Tag Archives: cybersecurity

Two-Step verification added to Apple IDs

While I was perusing the USA Today on my iPhone app today, I saw the article about car privacy, but I also saw this article on apple changing its verification policy for access to purchases on  iTunes or the App Store. Currently users can look around the App Store and select to buy something. Then, so long as users have a credit card linked to their account or money in their Account, they just need to enter in their Apple ID password and the purchase is made. Now, with the new changes when users need to make a purchase they will be sent a four-digit random code to a trusted device they have linked to their account. Then, the users enter in the code to complete the transaction.

I’m not sure how I feel about these new changes. Obviously the intentions of this move are quite code. No body wants to have money stolen from them, but I’m not sure how well these extra security measures actually help. For myself if I want an app odds are I’m away from my computer so they will send me a text message to the phone that I’m ordering the app for, which more than anything else seems just like an inconvenience. I would also like to say that in general I’m not too sure how extra security measures help. Whenever I have to choose a security question for an account, I can either pick a really obscure question, which means that it might be difficult for me to get exactly right later if I lost my password, or I can pick a simple question that anyone could guess if they knew anything about me. I think we as people in the computer industry have a duty to protect our users, but I don’t know how far that duty needs to go. I don’t know? I’m not the most forward thinking person when it comes to my accounts, so I would like to hear what you all have to say.

The State of Cybersecurity in the U.S. Military

TechNewsWorld recently posted an article in which it states that US cybersecurity has shaky foundations and it is not reliable that our “critical information technology systems will work under attack from a sophisticated opponent with good resources.” The Office of Management and Budget (OMB) has just released its 2011 fiscal year report on the implementation if the Federal Information Security Management Act (FISMA) in which it makes the claim that our U.S. Military has major cybersecurity gaps. OMB reports that controlled incidents of attack in 2011 were only detected 49 percent of the time compared to 70 percent in 2010, a staggering decrease. They also report that only 58 percent of the agencies surveyed used email validation technology, compared to 46 percent the in 2010.

 

This article makes me shudder to think how much more vulnerable the cybersecurity of the U.S. government has become since the span of this report (it only covers through 2011 so I am assuming they release these reports a year late). We spend absurd amounts of money on the defense department, so why is it that we are so digitally compromised? Shouldn’t every government agency be using email validation technology? What are the downfalls of using the technology as this report shows that only a little over half of the agencies are using it?  Maybe you guys can answer some of these questions as I am not the most informed in this subject, but this article has definitely made me start to worry what countries like China and North Korea could do if they attempted to penetrate our defenses over the web.