Nytro Posted January 3, 2015 Report Posted January 3, 2015 Hacker Releases New Tool to Brute-Force Attack iCloud Passwords Posted on January 3, 2015 by Waqas Reports emerged of a new tool claiming the ability to successfully carry out password dictionary attacks on any iCloud account without being detected by Apple’s security. It seems that the vulnerability has just been patched and anyone trying to use this tool is being locked out of repeated password attempts. Earlier in September, Apple had reported that it had already patched up one hole that allowed brute-force attacks like these. The tool’s source code, released on GitHub, showed nothing extremely advanced. It just attempts every possible word out of its give 500 word list and tries it out for the password of any iCloud account email. The tool, judging from its source code, does not show that it will succeed at cracking passwords. Passwords that are not from the 500-word dictionary present in this tool are safe but it still posed a risk as many people do use simple dictionary words as their iCloud passwords. While this tool was crude and unsuccessful, more weathered hackers could develop it and use a much larger word list to use than this one. Apple appears to have resolved the hack now which simply relied on pretending to be an iPhone device. What is surprising is that fact that Apple allows indefinite requests without turning towards password locking after a certain number of requests for instance. At the same time this was happening, the Photos app for iCloud has been pulled and it is not yet clear if there is a connection between both stories.Sursa: http://hackread.com/brute-force-attack-icloud-passwords/ Quote
tukulie Posted January 4, 2015 Report Posted January 4, 2015 greu, foarte greu ca din cele 500de parole sa fie cea buna.. in general se pun litere mari mici si cifre, uneori chiar si semne de punctuatie.sunt sanse de 1 la 1000 ca un cont sa fie asociat cu una din parolele de acolo. Quote
