One third of Americans have improved their online security since the iCloud hacks

image002

A YouGov survey of more than 1,000 American consumers commissioned by security company Tresorit found that just over a third of them have taken steps to beef-up their online security in response to the iCloud hacks.

The most common response was to change passwords for stronger ones, with 13 percent creating different passwords for each online service and 6 percent enabling two-step verification …  Read more

FBI investigating alleged iCloud celebrity hack as Reddit ‘suspect’ declares innocence

photosharing_updates_image

The FBI is now leading the investigation into the alleged iCloud hack in which nude photographs of a number of celebrities were obtained, reports the Telegraph. FBI spokesperson Laura Eimiller said:

[The FBI is] aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter. Any further comment would be inappropriate at this time.

It has been suggested that a vulnerability in the Find My Phone service may have allowed attackers to brute-force passwords in order to access the iCloud accounts of celebrities …  Read more

Why is the FBI carrying around a file with 12M Apple user UDIDs? (and is yours one of them?)

Update: The FBI has issued a denial

HackerNews linked last night to a Pastbin file, which is a long-rambling diatribe by hacker group AntiSec, that eventually said the group infiltrated an FBI laptop in March and was able to download files off  the machine. One of those files, NCFTA_iOS_devices_intel.csv, contained more than 1 million Apple UDIDs, but the group claimed to have over 12 million UDIDs and other personal information, which it apparently gathered after breaching the Dell Vostro of an FBI operative.

 During the second week of March 2012, a Dell Vostro notebook, used by Supervisor Special Agent Christopher K. Stangl from FBI Regional Cyber Action Team and New York FBI Office Evidence Response Team was breached using the AtomicReferenceArray vulnerability on Java, during the shell session some files were downloaded from his Desktop folder one of them with the name of “NCFTA_iOS_devices_intel.csv” turned to be a list of 12,367,232 Apple iOS devices including Unique Device Identifiers (UDID), user names, name of device, type of device, Apple Push Notification Service tokens, zipcodes, cellphone numbers, addresses, etc.

“NCFTA_iOS_devices_intel.csv” looks like it stands for the National Cyber-Forensics and Training Alliance, which “functions as a conduit between private industry and law enforcement.” (http://www.ncfta.net/)

Apple previously said it would limit developer access to UDIDs, but the Pastebin post asserted AntiSec published the identifiers, after first leaving out full names, cell numbers and addresses, to warn folks about the FBI tracking U.S. citizens with the mobile data.

Fun Fact: 166 devices in the data set  are named “Titanic” or “The Titanic” because of the “Titanic is syncing” joke.

Cydia creater Saurik took to Hacker News to note that it is unlikely that the source was from jailbreaking:

I run Cydia, and have determined only 16.7% of the UDIDs in that file are from jailbroken devices: I thereby do not believe that whatever managed to get this data is anywhere in our ecosystem.

Read more

Steve Jobs’ FBI file reveals he’d been considered for a Bush 1 White House ‘sensitive position’ in 1991

Federal Bureau of Investigation has posted on its website an interesting and exhaustive file on Apple’s Cofounder and late CEO Steve Jobs. According to Gawker, which first spotted the file, the 191-page document reveals that Jobs was considered for a “sensitive position” in the Bush I White House back in 1991. It also contains results of an investigation into a 1985 bomb threat against Jobs.

How did Jobs do in High School?  2.65 GPA - hallmark of all geniuses.

An excerpt also includes comments from several people who noted Jobs’ reality distortion field, included right below.

Read more

CarrierIQ comes clean how a “bug” caused unintentional collection of text messages, while FBI rejects requests for transparency

In a matter of less than two weeks, the Carrier IQ controversy blew up and became the mainstream topic in national newspapers and evening newscast. The idea that over a hundred million cell phone owners weren’t aware of an app that secretly collect personal information without their consent has had privacy advocates cry foul.

Making the privacy scare even more scary, The Federal Bureau of Investigation refused to release information about its own use of Carrier IQ in response to the request under the Freedom of Information Act filed December 1 by Michael Morisy. David Hardy, who’s with the Bureau, replied:

The material you requested is located in an investigative file which is exempt from disclosure. I have determined that the records responsive to your request are law enforcement records; that there is a pending or prospective law enforcement proceeding relevant to these responsive records.

That the agency wasn’t forthcoming to Morisy’s request to release any manuals and documents outlining their use of data gathered by Carrier IQ only serves to underscore the lack of transparency on their part, if not a waste of taxpayers’ money. That’s not to say that Big Brother is monitoring your calls or eavesdropping on your messaging all the time, but the Bureau clearly has had this capability for a long time and could be working with Carrier IQ to downplay the media outrage.

UPDATE: Carrier IQ reacted to the FBI statement, telling VentureBeat it doesn’t don’t give your data to the FBI or any other law enforcement for that matter. “Just to clarify all of the media frenzy around the FBI, Carrier IQ has never provided any data to the FBI”, a company spokesperson said.

As we repeatedly stressed, Carrier IQ is the mobile industry’s worst kept secret. Carrier IQ CEO Larry Lenhart and vice president of marketing Andrew Coward sat down with AllThingsD’s John Paczkowski to discuss the controversial data mining software. In damage control mode, the two executives pretty much admitted to Carrier IQ’s keylogger-like capabilities and sucking your SMS messages into the cloud…

Read more