On October 3rd 2013 Adobe (the world's largest supplier of software and services for the design and media industries) discovered unauthorised access had been made to their systems, leading to the compromise of some 2.9 million user accounts (including encrypted credit/debit card details) and the source code for their web application server - Cold Fusion.
Update 04/10/2013 19:54: Adobe also believes that the source code to Acrobat (the tool used to produce and read PDF files) may have been compromised - this could have serious repercussions should anyone use it to distribute malicious, but official-looking updates to the millions of computers that run Acrobat world-wide.
Apple announced an interesting feature they are adding to the latest version of OS X and iOS at their World Wide Developer Conference this year: iCloud Keychain. Now that iOS 7 is out, I thought I would give you my opinion as to why you should probably not use it.
Edit (19/09/2013 13:01): iCloud Keychain is currently not present in iOS 7 - with the iOS 7 homepage simply stating 'Coming Soon' next to the feature details. (more…)
Towards the end of last week, I was made aware that some websites hosted on a server operated by one of my clients had been hacked. The initial compromise targeted just the websites running PHP, replacing all .php files with code to re-direct visitors to a website hosting malicious code, thus causing Google to flag the sites as harmful. (more…)
The recent article in Wired Magazine (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/) relating to a sophisticated attack against a specific individual that led to the closure of their GMail Account, compromise of their Twitter account, Amazon Account and Apple iCloud Service (which the attacker then used to wipe the data from the victim's iPhone, iPad and Mac), highlights the need for strong multi-factor authentication. (more…)
The recent attack on, and compromise of LinkedIn and their password data has highlighted the need for strong authentication practices, and a lack of awareness among certain developers of security best-practice. (more…)