Unless you’ve been ignoring the Internet for the past month, you’ve undoubtedly heard about the iCloud hack that has resulted in the leak of countless nude celebrity photos. But what actually happened?
Essentially, the hackers found a loophole in the iCloud service that didn’t limit the number of incorrect password attempts. So all they had to do was use one of the vast selection of free applications available on the internet built to guess common passwords (generally from an existing library of known favourites) until one of them worked; this is also known as ‘brute force’. Once they gained access to the user accounts, they downloaded the images and videos and leaked them onto the internet.
As embarrassing as it is for the likes of Jennifer Lawrence, Kate Upton and Kirsten Dunst, this infamous hack has also had a horrid impact on the reputation of cloud computing. Suddenly, all of the questions about the security of the cloud are being raised once again.
However, this particular situation can be attributed to an oversight by not only the specific service architects in question, but also the iCloud architects team responsible for application and service certification, rather than the failure of cloud. If the service had employed either a set number of password attempts as is found as a default in many out-of-the-box solutions, or trusted certificates between the device and cloud, or even simply a two-step verification process, this whole situation could’ve probably been avoided. Somewhere down the line, someone made a mistake.
This is why cloud vendors need to be held more accountable for the security of their products. The cloud is the way of doing business nowadays and for the foreseeable future. As such, vendors need to be held more accountable and follow both legal and governance requirements. Security is paramount to cloud users, and vendors need to take all the necessary measures to ensure they’re meeting security policies and SLAs.
In a way, cloud architecture is not so different to the architecture of a house. When you build a house, you need to ensure that it is designed in a way that’s both functional and secure. If the house lacks gates and doors, don’t be surprised if you find unwanted visitors inside and helping themselves to your possessions. This is why security needs to be top of mind in all architectural designs, not an as afterthought.
On another note, it would also help if celebrities stopped taking nude pictures altogether.
Article from Memeburn