Linked by Thom Holwerda on Mon 1st Apr 2013 12:25 UTC
Apple "Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. [...] It isn't. It's a troubling symptom that suggests Apple's self-admittedly bumpy transition from a maker of beautiful devices to a fully-fledged cloud services provider still isn't going smoothly. Meanwhile, your Apple ID password has come a long way from the short string of characters you tap to update apps on your iPhone. It now offers access to Apple's entire ecosystem of devices, stores, software, and services."
Permalink for comment 557274
To read all comments associated with this story, please click here.
RE: it happens to everyone
by BallmerKnowsBest on Mon 1st Apr 2013 18:12 UTC in reply to "it happens to everyone"
BallmerKnowsBest
Member since:
2008-06-02

You know last April there was a 0 day flaw in hotmail, last November there was a Gmail security flaw, did you write a 'when will Microsoft/Google get serious about security?'


Fallacy ahoy: false equivalence. Not that your question would make sense anyway, since Thom wasn't the author of this article to begin with.

Of course, the difference is that those were relatively new flaws, while Apple has consistently released products with security vulnerabilities that everyone else learned how to avoid years (if not decades) ago. That, and Microsoft/Google tend to fix those issues quickly, as opposed to Apple's approach of "steadfastly deny that the problem even exists, then maybe get around to fixing it after 2-3 weeks of bad press."

I know you think it's ok to be biased but, really?


Please. Everyone knows that, coming from an iFanboy, "biased" really just means "not sufficiently-biased in favor of Apple." Not that I should be surprised, of course, since that's a standard apologetics tactic: when you can't refute the message, then attack the messenger.

Apple does what everyone else does. They run automated security tests and when those tests don't cover a particular case a security lapse occurs.


More false equivalence. If you think Apple's security is the same as "everyone else", then maybe you should look up the name "Mat Honan":

http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacki...

A company with the size and resources of Apple has absolutely NO excuse for regularly releasing products with such basic, serious security failings. And it shouldn't be surprising to anyone: when you have a "technology" company with "form over function" as its guiding philosophy, those types of engineering failures are inevitable.

Although this exploit was 'dead simple' it was also not at all 'obvious' as it was not previously discovered.


Switching gears to the post-hoc fallacy? The fact the flaw wasn't discovered previously doesn't prove anything about its obviousness, it just proves that the flaw wasn't discovered previously (derp).

It's equally possible that the flaw went undiscovered because barely anyone actually uses the service. Actually, that's probably more likely, given the way that Apple's previous attempts at online services/social media were all spectacular failures.

Reply Parent Score: 5