Regardless of any known security bugs one should always assume they exist and do everything they can to reasonably protect themselves from a would-be attacker.
To me, this means using a program like 1Password* so I can have unique and complex passwords for each and every site. You can also then start using unique usernames for more sensitive sites, like you bank, and making your answers to the personal questions unique so in case someone tries to reset your password remotely.
These steps won't protect you from attackers exploiting [I]this[/I] bug but it would protect all your other accounts if, for instance, you signed on to AI with your username and password but had a different username and password for bank.
In reality you're not likely to be be victimized locally by sitting in a coffee shop but rather as a result of focused teams of hackers half a world away stealing a company's user data. This makes having individual passwords, as a bare minimum, even more important to your longterm safety on the Internet.
1Password also has a nifty feature called Security Audit which details which accounts have weak passwords, duplicate passwords, and have been using the same password for 6-12 months, 1-3 years, and 3+ years to help you better manage your accounts.
For me, this means I have to remember just 4 passwords. One to log into my Mac, one to log into my iPhone (with Touch ID I no longer use a 4-digit PIN but a proper password), one to log into 1Password, and one to log into the iCloud account I use for Find My iPhone. I'm not sure how others create passwords but I like using phrases to create long unique passwords that are easy to remember. This is an example of something longI can remember as well as type in quickly: $0methingINTHEWaySheMo\/es
PS: I'd like to here "best practice" ideas that others utilize.
* ...or LastPass or Apple's new password manager, but I think 1Password is worth paying for.
Really? I didn't know that! So, I guess they don't all work for Apple. Probably the iOS code is some kind of external OS and Apple has nothing to do with it. I that case I have no complains at all. It's not Apple fault. Not their OS, sorry! Please Apple, please, concentrate all of your resources to make the next iPhone 0.00000001 mm thinner! That's what I really want!
They were busy making the world's first 64-bit smartphone, adding Touch ID, and adding multitasking to iOS, so sorry they didn't get around to making it thinner this time.
Really? I didn't know that! So, I guess they don't all work for Apple. Probably the iOS code is some kind of external OS and Apple has nothing to do with it. I that case I have no complains at all. It's not Apple fault. Not their OS, sorry! Please Apple, please, concentrate all of your resources to make the next iPhone 0.00000001 mm thinner! That's what I really want!
It's hard to see how you could be aware of that based on your previous, idiotic comment regarding thinness.
Um, the people involved with the thickness of iPhone are not the same employees involved with source code. Last time I checked mechanical engineers are not software engineers.
The tin foil hat brigade which suggests that Apple ( or an employee) added the encryption to the source file, should go onto explain why it was then published in open source.
We don't know if that was the actual bug, either.
hey there's people who think Apple did this on purpose to force more iOS 6 holdouts to update to iOS 7.
This is yet ANOTHER excuse for 10.9.2 taking so long to get released.
10.9.1 is the buggiest Mac OS release I've seen in a very very long time. I can't believe all of the crap I've had to put up with since it came installed on my new MBPro.
I think its time to adopt some of the techniques they use in China to assure product quality, like a firing squad in the parking lot. LOL
Forbes is reporting that privacy researcher Ashkan Soltani has determined that the SSL security flaw extends to Mail, iMessages, Calendar, FaceTime, and Software Update, among others.
This woman worked on security. When a bug was found with security, she bitches about it in such a negative way that will attract attention. I wonder what part of security she worked on. She is a known hacker and she missed this. Or she introduced it.
It has already attracted attention, and she is bitching about Apple's lack of care in fixing an issue with iOS7, and thereby drawing attention to it, but leaving it open on OS X.
She didn't join Apple until late 2012, after iOS6 was released, so no, the flaw was not introduced by her.
What I find amusing is we often make fun of Android and how the latest and greatest version is only running on a small percentage of devices, and how many Android phones aren't supported by the latest software. And yet I see people complaining that there is no iOS 6 fix for phones that can run iOS 7. One could argue the fix should be based on whatever software is currently running on the device but obviously Apple wants as many people running their most current software as possible. I'm curious exactly how it would work. If you had a notification in your settings telling you a software update was available would Apple just replace that with an iOS 6 notification? And once the user updated replace it back with another iOS 7 notification?
Several of my friends using iphone had their email compromised in the last 6 months. I'm paranoid and had to setup some fake emails to use on my iphone to avoid my real emails got hacked. What a pain. Maybe smart phone is not for me, or I'm just too paranoid...
Not really. Apple can and does have multiple priorities. They can walk and chew gum at the same time.
Ya actually it did because his/her argument was that the executives made the decision to focus on the design way too much and neglected the software quality side. Kind of like how the executives of Microsoft focused way too much on Security in Windows Vista and really neglected the user experience side of the coin when it came to the release of Windows Vista.
Comments
To me, this means using a program like 1Password* so I can have unique and complex passwords for each and every site. You can also then start using unique usernames for more sensitive sites, like you bank, and making your answers to the personal questions unique so in case someone tries to reset your password remotely.
These steps won't protect you from attackers exploiting [I]this[/I] bug but it would protect all your other accounts if, for instance, you signed on to AI with your username and password but had a different username and password for bank.
In reality you're not likely to be be victimized locally by sitting in a coffee shop but rather as a result of focused teams of hackers half a world away stealing a company's user data. This makes having individual passwords, as a bare minimum, even more important to your longterm safety on the Internet.
1Password also has a nifty feature called Security Audit which details which accounts have weak passwords, duplicate passwords, and have been using the same password for 6-12 months, 1-3 years, and 3+ years to help you better manage your accounts.
For me, this means I have to remember just 4 passwords. One to log into my Mac, one to log into my iPhone (with Touch ID I no longer use a 4-digit PIN but a proper password), one to log into 1Password, and one to log into the iCloud account I use for Find My iPhone. I'm not sure how others create passwords but I like using phrases to create long unique passwords that are easy to remember. This is an example of something longI can remember as well as type in quickly: $0methingINTHEWaySheMo\/es
PS: I'd like to here "best practice" ideas that others utilize.
* ...or LastPass or Apple's new password manager, but I think 1Password is worth paying for.
They were busy making the world's first 64-bit smartphone, adding Touch ID, and adding multitasking to iOS, so sorry they didn't get around to making it thinner this time.
It's hard to see how you could be aware of that based on your previous, idiotic comment regarding thinness.
Um, the people involved with the thickness of iPhone are not the same employees involved with source code. Last time I checked mechanical engineers are not software engineers.
Wow that went right over your head Rogifan.
How would that work since the bug was introduced in iOS 7?
Researchers said it first appeared in iOS6.
Ah, I thought it was 7.0. Mea culpa. Speed reading has it's faults.
My phone was bricked after the "small" update.
Luckily, I was at home and connected to iTunes. Sucks.
10.9.1 is the buggiest Mac OS release I've seen in a very very long time. I can't believe all of the crap I've had to put up with since it came installed on my new MBPro.
I think its time to adopt some of the techniques they use in China to assure product quality, like a firing squad in the parking lot. LOL
Forbes is reporting that privacy researcher Ashkan Soltani has determined that the SSL security flaw extends to Mail, iMessages, Calendar, FaceTime, and Software Update, among others.
Also via Forbes, Kristen Paget (ex-Apple security) is not happy.
This woman worked on security. When a bug was found with security, she bitches about it in such a negative way that will attract attention. I wonder what part of security she worked on. She is a known hacker and she missed this. Or she introduced it.
It has already attracted attention, and she is bitching about Apple's lack of care in fixing an issue with iOS7, and thereby drawing attention to it, but leaving it open on OS X.
She didn't join Apple until late 2012, after iOS6 was released, so no, the flaw was not introduced by her.
Several of my friends using iphone had their email compromised in the last 6 months. I'm paranoid and had to setup some fake emails to use on my iphone to avoid my real emails got hacked. What a pain. Maybe smart phone is not for me, or I'm just too paranoid...
Not really. Apple can and does have multiple priorities. They can walk and chew gum at the same time.
Ya actually it did because his/her argument was that the executives made the decision to focus on the design way too much and neglected the software quality side. Kind of like how the executives of Microsoft focused way too much on Security in Windows Vista and really neglected the user experience side of the coin when it came to the release of Windows Vista.
Just exactly how serious is this? The threads at Mac Rumors make it seem like the biggest breach in the history of software.
Major. This is almost as bad as you can get.