I hadn't heard this exactly, but Apple's public statement did include a mention of security questions. Their statement was pretty vague. They say that there was "a very targeted attack on user names, passwords and security questions".

Still, that's not really an exploit of iCloud's service. If they chose security questions that someone could find the answer to, I wouldn't consider that an iCloud exploit. I do think that the use of security questions should be reevaluated, but they're a pretty standard practice these days. Even if someone forces a reset of your password, under normal circumstances you should notice that the password has changed the next time you log in.

Part of the problem is that these things are being reported badly by the press. A study shows some minor correlation between coffee drinkers and... let's say... people who suffer from heart disease. The news the next day is, "Coffee causes heart attacks".

Another part of the problem is, for a while, we apparently didn't even bother to study things scientifically. Research would show a correlation between being overweight and heart disease, and that was pretty valid. But then the assumption was made: If you want less fat on your body, you should have less fat in your diet. Since you have to eat something, replace meat with bread. Since you want food to taste good, replace fat with sugar. Or replace fat with vegetable products, because vegetables are healthier than meat, right?

Except that we hadn't really studied that stuff. It turns out, the bread and sugar and transfats are probably worse than having some level of meat and fat in your diet.

Finally, the fact is that we have a hard time studying diet. It's rare that you see anything resembling a controlled study, and you certainly don't see controlled studies going over long periods of time. We can't just gather up a couple thousand random people and give them a highly controlled diet for 20 years to see how their bodies respond.

I don't think it was even that simple. I didn't read the article in detail because it seemed dumb, but the author seemed to be talking about spoofing a trusted destination for WiFi iPhone backups.

So if you set up your iPhone to sync over WiFi, and if you connect to a compromised WiFi network, and *if* that network has a machine that manages to spoof the computer that you sync your iPhone to, the iPhone will sync to that computer instead, which might sync sensitive information.

That's a very special set of conditions, and it's not clear how you would spoof the computer that's serving as a sync destination.

First, I don't think that it's known that the accounts were compromised with iBrute. People made the connection because the leak happened shortly after iBrute was announced, but there have been many suggestions that the photos had been acquired months or years before that. That makes it pretty unlikely that the accounts were accessed using iBrute. And Apple seems to deny that the accounts were accessed by exploiting "Find My iPhone".

Second, their comment about "bad passwords" is valid regardless, and would be valid even if the passwords had been accessed through brute force attacks. Brute force attack mitigation is specifically helpful in protecting accounts with weak passwords. If your password is strong enough, a brute force attack should still take a prohibitively long time to succeed.

From what I've been reading, it seems most likely that only some of these photos came from compromised iCloud accounts, and those accounts were probably not compromised due to an exploit of iCloud's service. There was just a news story about 5 million Gmail passwords being leaked, but it doesn't seem that it was from a exploit of Google's services either. Most likely, they were all acquired by phishing, or other non-technical attacks.

I skimmed the article, so I may have missed something, but the attacks that they're talking about generally entail having physical access to the phone, offline access to the phone's backup, phishing for passwords, or WiFi man-in-the-middle attacks *if* you can manage to spoof a computer that the iPhone trusts.

Which is to say, these aren't tremendous vulnerabilities on Apple's part. An attacker might be able to pull off a brute-force attack on your encrypted password-protected iPhone backup if they have an offline copy, if the password is weak. Well golly! Everyone better stop using their iPhone right away.

That's not true.

I'm sure lots of people would be like, "Of course he's not watching movies on his own surface. How on earth would he have a movie on his own skin? But maybe he's watching movies on his iPad. Duh!"

I wonder what's going to happen to the other features, though. Part of the great thing about Google Voice (formerly Grand Central) was that you could route and filter the calls. You could say, "If my girlfriend calls this number, put her directly through to my cell phone. If my boss calls during working hours, ring both my cell and my desk phone. If my boss calls after hours, ring my cell phone twice and then send him to voicemail with my professional voicemail greeting. If my mom calls, ring my home phone. If someone calls and the number isn't in my address book, send it directly to voicemail with an anonymous greeting."

I don't remember what all the options or limitations were, but it had some flexibility. Google Voice still does some of this stuff, but I haven't seen any of it in Hangouts.

About a year ago...2 years ago?... all the major carriers switched their plans over to include unlimited voice and SMS, while charging for data usage. Why do you think they did that?

Well Hangouts has its own app on mobile devices. It's accessible from gmail. You can get a chrome extension that makes it act more like its own stand-alone app.

By having a magnetic connector that secures the watch in place, you're probably getting the maximum efficiency possible from the inductive charger by securing the watch in place. By having an inductive charger, it (a) doesn't require a plug, saving space in the device and making it easier to charge; and (b) doesn't leave metal connectors that would be exposed to sweat and weather.

Maybe there's a better solution, but it doesn't seem like a dumb way to go about things.