You may (or may not) have noticed that it’s been a while between entries here. A record time, in fact. There are two good reasons for this long interval:

1. • There’s been very little news in the Mac security world
   

2. • OK, we admit it, we’ve been very busy working on a top-secret iPhone project, which we just submitted to the Apple Design Awards contest.
   

Both of these reasons are, as we said, “good.” In the security world, no news is certainly good news. And we’re optimistic that our iPhone product is going to greatly enhance our current product line, although perhaps in a way that some will find surprising.

The last few days have brought a couple pieces of interesting security news:

1. Leopard’s Back to My Mac system, which we’ve written about extensively here, was used in an interesting way to recover a stolen laptop (so interesting that many newspapers, including the New York Times, actually ran articles). Although we’ve recommended against use of Back to My Mac unless you really know what you’re doing, we’ve also always said that the risk of machine loss due to theft and other related “physical” issues is way higher than the risk of attack over the Internet. So, in a strange sense, Back to My Mac seems to be an insurance policy against really stupid thieves stealing your computer and putting it, unmodified, back on the Internet!
   

2. 
   

3. A recent paper provides very interesting details about the latest spike in “brute-force” SSH (remote login) based “dictionary” attacks. As we’ve said in the past, enabling SSH is highly risky, and should only be done if you’re sure you have a very, very good password.