Philip Lieberman President Lieberman Software

Philip Lieberman, President & CEO, Lieberman Software sheds some light on the Apple iCloud hack. "The hack was a two part attack.  The first part of the attack was obtaining the email addresses (Apple IDs) of the targets.  The second part of the attack was understanding that the iCloud service had a flaw that allowed an unlimited number of bad password attempts without lockout or alerting. 

Knowing that the iCloud service did not lock out bad password attempts allowed the attacker to try different lists of works, phrases and character combinations from existing dictionaries of words (dictionary attack) and ultimately use every possible combination of letters, numbers and punctuation via a brute force attack if desired.
 
Apple should have logs containing IP addresses of all parties connecting to their services and using this information, they should be able to quickly identify attackers executing large numbers of logon attempts.
 
This does beg the question of Apple’s incompetence in security operations.  They should have detected large numbers of logon attempts from a specific address in a short period of time, and their iCloud system should have provided lockout functionality after a fixed number of bad passwords.  The technology to protect their clients from these attacks is trivial to implement and costs little to operate.  One would think that after the previous Find My IPhone hack, that Apple would have realized that they needed to clean up their act in security.
 
To be clear, Apple was not penetrated, they simply were using a lock on their customer’s accounts that was commercially incompetent.  However, since Apple customers agree to an End User License Agreement (EULA) that effectively limits Apple’s liability to effectively zero, Apple has little to no direct financial damage, but reputation damage could be significant.  Users should remember that they are using a consumer grade service with Apple and that much more secure systems exist for file storage and should be used for sensitive data.”

Lieberman Software pioneered the privileged identity management space by releasing the first product to this market in 2001. Since then, the company has regularly updated and expanded its privilege management  solution set, while growing its customer base in this vibrant market. Lieberman Software also develops a line of long-standing Windows security management tools.

Lieberman Software now has more than 1,200 global customers, including more than 40 percent of the Fortune 50. The company is a Microsoft Gold Application Development Partner, an Oracle Gold Partner and an HP Silver Business Partner.

The company is headquartered in Los Angeles, CA with offices and channel partners located around the world. All product development and testing operations are based in the United States.