Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

parapup

macrumors 65816
Oct 31, 2006
1,291
49
The only people who worry about this stuff are people who are trying to hide their wrongdoing.


You're welcome.

These are also the same people that want to hide their wrongdoing from Google. Also welcome.
 

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
does this mean now all you need to do is steal a device to change the password? how is that secure

No, it doesn't mean that. Read Apple's support page. There is the password that you use all the time. There is a super-secret code that Apple tells you once which you stash away in a safe for emergencies. And there is the phone or Mac that the user registers to receive secret codes. You need two out of these three things. For example, steal my password, and steal the phone that I registered.

If you steal my phone, then I just go to Apple's website and unregister the device using my old password and either another registered device (another phone, iPad or Mac) or my super secret password.
 

rdlink

macrumors 68040
Nov 10, 2007
3,226
2,435
Out of the Reach of the FBI
That sucks. Not to throw a competitor as a comparison - but that's why a bunch of my friends and colleagues switches from yahoo to gmail.

I've been with gmail since about when it started and never had an issue. Maybe you're just really popular ;)


Umm, you might be surprised. I've looked at a bunch of my friends' Gmail accounts and found similar issues. Try this little experiment (assuming you're not already using two-factor): Log into Gmail, then scroll to the bottom of the page. On the lower-right, where it says last account activity, click the details button. Look long and hard at the places from where your account has been accessed. I can guarantee that almost anyone using Gmail without two factor authentication will likely be signing up after looking at that.
 

samcraig

macrumors P6
Jun 22, 2009
16,779
41,982
USA
Umm, you might be surprised. I've looked at a bunch of my friends' Gmail accounts and found similar issues. Try this little experiment (assuming you're not already using two-factor): Log into Gmail, then scroll to the bottom of the page. On the lower-right, where it says last account activity, click the details button. Look long and hard at the places from where your account has been accessed. I can guarantee that almost anyone using Gmail without two factor authentication will likely be signing up after looking at that.

Have always monitored that on both my gmail accounts.

I'm also pretty diligent about logging out all sessions except the one I'm using.

That feature though isn't the end-all/be-all. I have found that it can give me wonky info based on if I'm logging in via cell vs ATT hotspot vs work vs home, etc. My work has a few IP addresses and also depends on if I'm going through vpn or not.

But as a practice - it's good that Google can show you what sessions are active. I'm not sure yahoo or other mail services have that
 

quickmac

macrumors 6502
Feb 22, 2011
272
14
too many security issues accumulating lately

Everyone knew these things would happen one day. Apple is pretty unprepared for the increasing security threats to their systems. They rode the "obscurity" protection too long and didn't do enough to prepare for what everyone else saw coming as Apple got popular. Expect more like this.
 

rdlink

macrumors 68040
Nov 10, 2007
3,226
2,435
Out of the Reach of the FBI
Have always monitored that on both my gmail accounts.

I'm also pretty diligent about logging out all sessions except the one I'm using.

That feature though isn't the end-all/be-all. I have found that it can give me wonky info based on if I'm logging in via cell vs ATT hotspot vs work vs home, etc. My work has a few IP addresses and also depends on if I'm going through vpn or not.

But as a practice - it's good that Google can show you what sessions are active. I'm not sure yahoo or other mail services have that

I understand, and I'm glad you're watching it. But I'm not talking about IP addresses not immediately recognizable because I might have been using a hotspot, or been on my work network. I'm talking about obvious access from computers in other countries on other continents, using OSs that I haven't used in years. Seen it on others', as well. Just a really good idea to watch it, and since Google offers the two-factor for free I would definitely recommend using it. It's really given me peace of mind.
 

iGrip

macrumors 68000
Jul 1, 2010
1,626
0
Umm, you might be surprised. I've looked at a bunch of my friends' Gmail accounts and found similar issues. Try this little experiment (assuming you're not already using two-factor): Log into Gmail, then scroll to the bottom of the page. On the lower-right, where it says last account activity, click the details button. Look long and hard at the places from where your account has been accessed. I can guarantee that almost anyone using Gmail without two factor authentication will likely be signing up after looking at that.

Nope. I checked the log, and i can identify each location as a place where I checked my email.

How does anybody know your password? How do they get into your account without knowing it?

----------

i understand, and i'm glad you're watching it. But i'm not talking about ip addresses not immediately recognizable because i might have been using a hotspot, or been on my work network. I'm talking about obvious access from computers in other countries on other continents, using oss that i haven't used in years. Seen it on others', as well. Just a really good idea to watch it, and since google offers the two-factor for free i would definitely recommend using it. It's really given me peace of mind.

1.

----------

i understand, and i'm glad you're watching it. But i'm not talking about ip addresses not immediately recognizable because i might have been using a hotspot, or been on my work network. I'm talking about obvious access from computers in other countries on other continents, using oss that i haven't used in years. Seen it on others', as well. Just a really good idea to watch it, and since google offers the two-factor for free i would definitely recommend using it. It's really given me peace of mind.

1. Use a strong password.

2. Don't use a service like Google for anything that is sensitive. if you want to trade secrets via email, use a real email program with POP3 access. If all your mail (or anything else) is sitting on some third party server, it is not secure. "The Cloud' is NOT secure or private. Keep your stuff locally.
 

phillipduran

macrumors 65816
Apr 30, 2008
1,055
607
Ugh.

Lets see, lets use a user ID we freely give out to friends and all manner of online websites. It's probably on our business cards. Next will authenticate with data that is available through public records for all citizens.

Bravo. :rolleyes:

----------

Everyone knew these things would happen one day. Apple is pretty unprepared for the increasing security threats to their systems. They rode the "obscurity" protection too long and didn't do enough to prepare for what everyone else saw coming as Apple got popular. Expect more like this.

I don't think they EVER rode the obscurity protection. That was Window users explanation as to why they were a steaming pile of malware poo and Mac was mostly untouched. It must be because no one has a Mac that they are so safe right?? Well now that they are no longer some nich OS and there are tons and tons of OSX computers out there, they are still no where near as vulnerable as other OS's.

We should have seen a HUGE increase in the amount of Mac malware due to the growth and acceptance of OSX but we are not seeing that.

They did prepare, they built the OS with security in mind. That is why we haven't seen the amount of malware and viruses that you see in the Windows world.

Most of what you see right now is malware that is installed by users by clicking OK to install requests. It's not easy to secure a system against user installed apps.
 

cjmillsnun

macrumors 68020
Aug 28, 2009
2,399
48
Nope. I checked the log, and i can identify each location as a place where I checked my email.

How does anybody know your password? How do they get into your account without knowing it?

----------



1.

----------



1. Use a strong password.

2. Don't use a service like Google for anything that is sensitive. if you want to trade secrets via email, use a real email program with POP3 access. If all your mail (or anything else) is sitting on some third party server, it is not secure. "The Cloud' is NOT secure or private. Keep your stuff locally.

Bad bad advice. You need an encrypted email service for anything private. Email sends and receives in the clear. If you must use unencrypted email for sensitive data, put it in a document then compress and encrypt that. Send the key to decrypt the message by another means (text message or calling the person).

Even locally held is not secure or private as there is a risk of intercept during sending and/or receiving.
 

iGrip

macrumors 68000
Jul 1, 2010
1,626
0
Bad bad advice. You need an encrypted email service for anything private. Email sends and receives in the clear. If you must use unencrypted email for sensitive data, put it in a document then compress and encrypt that. Send the key to decrypt the message by another means (text message or calling the person).

Even locally held is not secure or private as there is a risk of intercept during sending and/or receiving.

By secret, I did not mean real, bona fide secrets. for that, your advice is (mostly) sound.

I was talking about stuff like personal details of your life. Low level secrets.

For real secrets, you use asymmetrical encryption, with a public and private key. Sending a key to your recipient, as you suggest, is inherently unsafe, and if you can do it with reliable security, you may as well just transmit the original message that way.

Google public key cryptography for more info.
 

rdlink

macrumors 68040
Nov 10, 2007
3,226
2,435
Out of the Reach of the FBI
Nope. I checked the log, and i can identify each location as a place where I checked my email.

How does anybody know your password? How do they get into your account without knowing it?

----------



1.

----------



1. Use a strong password.

2. Don't use a service like Google for anything that is sensitive. if you want to trade secrets via email, use a real email program with POP3 access. If all your mail (or anything else) is sitting on some third party server, it is not secure. "The Cloud' is NOT secure or private. Keep your stuff locally.

Sorry, but those are not good assumptions or suggestions. First of all, my passwords were strong. No single-factor password is hack proof. Period.

Second, POP email is just as insecure as IMAP. The mails still go through carrier's servers. And in many cases downloaded POP mails stays on servers even after being downloaded to the local machine.

I'm glad your gmail account hasn't been hacked. Yet. But anyone using the internet at all who is serious about protecting their data in this day and age needs to be taking advantage of two-factor authentication whenever possible.

As far as "trading secrets" is concerned, almost every email I send or receive has the potential of "trading secrets." I don't want my personal conversations in anyone else's hands, and I definitely don't want communications between my financial institutions and myself to be viewed by anyone else, no matter how innocuous those communications may seem.

Also keep in mind that someone doesn't have to be looking for you specifically to find you. Your name, email address or other personal information could be in the records of another entity that could have been hacked.

Also, while on my soapbox I will make this recommendation to anyone who has a strong internet presence, and takes their security and privacy seriously. Purchase a good identity theft monitoring package. I personally use a package from one of the three big credit reporting agencies, and it only costs me $18 a month. Comes with unlimited credit reports from all three bureaus, and a credit score check whenever I want. Also notifies me of any activity on my files, and is completely customizable. $18 a month is a bargain for that peace of mind.
 

Bantz

macrumors member
Dec 7, 2012
95
0
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

I would consider this a hell of a lot worse than seeing some adverts.
 

iGrip

macrumors 68000
Jul 1, 2010
1,626
0
Sorry, but those are not good assumptions or suggestions.

I've thought about it, and I concede that you and the other poster (who said largely the same things) are each correct.

I think I was talking more about my discomfort with leaving sensitive email on Google's servers than I was thinking about the inherent insecurity of POP email. Yes - POP is equally insecure. But at least they're not authorized to scan it for keywords, unlike Gmail, where your correspondence generates directed advertising. Gmail kind of horrifies me.

So what do you do to keep your email confidential? Do you use Tor for browsing?
 

quickmac

macrumors 6502
Feb 22, 2011
272
14
Ugh.

Lets see, lets use a user ID we freely give out to friends and all manner of online websites. It's probably on our business cards. Next will authenticate with data that is available through public records for all citizens.

Bravo. :rolleyes:

----------



I don't think they EVER rode the obscurity protection. That was Window users explanation as to why they were a steaming pile of malware poo and Mac was mostly untouched. It must be because no one has a Mac that they are so safe right?? Well now that they are no longer some nich OS and there are tons and tons of OSX computers out there, they are still no where near as vulnerable as other OS's.

We should have seen a HUGE increase in the amount of Mac malware due to the growth and acceptance of OSX but we are not seeing that.

They did prepare, they built the OS with security in mind. That is why we haven't seen the amount of malware and viruses that you see in the Windows world.

Most of what you see right now is malware that is installed by users by clicking OK to install requests. It's not easy to secure a system against user installed apps.


They most surely rode the "obscurity protection" wave. Just look at the "I'm a Mac vs PC" commercials. And they're still obscure when it comes to computers which explains why there still isn't much malware out there on Macs.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.