15 October, 2013 | The Register - http://www.theregister.co.uk/
Can you trust 'NSA-proof' TrueCrypt? Cough up some dough and find outTrueCrypt's documentation makes it plain that it can't secure data on a computer compromised by malware or a hardware keylogger. It's also well known in computer forensics circles that TrueCrypt keys can be recovered from memory, even using commercial tools from the likes of ElcomSoft, given physical access to a powered-up machine.
22 August, 2013 | Dark Reading - http://www.darkreading.com/
ElcomSoft Speeds Up Phone Password Breaker, Enables Real-Time iCloud RecoveryThe new release enables selective recovery of certain types of data stored in Apple iCloud, enabling true real-time access to forensically significant information. By enabling real-time access to information stored in iCloud, ElcomSoft provides law enforcement organizations with live access to users' online backups, eliminating the need to wait while the full backup with irrelevant information gets downloaded. At this time, Elcomsoft Phone Password Breaker remains the only tool on the market that can download iCloud backups to a PC. Apple does not support direct data downloads, only allowing to restore iCloud backups onto a freshly initialized iOS device.
4 June, 2013 | FierceCIO:TechWatch - http://www.fiercecio.com/
Apple's two-step verification won't protect iCloud dataContrary to what users may believe, Apple's (NASDAQ: AAPL) two-step authentication does not offer additional protection against hackers who try to get data stored within the iCloud service, according to ElcomSoft CEO Vladimir Katalov. ElcomSoft is a well-known Russian security firm that specializes in a range of password and encryption-busting tools.
3 June, 2013 | AppAdvice - http://appadvice.com/
Report: Apple's Two-Step Authentication Doesn't Protect iCloud DataApple launched a new two-step authentication system for iCloud back in March, and rolled the feature out internationally a couple of months later. According to a new report, however, iDevice users should be aware that Apple’s two-step authentication does not protect iCloud backups, and nevertheless leaves users vulnerable to the kind of hack which last year controversially struck Wired’s Matt Honan.
3 June, 2013 | GigaOM - http://gigaom.com/
Apple two-factor security efforts “half-hearted,” says security researcherLike many large tech companies, Apple has recently introduced a two-step security measure for Apple users. But Elcomsoft software finds that iCloud data and device backups are left unprotected, and that the company needs to do more to improve user protection.
1 June, 2013 | Mobile & Apps - http://www.mobilenapps.com/
Apple IDs vulnerable even after 'two-factor authentication'Apple was looking at its new two-factor authentication to improve the security for the Apple ID and iCloud access, but it seems like the Cupertino-based tech giant has to work harder to provide better protection to its users' data.
31 May, 2013 | Ars Technica - http://arstechnica.com/security/
iCloud users take note: Apple two-step protection won’t protect your dataIf you think your pictures, contacts, and other data are protected by the two-step verification protection Apple added to its iCloud service in March, think again. According to security researchers in Moscow, the measure helps prevent fraudulent purchases made with your Apple ID but does nothing to augment the security of files you store. To be clear, iCloud data is still secure so long as the password locking it down is strong and remains secret. But in the event that your account credentials are compromised—which is precisely the eventuality Apple's two-factor verification is intended to protect against—there's nothing stopping an adversary from accessing data stored in your iCloud account. Researchers at ElcomSoft—a developer of sophisticated software for cracking passwords—made this assessment in a blog post published Thursday.
31 May, 2013 | CNNMoney - http://money.cnn.com/
Apple's new security system has holesApple recently beefed up its authentication system in an effort to thwart hackers, but a new report shows the security measure is lacking in one huge area. Back in March, Apple (AAPL, Fortune 500) unveiled an optional "two-factor authentication" login method for its Apple ID. It's a basic security tool already used by Google (GOOG, Fortune 500), Facebook (FB) and Dropbox that requires both a password and a piece of data, such as a string of numbers sent via text message. Twitter also recently unveiled such a system following a series of prominent hacks of Twitter accounts. But security software company ElcomSoft explained in a blog post Thursday that Apple's new security measures protect users only in a few situations: app and music purchases, managing an Apple ID account or receiving customer support related to Apple ID. It does nothing to protect other important information, like photos and other files stored on its iCloud service.
31 May, 2013 | Infosecurity - http://www.infosecurity-magazine.com/
Apple’s two-factor authentication is not very thoroughBack in February, Norwegian hackers were raiding teenage girls’ iCloud accounts, downloading photos and offering them for sale. By March, Apple had introduced and started to roll out optional two-factor authentication to improve security. But it’s not that good, reports Elcomsoft.
31 May, 2013 | SC Magazine, Australia - http://www.scmagazine.com.au/
Apple 2FA doesn't cover iCloudAttackers can bypass Apple's two-factor authentication to download and install a victim's iPhone and iPad backups, a security firm has revealed. The Cupertino company deployed two-factor authentication for Apple identities in March, requiring a second form of verification for account management and iTunes or App Store purchases. But it did not extend the security across its iCloud service, meaning an attacker with a target's username and password in hand could still download and restore an iOS backup.