Linked by Thom Holwerda on Mon 1st Apr 2013 12:25 UTC
Apple "Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. [...] It isn't. It's a troubling symptom that suggests Apple's self-admittedly bumpy transition from a maker of beautiful devices to a fully-fledged cloud services provider still isn't going smoothly. Meanwhile, your Apple ID password has come a long way from the short string of characters you tap to update apps on your iPhone. It now offers access to Apple's entire ecosystem of devices, stores, software, and services."
Thread beginning with comment 557270
To read all comments associated with this story, please click here.
Ongoing improvements
by bowkota on Mon 1st Apr 2013 16:43 UTC
bowkota
Member since:
2011-10-12

The article makes some good points but it's also completely flawed.
I think they were writing this for some time, then Apple introduced the improved authentication system (albeit only in a few countries) and kind of screwed it up for them.

Apple does indeed need to improve more on security.
However, they've not been idle. Gatekeeper (great for non-tech savvy people) and sandboxing on the mac. They're certainly working on it.

As for iOS, well go check out malmware on Google playstore and then come back. And I'm not even mentioning the countless numerous security flaws which don't get patched up on Android because it takes months (if ever) to get an update.

MS is doing a much better job.

PS: what's up with the layout. Lot's of useless images, uneven formatting, not what we're used to seeing from the Verge; looks like a rushed job.

Reply Score: 1

RE: Ongoing improvements
by BallmerKnowsBest on Mon 1st Apr 2013 18:12 in reply to "Ongoing improvements"
BallmerKnowsBest Member since:
2008-06-02

The article makes some good points but it's also completely flawed.


Don't worry, I'm sure no one here expected you have a different take on it.

As for iOS, well go check out malmware on Google playstore and then come back.


And? Hate to break it to you, but "malmware" [sic] still makes it into the app store, despite the supposed infallibility of Apple's approval process. So compared to Android, iOS has severely limited functionality - and all you get for that tradeoff is a false sense of security. Now THERE's a value proposition!

And even that requires giving Apple the benefit of the doubt, taking Apple at their word that the app store approval process is primarily intended to protect end users... As opposed to just protecting Apple from competition and anything else they deem undesirable.

And I'm not even mentioning the countless numerous security flaws which don't get patched up on Android because it takes months (if ever) to get an update.


So... your point is that OS updates are more difficult with a diverse platform like Android, compared to a single-vendor monoculture like iOS? Stop the presses!

Reply Parent Score: 3

RE[2]: Ongoing improvements
by Nelson on Tue 2nd Apr 2013 03:55 in reply to "RE: Ongoing improvements"
Nelson Member since:
2005-11-29


And? Hate to break it to you, but "malmware" [sic] still makes it into the app store, despite the supposed infallibility of Apple's approval process. So compared to Android, iOS has severely limited functionality - and all you get for that tradeoff is a false sense of security. Now THERE's a value proposition!


Sure, it gets in everywhere, but I don't think you can deny that Android has a significantly bigger malware problem than the other platforms.

I'm unsure how Apple gives you a false sense of security, because I wasn't aware that this was related to the specific type of security issues that curated app stores mitigate.



So... your point is that OS updates are more difficult with a diverse platform like Android, compared to a single-vendor monoculture like iOS? Stop the presses!


No one cares about the excuse, only what actually is. The current case is that Android devices are sometimes shut out from critical security patches over carrier politics.

Reply Parent Score: 3

RE: Ongoing improvements
by moondevil on Tue 2nd Apr 2013 11:14 in reply to "Ongoing improvements"
moondevil Member since:
2005-07-08

The Windows NT family of operating systems is also quite secure since the early days.

Windows problems on those systems were not the security mechanisms not being available, but rather developers and users turning them off by running as Administrator all the time.

Many Mac OS X non technical users seem to be doing the same nowadays.

Reply Parent Score: 3

RE: Ongoing improvements
by JAlexoid on Tue 2nd Apr 2013 14:46 in reply to "Ongoing improvements"
JAlexoid Member since:
2009-05-19

As for iOS, well go check out malmware on Google playstore and then come back. And I'm not even mentioning the countless numerous security flaws which don't get patched up on Android because it takes months (if ever) to get an update.


I did, since you didn't. And malware is a non-issue on the Play Store.(I mean password stealing, premium SMS sending and security controls overcoming apps.)

Reply Parent Score: 2