In our day-to-day work we see too many cases of employees divulging sensitive information without first verifying the legitimacy of the request.This form of hacking works by studying which online services your target uses, before compiling as much information on them as possible, such as their email address, a mother's maiden name, a date of birth, and more.Other notable services to allow users to access files remotely include Dropbox and Google Drive, which enable users to keep more of their files close to hand without taking up huge amounts of memory on their devices.
The supposed hacker behind the scandal has claimed that they broke into stars' i Cloud accounts, including those of Dunst, Hunger Games actress Jennifer Lawrence, Kate Upton and Rihanna, before publishing them on 4chan, the image-sharing forum.
Kirsten Dunst has become the first celebrity to publicly criticize Apple after it emerged that a flaw in the 'Find My i Phone' function of its i Cloud service may have helped a hacker to steal nude photos of her and '100 other celebrities'.
'The FBI is aware of the allegations concerning computer intrusions and the unlawful release of material involving high profile individuals, and is addressing the matter.
Any further comment would be inappropriate at this time.'Following the publication of the images on Sunday night, experts have voiced their concerns over how the hacker managed to access them, claiming a specific flaw in the 'Find My i Phone' service may have been to blame.
The flaw was spotted by The Next Web on Github (screengrab pictured).
Brute force, also known as brute force cracking, is a trial-and-error method used by to get plain-text passwords from encrypted data When activated, it automatically stores users' photos, emails, documents and other information in a 'cloud', allowing them to sync the data across a range of platforms. Users can then access their information from any internet-connected device using a log-in and password.The service secures data by encrypting it when it is sent over the web, storing it in an encrypted format when kept on server, and using secure tokens for authentication.When activated, the service automatically stores users' photos, emails, documents and other information in a 'cloud', allowing them to sync the data across a range of platforms. Earlier today, The Next Web spotted code on software development site Github, that would have allowed malicious users to use ‘brute force’ to gain an account’s password on Apple i Cloud, and in particular its Find my i Phone service.Owen Williams from The Next Web, who discovered the bug, said: 'The Python script found on Git Hub appears to have allowed a malicious user to repeatedly guess passwords on Apple's "Find my i Phone" service without alerting the user or locking out the attacker.'Given enough patience and the apparent hole being open long enough, the attacker could use password dictionaries to guess common passwords rapidly.Many users use simple passwords that are the same across services so it's entirely possible to guess passwords using a tool like this.'If the attacker was successful and gets a match by guessing passwords against Find my i Phone, they would be able to, in theory, use this to log into i Cloud and sync the i Cloud Photo Stream with another Mac or i Phone in a few minutes, again, without the attacked user's knowledge.Rob Cotton, CEO at web security experts NCC Group added: 'Cyber security is not just a technology problem, humans are very much key to its success.