Moskau, 30.05.2013 - I'd like to suggest you yet another interesting topic on which we've made a research and found some really notable things we'd like to share. Everything is described in detail in our blog post (link below).
According to the opinion of an established independent security advisor (and friend of ElcomSoft) Per Thorsheim (CISA, CISM, CISSP-ISSAP, founder and organizer of annual Passwords conference) "this 2-factor authentication will only make it harder for an attacker go purchase the full collection of Justin Bieber through your account. *It will not add any additional protection to your files, documents, sounds, pictures, videos and backups made to Apple iCloud. What is the worst thing that could happen - somebody purchasing Justin Bieber on your behalf & credit card, OR somebody accessing all your files etc stored with Apple iCloud? To me it's a simple question, even when I do not like Justin Biebers music at all."
"Apple's 2fa isn't nearly as broad as I believe MOST people expect it to be. To me the story here is all about Apple offering a 2fa solution that doesn't really add much extra security for you (files, documents etc), but it protects them (and you) from unauthorized money transactions and changes to your account. People are not made aware of this at all, and it will be a false layer of security when people enable 2fa and put sensitive & secret documents into iCloud."
"People EXPECT a 2FA solution to add additional security in order to protect their data, but contrary to Dropbox & Google, Apple doesn't really do that. It's the "weakest" 2fa solution launched so far by the big & well-known services, it will only add an additional layer of false security to people's minds, which may have dangerous results."
"Besides, the verification code sent from Apple shows up as a message on the lockscreen (verification_code.png). Somehow I don't like messages that appear on lock screens - at least not messages containing information that are supposed to be "secret"."
Our blog post: Apple Two-Factor Authentication and the iCloud:
http://blog.crackpassword.com/2013/05/apple-two-factor-authentication-and-the-icloud/ by Vladimir Katalov, CEO.
Für den Inhalt der Pressemitteilung ist der Einsteller, PresseBox.de, verantwortlich.
Es wurde noch kein Kommentar zu diesem Thema abgegeben.