Dropbox rolls out USB keys to keep your files safer

By

More security with less hassle.
More security with less hassle.
Photo: Dropbox

Worried about the security of your Dropbox files, even if you use two-step verification? Dropbox has your back now with a new USB key-based system to ensure that you are the only one able to access your files in the Dropbox cloud.

“Today,” Dropbox writes on its website, “we’re adding Universal 2nd Factor (U2F) security keys as an additional method for two-step verification, giving you stronger authentication protection.”

Are Android security scares really as bad as they seem?

By

It's that time of the week again!
It's that time of the week again!
Photo: Ste Smith/Cult of Mac

After the discovery of several dangerous flaws in a few short weeks, Android’s security — or lack thereof — has been big news. Google has acted quickly to eliminate the Stagefright flaw that left 95% of Android devices vulnerable to attack, but others have since wormed their way out of the woodwork.

Friday-Night-Fights-bug-2Now fans are asking how these flaws made their way into public Android releases, compromising the security of more than 1 billion users worldwide. Could Google be doing more to prevent it? And are its hardware partners doing all they can to patch holes in their own software?

Join us in this week’s Friday Night Fight between Cult of Android and Cult of Mac as we fight it out over these questions and more!

Apple will patch serious security flaws in OS X ‘as soon as possible’

By

Tim Cook addresses the White House Summit on Cybersecurity and Consumer Protection. Photo: White House
Tim Cook talks cybersecurity earlier this year.
Photo: White House

Apple plans to issue an update fixing two severe OS X Yosemite security flaws “as soon as possible,” according to a new report.

One bug is the recently discovered Thunderstrike 2, which allows attackers to overwrite a computer’s firmware in a way that is impossible to reverse unless users have the wherewithal to open up their Mac and manually reflash the chip.

The other is a “privilege escalation” bug known as DYLD that allows a program to run as though it has administrator access without prompting users to enter their passwords.

Thunderstrike 2 worm can infect your Mac without detection

By

Researchers have created the first undetectable firmware worm for Mac.
Researchers have created the first undetectable firmware worm for Mac.
Photo: Jim Merithew/Cult of Mac

Apple has touted the Mac’s resistance to viruses for decades as a selling point over Windows PCs, but a team of researchers have created a new firmware worm for Mac that might just make you want to go back to doing work on good old pencil and paper.

Two white-hat hackers discovered that several vulnerabilities affecting PC makers can also bypass Apple’s renowned security to wreak havoc on Mac firmware. The two created a proof-of-concept of the worm called Thunderstrike 2 that allows firmware attacks to be spread automatically from Mac to Mac. Devices don’t even need to be networked for the worm to spread, and once it’s infected your machine the only way to remove it is to open up your Mac and manually reflash the chip.

Here’s a preview of Thunderstrike 2 in action: