{"id":728,"date":"2013-08-10T15:18:37","date_gmt":"2013-08-10T15:18:37","guid":{"rendered":"http:\/\/triangleappshow.com\/?p=728"},"modified":"2022-12-15T06:46:44","modified_gmt":"2022-12-15T11:46:44","slug":"apple-finishes-update-to-developer-portal","status":"publish","type":"post","link":"https:\/\/michaelrowe01.com\/index.php\/blog\/apple-finishes-update-to-developer-portal\/","title":{"rendered":"Apple finishes update to Developer Portal"},"content":{"rendered":"<p>Last night, as I was checking my email before going to bed, I got a note from Apple that their replace\/rebuild of the Developer portal had been completed and all services are working again.\u00a0 Great news, and hopefully Apple has addressed, not only the security flaws identified by the <a href=\"http:\/\/www.engadget.com\/2013\/07\/22\/turkish-researcher-apple-hack\/\">Turkish researcher<\/a>, but any fundamental design flaws which could expose other security issues going forward.<\/p>\n<p>The biggest lessons I&#8217;ve learned from watching this all unfold is &#8211; security is hard.\u00a0 <a href=\"https:\/\/www.grc.com\" target=\"_blank\" rel=\"noopener\">Steve Gibson<\/a> (from Spinrite fame) has been recording a long running podcast on security called &#8220;<a href=\"https:\/\/www.grc.com\/securitynow.htm\" target=\"_blank\" rel=\"noopener\">Security Now<\/a>&#8220;.\u00a0 He spends 2 hours, each week, going thru all the latest info on security patches, and describing the underlying design and technology of various protocols, etc. which shows how much you need to know to make truly secure applications.<\/p>\n<p>Years ago, when I was working as a consultant, I wrote a Human Resources system for a home health care management company.\u00a0 I was asked to make sure that we had an appropriate level of security and could segregate data between managed companies via passwords.\u00a0 The design was simple.\u00a0 Within the application, you had to enter a unique company identifier and password for each company&#8217;s data.\u00a0 Simple and somewhat effective, given that the entire application and all of its data resided on a midrange computer that could only be accessed within the companies physical boundaries.\u00a0 Within 1 month of the application going live, every monitor within the HR department had a nicely printed sticker listing the company identifier and the password for each.\u00a0 So much for security.<\/p>\n<p>The reason I bring this up is to identify how technology is only as secure as its weakest link.\u00a0 Kevin Mitnick, shows us in his biography &#8211; <a href=\"http:\/\/www.amazon.com\/Ghost-Wires-Adventures-Worlds-Wanted\/dp\/0316037702\" target=\"_blank\" rel=\"noopener\">Ghost in the Wires<\/a>, that the best hacks are really around social engineering and not technology.\u00a0 Even <a href=\"http:\/\/www.wired.com\/gadgetlab\/2012\/08\/apple-amazon-mat-honan-hacking\/\" target=\"_blank\" rel=\"noopener\">Mat Honan&#8217;s famous twitter \/ gmail \/ icloud hack,<\/a> was much more a social engineering issue than a technology flaw.<\/p>\n<p>If you are storing sensitive data (however you define sensitive), what are you doing to make your application secure, with out distracting from its functionality?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last night, as I was checking my email before going to bed, I got a note from Apple that their replace\/rebuild of the Developer portal had been completed and all services are working again.\u00a0 Great news, and hopefully Apple has addressed, not only the security flaws identified by the Turkish researcher, but any fundamental design [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_wp_convertkit_post_meta":{"form":"-1","landing_page":"0","tag":"0","restrict_content":"0"},"hide_page_title":"","footnotes":""},"categories":[2],"tags":[26,217,241,356,357,370],"class_list":["post-728","post","type-post","status-publish","format-standard","hentry","category-blog","tag-apple","tag-ios","tag-kevin-mitnick","tag-security","tag-security-now","tag-steve-gibson"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/posts\/728","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/comments?post=728"}],"version-history":[{"count":1,"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/posts\/728\/revisions"}],"predecessor-version":[{"id":2866,"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/posts\/728\/revisions\/2866"}],"wp:attachment":[{"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/media?parent=728"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/categories?post=728"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michaelrowe01.com\/index.php\/wp-json\/wp\/v2\/tags?post=728"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}