3 https://www.washingtonpost.com/news/the-switch/wp/2014/09/02/apples-basically-blaming-hack-victims-for-not-
securing-their-own-icloud-accounts/
4 http://www.theguardian.com/technology/2013/nov/21/github-accounts-compromised-in-brute-force-attack
Case in Point: Brute Force
In September 2014, a large number of famous Apple iCloud users
3
were
surprised to find intimate photos and other sensitive information leaked
on the Internet. The culprit according to Apple was weak passwords. To
help address the long list of issues with password security and brute-
force guessing, Apple introduced an important rate-limiting backstop to
prevent attackers from deploying scripts that gain unauthorized access.
Another example was Github's breach in November 2013. In this case,
Github's repository was hit with access attempts from 40,000 different
IP addresses
4
. These large-scale, brute-force attacks cannot be thwarted
using passwords alone. Rate limiting, fingerprinting and other techniques
must also be used to protect users and data.
