Re: [funsec] Apple's faith-based security taking a hammering
On Sep 13, 2011, at 11:18 PM, Nick FitzGerald wrote: Valdis to Joel Esler: Oh, I'm a fanboy. Anyone knows that. I'm also a believer in the factor that most humans are stupid and set their passwords to password. Am I the only one surprised that unintentional mis-spellings of password aren't higher up the most frequently used password lists? Although I tend to have some sympathy with Joel's position, fortunately (?) most password creation software/interfaces is actually produced by people with a few more security clues than your typical Mac fan boy, and require the entry and re-entry of passwords during the creation process. This presumably puts a significant crimp on the rate of creation of unintentionally mis-spelled passwords. My thought behind the whole thing is that iTunes accounts are getting hacked by brute force of the password. I have no proof that /this/ is the way these hacks are taking place, just a theory. J ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Apple's faith-based security taking a hammering
On Wed, 14 Sep 2011 10:40:22 EDT, Joel Esler said: My thought behind the whole thing is that iTunes accounts are getting hacked by brute force of the password. There are indications that at least some are being done via phishing, and there have been complaints about the fact that iTunes passwords get cached - which means that if you enter the iTunes password for one purpose and then your kid is playing with the device, the app can zing you for a second transaction without the kid having to enter the password again. pgpjeTXBkUgCs.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Twitter and t.co
Twitter is unreachable (for me) at the moment. Interestingly, the first indication that I had of this was that, quite suddenly, almost none of the links from Twitter postings worked anymore. Twitter now shortens just about every link submitted via it's own t.co. Definitely a single point of failure. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The secret of the demagogue is to make himself as stupid as his audience so they believe they are clever as he. - Karl Kraus victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Guns don't kill people. And you're not allowed to say they do.
http://www.msnbc.msn.com/id/44523638#.TnEkvNStFBl You have *got* to be kidding me ... (OK, yes, the story is about the law being struck down. But that it ever passed in the first place, or was even proposed ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org You have done all this, and I have said nothing, so you thought that I am like you. - Ps. 50:21 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Hack into school computer then inform them of the breach = bad idea
http://lubbockonline.com/interact/blog-post/bert-knabe/2011-09-14/hack-school-computer-then-inform-them-breach-bad-idea Databreaches.net reports that after 2 years the FBI has finally returned Mark Short's computer. In 2009 Mark informed the Leanda ISD that their web site was vulnerable to attack because their welcome page included images with usernames and passwords. The ISD's response was to call the police and the FBI, who treated Mr. Short's report of a vulnerability as evidence that he is a dangerous, malicious hacker. They confiscated his laptop without a warrant, and they confiscated the computer he worked on at his job - which caused such a stressful work atmosphere that he felt compelled to leave. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.