Linked by Thom Holwerda on Mon 1st Apr 2013 12:25 UTC
Apple "Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. [...] It isn't. It's a troubling symptom that suggests Apple's self-admittedly bumpy transition from a maker of beautiful devices to a fully-fledged cloud services provider still isn't going smoothly. Meanwhile, your Apple ID password has come a long way from the short string of characters you tap to update apps on your iPhone. It now offers access to Apple's entire ecosystem of devices, stores, software, and services."
Permalink for comment 557283
To read all comments associated with this story, please click here.
RE[2]: it happens to everyone
by Tony Swash on Mon 1st Apr 2013 23:01 UTC in reply to "RE: it happens to everyone"
Tony Swash
Member since:

Of course, the difference is that those were relatively new flaws, while Apple has consistently released products with security vulnerabilities that everyone else learned how to avoid years (if not decades) ago. That, and Microsoft/Google tend to fix those issues quickly, as opposed to Apple's approach of "steadfastly deny that the problem even exists, then maybe get around to fixing it after 2-3 weeks of bad press."

The fact that Apple could do more on security and the fact that Apple, like everyone in the tech business, faces escalating and mutating threats which they sometimes initially fail to spot is obviously true, but I find the way that Google and Microsoft are held up as paragons of security virtue to be risible. One of those companies makes the desktop PC OS upon which 90% plus of actual real world malware exploits takes place and the other makes the mobile OS upon which 90% plus of actual real world malware exploits takes place.

As far as consumers are concerned Microsoft systematically and comprehensively lost it's reputation in relation to security because of the vast global ecosystem of criminal malware that developed on it's platform. Slamming the barn door after that horse bolted will not get that reputation back, it's probably gone for good.

Because in the real world almost no Apple desktop customers ever experienced any actual security problems Apple created a premium brand in relation to security which it will only lose if there is a sustained and serious real world malware outbreak on any of it's products that adversely effects large numbers of it's customers. Apple managed to carry over that solid security reputation into the mobile arena and the security benefits of the curated App store model only enhanced it further. One reason why the iOS app ecosystem grew so vertiginously was because the apps were cheap and safe.

Google and Android are skating on this ice because the rapidly escalating scale of malware on the Android platform has not yet seriously dented it's brand, but it could hit a tipping point and then it's reputation could seriously suffer.

Because Apple has a premium brand, and one part of that brand is a premium reputation for security amongst the general public, any security weakness is bound to attract a lot of media attention. Apple seem to be taking security very seriously given the scale of corporate hires and investment related to security. iTunes is now the world's largest digital vendor by quite a margin and so is a juicy target and it is partly successful for it's ease and convenience so any beefed up security must be as unobtrusive as possible.

I wonder what Apple will do with this technology and when?

Reply Parent Score: -3