Apple's security improvements eaten by bug Apple's attempts to spruce up its flaccid security reputation appear to have backfired completely. Cupertino thought that it would be a wizard wheeze to improve security on its iCloud and iTunes accounts with a new password system. Realising that it was not much chop on security, Apple decided to copy something that Google did which sends a code to a user's mobile phone whenever they sign in from a new computer or make a purchase. This is called two-step authentication and is supposed to stop hackers accessing private information, even if they have the password. But the Apple flavour of the system had a flaw that at one point affected all customers who had not yet enabled the two-step feature. If you knew a user's email address and date of birth, Apple's own tools to reset the user's password and then their Coldplay collection was yours. All a hacker needed to do was paste in a modified URL while answering the date of birth security question on Apple's iforgot page. A red-faced Apple has since taken down its password reset tool, which is now back up with the problem fixed. However it did make a mess of all those who praised Apple's two-step security and claimed that it would force the likes of rivals, such as Amazon, to introduce similar technology. http://news.techeye.net/security/app...s-eaten-by-bug |
All times are GMT +1. The time now is 06:30. |
Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO