Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 23, 2013, 02:09 PM   #176
Badagri
macrumors 6502
 
Join Date: Aug 2012
Quote:
Originally Posted by CJK View Post
Anatomy isn't your strong point, I see.
I see I didn't say it was. You see.
Badagri is offline   0 Reply With Quote
Old Mar 23, 2013, 02:15 PM   #177
gnasher729
In Time-Out
 
Join Date: Nov 2005
Quote:
Originally Posted by k1121j View Post
does this mean now all you need to do is steal a device to change the password? how is that secure
No, it doesn't mean that. Read Apple's support page. There is the password that you use all the time. There is a super-secret code that Apple tells you once which you stash away in a safe for emergencies. And there is the phone or Mac that the user registers to receive secret codes. You need two out of these three things. For example, steal my password, and steal the phone that I registered.

If you steal my phone, then I just go to Apple's website and unregister the device using my old password and either another registered device (another phone, iPad or Mac) or my super secret password.
gnasher729 is offline   2 Reply With Quote
Old Mar 23, 2013, 04:51 PM   #178
OnceYouGoMac
macrumors 6502
 
Join Date: Aug 2012
Location: In front of my Mac
How do you change to the two-step system? And does it work for Macs or just iOS devices?
OnceYouGoMac is offline   0 Reply With Quote
Old Mar 24, 2013, 10:58 AM   #179
emulator
macrumors 6502
 
Join Date: Feb 2005
Location: In a world where occupiers are destroyed
Send a message via ICQ to emulator Send a message via AIM to emulator Send a message via MSN to emulator Send a message via Yahoo to emulator Send a message via Skype™ to emulator
There would be no issue if you could just remove your damn credit card but Apple does not allow that.

Quote:
Originally Posted by user418 View Post
What's Facebook?
It's a website where they let you create accounts with fake data and corporations are willing to throw money and free products at you just for sharing their ads with other fakes.

Last edited by emulator; Mar 24, 2013 at 11:13 AM.
emulator is offline   0 Reply With Quote
Old Mar 24, 2013, 11:39 AM   #180
rdlink
macrumors 68000
 
Join Date: Nov 2007
Quote:
Originally Posted by samcraig View Post
That sucks. Not to throw a competitor as a comparison - but that's why a bunch of my friends and colleagues switches from yahoo to gmail.

I've been with gmail since about when it started and never had an issue. Maybe you're just really popular

Umm, you might be surprised. I've looked at a bunch of my friends' Gmail accounts and found similar issues. Try this little experiment (assuming you're not already using two-factor): Log into Gmail, then scroll to the bottom of the page. On the lower-right, where it says last account activity, click the details button. Look long and hard at the places from where your account has been accessed. I can guarantee that almost anyone using Gmail without two factor authentication will likely be signing up after looking at that.
__________________
Desktop, Desktop, Laptop, Phone, Tablet
rdlink is offline   0 Reply With Quote
Old Mar 24, 2013, 03:37 PM   #181
samcraig
macrumors G5
 
Join Date: Jun 2009
Quote:
Originally Posted by rdlink View Post
Umm, you might be surprised. I've looked at a bunch of my friends' Gmail accounts and found similar issues. Try this little experiment (assuming you're not already using two-factor): Log into Gmail, then scroll to the bottom of the page. On the lower-right, where it says last account activity, click the details button. Look long and hard at the places from where your account has been accessed. I can guarantee that almost anyone using Gmail without two factor authentication will likely be signing up after looking at that.
Have always monitored that on both my gmail accounts.

I'm also pretty diligent about logging out all sessions except the one I'm using.

That feature though isn't the end-all/be-all. I have found that it can give me wonky info based on if I'm logging in via cell vs ATT hotspot vs work vs home, etc. My work has a few IP addresses and also depends on if I'm going through vpn or not.

But as a practice - it's good that Google can show you what sessions are active. I'm not sure yahoo or other mail services have that
samcraig is offline   0 Reply With Quote
Old Mar 25, 2013, 12:39 AM   #182
quickmac
macrumors regular
 
Join Date: Feb 2011
Quote:
Originally Posted by needfx View Post
too many security issues accumulating lately
Everyone knew these things would happen one day. Apple is pretty unprepared for the increasing security threats to their systems. They rode the "obscurity" protection too long and didn't do enough to prepare for what everyone else saw coming as Apple got popular. Expect more like this.
quickmac is offline   0 Reply With Quote
Old Mar 25, 2013, 09:01 AM   #183
rdlink
macrumors 68000
 
Join Date: Nov 2007
Quote:
Originally Posted by samcraig View Post
Have always monitored that on both my gmail accounts.

I'm also pretty diligent about logging out all sessions except the one I'm using.

That feature though isn't the end-all/be-all. I have found that it can give me wonky info based on if I'm logging in via cell vs ATT hotspot vs work vs home, etc. My work has a few IP addresses and also depends on if I'm going through vpn or not.

But as a practice - it's good that Google can show you what sessions are active. I'm not sure yahoo or other mail services have that
I understand, and I'm glad you're watching it. But I'm not talking about IP addresses not immediately recognizable because I might have been using a hotspot, or been on my work network. I'm talking about obvious access from computers in other countries on other continents, using OSs that I haven't used in years. Seen it on others', as well. Just a really good idea to watch it, and since Google offers the two-factor for free I would definitely recommend using it. It's really given me peace of mind.
__________________
Desktop, Desktop, Laptop, Phone, Tablet
rdlink is offline   0 Reply With Quote
Old Mar 25, 2013, 09:28 AM   #184
iGrip
Banned
 
Join Date: Jul 2010
Send a message via ICQ to iGrip Send a message via AIM to iGrip Send a message via MSN to iGrip Send a message via Yahoo to iGrip Send a message via Skype™ to iGrip
Quote:
Originally Posted by rdlink View Post
Umm, you might be surprised. I've looked at a bunch of my friends' Gmail accounts and found similar issues. Try this little experiment (assuming you're not already using two-factor): Log into Gmail, then scroll to the bottom of the page. On the lower-right, where it says last account activity, click the details button. Look long and hard at the places from where your account has been accessed. I can guarantee that almost anyone using Gmail without two factor authentication will likely be signing up after looking at that.
Nope. I checked the log, and i can identify each location as a place where I checked my email.

How does anybody know your password? How do they get into your account without knowing it?

----------

Quote:
Originally Posted by rdlink View Post
i understand, and i'm glad you're watching it. But i'm not talking about ip addresses not immediately recognizable because i might have been using a hotspot, or been on my work network. I'm talking about obvious access from computers in other countries on other continents, using oss that i haven't used in years. Seen it on others', as well. Just a really good idea to watch it, and since google offers the two-factor for free i would definitely recommend using it. It's really given me peace of mind.
1.

----------

Quote:
Originally Posted by rdlink View Post
i understand, and i'm glad you're watching it. But i'm not talking about ip addresses not immediately recognizable because i might have been using a hotspot, or been on my work network. I'm talking about obvious access from computers in other countries on other continents, using oss that i haven't used in years. Seen it on others', as well. Just a really good idea to watch it, and since google offers the two-factor for free i would definitely recommend using it. It's really given me peace of mind.
1. Use a strong password.

2. Don't use a service like Google for anything that is sensitive. if you want to trade secrets via email, use a real email program with POP3 access. If all your mail (or anything else) is sitting on some third party server, it is not secure. "The Cloud' is NOT secure or private. Keep your stuff locally.
iGrip is offline   0 Reply With Quote
Old Mar 25, 2013, 11:15 AM   #185
phillipduran
macrumors 6502a
 
phillipduran's Avatar
 
Join Date: Apr 2008
Location: Iowa
Ugh.

Lets see, lets use a user ID we freely give out to friends and all manner of online websites. It's probably on our business cards. Next will authenticate with data that is available through public records for all citizens.

Bravo.

----------

Quote:
Originally Posted by quickmac View Post
Everyone knew these things would happen one day. Apple is pretty unprepared for the increasing security threats to their systems. They rode the "obscurity" protection too long and didn't do enough to prepare for what everyone else saw coming as Apple got popular. Expect more like this.
I don't think they EVER rode the obscurity protection. That was Window users explanation as to why they were a steaming pile of malware poo and Mac was mostly untouched. It must be because no one has a Mac that they are so safe right?? Well now that they are no longer some nich OS and there are tons and tons of OSX computers out there, they are still no where near as vulnerable as other OS's.

We should have seen a HUGE increase in the amount of Mac malware due to the growth and acceptance of OSX but we are not seeing that.

They did prepare, they built the OS with security in mind. That is why we haven't seen the amount of malware and viruses that you see in the Windows world.

Most of what you see right now is malware that is installed by users by clicking OK to install requests. It's not easy to secure a system against user installed apps.
__________________
That's "Geniuses," not Genii, genius.
To err, is PC.
phillipduran is offline   0 Reply With Quote
Old Mar 25, 2013, 11:59 AM   #186
cjmillsnun
macrumors 68020
 
Join Date: Aug 2009
Quote:
Originally Posted by iGrip View Post
Nope. I checked the log, and i can identify each location as a place where I checked my email.

How does anybody know your password? How do they get into your account without knowing it?

----------



1.

----------



1. Use a strong password.

2. Don't use a service like Google for anything that is sensitive. if you want to trade secrets via email, use a real email program with POP3 access. If all your mail (or anything else) is sitting on some third party server, it is not secure. "The Cloud' is NOT secure or private. Keep your stuff locally.
Bad bad advice. You need an encrypted email service for anything private. Email sends and receives in the clear. If you must use unencrypted email for sensitive data, put it in a document then compress and encrypt that. Send the key to decrypt the message by another means (text message or calling the person).

Even locally held is not secure or private as there is a risk of intercept during sending and/or receiving.
__________________
Mid '14 rMBP 15" 2.8 GHz, 16 GB RAM, 1 TB SSD; iPhone 5S 16GB
cjmillsnun is offline   0 Reply With Quote
Old Mar 25, 2013, 12:14 PM   #187
iGrip
Banned
 
Join Date: Jul 2010
Send a message via ICQ to iGrip Send a message via AIM to iGrip Send a message via MSN to iGrip Send a message via Yahoo to iGrip Send a message via Skype™ to iGrip
Quote:
Originally Posted by cjmillsnun View Post
Bad bad advice. You need an encrypted email service for anything private. Email sends and receives in the clear. If you must use unencrypted email for sensitive data, put it in a document then compress and encrypt that. Send the key to decrypt the message by another means (text message or calling the person).

Even locally held is not secure or private as there is a risk of intercept during sending and/or receiving.
By secret, I did not mean real, bona fide secrets. for that, your advice is (mostly) sound.

I was talking about stuff like personal details of your life. Low level secrets.

For real secrets, you use asymmetrical encryption, with a public and private key. Sending a key to your recipient, as you suggest, is inherently unsafe, and if you can do it with reliable security, you may as well just transmit the original message that way.

Google public key cryptography for more info.
iGrip is offline   0 Reply With Quote
Old Mar 25, 2013, 02:21 PM   #188
rdlink
macrumors 68000
 
Join Date: Nov 2007
Quote:
Originally Posted by iGrip View Post
Nope. I checked the log, and i can identify each location as a place where I checked my email.

How does anybody know your password? How do they get into your account without knowing it?

----------



1.

----------



1. Use a strong password.

2. Don't use a service like Google for anything that is sensitive. if you want to trade secrets via email, use a real email program with POP3 access. If all your mail (or anything else) is sitting on some third party server, it is not secure. "The Cloud' is NOT secure or private. Keep your stuff locally.
Sorry, but those are not good assumptions or suggestions. First of all, my passwords were strong. No single-factor password is hack proof. Period.

Second, POP email is just as insecure as IMAP. The mails still go through carrier's servers. And in many cases downloaded POP mails stays on servers even after being downloaded to the local machine.

I'm glad your gmail account hasn't been hacked. Yet. But anyone using the internet at all who is serious about protecting their data in this day and age needs to be taking advantage of two-factor authentication whenever possible.

As far as "trading secrets" is concerned, almost every email I send or receive has the potential of "trading secrets." I don't want my personal conversations in anyone else's hands, and I definitely don't want communications between my financial institutions and myself to be viewed by anyone else, no matter how innocuous those communications may seem.

Also keep in mind that someone doesn't have to be looking for you specifically to find you. Your name, email address or other personal information could be in the records of another entity that could have been hacked.

Also, while on my soapbox I will make this recommendation to anyone who has a strong internet presence, and takes their security and privacy seriously. Purchase a good identity theft monitoring package. I personally use a package from one of the three big credit reporting agencies, and it only costs me $18 a month. Comes with unlimited credit reports from all three bureaus, and a credit score check whenever I want. Also notifies me of any activity on my files, and is completely customizable. $18 a month is a bargain for that peace of mind.
__________________
Desktop, Desktop, Laptop, Phone, Tablet
rdlink is offline   0 Reply With Quote
Old Mar 25, 2013, 04:09 PM   #189
Bantz
macrumors member
 
Join Date: Dec 2012
Quote:
Originally Posted by keysofanxiety View Post
Oh no, a bug in Apple's software. That's far worse than Google doing things like oh, let's say tracking you for marketing purposes. Glad you've got your priorities.
I would consider this a hell of a lot worse than seeing some adverts.
Bantz is offline   0 Reply With Quote
Old Mar 25, 2013, 11:33 PM   #190
iGrip
Banned
 
Join Date: Jul 2010
Send a message via ICQ to iGrip Send a message via AIM to iGrip Send a message via MSN to iGrip Send a message via Yahoo to iGrip Send a message via Skype™ to iGrip
Quote:
Originally Posted by rdlink View Post
Sorry, but those are not good assumptions or suggestions.
I've thought about it, and I concede that you and the other poster (who said largely the same things) are each correct.

I think I was talking more about my discomfort with leaving sensitive email on Google's servers than I was thinking about the inherent insecurity of POP email. Yes - POP is equally insecure. But at least they're not authorized to scan it for keywords, unlike Gmail, where your correspondence generates directed advertising. Gmail kind of horrifies me.

So what do you do to keep your email confidential? Do you use Tor for browsing?
iGrip is offline   0 Reply With Quote
Old May 4, 2013, 01:30 AM   #191
quickmac
macrumors regular
 
Join Date: Feb 2011
Quote:
Originally Posted by phillipduran View Post
Ugh.

Lets see, lets use a user ID we freely give out to friends and all manner of online websites. It's probably on our business cards. Next will authenticate with data that is available through public records for all citizens.

Bravo.

----------



I don't think they EVER rode the obscurity protection. That was Window users explanation as to why they were a steaming pile of malware poo and Mac was mostly untouched. It must be because no one has a Mac that they are so safe right?? Well now that they are no longer some nich OS and there are tons and tons of OSX computers out there, they are still no where near as vulnerable as other OS's.

We should have seen a HUGE increase in the amount of Mac malware due to the growth and acceptance of OSX but we are not seeing that.

They did prepare, they built the OS with security in mind. That is why we haven't seen the amount of malware and viruses that you see in the Windows world.

Most of what you see right now is malware that is installed by users by clicking OK to install requests. It's not easy to secure a system against user installed apps.

They most surely rode the "obscurity protection" wave. Just look at the "I'm a Mac vs PC" commercials. And they're still obscure when it comes to computers which explains why there still isn't much malware out there on Macs.
quickmac is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple ID password reset email unexpectedly received jennyp iCloud and Apple Services 4 May 23, 2014 02:36 PM
General: FYI Apple shut down Apple ID and iCloud password reset due to security flaw BumpyFlatline Jailbreaks and iOS Hacks 4 Mar 23, 2013 09:35 AM
Evernote Issues Password Reset After Security Breach MacRumors iOS Blog Discussion 37 Mar 17, 2013 10:08 PM
Evernote Security Notice: Service-wide Password Reset Michaelgtrusa Mac Applications and Mac App Store 2 Mar 2, 2013 06:27 PM
Apple Flooded with iCloud Password Reset Requests Amid Tightened Account Security Controls MacRumors MacRumors.com News Discussion 91 Sep 26, 2012 03:03 PM

Forum Jump

All times are GMT -5. The time now is 12:21 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC