• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] FW: Security cuts both ways
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] FW: Security cuts both ways

  • Subject: Re: [Fed-Talk] FW: Security cuts both ways
  • From: "O'Donnell, Dan" <email@hidden>
  • Date: Mon, 06 Aug 2012 20:26:47 +0000
  • Thread-topic: [Fed-Talk] FW: Security cuts both ways
Title: FW: [Fed-Talk] Security cuts both ways
It's not an either/or situation – it's both. And more.

The journalist was negligent in not having backups. (And he should know better.)
He was victimized by the culprit who was able to engineer through the auth protocols. (Not the victim's fault.)
Apple's authentication protocol was apparently deficient. The other auth protocols required by the other companies may not be sufficient either.

There is some good content to study in all the authentication cross-linking he had established across the various domains, which made it easy for the culprit to attack once he owned one of the accounts in one of the domains. This could have been – as in, might have been or might not have been - solved with multi factor authentication, but may have required coordination between the commercial entities governing the domains. (And good luck with that, given how much they compete, argue, disagree with and sue each other.) It might also have been solved by the victim if he had refused to do the cross linking and instead kept independent authenticators for each set of domain accounts.


From: "<van Bronkhorst>", "Erik W. (CHLK)" <email@hidden>
Date: Monday, August 6, 2012 10:56 AM
To: "email@hidden" <email@hidden>
Subject: [Fed-Talk] FW: Security cuts both ways

Backups are more important
WR
Erik
--


------ Forwarded Message
From: Bryan Jones <email@hidden>
Date: Sat, 04 Aug 2012 19:31:00 +0000
To: Todd Heberlein <email@hidden>
Cc: Fed Talk <email@hidden>
Subject: Re: [Fed-Talk] Security cuts both ways

Take home:

Multi factor authentication is important.



Bryan



On Aug 4, 2012, at 1:18 PM, Todd Heberlein <email@hidden>
 wrote:
An interesting story and cautionary tale

Yes, I was hacked. Hard.
http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard


__________________________________________________________________________

This email message is for the sole use of the intended recipient(s) and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: [Fed-Talk] Macs at NASA
  • Next by Date: [Fed-Talk] Q. How do upgrade 2/3 year old MBP 15" with broken HD to mount lion?
  • Previous by thread: Re: [Fed-Talk] Macs at NASA
  • Next by thread: [Fed-Talk] Q. How do upgrade 2/3 year old MBP 15" with broken HD to mount lion?
  • Index(es):
    • Date
    • Thread