[funsec] Apple's faith-based security taking a hammering
http://news.techeye.net/security/apples-faith-based-security-taking-a-hammering For the last year, hackers have been able to crash through Apple's faith-based security and spend other user's cash, and Jobs' Mob has been unable to stop them. The first reports were in November 28, 2010, when a user moaned on an Apple support forum that someone had spent more than $50 of his iTunes Store credit on iPhone apps. His home address was replaced with an address in Towson, Maryland... The list of complaints has gone to 700 posts with a hacker, or hackers able to spend iTunes gift card credit without permission. While Apple has been refunding some of its users, it has not given cash back to others, but acknowledged no wrongdoing or iTunes hacking However Apple will only refund money once, and customers that are hit for a second time are being told to go forth and multiply. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Apple's faith-based security taking a hammering
Joel Esler wrote: Protip: Use better passwords. As you're clearly not a holder of the faith -- all fan boiz know Steve and Apple are just waaay too cool to even need passwords, their software is just so secure -- your advice is totally irrelevant... Regards, Nick FitzGerald ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Apple's faith-based security taking a hammering
On Sep 13, 2011, at 6:42 PM, Nick FitzGerald wrote: Joel Esler wrote: Protip: Use better passwords. As you're clearly not a holder of the faith -- all fan boiz know Steve and Apple are just waaay too cool to even need passwords, their software is just so secure -- your advice is totally irrelevant... Oh, I'm a fanboy. Anyone knows that. I'm also a believer in the factor that most humans are stupid and set their passwords to password. J ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Apple's faith-based security taking a hammering
On Tue, 13 Sep 2011 18:52:44 EDT, Joel Esler said: Oh, I'm a fanboy. Anyone knows that. I'm also a believer in the factor that most humans are stupid and set their passwords to password. Am I the only one surprised that unintentional mis-spellings of password aren't higher up the most frequently used password lists? pgpZdUfFMInYt.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Apple's faith-based security taking a hammering
Valdis to Joel Esler: Oh, I'm a fanboy. Anyone knows that. I'm also a believer in the factor that most humans are stupid and set their passwords to password. Am I the only one surprised that unintentional mis-spellings of password aren't higher up the most frequently used password lists? Although I tend to have some sympathy with Joel's position, fortunately (?) most password creation software/interfaces is actually produced by people with a few more security clues than your typical Mac fan boy, and require the entry and re-entry of passwords during the creation process. This presumably puts a significant crimp on the rate of creation of unintentionally mis-spelled passwords. Regards, Nick FitzGerald ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.