By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: September 1, 2014

Monday, 1 September 2014

‘Find My iPhone’ Flaw: Login Attempts Weren’t Rate-Limited ★

Owen Williams, reporting for The Next Web:

An alleged breach in Apple’s iCloud service may be to blame for countless leaks of private celebrity photos this week.

On Monday, a Python script emerged on GitHub (which we’re not linking to as there is evidence a fix by Apple is not fully rolled out) that appears to have allowed malicious users to ‘brute force’ a target account’s password on Apple’s iCloud, thanks to a vulnerability in the Find My iPhone service. Brute-force attacks consist of using a malicious script to repeatedly guess passwords in an attempt to discover the correct one.

Anand Lal Shimpi Heads to Apple ★

Anand Lal Shimpi is hanging it up at AnandTech for a job at Apple. Wow.