订阅

多平台阅读

微信订阅

杂志

申请纸刊赠阅

订阅每日电邮

移动应用

专栏 - 苹果2_0

名人裸照事件是苹果的错吗?

Philip Elmer-DeWitt 2014年09月05日

苹果(Apple)公司内部流传着一个老笑话,那就是史蒂夫·乔布斯周围是一片“现实扭曲力场”:你离他太近的话,就会相信他所说的话。苹果的数百万用户中已经有不少成了该公司的“信徒”,而很多苹果投资者也赚得盆满钵满。不过,Elmer-DeWitt认为,在报道苹果公司时有点怀疑精神不是坏事。听他的应该没错。要知道,他自从1982年就开始报道苹果、观察史蒂夫·乔布斯经营该公司。
苹果应当对iCloud上发生的这一切负多大责任?不仅是对这些好莱坞名流,还对所有那些不够聪明,将密码泄露给来路不明的陌生电子邮件的用户。这取决于你如何定义“漏洞”和“保护”。

资料图:裸照被流出的好莱坞女星詹妮弗•劳伦斯

    让苹果(Apple)十分沮丧的是,iCloud名流裸照泄露事件就像长了超模的长腿一样传得飞快。

    科技记者正在从交易这些照片的“疯狂地沉迷于名流裸照和色情报复的亚文化群”中寻找蛛丝马迹。英国小报正在积极地探寻“始作俑者”,即发布这些照片的黑客。而与伦敦新闻界类似的网络界,也在炮制各种能够归为“苹果安全问题”的报道——无论它们到底有多不相干。最新的一篇相关报道来自明星八卦网站Gawker:《伊娃•朗格利亚称苹果“追星族”员工盗窃了她的个人信息。》(Eva Longoria Says Star-Struck Apple Employees Stole Her Information)

    与此同时,苹果在周二发布了一篇字斟句酌的媒体公告。隐私专家们对其进行了仔细审读,试图从字里行间找出苹果干了却没公之于众的事。

    公告的节选内容如下:

    “在经历了40多个小时的调查后,我们发现,在这次针对性地破解用户名、密码和安全问题的攻击中,某些明星的账户被黑客盗用……目前调查过的此次受影响的账户,无一是因为iCloud或Find my iPhone等苹果系统的漏洞所致……为了保护用户免受类似的攻击,我们建议所有用户设置高强度密码,并激活两步验证功能。”(我的重点)

    文中的“漏洞”这个词用得很有艺术性。如果你将詹妮弗•劳伦斯用来储存照片的iCloud账户看作上锁的保险箱,那么就是有人用钥匙(她的用户名和密码)直接闯了进去。他们没有对电脑做类似于大锤破墙或是从天花板吊下来之类的举动。

    从Unix安全领域的专业术语来看,苹果公司的声明等于是说:劳伦斯的账户被黑客破解了,这不关苹果的事。

    “保护”也有一些站不住脚。尽管苹果推荐用户激活两步验证功能,但并未就此做出硬性规定,而且安装相关工具也并不方便。此外,苹果还传达了关于iCloud和互联网的错误信息:这是一个危险的地方,充满了讨厌的人。

    此外,我们也不能完全肯定两步验证能否防止那些R级和X级的自拍照流出。网络的阴暗角落中,满是拥有警用级别的黑客工具的人,只要他们拿到了iCloud用户名和密码,就能下载任何人的照片流。

    问题的关键在于,苹果应当对iCloud上发生的这一切负多大责任——不仅是对这些好莱坞名流,还对所有那些不够聪明,将密码泄露给来路不明的陌生电子邮件的用户。

    不论是巧合还是有意,这一事件可能会让苹果面临最糟糕的时刻——马上苹果就将举行大型的媒体发布会,届时或许将推出新的支付系统,但这得建立在顾客相信公司能够保证他们财物安全的基础上。

    看看iCloud名流裸照泄露事件中的反对者怎么说吧,这一段来自《每日邮报》(Daily Mail):“公众担忧的是自己隐私遭窃的事件被如此轻描淡写地带过了。这让人们感到恐惧:拥有数百万用户的iCloud对任何人而言,都不是一个储存敏感信息的安全之处。”

    周三收盘时,苹果的股价为98.94美元,较之周二的最高价103.30美元下跌了4.36美元。(财富中文网)

    译者:严匡正

    Much to Apple’s dismay, the nude-celebs-on-the-iCloud story has legs like a supermodel.

    Tech reporters are filing dispatches from the “crazy, obsessive subculture of celebrity nudes and revenge porn” where such photos are exchanged. British tabloids are in hot pursuit of “Original Guy,” the hacker who took credit for posting the current crop. And the Web equivalent of Fleet Street is trotting out any story — no matter how irrelevant — that can be filed under the “Apple security” slug. The latest from Gawker: Eva Longoria Says Star-Struck Apple Employees Stole Her Information.

    Meanwhile, the carefully crafted media advisory Apple issued Tuesday is being scrutinized by privacy experts for what it did and didn’t say.

    The operative bits:

    After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions… None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone… To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification.” (emphases mine)

    “Breach” in this context is a term of art. If you think of the iCloud account where Jennifer Lawrence stored her photos as a locked vault, someone got into it with the key (her login and password). They didn’t do the computer equivalent of sledgehammering through a wall or dropping in through the ceiling panels.

    What the company saying, in the technical language of Unix security, is that Lawrence got hacked, not Apple.

    “Protect” is also a little squishy. While Apple’s two-step verification is recommended, it’s not required, not that easy to install and from Apple’s point of view sends the wrong message about iCloud and the Internet: That it’s a dangerous place full of unsavory people.

    Moreover, it’s not at all clear that two-step verification would have kept those R- and X-rated selfies from getting out. The dark corners of the Web are filled with guys with police-grade hacking tools who can, given an iCloud login and password, download just about anybody’s photo stream.

    The issue, at heart, is to what extent Apple is responsible for everything that happens on iCloud — not just to Hollywood celebrities, but to any user foolish enough to offer up their passwords to unsolicited e-mails from people they don’t know.

    By accident or design, the issue has come to a head at the worst possible time for Apple — a week before a major media event at which Apple is expected to unveil a new payment system that depends on customers trusting the company to keep their money safe.

    “Worringly for the general public,” reads the kicker in typical nude-celebs-on-iCloud story, this one in the Daily Mail, “is how simple the posters make their privacy theft seem — and raises the frightening prospect that Apple’s iCloud used by millions is not safe for anyone to store sensitive information on.”

    Apple shares closed Wednesday at $98.94, down $4.36 (4.22%) following Tuesday’s all-time high of $103.30.

我来点评

  最新文章

最新文章:

中国煤业大迁徙

500强情报中心

财富专栏