All items in the category "Security"

Full category list for displayed posts: iOS, News, Security

iOS and OS X bug lets attackers steal passwords from iCloud Keychain


Researchers cracked iCloud Keychain and bypassed App Store approval processes.

A group of six university researchers claim to have successfully bypassed Apple’s tight App Store approval processes to publish Mac and iOS malware apps. According to the report, the team presented the zero-day vulnerability to Apple back in October 2014 and were told to keep quiet about it for at least six months.

Luyi Xing, a security researcher who helped expose the zero day vulnerability, still has yet to hear back from Apple on a possible fix.

Read the rest of this post »

Apple’s biggest security threat is you

iCloud faces some tough security issues. Photo: Jim Merithew/Cult of Mac

iCloud faces some tough security issues. Photo: Jim Merithew/Cult of Mac

iCloud passwords and security passwords can be guessed using social networking and various phishing techniques, and complex passwords and two-step verification are not as intuitive as they should be.

In a delightfully complete article over at TidBITS, author Rich Mogul lays out the facts behind the current spate of Apple security problems – most of which boil down to this: People are the weakest link in the chain.

As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.

The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.

Read the rest of this post »

Why A Selfie Could Be More Secure Than A Password


Brazenly calling itself the “ultimate defense” for protecting passwords, documents, credit cards and all your other private stuff, FaceCrypt is being advertised as one of the most secure ways of controlling access to your iOS device.

Instead of asking for an alphanumeric password — or even Touch ID — FaceCrypt requests that users take a “selfie” to prove they are really the person they say they are.

Read the rest of this post »

Security Sweep For Your Email, Backup, Browsing, Contacts and IMs


This article first appeared in the Cult of Mac Newsstand magazine

Just because you’re paranoid doesn’t mean they aren’t out to get you. But short of installing an air-gap, what can you really do to improve security on your iDevices?

The good news is that your iPhone is probably the safest phone you can use, but you would be correct not to trust any U.S-based company with your data, even Apple (which makes its money selling you shiny toys and may therefore be less interested in selling your data).

But if you want to move as much of your data as possible away from iCloud, here are some service and products to help you. You won’t find them as convenient as Apple’s built-in services, but they might keep your data a little safer.

Read the rest of this post »

How to Stop Social Apps From Tracking You


This article first appeared in the Cult of Mac Newsstand magazine

Thanks to Apple’s tireless vetting of App Store apps, it’s tricky for an app to flat-out snoop on you. Then again, the behavior of some apps could be thought of as snooping if you squint and look at them the wrong way.

Foursquare is all about location, but that’s because it knows exactly where you are. And Facebook is… Well, Facebook likes to know things about you.

But you can keep earning Mayorships and tweeting your pictures without telling everyone where you live, or letting them post your location to Facebook. Just follow our handy guide to the privacy settings of various famous apps.

Read the rest of this post »

Lock Down Your Security Settings In iOS 7

sec sweep

This article first appeared in the Cult of Mac Newsstand magazine

The safest way to use your iPhone is to switch it off, open it up and remove the battery. But this is clearly impractical if you want to do anything more than pretend you have an Android phone.

Some guides have shown us how to increase our security by switching off all manner of services, from iCloud to geotagging for our photos. But if you do that, why buy an iPhone in the first place? And even if you only want to make calls, no amount of on-phone hackery will help you if the folks from The Wire are on your tail.

That’s not to say you shouldn’t be aware of what your iPhone is up to, and with this in mind we bring you a guide to the hidden and not-so-hidden settings you’ll need in iOS 7.

Read the rest of this post »

Why Is Apple Being Evasive About PRISM?


Apple posted a public notice called “Apple’s Commitment to Customer Privacy” in which they dodge and weave their way through key bits of information.

It’s not clear whether this deliberately cagey language is done to comply with the unconstitutional and illegal FISA requirements or whether Apple chose to hide this information for its own purposes, but I suspect the former, and I’ll tell you why.

But first, let’s look at Apple’s constrained, disingenuous statement.

Read the rest of this post »

Why Apple Is Buying AuthenTec

Why Apple Is Buying AuthenTec

Apple announced its intention this week to buy AuthenTec for about $355 million.

If approved, the acquisition will bring several things to Apple, including the acceleration of its mobile wallet initiative; good technology for encrypting data and content, such as movies; and patent protection for several areas of mobile security.

The biggest thing Apple gets out of this is probably a strong play for using biometrics for identity in general — for online and brick-and-mortar purchases, for logging into web sites and even for digital signatures.

And it doesn’t hurt that taking AuthenTec out of the game as an independent company will be devastating to nearly all of Apple’s biggest competitors, including Google and its Android partners, and Microsoft and its OEM hardware partners. 

Read the rest of this post »

Apple Patents Lying to Those Who Are Spying

Apple Patents Lying to Those Who Are Spying

You’ve heard the predictions. We’re quickly slouching toward a world in which your every move, every purchase, every act of “content consumption” will be meticulously and automatically monitored, tracked and captured. Algorithms will constantly profile you so advertisers can make their advertising specific to your location, preferences, personality, social group, income and education level and more.

Facebook’s future depends on this idea. This is one reason why Google launched Google+. This is why Microsoft launched Bing. This is why investors are bullish on location-based services like Foursquare. This is why created its own web browser.

Every major technology company, it seems, is scrambling to get into the user-data harvesting racket.

Everyone except Apple.

Why didn’t Apple buy Facebook or Twitter? Why didn’t Apple launch its own social network? What is Apple’s strategy for harvesting data about users?

I’ve been puzzled by these questions, and wondering out loud on this site exactly when and how Apple would reveal its strategy for competing on the personal-data collection battlefield.

But this week, something shocking happened that made me think: Maybe Apple isn’t going to get into the data-harvesting business at all. Maybe Apple is going to fight it!

Read the rest of this post »

Why Hackers Target Small Businesses Who Use Macs, iPads & iPhones

Why Hackers Target Small Businesses Who Use Macs, iPads & iPhones

CC-licensed, thanks via Flickr.

If you’re a freelance or independent developer, designer, content jockey or two-person startup, you may not even consider yourself a small business.

But the client data on your laptop and the banking you do with your iPhone leaves you wide open as a target for hackers — and lawyers.

For Neal O’Farrell, executive director of the San Francisco nonprofit Identity Theft Council, thinking you’re too small to get serious about security is about as dumb as you can get.

Read the rest of this post »