Security researcher Patrick Dunstan has released his findings on Apple's latest operating system OS 10.7, aka Lion, and it doesn't look good. He found that if provided with physical access, a nefarious person could recover administrator passwords, or even change those passwords, without any special privileges. Here's how password security is supposed to work on a Mac: Passwords are stored in "shadow files" which are buried deep in the system's file structure, and only accessible by someone logged in with an administrator password. Dunstan's research has shown, however, that in the new version of the operating system, these files can be accessed by any user and passwords extracted. More troubling is his discovery that, with a little prodding, someone with access to the computer's Terminal command line app can change the administrator's password themselves. Read More
In the latest update to the Big Brother Camera Security iPhone app -- an app that snaps pictures of any unauthorized person using one's iPhone 4 or iPod Touch 4 -- Daniel Amitay, the app's creator, added some code that anonymously tracks and records users' passcodes for the app. Though that doesn't necessarily say much about what people use as their main iPhone and iPod passcode, Amitay felt the Big Brother passcodes are representative of the iPhone and iPod passcodes, because the Big Brother passcode setup and lock screens are "nearly identical to those of the actual iPhone passcode lock."
The above chart shows the top ten most common passcodes out of the 204,508 recorded, the most popular being the shameful "1234" with a significant lead on the second most popular passcode, the equally shameful "0000." The top ten passcodes make up 15% of all of the passcodes in use, most of which follow an easily-recognizable pattern: Sequential order, four of the same number, or numbers that are arranged in a line on the number pad. Even the seemingly obscure "5683" passcode follows a pattern: It is the numerical representation of spelling the word "love" on the number pad.Read More
The U.S. Chamber of Commerce has announced a new vision for providing security online with the National Strategy for Trusted Identities in Cyberspace (NSTIC). Calling it a voluntary identity ecosystem, the NSTIC aims to make the web safer, easier to use, and open to a wider range of online activities. First and foremost, the Government wants you to know that there is no national ID program in the works. Furthermore, the NSTIC envisions a completely voluntary environment where users can opt for higher-level security when and if they want it. Lastly, while the government will be supporting these efforts and providing endorsement for NSTIC projects, the nitty-gritty will likely be handled by private companies. It works like this: Read More