Following two recent hacks of its iTunes store. iTunes users should now change the password on their iTunes account as well as switching to a prepaid debit card for the service, according to Fortify (http://www.fortify.com), a company that specializes in software security assurance.
Barmak Meftah, Fortify’s chief products officer, told “Help Net Security” that, while Apple will almost certainly stomp on this iTunes hacking methodology, the modus operandi is similar to that used by trending malware coders, who continually check online search trends and pump out malware via a range of hastily-registered infected web sites. It boils down to raising the profile of an infected piece of code or Web site until a group of online users sees the code or web site and thinks “ooh — that looks interesting,” and then infects their computer with a trojan or malware, he added.
Meftah says that using a pre-paid debit card such as the Paypal Visa top-up card makes a lot of sense for use on online sites like iTunes. And F-Secure (http://www.f-secure.com/weblog/archives/00001983.html) — which offers antivirus software, Anti Spyware, firewall and Internet security tools for home users and businesses — recommends you change your password for iTunes (and other online accounts) regularly. According to a recent survey by the company, about 20% of folks use the same password for all of their accounts.