All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: photography and
Thank you for purchasing through links and ads on this site.
diglloyd Deal Finder...
Buy other stuff at
Upgrade the memory of your 2018 Mac mini up to 64GB
Handpicked deals...
$2998 $2498
SAVE $500

$1199 $920
SAVE $279

$1999 $1599
SAVE $400

$2799 $2399
SAVE $400

$400 $280
SAVE $120

$1798 $1598
SAVE $200

$3297 $2797
SAVE $500

$3397 $2797
SAVE $600

$1398 $898
SAVE $500

$3698 $2998
SAVE $700

$1799 $1329
SAVE $470

$1999 $1199
SAVE $800

$2249 $1549
SAVE $700

$2399 $2049
SAVE $350

$2799 $1899
SAVE $900

$997 $897
SAVE $100

$2099 $1699
SAVE $400

$1999 $1369
SAVE $630

$1349 $949
SAVE $400

$4499 $3999
SAVE $500

$1499 $1029
SAVE $470

$1499 $1289
SAVE $210

$2199 $1999
SAVE $200

$3399 $2199
SAVE $1200

$2418 $1718
SAVE $700

So You Actually Trust Your Sensitive Data to Apple’s iCloud ?

Like your date of birth, one of the all too common security questions for 'reset password' requests? I use a fake one whenever I can. And I disable syncing of my contact list or data to iCloud.

Choice excerpts from in Password denied: when will Apple get serious about security?.

Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online.

Apple initially simply put a maintenance sign over the iForgot page, preventing ordinary password resets. But even then, a hacker could still force a password reset and skip Apple’s security questions simply by entering in a URL as if the page were still accepting resets, fooling the still-online server into thinking those two questions had been successfully answered. When it became aware that user passwords were still vulnerable, Apple then took the iForgot server completely offline, which it could (and arguably should) have done straight away until the security hole had been plugged.


It would be easy to retrieve copies of device backups, documents, contacts, mail, and messages from the cloud but otherwise leave a user’s profile intact; by the time a user knows something is amiss, he or she would only be aware that his or her old password is no longer functioning. Criminals don’t need continued access to users’ digital identities if they can browse full copies of their cloud data at leisure. Even strong encryption can be broken when time is no longer a factor.

All of this underscores the seriousness of Apple’s security lapse with iForgot. This was a high-priority system defeated with an extremely common form submission hack. It’s the equivalent of breaking into someone’s home by opening a first-floor window someone forgot to lock. Then imagine it happening again and again and again.

How could such a well-known type of exploit been missed in even a basic security audit? The likely answer: a competent audit was never made. Think about that. Call it blossom rot.

Both Amazon and Microsoft have detailed, extensive, public privacy and security policies for their cloud services. Both companies have every point in their systems audited by independent third parties. They have multiple certifications, which are used both within industry to establish reliability and verify that the services satisfy laws governing things like private medical information or use by government services. They permit their customers to deploy their own penetration testing. They’re members of the Cloud Security Alliance, a nonprofit that establishes industry best practices for data security. The CSA also includes Google, Box, HP, Rackspace, VMWare, Intel, Adobe, Oracle, and nearly every other company with a significant presence in cloud computing and storage.

Apple’s not part of the CSA. In fact, Apple does none of these things. It doesn’t have or advertise any of the external certifications available for IT security. And Apple won’t disclose how its security audits are conducted, or by whom.

Reached by The Verge, Apple declined to answer whether iCloud security had ever been audited by a third party. Apple won’t disclose whether any part of its cloud security is even audited internally apart from that governing its customer service group. Pressed on these questions, an Apple representative sent links to its public security FAQs, which doesn’t address them.

Declined to answer? Think about the implications of such a weasel response.

I remain deeply distrustful of the cloud in general. You only have to be compromised once for short and likely long-term damage.

Sadly, perhaps the far greater risk is the government tax authorities that now require electronic filing of just about everything (now required by law here in California for many things). Your most sensitive data—and you are required by law to submit it, every year. We can of course rely upon governmental authorities to quickly notify us when their systems are compromised.

So you do what you can do: choose what data you trust with whom.

OWC Thunderbolt 3 Dock
Ideal for any Mac with Thunderbolt 3

Dual Thunderbolt 3 ports
Gigabit Ethernet
5K and 4K display support plus Mini Display Port
Analog sound in/out and Optical sound out

Works on any Mac with Thunderbolt 3
USB-C Travel Dock

Fast charging with up to 100W!

HDMI, SD card reader,
USB-C port, 2 USB Type-A ports
Built-in cable self-stores neatly.
See also OWC 14-port Thunderbolt 3 Dock"
View all handpicked deals...

Sony Alpha a7R III Mirrorless Digital Camera Body with Accessories Kit
$2998 $2498
SAVE $500 | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__