Security Flaw, Now Fixed, at Apple Again!

As if the fiasco with Wired journalist Mat Honan wasn't enough (How Apple and Amazon Security Flaws Led to My Epic Hacking), Apple leaves another gaping hole in its security fence.  I wonder what other skeletons are in Apple's closet!  Here's the article; click on the title to read it.

Major security hole allows Apple passwords to be reset with only email address, date of birth (update)

Here's what I know and believe: any computer system, any platform, any software can be broken into.  It is not a question of "if" but of "when."  As a particular platform is more widely used, the chances of it being hacked increase.  Why?  Because hackers tend to go after platforms that are more widely deployed so as to cause widespread damage.  Thus, I am not surprised to see security holes in Android and iOS being increasingly exploited.

Interestingly, as a platform becomes popular and more widely deployed, its security features are enhanced by software makers.  Yet, although new security flaws are discovered and fixed, hackers continue to find innovative ways to circumvent the security measures.  The original Wired article pieced together how Matt Honan's multiple online accounts were compromised, not because of flaws in technology but because of multiple procedural deficiencies at the companies involved.  One of these companies was Apple, Inc., the same company that is again in the news for a technical security flaw on its customer accounts site.

All this is not to say that Apple's security is not up to snuff or that Android is not a secure platform.  NOPE!  The important lesson here is that there are multiple vectors to compromising security, and that flaws in technology is only one of them.  As technology matures and its security flaws are addressed, hackers are turning to "social engineering" to circumvent security features that software makers build into their products.  Both the articles referenced above are an indication that security solutions should NOT be based only in technology, but in a combination of technological, procedural, and behavioral solutions.  Believing that technological solutions alone are adequate for security would be a costly mistake.



Popular posts from this blog

Why to not Buy the International Version of the Samsung Galaxy S4?

New Service to Recover a Stolen Samsung Galaxy S4 Smartphone