LAS VEGAS (CNNMoney) -- The iPhone's baked-in security has improved
dramatically over the past few years, which is great for Apple fans.
In a weird way, it's good for hackers too.
With the "bring your own device" phenomenon in full-swing, Apple
(AAPL, Fortune 500) has been successful at getting its iPhones and
iPads into the hands of Fortune 500 companies and even many government
agencies, including the White House and the U.S. military. To make
those sales, Apple had to update its iOS mobile operating system with
some of the industry's most robust security features.
That had a nasty unintended consequence: Many app developers no longer
put their own safeguards in place, relying instead almost exclusively
on Apple to ensure the security of their applications.
With thousands of apps in the iTunes App store all featuring the same
exact security features, one single vulnerability could have a domino
effect.
"Security is now an afterthought for many app developers," said
Jonathan Zdziarski, senior forensic scientist at viaForensics, in a
presentation at the Black Hat cybersecurity conference in Las Vegas on
Thursday. "That means if you hack one, you can hack them all."
Apple declined to comment.
The tech giant made its first official appearance at Black Hat this
year with a session on iOS's security features, but the dry
presentation was little more than a public reading of a white paper
Apple recently released. Presenter Dallas De Atley, Apple's platform
security team manager, took no questions after his talk and quickly
escaped out a side door.
A few rooms away, Zdziarski simultaneously delivered his workshop on
"The Dark Art of iOS Application Hacking."
The scenarios Zdziarski outlined are scary, but they're also far-fetched.
To hack all the apps on your phone, a hacker would need to: 1) steal
your iPhone, which isn't so hard, and 2) discover and exploit an iOS
vulnerability before Apple does. That's proven to be very hard. It has
happened before -- most notably when serial Apple hacker Charlie
Miller found a way to sneak a rogue app into Apple's fiercely guarded
iTunes store. (When he publicized the hack, Apple yanked his developer
license.)
Still, so-called "zero day exploits" on iOS have been extremely rare.
Friday, July 27, 2012
Thursday, June 7, 2012
Article: They’re Real: Crazy Daredevil Robots That Fly, Build, And Make Their Own Decisions
They're Real: Crazy Daredevil Robots That Fly, Build, And Make Their Own Decisions
http://www.fastcodesign.com/1669981/theyre-real-crazy-daredevil-robots-that-fly-build-and-make-their-own-decisions
(Sent from Flipboard)
What linkedin should do now?
Given the recent security breaches (lost password file) and negative
comments about its use of calendar data, I believe that Linkedin needs
some soul searching and find next steps. I have the following
suggestions:
1: Linkedin should take defense in depth approach and revisit the
overall architecture to find potential security holes. One example is
not to use SHA-1 for password hash, use stronger hash algorithm such
as SHA-512 instead. And enforce password policy and complexity, etc.
Linkedin will benefit a lot by hiring a seasoned security director who
has worked extensively in a big consulting firm such as CGI who has
been able to approach the security from defense in depth perspectives
and led many big federal projects (not just one product or one company
like Linkedin) to FISMA compliance and provides high level security.
2: Linkedin recent acquisition of SliderShares is a very smart move.
The next move should target professional video educational service
such as http://www.udemy.com , vimeo, etc.
3: Linkedin should leverage its massive data to do deeper analytic to
predict job trends, company strength, potential merge and acquisition
etc.
4) Linkedin should include a blog site which would not limit the size
of text and allow user to share the blog.
5)Linkedin should create a startup community to link recent startup
companies to share ideas.
6) Linkedin should send more targeted e-mail updates to users based on
its analysis on people's professional interests. For example, my
professional interests are on the cloud, mobile security. I have
joined many such groups and posted many such updates. But, it seems to
me Linkedin did not get it and did not send relevant updates from my
contacts to me via e-mail.
More to follow ...
comments about its use of calendar data, I believe that Linkedin needs
some soul searching and find next steps. I have the following
suggestions:
1: Linkedin should take defense in depth approach and revisit the
overall architecture to find potential security holes. One example is
not to use SHA-1 for password hash, use stronger hash algorithm such
as SHA-512 instead. And enforce password policy and complexity, etc.
Linkedin will benefit a lot by hiring a seasoned security director who
has worked extensively in a big consulting firm such as CGI who has
been able to approach the security from defense in depth perspectives
and led many big federal projects (not just one product or one company
like Linkedin) to FISMA compliance and provides high level security.
2: Linkedin recent acquisition of SliderShares is a very smart move.
The next move should target professional video educational service
such as http://www.udemy.com , vimeo, etc.
3: Linkedin should leverage its massive data to do deeper analytic to
predict job trends, company strength, potential merge and acquisition
etc.
4) Linkedin should include a blog site which would not limit the size
of text and allow user to share the blog.
5)Linkedin should create a startup community to link recent startup
companies to share ideas.
6) Linkedin should send more targeted e-mail updates to users based on
its analysis on people's professional interests. For example, my
professional interests are on the cloud, mobile security. I have
joined many such groups and posted many such updates. But, it seems to
me Linkedin did not get it and did not send relevant updates from my
contacts to me via e-mail.
More to follow ...
Thursday, May 17, 2012
Friday, March 9, 2012
eWeek Europe : Windows Phones To Include High-End Email Encryption
This post sounds interesting :
<p>Microsoft is partnering with Good Technology for a Windows Phone solution that offers encrypted end-to-end messaging</p>
To continue reading
: http://www.techweekeurope.co.uk/news/windows-phones-to-include-high-end-email-encryption-63595
eWeek Europe : Google To Patent Fibre Optic Cable Deployment Method
This post sounds interesting :
<p>The "edging strip" could make fibre-to-the-home installation simpler by removing needed to dig trenches in customers' gardens</p>
To continue reading
: http://www.techweekeurope.co.uk/news/google-to-patent-fibre-optic-cable-deployment-method-63776
Subscribe to:
Posts (Atom)