Shamil's Blog. Software Engineering Processes, Android, CI, Devops.

It's always makes sense to spend money on security and especially on threat modelling. This can prevent lots of situations like the loss of users' personal data and account cracking.

Of course sometimes companies use any little reason to get more pieces of personal information, like the mobile phone number. For example, it makes absolutely no sense to ask for a phone number after "unusual account activity" has been already detected. Asking the one user who is logging in to provide his phone number (and possibly linking it to the account as 2FA or account recovery channel) actually is very bad idea in this situation! Because if attacker already has password on hand he can also link his phone number thus effectively preventing the account owner from logging into account forever.

Threat modelling can help understand such situations and prevent them.

Labels: account, security, threat model

The reason is my bluetooth headset :) It sometimes mistakenly connects to laptop (which does not turn off BT for some reason) instead of phone, and OS launches iTunes to feed headset with some music. Solution probably is to turn off "wake up computer" option in settings -> BT -> advanced.

Labels: bluetooth, headset, knock-knock, osx, resume, sleep, wakeup