The trusty green lock you should be paying attention to while surfing. Screenshot: Alex Heath/ Cult of Mac
Recent reports of iCloud phishing attempts in China illustrate just how important it is always verify that you’re logging into legitimate websites before you enter your precious passwords.
To help, Apple today outlined how users can protect themselves from phishing attacks, in which bad guys pose as legitimate entities in an attempt to gain sensitive data on the web. Apple’s simple PSA page shows how web surfers can verify the authenticity of any website.
As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.
The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.
Speaking with reporters Thursday, FBI director James Comey described himself as “very concerned” by steps tech companies like Apple are taking to strengthen privacy on mobile devices.
“I am a huge believer in the rule of law, but I am also a believer that no one in this country is beyond the law,” Comey said. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.”
Apple was aware of the iCloud vulnerability which resulted in dozens of nude celebrity images being leaked earlier this month.
According to emails between Apple and noted security expert Ibrahim Balic, Cupertino was given information of a similar security flaw as early as March of this year. In an email from that month, Balic informed an Apple official that he had successfully bypassed the feature designed to stop a so-called “brute-force” attack taking place.
Today Apple quietly expanded its use of two-factor authentication to protect iCloud users. Now those who have enabled the added security measure will be asked to verify their identity with a secondary device when logging into iCloud.com.
PayPal is feeling threatened. After Apple announced its new mobile payment platform Apple Pay last week, PayPal took out a full-page ad in The New York Times, blasting Apple’s security record in the wake of the celebrity nude scandal.
On Monday, the office of Connecticut attorney general George Jepsen revealed that he had sent an open letter to Tim Cook noting concerns about the privacy implications of Apple Watch, particularly related to the handling of health data.
With that in mind, a London-based designer recently launched an intriguing Kickstarter campaign, to create a clothing label aimed at raising awareness about high-tech security.
The clothes are all cleverly constructed around a removable waterproof stealth pocket, made from police-grade shielding fabrics, designed to securely block all Cell, WiFi, GPS and RFID signals to ~100 dB.
It was only a matter of time before Apple spoke out more publicly about the controversy surrounding the compromised iCloud accounts of numerous celebrities.
In an interview with The Wall Street Journal, Tim Cook revealed that Apple is adding new security measures to iCloud in the coming weeks. Users will be notified by email and a push notification for account activity, including whenever an iCloud backup is accessed. Two-step verification will also be strengthened to cover more aspects of iCloud.
Cook also said that Apple plans to raise more “awareness” about internet security.