Apple shuts down password system - Financial Times

Apple has temporarily shut down a password reset system after discovering a security flaw that potentially allowed malicious users to access other people's Apple accounts. The vulnerability opens the door for anyone to reset a user's password on Apple's iForgot page using just an email address and date of birth, personal information that can be rather easy to find in today's internet age. The flaw was first exposed by The Verge on Friday after a tip-off from unnamed sources. An Apple spokesperson did not comment on how long the loophole had existed before it was revealed. "Apple takes customer privacy very seriously," the company said in a statement to the FT. "We are aware of this issue, and working on a fix." By 1.06pm PST on Friday afternoon, Apple had taken the system offline while it worked on a solution. At the time of writing it had been offline for almost five hours. The service interruption means Apple customers who wish to purchase apps or media from the iTunes store but cannot remember their password are unable to do so. Other customers who do have their password are unaffected by the change. The incident is made more embarrassing as it comes just a day after Apple announced a new two-step verification process that establishes a second, usually encrypted, password associated with a user's Apple account for extra security. The new, voluntary system can takes up to three days to activate, however, meaning some Apple users cannot yet benefit from the added protection. Apple operates one of the world's largest stores of digital content, with total consumer spending on iTunes and the App Store last year estimated by mobile analysts Asymco to be around $17bn. Some 500m people have registered their credit card details with iTunes. Nonetheless, the security exposure comes at a time when Apple is being forced to step up its game in "cloud" internet services to compete with Google, as more and more smartphone innovation moves from hardware and software into "cloud" applications. Copyright The Financial Times Limited 2013. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web. via Technology - Google News http://news.google.com/news/url?sa=t&fd=R&usg=AFQjCNEG1JJ4IlrQTjv9yQSCYPVeEKd6ow&url=http://www.ft.com/cms/s/0/2e60de88-934c-11e2-9593-00144feabdc0.html

Put the internet to work for you. via Personal Recipe 2598265