May 31 2013

Someday you may ditch your two-factor authenticator for an electronic tattoo

Electronic “tattoos” and pills that turn your body into an authenticator are two next-steps in password protection that Motorola is working on, as described at a session Wednesday at AllThingsD’s D11 conference. Regina Dugan, senior vice president of the Advanced Technology and Projects group at Motorola Mobility, showed off two “wearable computing” oriented methods that remove the security tokens from the two-factor equation.

The electronic tattoos described must strike a balance between the “mechanical mismatch” of hard, rigid machines and soft, pliable humans, Dugan said. The “tattoo” Dugan wore, which appeared to be more like a sticker on her left wrist, uses “islands of high-performance silicon connected by accordion-like structures” that allow the tattoo to flex and move with her skin to stay on and remain functional. Presumably, the silicon and wires would eventually be embedded into the skin to make the user a proper bionic human.

The pill, on the other hand, turns one’s entire body into an authenticator. Dugan described the pill as a vitamin “reverse potato battery” that uses stomach acid as the electrolyte to power a switch. As the switch pulses on and off, it “creates an 18-bit EKG-like symbol in your body, and your body becomes the authenticator,” Dugan said.

Read 1 remaining paragraphs | Comments

May 31 2013

Yahoo Mail reportedly loses key customer following mass hack attack

BT, the UK-based telecommunications company with more than 18 million customers, is dumping Yahoo Mail following a successful hacking campaign that hijacked e-mail accounts and used them to send spam, according to published reports.

BT's plans come four months after Ars was among the first publications to report on the mass campaign. At the time, attackers were able to commandeer Yahoo Mail accounts because administrators had failed to apply an eight-month-old security patch in the WordPress content management system that powered one of its blogs. By including malicious JavaScript in innocuous-looking webpages, the attackers were able to exploit the vulnerability and seize control over Yahoo Mail accounts that happened to be open while the booby-trapped webpages were viewed.

In March, more than two months after Yahoo finally applied the WordPress fix, criminal spammers continued to hijack Yahoo Mail accounts, suggesting that other security holes remained. That same month, Vivek Sharma, the general manager of Yahoo Mail and Yahoo Messenger products reportedly vacated his post for unknown reasons.

Read 2 remaining paragraphs | Comments

May 30 2013

Mike Walker Publishing on CIO.com and HP Discover Performance Blogs

Mike The Architect Blog: Mike Walker Publishing on CIO.com

Some of you may of noticed from a few of my tweets recently that my posts were coming from a few different sources. This wasn’t a mistake or a “fake” Mike Walker running around but a deliberate approach to my publishing.

After a lot of thought and consideration I decided that I have been covering a broad range of topics on www.MikeTheArchitect.com with topics ranging from the discipline of Enterprise Architecture, executive level content and even some Solution Architecture. Some of which is good and in alignment with the core EA topics of www.MikeTheArchitect.com but others a bit broader and loose in alignment. This is combined with my broad range of interests and activities as a strategic advisor that exposes me to a wide range of experiences and insights that I like to share with all of you. 

To make my content a bit more digestible and tailored to you I want publish to the appropriate sites so you get what you need.  As a result I will be publishing on these three sites:

 

Mike The Architect Blog: Mike Walker

Mike The Architect
(http://www.MikeTheArchitect.com)

I will continue publishing to “Mike The Architect” with Enterprise Architecture proven practices, guidance, news and insights.

 

Mike The Architect Blog: Mike Walker Publishing on CIO.com

CIO.com Enterprise Forum (http://www.enterprisecioforum.com/en/blogs/mikejwalker)

I plan on publishing content suited for CxO’s, executives and other business leaders here.

 

Mike The Architect Blog: Mike Walker Publishing on HP Discover Performance

HP Performance Discover Blog(http://h30499.www3.hp.com/t5/user/viewprofilepage/user-id/1414875)

This will be a resource for IT leaders looking for strategic insights and best practices to define, measure and achieve better performance.

 

Enjoy!

May 30 2013

iCloud users take note: Apple two-step protection won’t protect your data

A diagram showing how Apple's two-step verification works.

If you think your pictures, contacts, and other data are protected by the two-step verification protection Apple added to its iCloud service in March, think again. According to security researchers in Moscow, the measure helps prevent fraudulent purchases made with your Apple ID but does nothing to augment the security of files you store.

To be clear, iCloud data is still secure so long as the password locking it down is strong and remains secret. But in the event that your account credentials are compromised—which is precisely the eventuality Apple's two-factor verification is intended to protect against—there's nothing stopping an adversary from accessing data stored in your iCloud account. Researchers at ElcomSoft—a developer of sophisticated software for cracking passwords—made this assessment in a blog post published Thursday.

"In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device," ElcomSoft CEO Vladimir Katalov wrote. "In addition, and this is much more of an issue, Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud. This is easy to verify; simply log in to your iCloud account, and you’ll have full information to everything stored there without being requested any additional logon information."

Read 11 remaining paragraphs | Comments