{"id":7080,"date":"2017-03-22T12:30:25","date_gmt":"2017-03-22T20:30:25","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/22\/news-871\/"},"modified":"2017-03-22T12:30:25","modified_gmt":"2017-03-22T20:30:25","slug":"news-871","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/03\/22\/news-871\/","title":{"rendered":"iPhone, Mac owners: How to stymie hackers extorting Apple, threatening to wipe devices"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/article\/2016\/12\/05_passwords-100700246-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Wed, 22 Mar 2017 13:23:00 -0700<\/strong><\/p>\n<p>Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks.<\/p>\n<p>&#8220;This group is known for getting accounts and credentials, they have gotten credentials in the past,&#8221; said Lamar Bailey, director of security research and development at Tripwire, of the <a target=\"_blank\" href=\" http:\/\/www.computerworld.com\/article\/3184030\/security\/hackers-demand-150k-ransom-threaten-to-wipe-millions-of-apple-devices.html\">purported hackers<\/a>. &#8220;But whether they have that many &#8230; who knows?&#8221; <\/p>\n<p>There&#8217;s another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.<\/p>\n<p>&#8220;The best thing to in this instance is to change the [iCloud account] password, especially if it&#8217;s a weak password,&#8221; said Bailey in an interview. <i>Weak<\/i>, in Bailey&#8217;s mind, was not necessarily simply short, but &#8220;one that was in the dictionary.&#8221;<\/p>\n<p>Hackers can brute-force passwords that consist of a single real-world word &#8212; one in the dictionary &#8212; by relying on, not surprisingly, lists of words <i>from<\/i> the dictionary.<\/p>\n<p>Bailey reiterated the long-standing advice to compose passwords from numbers, letters and special characters, such as <i>&amp;<\/i> and <i>^<\/i>.<\/p>\n<p>Changing an iCloud account password is straight-forward; <a target=\"_blank\" href=\"https:\/\/support.apple.com\/en-us\/HT201487\">Apple spells out password reset on this page<\/a>.<\/p>\n<p>&#8220;They should also enable two-factor authentication,&#8221; Bailey continued, referring to the security layer available to those running iOS 9 or later on an iPhone or iPad, or OS X El Capitan (version 10.11) or later.<\/p>\n<p>iCloud\/Apple ID <i>two-factor authentication<\/i> &#8212; iCloud and Apple ID are synonymous for most users &#8212; prevents a hacker from changing credentials unless they have one of the user&#8217;s designated &#8220;trusted devices,&#8221; typically a smartphone. To access one&#8217;s iCloud\/Apple ID account &#8212; say to change the password &#8212; a person must have not only the password, but also the trusted device, which receives a verification code that also must be entered before the password reset can be processed.<\/p>\n<p><a target=\"_blank\" href=\"https:\/\/support.apple.com\/en-us\/HT204915\">Apple outlines two-factor authentication on this web page<\/a>.<\/p>\n<p>Those with iPhones, iPads or Macs that don&#8217;t meet the operating system requirements for two-factor authentication &#8212; or who don&#8217;t have any Apple device &#8212; can substitute the similar, yet different <i>two-step authentication<\/i>. <a target=\"_blank\" href=\"https:\/\/support.apple.com\/en-us\/HT204152\">Instructions for enabling and using two-step authentication are available here<\/a>.<\/p>\n<p>Because two-factor authentication isn&#8217;t a good fit for everyone &#8212; there&#8217;s a trade-off between security and usability &#8212; Bailey suggested that those who hesitate to enable two-factor should instead change passwords on a frequent basis. Many companies mandate regular password resets, for example. By changing passwords, credentials stolen by criminals can be made obsolete. <\/p>\n<p>&#8220;An alternative for two-factor is to change passwords fairly often,&#8221; said Bailey, who recommended a password manager &#8212; he used the label <i>password vault<\/i> that offers automated resets. Both LastPass, which Bailey hesitated to name because of a recent breach of its own, and Dashlane, include features that can reset multiple passwords at a time, although not for every website.<\/p>\n<p>Bailey also urged iCloud account holders to back up their devices, not just to the cloud but to local storage as well. &#8220;You don&#8217;t want to lose your pictures,&#8221; Bailey said.<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3184074\/apple-mac\/iphone-mac-owners-how-to-stymie-hackers-extorting-apple-threatening-to-wipe-devices.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt0.staticworld.net\/images\/article\/2016\/12\/05_passwords-100700246-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Gregg Keizer| Date: Wed, 22 Mar 2017 13:23:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks.<\/p>\n<p>&#8220;This group is known for getting accounts and credentials, they have gotten credentials in the past,&#8221; said Lamar Bailey, director of security research and development at Tripwire, of the <a target=\"_blank\" href=\" http:\/\/www.computerworld.com\/article\/3184030\/security\/hackers-demand-150k-ransom-threaten-to-wipe-millions-of-apple-devices.html\">purported hackers<\/a>. &#8220;But whether they have that many &#8230; who knows?&#8221;<\/p>\n<p>There&#8217;s another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3184074\/apple-mac\/iphone-mac-owners-how-to-stymie-hackers-extorting-apple-threatening-to-wipe-devices.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11077,11078,10403,714],"class_list":["post-7080","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple-ios","tag-apple-mac","tag-macos","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7080","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7080"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7080\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}