Hasta La Gadget!

Nope, it’s not your picture of “the best duck confit I’ve ever had” that’s causing that Twitter post to error out — the service is down for “some users,” according to a Twitter status page update. It’s unknown what’s causing the issue (again, probably not your photweet), but we’re assured “engineers are currently working on this issue.” We’re experiencing some snags ourselves, usually resulting in tweets timing out before publishing. Hang tight!

But maybe don’t try to while away your time on the iTunes Store or by backing up your phone to iCloud, as those services are also experiencing some downtime issues this morning. An Apple support page lists both as seeing “some users affected;” we’ll just have to assume engineers are also hard at work on fixing that. As always, we’ll let you know when things get better.

Update: Looks like Twitter is all back to normal, and the company says, “this issue has been resolved.” Apple, on the other hand, is still having issues with Apple ID and Game Center login.

Update 2: Apple is now all back to normal as well, according to the company’s support page. But do let us know if you’re experiencing any issues!

Filed under: Apple

Comments

Source: Twitter, Apple

Gaping security holes are a pretty terrifying thing, especially when they involve something as sensitive as your Apple ID. Sadly it seems that immediately after making the paranoid happy by instituting two-step authentication a pretty massive flaw in Cupertino’s system was discovered and first reported by The Verge. Turns out you can reset any Apple ID password with nothing more than a person’s email address and date of birth — two pieces of information that are pretty easy to come across.

There’s a little more to the hack, but it’s simple enough that even your non-tech savvy aunt or uncle could do it. After entering the target email address in the password reset form you can then select to answer security questions to validate your identity. The first task will be to enter a date of birth. If you enter that correctly then paste a particular URL into the address bar (which we will not be publishing for obvious reasons), press enter, then — voilà — instant password reset! Or, at least that’s the story. While we were attempting to verify these claims Apple took down the password reset page for “maintenance.” Though we’ve received no official confirmation from Apple, it seems the company is moving swiftly to shut down this particularly troublesome workaround before word of it spreads too far.

Update: We’ve heard back from Apple on the matter, which stated, “Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.” No real surprises that a fix is in the works, but there you have it from the horse’s mouth.

Update 2: The forgotten password page is back as of late Friday evening — that was (relatively) quick. iMore reports (and we’ve verified ourselves) that the security hole is now closed.

Filed under: Internet, Apple

Comments

Source: The Verge, iMore

Apple says that it regards its user’s security very highly. They’ve delivered yet again on that statement by rolling out two step verification service today for iCloud and Apple ID users. The service allows users to configure a trusted device and use an extra security code, hence providing greater security for their accounts. Right now the two step verification service is available in U.S., U.K, Australia, Ireland, and New Zealand. A trusted device is one that the user has control over, as it will receive 4 digit verification codes either through SMS or Find My iPhone notifications so that the user’s identity can be verified.

When the user has to manage their iCloud or Apple ID from a new device, they’ll need to enter their password as well as the 4 digit verification code to gain access. Access to their account will be denied if both of these requirements are not fulfilled. User’s will also receive a 14 digit recovery key that they’re to print and keep safe, just in case they forget their password or no longer have access to their devices. Apple’s phone support no longer has the ability to reset user accounts. There’s no compulsion, user’s can opt out of two step verification at any time they want. Though that probably won’t be a good idea.

By Ubergizmo. Related articles: Apple Not Using Samsung For iPad 5 And iPad Mini 2 [Rumor], American Airlines Shows Off Its iPad Equipped Planes,

Two-step verification (also known as two-factor authentication) is becoming all the rage now. After the recent influx of security breaches and hacks on major services, companies are starting to implement two-step verification to prevent social engineers from gaining access to your personal data. Today, Apple is beginning to roll out its own two-step verification process for iCloud.

The process works similarly to other services with the feature. Users first need to enable two-step verification on the Apple ID website. After that, you can use your mobile device to receive verification codes either through a text message or using the Find my iPhone app in order to sign into Apple services.

This new feature for iCloud comes months after technology journalist Mat Honan was hacked and all of his iOS and Mac devices were erased, thanks to some clever social engineering by the hacker. Apple promised to beef up its security, and has introduced two-step verification today to prevent such things from happening again.

Currently, several companies support two-step verification, including Google, Dropbox, Facebook, Amazon, and Yahoo. Essentially the feature requires two types of verification in order to log into services, one of which is a virtual verification (like a password), and the other is a physical verification (a mobile phone in this case). This prevents anyone from accessing your account, even if they know the password.

[via 9to5Mac]

Apple iCloud now comes with two-step verification is written by Craig Lloyd & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Security writer Brian Krebs has stumbled across new information which could link the recent hack of his own website with attacks on Ars Technica and Gizmodo alumnus Mat Honan’s iCloud breach. More »