31 May, 2013 | SlashGear - http://www.slashgear.com/
iCloud not protected by Apple’s two-factor authentication, say researchersApple introduced two-factor authentication (or two-step verification if you’d like to call it that) with iCloud back in March, adding an extra layer of security to its cloud backup system. However, security researchers say that iCloud is still vulnerable to a break-in if your password is stolen.
31 May, 2013 | The Register - http://www.theregister.co.uk/
Apple's two-factor security isn't as good as Microsoft or Google's, say expertsBut according to research from security biz Elcomsoft, Apple did a "half-hearted job" of implementing its verification system, "leaving ways for the intruder to access users’ personal information, bypassing the (optionally enabled) two-factor authentication". Specifically iOS Backups and iCloud data is not protected by two-factor authentication.
31 May, 2013 | redOrbit.com - http://www.redorbit.com/
Apple’s Two-Step iCloud Authentication Deemed Unsecure By Third-Party Security FirmApple recently rolled out two-step authentication check for iCloud to protect users from having their account info changed without an additional, one-time password. They were a tad late to the game, however, as companies like Dropbox, Google, Facebook, Twitter and others have already implemented this additional security step for their users.
31 May, 2013 | FierceMobileIT - http://www.fiercemobileit.com/
Apple's new security system fails to protect files stored in iCloud, says security firm Read more: Apple's new security system fails to protect files stored in iCloud, says security firmApple's (NASDAQ: AAPL) new two-factor authentication system does not apply to iCloud backups, enabling a hacker with a user's Apple ID and password to download and access information stored in iCloud, according to Vladimir Katalov with security firm ElcomSoft. Read more: Apple's new security system fails to protect files stored in iCloud, says security firm - FierceMobileIT http://www.fiercemobileit.com/story/apple-new-security-system-fails-protect-files-stored-icloud-says-security-f/2013-05-31#ixzz2V9p8DSUF Subscribe at FierceMobileIT
30 May, 2013 | TidBITS - http://tidbits.com/
Elcomsoft Details Lapses in Apple’s Two-Factor Authentication ApproachWhen Apple added optional two-factor authentication for Apple IDs recently, many applauded the move (as we did in “Apple Implements Two-Factor Authentication for Apple IDs,” 21 March 2013). Requiring both a static password and a temporary code for logins from new devices reduces the chance of an undesirable party — online criminal, spurned lover, or repressive government — gaining access to your account. Two-factor authentication doesn’t eliminate the possibility of an account being compromised, but it sets the bar significantly higher.
30 May, 2013 | Cult of Mac - http://www.cultofmac.com/
Apple’s Two-Step Authentication Doesn’t Protect Your iCloud BackupsApple's two-step authentication process is designed to make your Apple ID more secure...
30 May, 2013 | iMore.com - http://www.imore.com/
Security Researcher Raises Concerns over Apple's Two-Step AuthenticationCEO Vladimir Katalov of the security software company Elcomsoft has published a post on CrackPassword outlining where he believes Apple’s two-step authentication comes up short. While he admits that the authentication works as advertised and it’s a good idea for people to enable it, he has also identified some areas that he thinks could use some improvement.
14 May, 2013 | InformationWeek - http://www.informationweek.com/
Apple iPhone Decryption Backlog Stymies PoliceApple is overwhelmed by requests from law enforcement agencies to decrypt seized iPhones, and its waiting list is so long that it may take months before new requests get handled. That revelation, first reported by CNET, was gleaned from a search warrant affidavit for a seized iPhone last summer by a federal agent who was investigating a Kentucky man on crack cocaine distribution charges.
10 May, 2013 | CNET - http://news.cnet.com/
Apple deluged by police demands to decrypt iPhonesATF says no law enforcement agency could unlock a defendant's iPhone, but Apple can "bypass the security software" if it chooses. Apple has created a police waiting list because of high demand. [...] Elcomsoft claims its iOS Forensic Toolkit can perform a brute-force cryptographic attack on a four-digit iOS 4 or iOS 5 passcode in 20 to 40 minutes. "Complex passcodes can be recovered, but require more time," the company's marketing literature says.
10 May, 2013 | Cult of Mac - http://www.cultofmac.com/
Apple Decrypts iPhone For the Police, But It Makes Them Wait [Report]Apple Decrypts iPhone For the Police, But It Makes Them Wait.