Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Apple and Starbucks are two of the world’s most trusted companies, but their reputations were recently tarnished thanks to some novice cybersecurity mistakes. Both setup systems that could have allowed hackers to break into customers' accounts by repeatedly trying different passwords, a procedure commonly known as a “brute force” attack. The mistake both firms made was in not employing the simple tactic of automatically locking accounts after several failed attempts to enter a password. Last week it was revealed such tactics allowed thieves to steal money from users of Starbucks' mobile app. In 2014, an investigation around the publishing of nude photos of celebrities taken from their iCloud storage accounts, identified that intruders could access Apple’s Find My iPhone app by continually trying different login details. In order to protect against this type of attack, many sites block login after a given number of incorrect attempts. The system can then go into a permanent lock-out mode (where the user must perform a lock-out procedure, such as calling the hosting company to verify their account), or lock out for a given time (known as the hold-down time).
Buchanan, W. J. (2015). Apple and Starbucks could have avoided being hacked if they'd taken this simple step
Other Type | Newspaper Article |
---|---|
Publication Date | May 19, 2015 |
Deposit Date | Aug 7, 2015 |
Publicly Available Date | May 15, 2017 |
Keywords | Apple; Starbucks; cybersecurity; brute force attack; password lockout; |
Public URL | http://researchrepository.napier.ac.uk/id/eprint/8778 |
Apple and Starbucks could have avoided being hacked if they\'d taken this simple
(<nobr>406 Kb</nobr>)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nd/4.0/
Apple And Starbucks Could Have Avoided Being Hacked If They'd Taken This Simple Step
(<nobr>674 Kb</nobr>)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nd/4.0/
A framework for live host-based Bitcoin wallet forensics and triage
(2022)
Journal Article
A DNA Based Colour Image Encryption Scheme Using A Convolutional Autoencoder
(2022)
Journal Article
Comparison of Entropy Calculation Methods for Ransomware Encrypted File Identification
(2022)
Journal Article
A comprehensive survey of authentication methods in Internet-of-Things and its conjunctions
(2022)
Journal Article
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
Apache License Version 2.0 (http://www.apache.org/licenses/)
Apache License Version 2.0 (http://www.apache.org/licenses/)
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Advanced Search