Spotlight Search could also shine a light on your personal details. Photo: Jim Merithew/Cult of Mac
Apple is normally pretty hot on security, but a new glitch discovered in OS X Yosemite’s search threatens to expose the private details of Apple Mail users — including IP addresses, and more — to online spammers and phishers.
The privacy risk occurs when people use Spotlight Search, which also indexes emails received with the Apple Mail email client. When performing searches on a Mac, Spotlight shows previews of emails and automatically loads external images in the HTML email.
Don’t let online hackers get into your home … directory. Photo: Scott Schiller/Flickr CC Flickr
We all make compromises daily when it comes to online security. Everybody wants to be safe and secure when making purchases online, but practically none of us do everything necessary to keep our data secure.
“People, myself included, are basically lazy,” web developer Joe Tortuga told Cult of Mac, “and ease of use is inversely related to security. If it’s too difficult, then people just won’t do it.”
With all the recent hacks into private as well as corporate data — like the credit card grab from Home Depot and the hack into Sony’s files, there’s no better time to learn some of the things we all can do to protect ourselves. We spoke to some online security experts to get their advice.
This post is brought to you by IdeaSolutions, creator of KYMS.
What better way to keep your media safe than to encrypt your files and hide them behind an iOS app that appears to be nothing more than a stylish calculator? KYMS (Keep Your Media Safe) encrypts all your multimedia files, photos, documents, passwords and much more, then stashes them inside a military-grade vault that’s hiding in plain sight.
Google has launched a new online tool that allows users to see all the devices that have logged into their account in the last 28 days. If you have suspicions that someone may be logging into your Google account without your permission, you can log in and quickly identify any unauthorized access from computers and mobile devices.
The trusty green lock you should be paying attention to while surfing. Screenshot: Alex Heath/ Cult of Mac
Recent reports of iCloud phishing attempts in China illustrate just how important it is always verify that you’re logging into legitimate websites before you enter your precious passwords.
To help, Apple today outlined how users can protect themselves from phishing attacks, in which bad guys pose as legitimate entities in an attempt to gain sensitive data on the web. Apple’s simple PSA page shows how web surfers can verify the authenticity of any website.
As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.
The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.
Speaking with reporters Thursday, FBI director James Comey described himself as “very concerned” by steps tech companies like Apple are taking to strengthen privacy on mobile devices.
“I am a huge believer in the rule of law, but I am also a believer that no one in this country is beyond the law,” Comey said. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.”
Apple was aware of the iCloud vulnerability which resulted in dozens of nude celebrity images being leaked earlier this month.
According to emails between Apple and noted security expert Ibrahim Balic, Cupertino was given information of a similar security flaw as early as March of this year. In an email from that month, Balic informed an Apple official that he had successfully bypassed the feature designed to stop a so-called “brute-force” attack taking place.