iOS and OS X bug lets attackers steal passwords from iCloud Keychain

By

apple-iphone-cracked-security-mac-ios-malware-flaw
Researchers cracked iCloud Keychain and bypassed App Store approval processes.
Photo: Faris Algosaibi/Flickr CC

A group of six university researchers claim to have successfully bypassed Apple’s tight App Store approval processes to publish Mac and iOS malware apps. According to the report, the team presented the zero-day vulnerability to Apple back in October 2014 and were told to keep quiet about it for at least six months.

Luyi Xing, a security researcher who helped expose the zero day vulnerability, still has yet to hear back from Apple on a possible fix.

Apple’s biggest security threat is you

By

Greece is getting a free month of iCloud
iCloud faces some tough security issues. Photo: Jim Merithew/Cult of Mac
Photo: Jim Merithew/Cult of Mac

iCloud passwords and security passwords can be guessed using social networking and various phishing techniques, and complex passwords and two-step verification are not as intuitive as they should be.

In a delightfully complete article over at TidBITS, author Rich Mogul lays out the facts behind the current spate of Apple security problems – most of which boil down to this: People are the weakest link in the chain.

As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.

The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.

Why A Selfie Could Be More Secure Than A Password

By

facecrypt_converted

Brazenly calling itself the “ultimate defense” for protecting passwords, documents, credit cards and all your other private stuff, FaceCrypt is being advertised as one of the most secure ways of controlling access to your iOS device.

Instead of asking for an alphanumeric password — or even Touch ID — FaceCrypt requests that users take a “selfie” to prove they are really the person they say they are.

Security Sweep For Your Email, Backup, Browsing, Contacts and IMs

By

sec.jpeg

This article first appeared in the Cult of Mac Newsstand magazine

Just because you’re paranoid doesn’t mean they aren’t out to get you. But short of installing an air-gap, what can you really do to improve security on your iDevices?

The good news is that your iPhone is probably the safest phone you can use, but you would be correct not to trust any U.S-based company with your data, even Apple (which makes its money selling you shiny toys and may therefore be less interested in selling your data).

But if you want to move as much of your data as possible away from iCloud, here are some service and products to help you. You won’t find them as convenient as Apple’s built-in services, but they might keep your data a little safer.

How to Stop Social Apps From Tracking You

By

map

This article first appeared in the Cult of Mac Newsstand magazine

Thanks to Apple’s tireless vetting of App Store apps, it’s tricky for an app to flat-out snoop on you. Then again, the behavior of some apps could be thought of as snooping if you squint and look at them the wrong way.

Foursquare is all about location, but that’s because it knows exactly where you are. And Facebook is… Well, Facebook likes to know things about you.

But you can keep earning Mayorships and tweeting your pictures without telling everyone where you live, or letting them post your location to Facebook. Just follow our handy guide to the privacy settings of various famous apps.