Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mobile.ipad > #60663 > unrolled thread

Apple responds to hacker claims, says systems not breached

Back to article view | Back to comp.mobile.ipad

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-23 06:57 +0000
    Re: Apple responds to hacker claims, says systems not breached "John Varela" <newlamps@verizon.net> - 2017-03-23 19:31 +0000
      Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-23 16:17 -0400
        Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-24 13:29 +0000
          Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-24 11:15 -0400
            Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-24 16:11 +0000
            Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-24 20:25 +0000
      Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-24 13:25 +0000
    Re: Apple responds to hacker claims, says systems not breached Wade Garrett <wade@cooler.net> - 2017-03-24 11:49 -0400
      Re: Apple responds to hacker claims, says systems not breached Chris <ithinkiam@gmail.com> - 2017-03-25 20:04 +0000
        Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 20:22 +0000
          Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-25 17:24 -0400
            Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-25 21:47 +0000
              Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-26 14:18 -0400
                Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-26 18:28 +0000
                  Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-26 15:28 -0400
                    Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-27 00:13 +0000
                    Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-27 04:51 +0000
                      Re: Apple responds to hacker claims, says systems not breached Zaidy036 <Zaidy036@air.isp.spam> - 2017-03-27 06:54 +0000
                        Re: Apple responds to hacker claims, says systems not breached nospam <nospam@nospam.invalid> - 2017-03-27 08:01 -0400
                        Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-27 15:08 +0000
                          Re: Apple responds to hacker claims, says systems not breached nospam <nospam@nospam.invalid> - 2017-03-27 13:31 -0400
                          Re: Apple responds to hacker claims, says systems not breached Zaidy036 <Zaidy036@air.isp.spam> - 2017-03-28 06:07 +0000
                        Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-28 02:26 +0000
                Re: Apple responds to hacker claims, says systems not breached "Rod Speed" <rod.speed.aaa@gmail.com> - 2017-03-27 09:47 +1100
            Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 22:14 +0000
        Re: Apple responds to hacker claims, says systems not breached Alrescha <alrescha@gmail.com> - 2017-03-25 17:50 -0400
          Re: Apple responds to hacker claims, says systems not breached nospam <nospam@nospam.invalid> - 2017-03-25 18:09 -0400
            Re: Apple responds to hacker claims, says systems not breached Alrescha <alrescha@gmail.com> - 2017-03-25 18:12 -0400
          Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 22:14 +0000
            Re: Apple responds to hacker claims, says systems not breached Alrescha <alrescha@gmail.com> - 2017-03-25 18:18 -0400
              Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 22:36 +0000
                Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-26 14:22 -0400
                  Re: Apple responds to hacker claims, says systems not breached dempson@actrix.gen.nz (David Empson) - 2017-03-27 12:26 +1300
                    Re: Apple responds to hacker claims, says systems not breached Your Name <YourName@YourISP.com> - 2017-03-27 14:02 +1300

Page 2 of 2 — ← Prev page 1 [2]

#60736

Zaidy036 <Zaidy036@air.isp.spam> wrote:
> Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
>> In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei
>> <jfmezei.spamnot@vaxination.ca> wrote:
>>> On 2017-03-26 14:28, Lewis wrote:
>> 
>>>> It almost certainly shows that you have a shitty password, yes, but even
>>>> with a shitty password, THEY CANNOT LOGIN.
>> 
>> 
>>> These breaches are not because they guessed your password, it is because
>>> they stole it from somewhere.
>> 
>> Only if you reused it like a moron.
>> 
>>> That is because many services are terrible with security and allow they
>>> databases to be easily stolen.
>> 
>> Which is why no one with any brains reuses passwords.
>> 
>> 
> 
> There are several free TFA apps in the Apple App Store. OTB Auth, as an
> example, will generate TFA codes if the username and password are known.

I see no app called "OTB Auth" in the App Store. Got some links to these
apps?

> Will that TFA code allow one to gain entry?

Of course not. 

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#60740

In article <ejso7bFa1dfU1@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

> >> 
> > 
> > There are several free TFA apps in the Apple App Store. OTB Auth, as an
> > example, will generate TFA codes if the username and password are known.
> 
> I see no app called "OTB Auth" in the App Store. Got some links to these
> apps?

otp auth.

> > Will that TFA code allow one to gain entry?
> 
> Of course not.

yep. not only do these apps need to be configured per account so they
generate the *correct* code, but apple doesn't use any of them. apple
has their own mechanism.

[toc] | [prev] | [next] | [standalone]

#60771

Jolly Roger <jollyroger@pobox.com> wrote:
> Zaidy036 <Zaidy036@air.isp.spam> wrote:
>> Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
>>> In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei
>>> <jfmezei.spamnot@vaxination.ca> wrote:
>>>> On 2017-03-26 14:28, Lewis wrote:
>>> 
>>>>> It almost certainly shows that you have a shitty password, yes, but even
>>>>> with a shitty password, THEY CANNOT LOGIN.
>>> 
>>> 
>>>> These breaches are not because they guessed your password, it is because
>>>> they stole it from somewhere.
>>> 
>>> Only if you reused it like a moron.
>>> 
>>>> That is because many services are terrible with security and allow they
>>>> databases to be easily stolen.
>>> 
>>> Which is why no one with any brains reuses passwords.
>>> 
>>> 
>> 
>> There are several free TFA apps in the Apple App Store. OTB Auth, as an
>> example, will generate TFA codes if the username and password are known.
> 
> I see no app called "OTB Auth" in the App Store. Got some links to these
> apps?
> 
>> Will that TFA code allow one to gain entry?
> 
> Of course not. 
> 

otp auth - two factor authentication for pros

Shows under both iPad and iPhone only

-- 
Zaidy036

[toc] | [prev] | [next] | [standalone]

#60766

In message <obacvb$24b$1@dont-email.me> Zaidy036 <Zaidy036@air.isp.spam> wrote:
> Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
>> In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei
>> <jfmezei.spamnot@vaxination.ca> wrote:
>>> On 2017-03-26 14:28, Lewis wrote:
>> 
>>>> It almost certainly shows that you have a shitty password, yes, but even
>>>> with a shitty password, THEY CANNOT LOGIN.
>> 
>> 
>>> These breaches are not because they guessed your password, it is because
>>> they stole it from somewhere.
>> 
>> Only if you reused it like a moron.
>> 
>>> That is because many services are terrible with security and allow they
>>> databases to be easily stolen.
>> 
>> Which is why no one with any brains reuses passwords.
>> 
>> 

> There are several free TFA apps in the Apple App Store. OTB Auth, as an
> example, will generate TFA codes if the username and password are known.
> Will that TFA code allow one to gain entry?

> If yes, then there is no stopping someone with the user name and password.

Wow. that is astonishingly stupid and ignorant.

Are you a JF sockpuppet?


-- 
The Steve is seen, rightly or wrongly, as the visionary, the leader,
the savant. Bill is the Boswell to The Steve's Johnson, but lacking
Boswell's wit, charm, and dynamic personality.

[toc] | [prev] | [next] | [standalone]

#60724

JF Mezei <jfmezei.spamnot@vaxination.ca> wrote 
> Lewis wrote
 
>>> Someone can stll attempt to login with stolen credentials.
 
>> So what? They cannot ACTUALLY login.
 
> If it gets to the point where you are asked to authenticate the 
> request, it means they have both username and password correct.
 
> They may not be able to to get in, but it still shows a failure in that
> they were able to somehow obtain your usnername/password combo.

Only a failure on the part of the stupid user that 
uses the same password for more than one service.  

[toc] | [prev] | [next] | [standalone]

#60702

JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:
> On 2017-03-25 16:22, Jolly Roger wrote:
> 
>> Indeed. TFA has been available for iCloud accounts for quite some time
>> now too. And it works well. So many of us are unaffected by this "news".
> 
> TFA simply prevents them from loging in 

Exactly. Glad you understand.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#60698

On 2017-03-25 20:04:15 +0000, Chris <ithinkiam@gmail.com> said:

> Don't even need to do that. Just turn on TFA. Job done :)

Unfortunately if they have your password TFA will not prevent them from 
wiping your devices (the whole idea behind Find My iPhone is to allow 
you to lock or erase your iPhone *when you don't have it*).

A.

[toc] | [prev] | [next] | [standalone]

#60700

In article <ob6ohk$kd7$1@dont-email.me>, Alrescha <alrescha@gmail.com>
wrote:

> 
> > Don't even need to do that. Just turn on TFA. Job done :)
> 
> Unfortunately if they have your password TFA will not prevent them from 
> wiping your devices (the whole idea behind Find My iPhone is to allow 
> you to lock or erase your iPhone *when you don't have it*).

yes it will.

[toc] | [prev] | [next] | [standalone]

#60701

On 2017-03-25 22:09:33 +0000, nospam <nospam@nospam.invalid> said:

> In article <ob6ohk$kd7$1@dont-email.me>, Alrescha <alrescha@gmail.com>
> wrote:
> 
>> 
>>> Don't even need to do that. Just turn on TFA. Job done :)
>> 
>> Unfortunately if they have your password TFA will not prevent them from
>> wiping your devices (the whole idea behind Find My iPhone is to allow
>> you to lock or erase your iPhone *when you don't have it*).
> 
> yes it will.

<plonk>

[toc] | [prev] | [next] | [standalone]

#60703

Alrescha <alrescha@gmail.com> wrote:
> On 2017-03-25 20:04:15 +0000, Chris <ithinkiam@gmail.com> said:
> 
>> Don't even need to do that. Just turn on TFA. Job done :)
> 
> Unfortunately if they have your password TFA will not prevent them from 
> wiping your devices

That's precisely what it does.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#60704

On 2017-03-25 22:14:51 +0000, Jolly Roger <jollyroger@pobox.com> said:

> That's precisely what it does.

No, it does not.  Try this:

	from a new browser (or one you have deleted icloud cookies from)
		login to icloud with your user / password
		do not answer the two-factor authentication prompt

	under the box for the security code, see "Find My iPhone".  Click it.

A.

[toc] | [prev] | [next] | [standalone]

#60706

On 2017-03-25, Alrescha <alrescha@gmail.com> wrote:
> On 2017-03-25 22:14:51 +0000, Jolly Roger <jollyroger@pobox.com> said:
>
>> That's precisely what it does.
>
> No, it does not.  Try this:
>
> 	from a new browser (or one you have deleted icloud cookies from)
> 	login to icloud with your user / password do not answer the
> 	two-factor authentication prompt
>
> 	under the box for the security code, see "Find My iPhone".
> 	Click it.

Huh. I figured TFA would stop you from using Find My Phone. Good point.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#60717

On 2017-03-25 18:36, Jolly Roger wrote:

> Huh. I figured TFA would stop you from using Find My Phone. Good point.

And it makes sense in a way. Say you are at some conference. Lose your
phone. Use a friend's laptop to do "locate my iPhone".  (or to zap it).

You can't TFA authorize that browser in such a circumstance. (but should
then fallback to security questions).

[toc] | [prev] | [next] | [standalone]

#60725

JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:

> On 2017-03-25 18:36, Jolly Roger wrote:
> 
> > Huh. I figured TFA would stop you from using Find My Phone. Good point.
> 
> And it makes sense in a way. Say you are at some conference. Lose your
> phone. Use a friend's laptop to do "locate my iPhone".  (or to zap it).
> 
> You can't TFA authorize that browser in such a circumstance. (but should
> then fallback to security questions).

The security questions are deleted when you enable TFA.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]

#60728

In article <1n3je3s.l7nwxf1e70583N%dempson@actrix.gen.nz>, David Empson
<dempson@actrix.gen.nz> wrote:
> JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:
> > On 2017-03-25 18:36, Jolly Roger wrote:
> > > 
> > > Huh. I figured TFA would stop you from using Find My Phone. Good point.
> > 
> > And it makes sense in a way. Say you are at some conference. Lose your
> > phone. Use a friend's laptop to do "locate my iPhone".  (or to zap it).
> > 
> > You can't TFA authorize that browser in such a circumstance. (but should
> > then fallback to security questions).
> 
> The security questions are deleted when you enable TFA.

I have no idea what The Force Awakens movie has to do with iPhone
security ... maybe the Rebel troops are guarding Apple's servers
against the evil Microsoft Empire.

[toc] | [prev] | [standalone]

Page 2 of 2 — ← Prev page 1 [2]

Back to top | Article view | comp.mobile.ipad

csiph-web