Posts

Showing posts from April, 2012

Apple's New iOS Security Questions

Disclaimer (you will see a lot of these): I believe Apple is a great company and it is well run; I use its products and services and am generally quite satisfied. That aside...

Recently, I wanted to download a new app on my iPhone. However, before doing so, the app store required me to enter in new security questions and answers.

The eminent and brilliant Bruce Schneier breaks down what is wrong with security questions far more capably than I can, so I won't reiterate, and potentially diminish, his beautiful prose. More here. And here. Summary: they are a huge security weakness in the password protocol, in addition to being a big pain in the neck.

In addition to this, however, I'd like to comment specifically about why Apple's security questions, in particular, were really bad. Normally, when one is asked a security question, it is about an objective fact: "What city did you grow up in?" "Who was your first grade english teacher?" "What was the…

First Post

Hi everyone.

I'm going to take this opportunity to say a few things:

1. The hardest part of doing something is getting started. That in mind, rather than announce my blog with any fanfare or time it to coincide with a particular news story that I may have some valuable commentary on, I am just going to kick it off.

2. This is me.

3. Absolutely none of the opinions expressed in this blog represent the opinions of any of my clients, employers, or educational institutions, present or former, and all opinions expressed herein are my own, unless clearly specified otherwise. Additionally, all information on this site is precisely that -- an opinion.

4. Absolutely nothing on this blog constitutes legal advice, nor is it a substitute for legal advice. I am not your lawyer. If you have a legal question, you need to consult a lawyer licensed to practice in your area.

So, all that in mind, enjoy.