By now, you have probably heard about the digital exposure, so to speak, of nude photos of as many as 100 celebrities, taken from their Apple iCloud backups and posted to the “b” forum on 4Chan. Over the last day, an alleged perpetrator has been exposed by redditors, although the man has declared his innocence. The mainstream media have leapt on the story and have gotten reactions from affected celebrities including Oscar winner Jennifer Lawrence and model Kate Upton.

Someone claiming to be the individual responsible for the breach has used 4Chan to offer explicit videos from Lawrence’s phone, as well as more than 60 nude “selfies” of the actress. In fact, it seems multiple "b-tards" claimed they had access to the images, with one providing a Hotmail address associated with a PayPal account, and another seeking contributions to a Bitcoin wallet. Word of the images launched a cascade of Google searches and set Twitter trending. As a result, 4Chan/b—the birthplace of Anonymous—has opened its characteristically hostile arms to a wave of curious onlookers hoping to catch a glimpse of their favorite starlets’ naked bodies. Happy Labor Day!

This breach is different from other recent celebrity "hacks" in that it used a near-zero-day vulnerability in an Apple cloud interface. Instead of using social engineering or some low-tech research to gain control of the victims' cloud accounts, the attacker basically bashed in the front door—and Apple didn't find out until the attack was over. While an unusual, long, convoluted password may have prevented the attack from being successful, the only real defense against this assault was never to put photos in Apple's cloud in the first place. Even Apple's two-factor authentication would not have helped.

Read 10 remaining paragraphs | Comments

WWW File Share Pro v7.0 - Denial of Service Vulnerability
Avira License Application - Cross Site Request Forgery Vulnerability
Re: SSH host key fingerprint - through HTTPS
Re: SSH host key fingerprint - through HTTPS
Pro Chat Rooms Multiple Security Vulnerabilities
srvx Multiple Denial of Service Vulnerabilities
Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
PPP 'options.c' CVE-2014-3158 Remote Integer Overflow Vulnerability
SSH host key fingerprint - through HTTPS
[SECURITY] [DSA 2987-2] openjdk-7 regression update
IETF and W3C XML Digital Signature Specification HMAC Truncation Authentication Bypass Vulnerability
CFP Deadline Approaching - Third International Conference on Informatics & Applications | Malaysia
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460)
Re: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
ManageEngine DeviceExpert CVE-2014-5377 User Credentials Information Disclosure Vulnerability
Google Chrome CVE-2014-3171 Use After Free Remote Code Execution Vulnerability
Google Chrome CVE-2014-3169 Use After Free Remote Code Execution Vulnerability
Google Chrome CVE-2014-3172 Unspecified Security Vulnerability
Google Chrome CVE-2014-3175 Multiple Unspecified Security Vulnerabilities
Internet Storm Center Infocon Status