Results 1 to 6 of 6

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: iDict Brute Force Attacking Tool for iCloud Has Been Patched by Apple

  1. #1
    Default iDict Brute Force Attacking Tool for iCloud Has Finally Been Patched by Apple


    On Friday, a hacker released a Brute Force password-cracking tool for iCloud called iDict, which used a dictionary of about 500 commonly-used words to try and guess at passwords that didn't have any numbers or symbols in them. The hacker's reason for releasing the tool publicly was to raise awareness of the issue and escalate Apple's urgency to fix the issue.

    As it would appear, the hacker has achieved his goal. Apple has fixed the problem with being able to guess at an iCloud password an infinite amount of times on a device cloaked to be an iPhone, which is exactly what the iDict tool took advantage of by tricking the iCloud Web site into thinking that the computer trying to get into an iCloud account was an iPhone.

    Normally, from any other device, an iCloud account would be locked out of after enough failed attempts to guess at a password, so it was odd for Apple to allow an iPhone user to guess as many times as they wanted.

    With the problem fixed, as Business Insider reported on Monday, iCloud users' accounts are now safe from the iDict tool. On the other hand, if you were vulnerable to the iDict attack in the first place, then your password is probably too simple and you may want to consider changing it to something more challenging with numbers and symbols to help protect your iCloud account.

    Hackers will continue to find clever ways around things as they always do; so while this may be the end of iDict, something else will come along in the future. To protect yourself, you should set up security questions, a good password, and never give out your password to anyone that doesn't need it (A.K.A., you're the only one that should know it).

    Sources: Business Insider

  2. #2
    If you have a simple, weak password, you deserved to be hacked. It's not that difficult to setup a secure password. It's not like the US military/govt where we are required to have a 16-character passwords that includes at least 2 of each Upper case, lower case, numbers, and special characters, ON TOP of needing your CAC ID card.

  3. The Following User Says Thank You to NSXrebel For This Useful Post:

    SpiderManAPV (2015-01-06)

  4. #3
    Green Apple
    Join Date
    Sep 2007
    Location
    Gretna, LA
    Posts
    86
    Thanks
    2
    Thanked 9 Times in 7 Posts

    Don't forget that u are required to change your password every 30 days lol

  5. #4
    Quote Originally Posted by mainc21 View Post
    Don't forget that u are required to change your password every 30 days lol
    oh yeah, I was actually gonna put that down too, but somehow I got distracted and it slipped my mind!

    Stupid NMCI and AF Portal, lets not even mention calling for support!

  6. #5
    Livin' the SPIDEY Life SpiderManAPV's Avatar
    Join Date
    Jun 2013
    Location
    Georgia USA
    Posts
    2,197
    Thanks
    1,697
    Thanked 826 Times in 526 Posts

    KeePass. Problem solved.

    ......beware......
    Just your friendly neighborhood Spider-Man!

  7. #6
    Quote Originally Posted by NSXrebel View Post
    oh yeah, I was actually gonna put that down too, but somehow I got distracted and it slipped my mind!

    Stupid NMCI and AF Portal, lets not even mention calling for support!
    Password quality wouldn't be a big deal if sites locked you out correctly after 3-5 tries.. no one deserves to have their account broken into.

    Mil password requirements are sooo stupid, everyone I worked with just had them on sticky notes because they were so complicated they couldn't remember them. ESPECIALLY when you have to change it so often.. 1, 2, 3, 4... and obviously that's much worse..

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •