Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online.
The conventional wisdom is that this was a run-of-the-mill software security issue. "It’s the kind of server misconfiguration you see on the internet ten times a week," one might say. "And it’s not as if your iTunes password even gets you to real money. This is why Apple added two-step verification." Or, "Apple saw the hole and shut it down before most users even knew it was there. This is how things are supposed to work."
No. It isn’t. It’s a troubling symptom...
via The Verge - All Posts http://www.theverge.com/2013/3/29/4158594/password-denied-when-will-apple-get-serious-about-security
No comments:
Post a Comment