Linked by Thom Holwerda on Mon 1st Apr 2013 12:25 UTC
Apple "Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. [...] It isn't. It's a troubling symptom that suggests Apple's self-admittedly bumpy transition from a maker of beautiful devices to a fully-fledged cloud services provider still isn't going smoothly. Meanwhile, your Apple ID password has come a long way from the short string of characters you tap to update apps on your iPhone. It now offers access to Apple's entire ecosystem of devices, stores, software, and services."
Permalink for comment 557268
To read all comments associated with this story, please click here.
it happens to everyone
by kristoph on Mon 1st Apr 2013 16:39 UTC
Member since:

You know last April there was a 0 day flaw in hotmail, last November there was a Gmail security flaw, did you write a 'when will Microsoft/Google get serious about security?' articles. I know you think it's ok to be biased but, really?

Security problems creep up for all companies, it's in a inescapable part of a rapid/agile software development process. The battle between security/stability and progress has been waged and progress won.

Ironically, these days, Microsoft is probably the company that spends the most of security in their consumer software and it's hampering their ability to innovate and it has not eliminated all security issues.

Apple does what everyone else does. They run automated security tests and when those tests don't cover a particular case a security lapse occurs. Although this exploit was 'dead simple' it was also not at all 'obvious' as it was not previously discovered.

Reply Score: 1