I am so, so sorry to hear this. I had the pleasure of seeing him just a few weeks ago. He was a truly good guy and I will be far from the only person, in or out of tech journalism who will miss him.
1) We have lots of ideas of how the accounts of Jennifer Lawrence et al were hijacked, but we only know that attackers exploited their passwords— by using personal information and guessing, or by building a dictionary of guesses and automatically checking them by trying to log into Find My IPhone, or some combination of those two—or by using personal info to guess at the security questions used for the victims' accounts.
2)Home Depot getting hacked is a symptom of the same problem as the celebrity photo hack: high value targets, and persistent attackers that take advantage of the weakest links in the security chain. The celebrity naked photo club and the financial cyber-mafia underground are both examples of hidden cultures empowered by technology, willing to invest time and money to get what they want: in one case, naked pictures of Jennifer Lawrence, and in the other more money via credit card data.
3)Apple's two-factor authentication is limited in its protection, but it's the only protection we've got right now (and I say we because I'm an iPhone and Mac user, and my wife and teen daughter are iPhone and iPad users). Google's two-factor authentication is stronger. But "recovery keys" (and Google's printed keys for access away from a mobile phone) are still a weak point, because they have to be stored somewhere, and treated like the keys to the kingdom that they are.
4) There are claims via Wired that the people collecting the images may have used law-enforcement grade forensics tools from Elcomsoft to recover the contents of iPhone backups, in combination with some password exploit. The pieces of that are kind of iffy, so I'm not going to comment on that until I've seen more evidence. But the fact that there are bittorrents of forensic software floating around out there should be enough to concern everyone, because it makes it even easier to harvest the content of cloud backups.
5)Complex passwords are great in theory, but they typically fail because of how users implement them. Password managers that generate randomized passwords (such as the one built into Safari, for example) are great. But since these services usually store the passwords in the cloud, take a hard look at how they secure themselves before you use one.
6)If you'r tech savvy at all, take a few minutes, or a half hour, or a day, to explain to people you know what the hell the cloud is, and where all this stuff on their phone goes.
7) Apple and Google need to make it easier to manage the content of users' clouds. I should be able to go and delete old backups manually, search and destroy images I don't want in the archive, and have a way of organizing the notes and files and other mishmash that get dropped into iCloud by various apps. I should be able to have granular control over what syncs to and from each device. I should be able to time-bomb documents to delete them from the cloud after a certain amount of time. In other words, I want users to have personal DRM.
8)It would also be helpful to have in-place encryption that is based on a key other than my cloud credentials. Kthxbai.
- University of Wisconsin, Madison
- University of Baltimore
US Navy looks to Norway for answer to under-armed Littoral Combat Ship
USS Coronado will test launch Kongsberg Naval Strike Missile this fall.
Russia publicly joins war on Tor privacy with $111,000 bounty
Interior Ministry wants way to crack down on anonymous bloggers, other criminals.
Pakistan, Iran, and… USA? New heatmap shows where NSA hacks
Slide of active computer network exploitations reveals NSA hacks all over the world.
Iran claims to have cloned US stealth drone, but it looks fake
"Their fiberglass work has improved," says one observer.
Littoral failure: Navy hedges bets on high-tech littoral combat ships
DoD looks for alternatives to modular ship that are less likely to be cannon fodder.
How the NSA would get phone data under Obama administration’s new plan
Just because phone companies keep the data doesn't mean NSA won't have broad access.
$397 billion fighter jet deployment may be delayed by software glitches
First F-35 delivery may come a year late.
White House to propose law to end NSA bulk collection of phone data
Phone companies will keep data, provided only with new court's order.
Malaysian airliner’s path ultimately tracked by satellite pings’ Doppler...
Inmarsat analysis of other planes’ signals and paths helped determine course.
After DNS change fails, Turkish government steps up Twitter censorship
Turkish ISPs now block Twitter’s IP address range.
Freedom-schmeedum: Turkey’s government moves to “wipe out” Twitter
Turkish ISPs use DNS redirect to try to block access to service, and fail.
Gears of war: When mechanical analog computers ruled the waves
In some ways, the Navy's latest computers fall short of the power of 1930s tech.
FAA can’t regulate small RC aircraft as “drones,” judge rules
NTSB judge strikes down $10,000 fine against man for unlicensed "commercial use."
Facebook open-sources Thrift, again, with fbthrift overhaul
Fork of original project, now at Apache, adds guts for bigger cloud services.
The GOP arms itself for the next “war” in the analytics arms race
Para Bellum Labs, an RNC incubator, looks to change the business of campaigning.