Serious iOS, OS X flaws lead to password theft in wide ranging security study

124»

Comments

  • Reply 61 of 70
    xixoxixo Posts: 449member
    Quote:

    Originally Posted by MegsOBrien View Post



    Hi, I'm Megan and I work for AgileBits, the makers of 1Password.



    For our security expert's thoughts on this article, please see our blog: https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/. If you have further questions, we'd love to hear your thoughts in our discussion forums: https://discussions.agilebits.com.

     

    thanks for that post.

  • Reply 62 of 70
    timmymantimmyman Posts: 31member
    I think the point is, and it may be a bit extreme, is that critical passwords should not be stored anywhere outside of your brain.
    My facebook, discus, my jimmyjohns order app passwords, or whatno are okay stored encrypted online...  bank, social security administation, taxes, medical records...  no.

    Using Keychain doesn't require storing anything online. So why would someone be an idiot to store their passwords offline and encrypted in Keychain? That is an extremely wise thing to do for many people. Especially when otherwise they'd likely just store it in a plaintext file.
  • Reply 63 of 70
    d4njvrzfd4njvrzf Posts: 797member
    Quote:
    Originally Posted by revenant View Post

     

    perhaps eric schmidt is right- android is more secure. 

     

    just kidding, i still feel safer.


    Well the report linked in the article does say this regarding one of the vulnerabilities:

     

    "Interestingly, compared with OS X and iOS, Android looks pretty decent in terms of its protection against

    the XARA threat: at the very least, it offers a mechanism to protect its Intent-based IPC, through assigning a private

    attribute to the service and activity or guarding them with permissions, which are missing on the Apple platforms."

  • Reply 64 of 70
    thepixeldocthepixeldoc Posts: 2,257member
    timmyman wrote: »
    Using Keychain doesn't require storing anything online. So why would someone be an idiot to store their passwords offline and encrypted in Keychain? That is an extremely wise thing to do for many people. Especially when otherwise they'd likely just store it in a plaintext file.

    ...or one of the stupidest and naive things I've ever seen just a few months ago:

    • in an Excel spreadsheet
    • named "passwords.xls"... on the desktop(!)
    • on a malware/toolbar infected (porn and music related) Win7 PC
    • not-updated since 2014
    • containing EVERY PIN and password for banking, websites, tax filing... even security locks(!)
    • 120+ with the vast majority a deviation from ONE simple word (star, exclamation, a number, etc.)


    This from a sole (and wealthy) proprietor of rather successful business. My horror and jawdrop could be heard on the street. After composing myself and trying to figure out a diplomatic way to tell the guy this was "rather dangerous and he could be liable for all damages if ever there was a problem at his bank or he was broken into", before I could go on he assured me that "he knew people" to make it right, and if I insisted he could change the name of the file.... and besides, he has a print out.... which he proceeded to show me under his writing mat(!!!) if the computer failed to boot.

    Sadly, the above an absolute extreme... but I have other clients with varying degrees and similar methods of password security. Everything from text files, to "little black books", to saving in an email to themselves(!) Also, almost every single client uses a simple password that is duplicated across sites, with and without small variations. To a person, they all claim to have nothing to hide if someone hits their FB or email. I've given up trying to get them to change their habits.

    Last note: people often forget their AppleID when they give me their devices to fix/update, yet I can often find the password by a simple search on their device. I'm always amazed at that :no:
  • Reply 65 of 70
    frantisekfrantisek Posts: 756member
    mstone wrote: »
    The easiest solution is simply never download any sketchy apps from unknown sources.

    Never store your banking password in phone or PC. The same works for info that could blow your life.
    With hackers and state sponzored groups that are searching for such flaws you are never 100% secure. More you are widely open…
  • Reply 66 of 70



    I quite agree, it is most unlikely, however, it is possible. My limited experience suggests, to me, that something has happened. How can my passwords change so often, without outside interference? I'm not an Apple-basher, I only have Apple computers, I'm on my fifth one, my second iPhone, and would never change. That doesn't mean that there is no malicious software out in the wild.

  • Reply 67 of 70
    vmarksvmarks Posts: 762editor
    Quote:

    Originally Posted by Madmanmoon View Post

     



    I quite agree, it is most unlikely, however, it is possible. My limited experience suggests, to me, that something has happened. How can my passwords change so often, without outside interference? I'm not an Apple-basher, I only have Apple computers, I'm on my fifth one, my second iPhone, and would never change. That doesn't mean that there is no malicious software out in the wild.


    I wonder what steps you've taken to troubleshoot this so far.

     

    I would consider installing something like little snitch and selectively allowing apps to use the network connection, while changing a password and watching to see if they get changed- There's something suspicious at work, but I wonder if it's a vulnerability (something you installed, or something that installed without your knowledge) or someone who had access to your computer pranking you.

  • Reply 68 of 70
    vuduvudu Posts: 28member
    October 2014 until Mid June 2015: One heck of a window.
    That%u2019s more than Google gave Microsoft before releasing word of vulnerabilties.

    Hmmm. Think Different Strokes.
  • Reply 69 of 70

    hello 

    sir how are you sir i have know any idea for this idea for this i am helpless you contact to me next time i am giving a link to you this link is helpfull you

    thanks to contact me 

    thanks

    ..................................

    .........

    [url=http://www.rjavatutorial.tk] java tutorial [/url]

  • Reply 70 of 70

    hello 

    sir how are you sir i have know any idea for this idea for this i am helpless you contact to me next time i am giving a link to you this link is helpfull you

    thanks to contact me 

    thanks

    [url=http://www.rjavatutorial.tk] java tutorial [/url]

Sign In or Register to comment.