Bios Password

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, November 26, 2011

Just Pondering because I’ve probably eaten too much turkey…

Posted on 12:49 PM by Unknown

We use iTunes in our home. Yes, I’ve considered other options for both iTunes-like song managers/players as well as pay-for-media sources. All have their pro and con.  In the end it just seems to be the best solution for us.  Relatives can pick up iTunes gift cards for the girl, there is a wide selection of tune-age and videos, and it generally works fine.  Not to mention support for all the iPod devices we seem to have collected over the years.

However this post really isn’t about that, more about some issues folks have been encountering regarding their iTunes accounts.

Since we use iTunes gift cards as our music tender, it isn’t really a high $ target to watch for. Generally the card gets redeemed and spent almost immediately with a $1 or less balance left on the account at any given time.

I do keep a sensitive ear on the webs for security related matters and when this post showed up many months ago I did pay attention:

I got hacked on iTunes -- Ed Oswald - BetaNews.

Long post shortened, Ed discovered someone, somehow, had managed to raid his Pay Pal and iTunes accounts with some fraudulent charges.  Ed insisted he maintained good protection on his accounts.

That post was followed up by iTunes hack widespread, and Apple appears to know about it also by Ed.

More feedback was that others were also encountering this problem, including those with with a gift-card balance on their account.  Meet three people ripped off by iTunes fraud ring - Ed Oswald

After that brief flurry of posts and coverage, the issue seems to have spun-down. Either the problem was resolved or the web’s attention moved on to other things.

That probably would have been the end of things, with these posts getting filed into my bookmark cellar and a lesson learned to watch both my email and the sub $1 gift card balance on our iTunes store account (so far no issues), except this post showed up a few months later from Scott Hanselman.

Welcome to the Cloud - "Your Apple ID has been disabled."  - Scott Hanselman’s Computer Zen

I found this notable for two reasons, first it came on the heels (related or not) to the prior issues Ed Oswald had posted on, and secondly, Scott is one of those Windows guru’s who “gets it” and according to his post, he seemed to have not left himself in a position for this to easily been a victim of.

And then Scott does a follow-up post that made keeping this on my radar worthwhile:

A suggested improved customer interaction with the Apple Store (and Cloud Services in general) - Scott Hanselman’s Computer Zen

Rather than just dwelling on the attack vector, consequence, and complaining in general, Scott one-ups the situation by taking a thoughtful look on how iTunes notified him of the issue, and suggestions for notification improvement.  Quoting Scott from that post…

I expect my cloud services to let me know in a way that escalates appropriately with the threat when something that doesn't' match my patterns happens.

The meta-points are
  • The Cloud(s) and all its services are protected only by our passwords and the most basic of fraud systems.
  • Cloud services are totally centralized, which makes them a big target, but they have activity information about what we're doing online that isn't being utilized to keep us safe.
  • We, the Users, need to demand better, more secure interactions from the cloud vendors that we put our trust in.
  • It sucks to lose access to your cloud data.

Well said.

Scott is still soliciting feedback from others with the Apple account issue at "My Apple ID has been Disabled" on Tumblr but it doesn’t look like it has been very active for a number of months.

I haven’t been able to find if these Apple account hack events were isolated or if there was some root-cause that was discovered and resolved.  We may never know.

On a probably only tangentially-related note, I was discussing with Dad how we rely on on-line bill-paying for most of our bill payments, banking, and insurance account management. Heck, even at work most all of our HR interaction is done “on-line”. I don’t believe we have had a “brick-n-mortar” HR department for many years.  Dad is “old-school” and while quite comfortable with on-line computing, still refuses to do on-line banking/bill-pay.  The USPS loves him.

I’ve noticed that for every on-line account service we interact with, they all seem to have large splash-screens at log-on requesting “paperless billing” enrollment.  Probably saves on a ton of costs and is marketed as being more convenient and more secure (avoid id theft from sticky fingers pulling bill/account info out of the mailbox).

At the same time, I noticed this USPS add running the past few weeks:

  • US Postal Service "Hacked" Ad - YouTube

In it the USPS describes the security benefits of the mail system to communicate with customers and how its inherently safer than the Internet with statements such as

  • “A refrigerator has never been hacked,”
  • “An online virus has never attacked a corkboard.”
  • “Give your customers the added feeling of security a printed statement or receipt provides. It’s good for your business. And even better for your customers.”

I’m all for the USPS and their dedicated carriers, and overall it’s a good communication medium.  And yes, they have some revenue challenges as the Net continues to be relied on more by subsequent generations of communicators.  At the same time, we use a locked postal box and have two shredders in the house to deal with secure-shredding as those items go from the secure “refrigerator and corkboard” to the trash system.

Point is, it seems to be that either in the “cloud” or via the “snail” system data/account information has its own attack vectors and neither is inherently any more safer than the other. Hackers can break into corporate systems and accounts can be compromised with poor IT security and end-user account safeguards, regardless if the billing “method” is paperless in the cloud or papered through the USPS.  Likewise, business and users can lock down on-line accounts for customers who can secure them with rock-solid safeguards, but someone can still steal a periodic paper communications from a mailbox (or trashcan) and walk out the door and commit theft (if it even makes it to the mailbox).

Neither is a solution in-of-itself.

Probably the best protection? As Mad Eye would say, “Constant Vigilance!”

And the battle for cost cutting and revenue generation wages on…with security as the forefront selling point.

…like I said..just pondering.

Claus V.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in security | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Finally! Time to Post! New material list
    After a recent text from my bro reminding me it has been since March since I’ve done a blog post, I was finally able to clear the schedule a...
  • Oscar watch Linkpost
    Alvis and Lavie are watching the Oscars tonight and I’m along for the ride. I wasn’t able to come even close to getting out some of the pos...
  • New Year’s Day - First Post 2011
    Same day I came out with my first post after a long drought, I fell upon this article Blogging Seems To Have Peaked, Says Pew Report over a...
  • Utility Gumbo
    There’s a lot in this pot.  Probably something everyone can find to enjoy. I’m serving it up tonight out of the back of the truck on the s...
  • iodd : Multi-boot madness!
    Like many computer technicians and responders, I seem to always have at hand a collection of bootable media; CD’s, DVD’s, USB-HDD’s, flash m...
  • Ubuntu 13.10 Upgrade - Lessons Learned & VIDMA utility found
    A few weeks ago a new release of Ubuntu came out. Naturally that meant it was update time! I have been getting pretty good at this now so ...
  • Interesting Malware in Email Attempt - URL Scanner Links
    Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used t...
  • Windows 8 Linkage: A Bit Behind the Ball
    CC attribution: behind the eight ball by Ed Schipul on flickr . OK. Confession time. I’m more than a bit exhausted this weekend. Besides a...
  • Lego MiniFig Extravaganza
    picture clipped from Wired’s clip from Gizmodo clip… Thanks in no small part to the Windows 7 RC release, XPM mode research, and a big “l...
  • This Week in Security and Forensics: Beware the cake!
    Cube Party! image used with permission from John Walker at "rockpapershotgun.com" Yeah, the cake is a Portal thing.  Let’s d...

Categories

  • Active Directory
  • anti-virus software
  • Apple
  • architecture
  • art
  • AVG
  • Blogger
  • blogging
  • books
  • boot-cd's
  • browsers
  • cars
  • cell-phones
  • cheat sheets
  • Chrome/Chromium
  • command-line interface
  • cooking
  • crafts
  • crazy
  • curmudgeon
  • DHC
  • Dr. Who
  • E-P1
  • Education
  • family
  • Firefox
  • firewalls
  • For the Gentleman
  • forensics
  • Gmail
  • Google
  • graphics
  • hacks
  • hardware
  • humor
  • hurricanes
  • imagex
  • Internet Explorer
  • iOS
  • iPhone
  • iPod
  • iTunes
  • Kindle
  • Learning
  • Link Fest
  • Linux
  • malware tools
  • Microsoft
  • movies
  • music
  • networking
  • NewsFox
  • NFAT
  • Nook
  • Opera
  • organization
  • PDF's
  • photography
  • politics
  • PowerShell
  • recipes
  • Remote Support
  • RSS
  • science
  • Scripting
  • search engines
  • security
  • Shuttle SFF
  • software
  • Texana
  • Thunderbird
  • troubleshooting
  • TrueCrypt
  • tutorials
  • utilities
  • VBscript
  • video
  • Virtual PC
  • virtualization
  • viruses
  • Vista
  • Vista mods
  • wallpapers
  • Win FE
  • Win PE
  • Win RE
  • Windows 7
  • Windows 8
  • Windows Home Server
  • Windows Live Writer
  • Windows Phone
  • writing
  • XP
  • XP mods
  • Xplico

Blog Archive

  • ►  2013 (83)
    • ►  November (8)
    • ►  October (8)
    • ►  September (14)
    • ►  August (6)
    • ►  July (10)
    • ►  June (10)
    • ►  April (11)
    • ►  March (6)
    • ►  February (7)
    • ►  January (3)
  • ►  2012 (96)
    • ►  December (8)
    • ►  November (4)
    • ►  October (9)
    • ►  September (8)
    • ►  August (12)
    • ►  July (4)
    • ►  June (3)
    • ►  May (7)
    • ►  April (13)
    • ►  March (3)
    • ►  February (5)
    • ►  January (20)
  • ▼  2011 (41)
    • ►  December (8)
    • ▼  November (7)
      • Microsoft Tools and Software Stuff
      • Just Pondering because I’ve probably eaten too muc...
      • Quick Web Screen Grabs
      • Mostly ISO burning
      • WinPE Building and PGP Support Links Updated
      • Windows Live Mail error 0x80041161
      • Without fail…
    • ►  September (4)
    • ►  August (4)
    • ►  July (2)
    • ►  June (6)
    • ►  March (5)
    • ►  February (1)
    • ►  January (4)
  • ►  2010 (69)
    • ►  December (1)
    • ►  October (3)
    • ►  September (2)
    • ►  August (13)
    • ►  July (17)
    • ►  June (3)
    • ►  May (3)
    • ►  April (3)
    • ►  March (11)
    • ►  February (1)
    • ►  January (12)
  • ►  2009 (177)
    • ►  December (20)
    • ►  November (11)
    • ►  October (7)
    • ►  September (7)
    • ►  August (21)
    • ►  July (17)
    • ►  June (7)
    • ►  May (18)
    • ►  April (9)
    • ►  March (17)
    • ►  February (23)
    • ►  January (20)
  • ►  2008 (35)
    • ►  December (23)
    • ►  November (12)
Powered by Blogger.

About Me

Unknown
View my complete profile