The Lighthouse IT Podcast - September 24th, 2021
Continuing the discussion on cyber security during this year's National Cybersecurity Awareness Month (NCSAM), we will be talking about the Cybersecurity and Infrastructure Security Agency’s (CISA) list of cyber security essentials.
There are three specific actions that CISA recommends all people take.
First of these actions is to make and keep regular backups of your data. In the unfortunate event of a device malfunction or if a malware attack renders your data inaccessible, having backups can change the scenario from disastrous to inconvenient. You can read more about backups here.
The Lighthouse IT Podcast - June 5th, 2020
Matt and Griffin are back as they discuss how Sign-in with Apple was much easier than we all thought, why it may be a good reason to upgrade to the dreaded Android 10, and what updates Google has been making to the world of SEO.
We’ve all used the log-in service on a website or app by supplying our Facebook or Google credentials. Just like these providers, the sign-in with Apple allows site visitors to use their Apple ID credentials to sign-in to other websites.
A security research from Delhi, India has discovered an account takeover flaw in Apple's Sign-in with Apple system. These systems work by allowing you to login to a popular service and receiving a "token" that authorizes you access to the websites that use the login service.
The security researcher discovered if he could identify a valid email address of an Apple ID (which was openly contained in an initial login request), he could pass the email address to a publicly accessible web service and retrieve a valid token. No password was required to do this.
Luckily, because of the bug report being completed properly, Apple was able to very quickly patch the open flaw and states that its investigations did not show any misuse or compromise. Which is good news for services such as Adobe, Airbnb, Dropbox, eBay, Grindr, Medium, Strava, Tik Tok, and even WordPress that utilize this log-in method.