The big news this week is obviously the “nude ‘sleb pic cloud hack scandal”. Whilst some have used this as an excuse to rail against the perceived insecurities of the cloud, it turns out iCloud wasn’t hacked per se. Instead we see it was a result of a small group of people doing very specialised attacks against specific username/password combinations. The upshot of all this is that the internet is awash with guides on how to secure your cloud. Here’s one that caught my eye earlier this week. The truth, as most readers of this blog will probably be aware, is that the cloud can be extremely secure – but it’s up to both the user and the provider to put in the work.
We all know that cybercrime is an uphill battle and it seems to come down to questions of those every-tricky subjects of legislation, politics and people. When it comes to passwords, meanwhile, myriad madness and myths continue. Microsoft are continuing their sterling work of issuing odd, or at least unexpected, advice. Elsewhere increasing numbers of infosec bods are predicting passphrases are the way to go. But passwords only work if the systems they’re protecting have been properly separated and segregated. Afterall, an open-plan infrastructure will make an inside job easier. And don’t confuse malice with stupidity: sometimes good people just make bad errors.
It’s a very Apple-centric news week this week. iCloud hacks aside, iOS can supposedly un-mask anonymous users of social media. Though in better news, Cupertino has laid down the law on what devs can and can’t do with the new Healthkit. The most interesting quote is “if your app is plain creepy, it may not be accepted.” Well, that’s good to know.