Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

SSCC 88 – iTunes security, Mac malware and Google’s FCC fine

22 Apr 2012 2 Apple, Google, Law & order, Malware, Podcast, Privacy, Vulnerability

Post navigation

Previous: CISPA debate rages on in the US, what’s all the fuss about?
Next: India becomes the king of the spammers, stealing America’s crown
by Chester Wisniewski

Sophos Security Chet Chat logoOnce again Paul Ducklin joined me for this week’s Chet Chat, the last one I was able to record before heading off to InfoSec Europe.

Mac malware has a been a major topic for the last couple of weeks and Paul and I try to get past the FUD and explain what is really happening to OS X users. Emotions run deep when it comes to Mac threats, but it would be foolish to ignore them.

Apple also seems to be addressing phishing attacks against Apple ID’s (iTunes accounts) by introducing knowledge-based authentication. Paul and I discuss the benefits and risks associated with Apple’s approach.

Paul also explained the reasoning behind the $25,000 fine imposed on Google by the FTC related to their gathering of unencrypted WiFi data.

(17 April 2012, duration 16:52 minutes, size 12.2 MBytes)

You can also download this podcast directly in MP3 format: Sophos Security Chet Chat 88, subscribe on iTunes or our RSS feed. You can see all of the Sophos Podcasts by visiting our archive.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: CISPA debate rages on in the US, what’s all the fuss about?
Next: India becomes the king of the spammers, stealing America’s crown

2 comments on “SSCC 88 – iTunes security, Mac malware and Google’s FCC fine”

  1. alexanderrogge says:
    April 23, 2012 at 6:41 am

    This Knowledge-based Authentication makes the account security weaker. Where did you go to school? All I have to do is dig, and if the person isn't a random target, I can get a lot of information to aid in the attack. What's the name of your pet? Check Facebook for a start. I just did that last week for somebody. I didn't know the name of the dog, but Facebook let me find it in five minutes. Favorite teacher? Again, nothing that isn't already known to somebody, and possibly the Internet because the information was put on Facebook or any number of other sites.

    User passwords are also not secure, because a good attack will go after the administrative system and bypass all user passwords. It's happened on Facebook, and I know it's happened elsewhere. Centralized security is not a good plan. It's like having the most secure car keys that can't be copied, but there's a set of master keys that open and start every car. All I have to do is compromise the master key, and all of the individual owners' keys are compromised.

    Reply
  2. M Noivad says:
    April 23, 2012 at 6:11 pm

    That is a horrible intro for a several reasons: (1) no one under 25 knows what that (2) incredibly annoying sound is! I haven’t used a modem for 2 decades, and I will never miss that sound.

    I know the first thing I like to do when listening to a podcast is jump for the volume knob to save my ears/speakers/SO’s sleep cycle… you get the idea.

    Reply

What do you think? Cancel reply

Recommended reads

May09
by Paul Ducklin
2

RubyGems supply chain rip-and-replace bug fixed – check your logs!

May05
by Paul Ducklin
15

World Password Day – the 1960s just called and gave you your passwords back

May30
by Paul Ducklin
9

Beware the Smish! Home delivery scams with a professional feel…

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2022 Sophos Ltd. All rights reserved. Powered by WordPress VIP