Another small selection of interesting stories from recent security blogs.
Why passwords have never been weaker - and crackers have never been stronger.
Over at Ars Technica, Dan Goodin explains why, thanks to real-world data, the keys to your digital kingdom are under assault:
The iPhone Has Passed a Key Security Threshold
So thinks Technology Review contributing editor Simson L. Garfinkel:
Does society really want extremely private mobile devices if they make life easier for criminals? Apple's newly toughened standards sharpen the focus on that question.
Is iPhone Security Really this Good?
Meanwhile, Bruce Schneier has his own perspective on that assertion:
Yes, I believe that full-disk encryption -- whether Apple's FileVault or Microsoft's BitLocker (I don't know what the iOS system is called) -- is good; but its security is only as good as the user is at choosing a good password.
Triple DDoS vs. KrebsOnSecurity
With the best security blog of them all, it's unsurprising that Brian Krebs continues to attract the ire and DDoS arrows of the spambot kings:
According to Prolexic, the one used against KrebsOnSecurity.com was Attack Type 4, a.k.a “Max Flood”; this method carries a fairly unique signature of issuing POST requests against a server that are over a million bytes in length.
There ya go.