#8221; all such private information over time.<\/li>\n<li>Through some unknown vulnerability in Apple&#8217;s iCloud service. Given that we suspect that iCloud has certain &#8220;issues&#8221; with security (apparently Apple has no intruder lock out to make password guessing attacks harder), this isn&#8217;t\u00a0<em>impossible<\/em> but I would guess that it is less likely that the two more obvious attacks above.<\/li>\n<\/ol>\n<p>There&#8217;s a great deal of hateful &#8220;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Slut-shaming\">slut-shaming<\/a>&#8221; going on over this celebrity leak which apart from anything else is really missing the point. It may be\u00a0<i>embarrassing<\/i> for naked selfies to be leaked, but other personal information could be\u00a0<em>dangerous<\/em> if leaked &#8211; the celebrity&#8217;s home address and alarm codes?<\/p>\n<p>It is not the victim&#8217;s fault; it&#8217;s the fault of the anonymous (at the moment) hacker.<\/p>\n<p>But the victim\u00a0<em>can<\/em> improve their behaviour to make it harder to victimise them :-<\/p>\n<ol>\n<li>First of all if you&#8217;re called Jennifer Lawrence, don&#8217;t use any permutation of your name as a username; or even enter that as your full name into any cloud service. Make one up.<\/li>\n<li>Make sure you are using a sensible password. It needn&#8217;t be excessive, but anything that is just a single word is just not good enough.<\/li>\n<li>Be less trusting with your acount credentials. Make sure you know what the location bar in your browser is and where it is, and check it when you login. And don&#8217;t click on links in emails.<\/li>\n<li>If the service you are using offers two-factor authentication, turn it on.<\/li>\n<li>Learn about security; you are a target. Don&#8217;t go overboard (but see step 6), but spend an hour a week doing a little reading and taking steps to improve your personal security.<\/li>\n<li>Hire or befriend a geek who can act as your early warning system for threats. And someone you can go to for advice.<\/li>\n<\/ol>\n<p>Note that I haven&#8217;t said &#8220;don&#8217;t take naked selfies&#8221; &#8211; it may be a bit foolish, but a life without a bit of foolishness is hardly a life at all.<\/p>\n<p>And of course most of those suggestions work for ordinary people and not just celebrities!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So apparently a whole bunch of celebrities have had their naked selfies leaked by some &#8220;hacker&#8221;. As to how this was done, we don&#8217;t really know and will probably never know given that Apple is so secretive. But we can guess some possibilities :- The hacker built up a list of possible account names &#8211;\u00a0jennifer <a href='https:\/\/really.zonky.org\/?p=3475' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false,"_share_on_mastodon":"0"},"categories":[7,12,489],"tags":[1257,1123,1251,1253,1255,1252,1256,1254,838,1260,1261,1259,1258],"class_list":["post-3475","post","type-post","status-publish","format-standard","hentry","category-general","category-media","category-security","tag-ariana-grande","tag-celebrity","tag-jennifer-lawrence","tag-justin-verlander","tag-kaley-cuoco","tag-kate-upton","tag-kirsten-dunst","tag-mary-elizabeth-winston","tag-naked","tag-naked-selfie","tag-selfie","tag-victoria-justice","tag-yvonne-strahovski","category-7-id","category-12-id","category-489-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"share_on_mastodon":{"url":"","error":""},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p1f2KI-U3","_links":{"self":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/3475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3475"}],"version-history":[{"count":3,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/3475\/revisions"}],"predecessor-version":[{"id":3479,"href":"https:\/\/really.zonky.org\/index.php?rest_route=\/wp\/v2\/posts\/3475\/revisions\/3479"}],"wp:attachment":[{"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/really.zonky.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}