iCloud: Apple Warns Users Of New Hacking Threat..Apple has warned its iCloud users to beware of new threats from hackers, particularly in China.

Chinese activists blame government for new iCloud threats.
(theguardian.com)

Amid reports of a concerted effort to steal passwords and other data from people who use iCloud online storage service in China, Apple has posted a new security warning for users of the popular service.
On Tuesday, the company via its support website said: "We're aware of intermittent organised network attacks using insecure certificates to obtain user information, and we take this very seriously." The post also says that Apple's own servers had not been compromised.
However, the company's post did not mention China or provide any details on the attacks, but it was reported on Tuesday that some Chinese internet users have begun seeing warnings that indicate they had been diverted to an unauthorised website when they attempted to sign into their iCloud accounts.
According to The Guardian, that kind of diversion, which security experts call a "man in the middle" attack, could allow a third party to copy and steal the passwords that users enter when they think they are signing into Apple's service. Hackers could then use these passwords to collect other data from the users' accounts.
Chinese activists are now blaming the attacks on the country's government, according to news reports and the Chinese activist website GreatFire.org, which suggested the campaign was spurred by the fact that Apple recently began selling its newest iPhone models, the iPhone 6 and 6 Plus, in China. The new smartphones have software with enhanced encryption features to protect Apple users' data.
Apple said in its post that the attacks had not affected users signing into iCloud from their iPhones or iPads, or on Mac computers while using the latest Mac operating system and Apple's Safari browser. But the company suggested users should verify they were connecting to a legitimate iCloud server by using the security features built into Safari and other browsers such as Firefox and Chrome. The browsers will show a message that warns users when they are connecting to a site that doesn't have a digital certificate verifying that it is authentic.
"If users get an invalid certificate warning in their browser while visiting www.icloud.com , they should pay attention to the warning and not proceed," Apple said in the post.
The attacks appear unrelated to an episode in September in which hackers stole nude photos from the iCloud accounts of several US celebrities. In that case Apple said its investigation concluded the hackers had obtained the users’ passwords through so-called "phishing attacks" or by guessing at the answers to security questions that allowed access. The company said its servers were not breached in that case.