You might like

2 Responses to SSCC 88 - iTunes security, Mac malware and Google's FCC fine

  1. This Knowledge-based Authentication makes the account security weaker. Where did you go to school? All I have to do is dig, and if the person isn't a random target, I can get a lot of information to aid in the attack. What's the name of your pet? Check Facebook for a start. I just did that last week for somebody. I didn't know the name of the dog, but Facebook let me find it in five minutes. Favorite teacher? Again, nothing that isn't already known to somebody, and possibly the Internet because the information was put on Facebook or any number of other sites.

    User passwords are also not secure, because a good attack will go after the administrative system and bypass all user passwords. It's happened on Facebook, and I know it's happened elsewhere. Centralized security is not a good plan. It's like having the most secure car keys that can't be copied, but there's a set of master keys that open and start every car. All I have to do is compromise the master key, and all of the individual owners' keys are compromised.

  2. That is a horrible intro for a several reasons: (1) no one under 25 knows what that (2) incredibly annoying sound is! I haven’t used a modem for 2 decades, and I will never miss that sound.

    I know the first thing I like to do when listening to a podcast is jump for the volume knob to save my ears/speakers/SO’s sleep cycle… you get the idea.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.