By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: September 2, 2014

Tuesday, 2 September 2014

Notes on the Celebrity Data Theft ★

Comprehensive piece by Nik Cubrilovic on the celebrity photo theft:

After this story broke I spent some time immersed in the crazy, obsessive subculture of celebrity nudes and revenge porn trying to work out what they were doing, how they were doing it and what could be learned from it.

1. What we see in the public with these hacking incidents seems to only be scratching the surface. There are entire communities and trading networks where the data that is stolen remains private and is rarely shared with the public. The networks are broken down horizontally with specific people carrying out specific roles, loosely organized across a large number of sites (both clearnet and darknet) with most organization and communication taking place in private (email, IM).

2. The goal is to steal private media from a targets phone by accessing cloud based backup services that are integrated into iPhone, Android and Windows Phone devices. To access the cloud based backup requires the users ID, password or an authentication token.

The deepest and most reasonable piece on the situation I’ve seen.

Rich Mogull on the iCloud Celebrity Photo Leak ★

Rich Mogull, writing for TidBITS:

But Apple, like all major cloud providers, needs to step up its game, especially since it wants to store our photos, biometric information, and possibly even payment information in the cloud. These kinds of attacks are only going to increase, and online services need to make it easier for users to implement a higher level of security, without destroying the user experience. It’s the kind of challenge well-suited to Apple’s strengths, now it’s time for them to move up to the next level.

But what is the next level? I’m not sure two-factor is it, or at least not as currently implemented by Apple.

Apple Releases OS X Yosemite Developer Preview 7 ★

This is a pretty strong sign that Yosemite isn’t going to ship until October — the same schedule Mavericks was on last year. Yosemite seems like it’s in good shape, but it’s not that close to feeling like a GM release. Craig Hockenberry and I talked about this on The Talk Show this week — Craig thought Yosemite would have to ship alongside iOS 8 because of all the new “Continuity” features that require new versions of both OSes.

But that was true for iCloud Keychain last year, and it didn’t ship until iOS 7.0.3, after the October 22 event for the new iPads. I think we’ll see the same thing with Continuity this year — iOS 8.0 will ship with the new iPhones in late September, but the Continuity features won’t appear until an OS update in October.

S’Long, Jeet ★

Roger Angell, eloquent as always, on Derek Jeter’s final days in uniform:

Jeter has just about wound up his Mariano Tour — the all-points ceremonies around home plate in every away park on the Yankees’ schedule, where he accepts gifts, and perhaps a farewell check for his Turn 2 charity, and lifts his cap to the cheering, phone-flashing multitudes. He does this with style and grace — no one is better at it — and without the weepiness of some predecessors. His ease, his daily joy in his work, has lightened the sadness of this farewell, and the cheering everywhere has been sustained and genuine.

Far From Silicon Valley, Tech Industry Finds an Oracle | Reuters ★

From Noel Randewich’s July 2012 profile of Anand Shimpi for Reuters:

To make sure his reviews are ready in time for product launches, Shimpi pulls all-nighters and lays out his testing gear in hotel rooms during his frequent travels.

“If you put in an honest seven days of work - I’m not saying eight hours a day or less, I’m saying if you don’t sleep for a couple of nights, and that’s all you live and breathe and do - I think it’s possible to deliver a good review within that seven-day period,” Shimpi said.

“Anything less and you start making sacrifices.”

The first thing I do after publishing a review of a major new product is load up other reviews and see what they have to say; what they noticed that I overlooked. Shimpi’s iPhone and iPad reviews were usually the first ones I’d read. I even sat next to Anand during last year’s iPhone announcement.

I sure am curious to see what he’s going to be doing for Apple. It’s certainly Apple-like, but intriguing nonetheless, that he didn’t even mention Apple by name in his announcement that he was retiring from AnandTech. Also worth noting: former AnandTech writer Brian Klug left to join Apple earlier this year.

Apple Issues Statement on Celebrity iCloud Account Hacking ★

Apple press release:

We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.

“A practice that has become all too common on the Internet” is a weird excuse. It’s certainly true, but it suggests that we still have a major problem. If the system works by design in a such a way that accounts can be easily hijacked via bad passwords or guessable security questions, that’s a problem.

(And on the other hand, make things too secure and people will be annoyed, or worse, locked out of their accounts.)