Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #102867 > unrolled thread

Apple responds to hacker claims, says systems not breached

Back to article view | Back to comp.sys.mac.system

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-23 06:57 +0000
    Re: Apple responds to hacker claims, says systems not breached "John Varela" <newlamps@verizon.net> - 2017-03-23 19:31 +0000
      Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-23 16:17 -0400
        Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-24 13:29 +0000
          Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-24 11:15 -0400
            Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-24 16:11 +0000
            Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-24 20:25 +0000
              Re: Apple responds to hacker claims, says systems not breached michaelunowho@gmail.com - 2017-03-27 11:21 -0700
                Re: Apple responds to hacker claims, says systems not breached dorayme <do_ray_me@bigpond.com> - 2017-03-28 07:02 +1100
          Re: Apple responds to hacker claims, says systems not breached michaelunowho@gmail.com - 2017-03-27 11:20 -0700
            Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-27 19:17 +0000
              Re: Apple responds to hacker claims, says systems not breached michaelunowho@gmail.com - 2017-03-27 13:37 -0700
                Re: Apple responds to hacker claims, says systems not breached Wade Garrett <wade@cooler.net> - 2017-03-27 18:35 -0400
                Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-28 02:28 +0000
      Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-24 13:25 +0000
    Re: Apple responds to hacker claims, says systems not breached Wade Garrett <wade@cooler.net> - 2017-03-24 11:49 -0400
      Re: Apple responds to hacker claims, says systems not breached Nelson <nelson@nowhere.com> - 2017-03-24 17:43 -0400
      Re: Apple responds to hacker claims, says systems not breached Chris <ithinkiam@gmail.com> - 2017-03-25 20:04 +0000
        Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 20:22 +0000
          Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-25 17:24 -0400
            Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-25 21:47 +0000
              Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-26 14:18 -0400
                Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-26 18:28 +0000
                  Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-26 15:28 -0400
                    Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-27 00:13 +0000
                    Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-27 04:51 +0000
                      Re: Apple responds to hacker claims, says systems not breached Zaidy036 <Zaidy036@air.isp.spam> - 2017-03-27 06:54 +0000
                        Re: Apple responds to hacker claims, says systems not breached nospam <nospam@nospam.invalid> - 2017-03-27 08:01 -0400
                        Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-27 15:08 +0000
                          Re: Apple responds to hacker claims, says systems not breached nospam <nospam@nospam.invalid> - 2017-03-27 13:31 -0400
                          Re: Apple responds to hacker claims, says systems not breached Zaidy036 <Zaidy036@air.isp.spam> - 2017-03-28 06:07 +0000
                        Re: Apple responds to hacker claims, says systems not breached Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-28 02:26 +0000
                Re: Apple responds to hacker claims, says systems not breached "Rod Speed" <rod.speed.aaa@gmail.com> - 2017-03-27 09:47 +1100
            Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 22:14 +0000
        Re: Apple responds to hacker claims, says systems not breached Alrescha <alrescha@gmail.com> - 2017-03-25 17:50 -0400
          Re: Apple responds to hacker claims, says systems not breached nospam <nospam@nospam.invalid> - 2017-03-25 18:09 -0400
            Re: Apple responds to hacker claims, says systems not breached Alrescha <alrescha@gmail.com> - 2017-03-25 18:12 -0400
          Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 22:14 +0000
            Re: Apple responds to hacker claims, says systems not breached Alrescha <alrescha@gmail.com> - 2017-03-25 18:18 -0400
              Re: Apple responds to hacker claims, says systems not breached Jolly Roger <jollyroger@pobox.com> - 2017-03-25 22:36 +0000
                Re: Apple responds to hacker claims, says systems not breached JF Mezei <jfmezei.spamnot@vaxination.ca> - 2017-03-26 14:22 -0400
                  Re: Apple responds to hacker claims, says systems not breached dempson@actrix.gen.nz (David Empson) - 2017-03-27 12:26 +1300
                    Re: Apple responds to hacker claims, says systems not breached Your Name <YourName@YourISP.com> - 2017-03-27 14:02 +1300

Page 2 of 3 — ← Prev page 1 [2] 3  Next page →

#103007

In message <58d6e019$0$31170$c3e8da3$a9097924@news.astraweb.com> JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:
> On 2017-03-25 16:22, Jolly Roger wrote:

>> Indeed. TFA has been available for iCloud accounts for quite some time
>> now too. And it works well. So many of us are unaffected by this "news".

> Someone can stll attempt to login with stolen credentials.

So what? They cannot ACTUALLY login.

-- 
FRIDAYS ARE NOT "PANTS OPTIONAL" Bart chalkboard Ep. AABF23

[toc] | [prev] | [next] | [standalone]

#103072

On 2017-03-25 17:47, Lewis wrote:

>> Someone can stll attempt to login with stolen credentials.
> 
> So what? They cannot ACTUALLY login.

If it gets to the point where you are asked to authenticate the request,
it means they have both username and password correct.

They may not be able to to get in, but it still shows a failure in that
they were able to somehow obtain your usnername/password combo.

[toc] | [prev] | [next] | [standalone]

#103074

In message <58d805e4$0$40439$c3e8da3$b280bf18@news.astraweb.com> JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:
> On 2017-03-25 17:47, Lewis wrote:

>>> Someone can stll attempt to login with stolen credentials.
>> 
>> So what? They cannot ACTUALLY login.

> If it gets to the point where you are asked to authenticate the request,
> it means they have both username and password correct.

AND THEY CANNOT LOGIN.

> They may not be able to to get in, but it still shows a failure in that
> they were able to somehow obtain your usnername/password combo.

It almost certainly shows that you have a shitty password, yes, but even
with a shitty password, THEY CANNOT LOGIN.

-- 
And, btw, my face cannot go blue because I have no face, I am not like that...
 --Dorayme, in a fit of nonsensical drivel

[toc] | [prev] | [next] | [standalone]

#103078

On 2017-03-26 14:28, Lewis wrote:

> It almost certainly shows that you have a shitty password, yes, but even
> with a shitty password, THEY CANNOT LOGIN.


These breaches are not because they guessed your password, it is because
they stole it from somewhere.

That is because many services are terrible with security and allow they
databases to be easily stolen.

[toc] | [prev] | [next] | [standalone]

#103088

JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:
> 
> These breaches are not because they guessed your password, it is because
> they stole it from somewhere.
> 
> That is because many services are terrible with security and allow they
> databases to be easily stolen.

Don't use the same password for multiple services. FUDster "problem"
solved.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#103098

In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:
> On 2017-03-26 14:28, Lewis wrote:

>> It almost certainly shows that you have a shitty password, yes, but even
>> with a shitty password, THEY CANNOT LOGIN.


> These breaches are not because they guessed your password, it is because
> they stole it from somewhere.

Only if you reused it like a moron.

> That is because many services are terrible with security and allow they
> databases to be easily stolen.

Which is why no one with any brains reuses passwords.


-- 
It was not, it could not be real. But in the roaring air he knew that
it was, for all who needed to believe, and in a belief so strong that
truth was not the same as fact... he knew that for now, and yesterday,
and tomorrow, both the thing, and the whole of the thing.

[toc] | [prev] | [next] | [standalone]

#103100

Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
> In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei
> <jfmezei.spamnot@vaxination.ca> wrote:
>> On 2017-03-26 14:28, Lewis wrote:
> 
>>> It almost certainly shows that you have a shitty password, yes, but even
>>> with a shitty password, THEY CANNOT LOGIN.
> 
> 
>> These breaches are not because they guessed your password, it is because
>> they stole it from somewhere.
> 
> Only if you reused it like a moron.
> 
>> That is because many services are terrible with security and allow they
>> databases to be easily stolen.
> 
> Which is why no one with any brains reuses passwords.
> 
> 

There are several free TFA apps in the Apple App Store. OTB Auth, as an
example, will generate TFA codes if the username and password are known.
Will that TFA code allow one to gain entry?

If yes, then there is no stopping someone with the user name and password.

-- 
Zaidy036

[toc] | [prev] | [next] | [standalone]

#103101

In article <obacvb$24b$1@dont-email.me>, Zaidy036
<Zaidy036@air.isp.spam> wrote:

> There are several free TFA apps in the Apple App Store. OTB Auth, as an
> example, will generate TFA codes if the username and password are known.
> Will that TFA code allow one to gain entry?

no

[toc] | [prev] | [next] | [standalone]

#103105

Zaidy036 <Zaidy036@air.isp.spam> wrote:
> Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
>> In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei
>> <jfmezei.spamnot@vaxination.ca> wrote:
>>> On 2017-03-26 14:28, Lewis wrote:
>> 
>>>> It almost certainly shows that you have a shitty password, yes, but even
>>>> with a shitty password, THEY CANNOT LOGIN.
>> 
>> 
>>> These breaches are not because they guessed your password, it is because
>>> they stole it from somewhere.
>> 
>> Only if you reused it like a moron.
>> 
>>> That is because many services are terrible with security and allow they
>>> databases to be easily stolen.
>> 
>> Which is why no one with any brains reuses passwords.
>> 
>> 
> 
> There are several free TFA apps in the Apple App Store. OTB Auth, as an
> example, will generate TFA codes if the username and password are known.

I see no app called "OTB Auth" in the App Store. Got some links to these
apps?

> Will that TFA code allow one to gain entry?

Of course not. 

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#103107

In article <ejso7bFa1dfU1@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

> >> 
> > 
> > There are several free TFA apps in the Apple App Store. OTB Auth, as an
> > example, will generate TFA codes if the username and password are known.
> 
> I see no app called "OTB Auth" in the App Store. Got some links to these
> apps?

otp auth.

> > Will that TFA code allow one to gain entry?
> 
> Of course not.

yep. not only do these apps need to be configured per account so they
generate the *correct* code, but apple doesn't use any of them. apple
has their own mechanism.

[toc] | [prev] | [next] | [standalone]

#103132

Jolly Roger <jollyroger@pobox.com> wrote:
> Zaidy036 <Zaidy036@air.isp.spam> wrote:
>> Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
>>> In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei
>>> <jfmezei.spamnot@vaxination.ca> wrote:
>>>> On 2017-03-26 14:28, Lewis wrote:
>>> 
>>>>> It almost certainly shows that you have a shitty password, yes, but even
>>>>> with a shitty password, THEY CANNOT LOGIN.
>>> 
>>> 
>>>> These breaches are not because they guessed your password, it is because
>>>> they stole it from somewhere.
>>> 
>>> Only if you reused it like a moron.
>>> 
>>>> That is because many services are terrible with security and allow they
>>>> databases to be easily stolen.
>>> 
>>> Which is why no one with any brains reuses passwords.
>>> 
>>> 
>> 
>> There are several free TFA apps in the Apple App Store. OTB Auth, as an
>> example, will generate TFA codes if the username and password are known.
> 
> I see no app called "OTB Auth" in the App Store. Got some links to these
> apps?
> 
>> Will that TFA code allow one to gain entry?
> 
> Of course not. 
> 

otp auth - two factor authentication for pros

Shows under both iPad and iPhone only

-- 
Zaidy036

[toc] | [prev] | [next] | [standalone]

#103128

In message <obacvb$24b$1@dont-email.me> Zaidy036 <Zaidy036@air.isp.spam> wrote:
> Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
>> In message <58d81655$0$34528$c3e8da3$dbd57e7@news.astraweb.com> JF Mezei
>> <jfmezei.spamnot@vaxination.ca> wrote:
>>> On 2017-03-26 14:28, Lewis wrote:
>> 
>>>> It almost certainly shows that you have a shitty password, yes, but even
>>>> with a shitty password, THEY CANNOT LOGIN.
>> 
>> 
>>> These breaches are not because they guessed your password, it is because
>>> they stole it from somewhere.
>> 
>> Only if you reused it like a moron.
>> 
>>> That is because many services are terrible with security and allow they
>>> databases to be easily stolen.
>> 
>> Which is why no one with any brains reuses passwords.
>> 
>> 

> There are several free TFA apps in the Apple App Store. OTB Auth, as an
> example, will generate TFA codes if the username and password are known.
> Will that TFA code allow one to gain entry?

> If yes, then there is no stopping someone with the user name and password.

Wow. that is astonishingly stupid and ignorant.

Are you a JF sockpuppet?


-- 
The Steve is seen, rightly or wrongly, as the visionary, the leader,
the savant. Bill is the Boswell to The Steve's Johnson, but lacking
Boswell's wit, charm, and dynamic personality.

[toc] | [prev] | [next] | [standalone]

#103086

JF Mezei <jfmezei.spamnot@vaxination.ca> wrote 
> Lewis wrote
 
>>> Someone can stll attempt to login with stolen credentials.
 
>> So what? They cannot ACTUALLY login.
 
> If it gets to the point where you are asked to authenticate the 
> request, it means they have both username and password correct.
 
> They may not be able to to get in, but it still shows a failure in that
> they were able to somehow obtain your usnername/password combo.

Only a failure on the part of the stupid user that 
uses the same password for more than one service.  

[toc] | [prev] | [next] | [standalone]

#103012

JF Mezei <jfmezei.spamnot@vaxination.ca> wrote:
> On 2017-03-25 16:22, Jolly Roger wrote:
> 
>> Indeed. TFA has been available for iCloud accounts for quite some time
>> now too. And it works well. So many of us are unaffected by this "news".
> 
> TFA simply prevents them from loging in 

Exactly. Glad you understand.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#103008

On 2017-03-25 20:04:15 +0000, Chris <ithinkiam@gmail.com> said:

> Don't even need to do that. Just turn on TFA. Job done :)

Unfortunately if they have your password TFA will not prevent them from 
wiping your devices (the whole idea behind Find My iPhone is to allow 
you to lock or erase your iPhone *when you don't have it*).

A.

[toc] | [prev] | [next] | [standalone]

#103009

In article <ob6ohk$kd7$1@dont-email.me>, Alrescha <alrescha@gmail.com>
wrote:

> 
> > Don't even need to do that. Just turn on TFA. Job done :)
> 
> Unfortunately if they have your password TFA will not prevent them from 
> wiping your devices (the whole idea behind Find My iPhone is to allow 
> you to lock or erase your iPhone *when you don't have it*).

yes it will.

[toc] | [prev] | [next] | [standalone]

#103011

On 2017-03-25 22:09:33 +0000, nospam <nospam@nospam.invalid> said:

> In article <ob6ohk$kd7$1@dont-email.me>, Alrescha <alrescha@gmail.com>
> wrote:
> 
>> 
>>> Don't even need to do that. Just turn on TFA. Job done :)
>> 
>> Unfortunately if they have your password TFA will not prevent them from
>> wiping your devices (the whole idea behind Find My iPhone is to allow
>> you to lock or erase your iPhone *when you don't have it*).
> 
> yes it will.

<plonk>

[toc] | [prev] | [next] | [standalone]

#103013

Alrescha <alrescha@gmail.com> wrote:
> On 2017-03-25 20:04:15 +0000, Chris <ithinkiam@gmail.com> said:
> 
>> Don't even need to do that. Just turn on TFA. Job done :)
> 
> Unfortunately if they have your password TFA will not prevent them from 
> wiping your devices

That's precisely what it does.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#103014

On 2017-03-25 22:14:51 +0000, Jolly Roger <jollyroger@pobox.com> said:

> That's precisely what it does.

No, it does not.  Try this:

	from a new browser (or one you have deleted icloud cookies from)
		login to icloud with your user / password
		do not answer the two-factor authentication prompt

	under the box for the security code, see "Find My iPhone".  Click it.

A.

[toc] | [prev] | [next] | [standalone]

#103017

On 2017-03-25, Alrescha <alrescha@gmail.com> wrote:
> On 2017-03-25 22:14:51 +0000, Jolly Roger <jollyroger@pobox.com> said:
>
>> That's precisely what it does.
>
> No, it does not.  Try this:
>
> 	from a new browser (or one you have deleted icloud cookies from)
> 	login to icloud with your user / password do not answer the
> 	two-factor authentication prompt
>
> 	under the box for the security code, see "Find My iPhone".
> 	Click it.

Huh. I figured TFA would stop you from using Find My Phone. Good point.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

Page 2 of 3 — ← Prev page 1 [2] 3  Next page →

Back to top | Article view | comp.sys.mac.system

csiph-web