Wednesday, March 27, 2013

Apple Enables Two-Step Verification to Thwart Account Hijacking

Apple Enables Two-Step Verification to Thwart Account Hijacking:

"Apple has turned to two-step verification to improve the security defenses against account hijacking for Apple iTunes and App Store.
The feature—which was announced March 21—works by sending a SMS message with a four-digit verification code in it sent from Apple that users have to enter from a "trusted device" in order to access their accounts."

Well, not quite two-factor, but getting closer.  The weakness in this is that if you are trying to make your iPhone "trusted", the SMS will go right back to that device.  For an iPad or other mobile device, This will provide another layer of verification, but if someone manages to have both their phone and other mobile device stolen, then you are back where you started.

One way to overcome this is to have a passcode on your devices. Hint -- you are NOT limited to a four digit pin.

True two-factor authentication consists of two or more of three independent elements:  Something a user knows, such as a password or a PIN; something a user possesses, such as a smartcard or ATM card; or something the user is, such as a fingerprint or other biometric data.

'via Blog this'

Friday, March 22, 2013

Pubs 'are becoming second office' | Orange UK

Pubs 'are becoming second office' | Orange UK:
"Pubs are increasingly being used as a second office, with people using them as a work base as well as having a drink, according to a new report. ..."
And you don't even have to travel to the UK to establish your office in comfortable surroundings.

Many may bemoan the idea that you are "at work" at times other than normal work hours, but once there were pagers infringing on our time outside work.  Now there is readily available email and web browsing as long as you have a network connection.  And network connections are becoming ubiquitous at eating and drinking establishments.

I was at a VMWare users group meeting in St. Louis a few months ago and when the fairly large crowd was asked how many used at least one mobile device to access work files, nearly all the participants raised their hands.  And nearly half the room admitted to having 2 or more mobile devices (i.e. smart phone, iPad, laptop, etc.)

So, for many of us professional geeks, the lines between work, social life, and home are becoming blurred. This doesn't mean we are 24/7 workers, but a couple weeks ago when we had two major snowstorms in the course of a week, the university at which I work closed for two days.  This was unprecedented  but we were able to log into our servers, do maintenance, and ensure total availability of the research clusters.

'via Blog this'

Friday, March 15, 2013

Harvard snoops through professors' email, teaches new lessons in privacy | Fox News

Harvard snoops through professors' email, teaches new lessons in privacy | Fox News:
"Even some of the smartest people can be really dumb about technology. To wit, the recent hubbub at Harvard University over the scandalous, surreptitious searching of academia's finest's e-mails. ..."
As a computer professional for nearly 25 years, I have consistently cautioned users that people like me can gain access to anything on servers we administer. I also tell them that I have better things to do than to snoop around.  People might want to read the Acceptable Use Policy that pertains to their work email.  You might be surprised at what permissions you have given to your IT department.  Even in the Ivory Tower of academic institutions there can be scant regard for rights most of us prefer to take for granted.

The bottom line is that there is NO expectation that what you write in a corporate email account is going to remain private forever. But it should take a court order, FOIA request, or some other sort of due process to extract that information, and not just an ad hoc fishing expedition as it seems to be in this article.

'via Blog this'