security - page 14

Earlier this week, forensic data scientist Jonathan Zdziarski made a bold claim: iOS may be vulnerable to government snooping by design. According to Zdziarski, iOS had multiple backdoors installed that made any device running the OS “almost always at risk of spilling all data,” which in turn made for some “tasty attack points for .gov and criminals.”

Apple, of course, denied having ever worked with the government to install any backdoors. But that didn’t change the fact that these unsecured services do exist, and worse, have gone entirely undocumented. But thankfully, Apple has rectified at least that last problem, penning a new support document that explains what each of Zdziarski’s snoopsome services actually does.

Is iOS spying on you for Apple?

According to forensic scientist Jonathan Zdziarski, quite possibly: Several undocumented services run regularly in the background on over 600 million iOS devices, which could be sending data to Apple.

If you’re flying into or out of the United Kingdom, you’d better make sure your Android or iOS handset is fully charged. With the U.S. government recently announcing that all airline passengers with personal electronics devices will now be required to turn them on to prove that they work, the U.K.’s Department for Transport has announced that the same rules will now apply in the United Kingdom.

The new ruling follows reports that terrorists may be able to use phones and electronic devices as a conveyor of explosives that can get around current security checks.

Future Apple devices may be able to dynamically modify user interface elements, security levels, and other types of behavior based on location, according to a new patent application published Thursday.

Referred to as “Location-sensitive security levels and setting profiles based on detected location,” Apple’s application describes a setup in which both the hardware and software of your iPhone, iPad, and whatever other mobile devices Apple releases in future can seamlessly work together to automatically adjust various UI and device behavior settings.

A new exploit has been discovered in iOS 7.1.1 that lets anyone access your full contacts list and send an email, text or call — just by chatting with Siri.

Egyptian neurosurgeon and part-time hacker Sherif Hashim, apparently the first to discover the security hole, posted a YouTube video detailing the steps of the exploit.

Check out how easy it is for a prankster to hack your phone in the video below:

Despite Apple’s claims that email attachments are safely locked away with data encryption in iOS 7, a new report has found that all your email attachments have been vulnerable and unencrypted for months.

For the second time in around one month, a major flaw has been found in popular open-source security software. The hole, which exists in the login tools OAuth and OpenID, affects many websites including Google, Facebook, Microsoft, LinkedIn, Yahoo, GitHub and others.

The flaw was discovered by Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore. Jing notes that the serious “Covert Redirect” flaw can act as a login popup based on an affected site’s domain. Exploited by an attacker, affected sites may result in users losing control of their login information and personal data — including email addresses, birth dates, and contact lists.

We knew Apple had improved Touch ID recognition in iOS 7.1.1, but now – thanks to Redditor iOSecure – we know how and why.

Apparently, the reason that accuracy would decay over time was down to users screwing up their first scans, when the auto-correction feature needed a perfect start to work properly going forward.

For years Macs have had the reputation of being less susceptible to malware than PCs. According to a new report, that also holds true when it comes to iPhones.

Research by Finnish security firm F-Secure looked at reports of mobile malware detected in the first quarter of 2014. Of the 277 new threats detected, they found that 275 were aimed at the Android platform — while only one targeted iPhones. (The other was for Nokia’s defunct Symbian software.)

Ever lose something? Of course you have. How would like to keep your belongings found, not lost? With StickR TrackR you can do just that.

StickR TrackR is a coin-sized device that can be attached onto or stuck to any item – keys, remotes, bikes, luggage, etc – and works with the corresponding TrackR app to help you locate your missing goods. And Cult of Mac Deals has StickR TrackR available for a limited time for only $19.95!

Apple has released security patches to fix the Heartbleed bug on AirPort base stations, and SSL-based security updates for Apple TVs and Macs.

You should probably go and update all of them as soon as possible.

Swann’s bottomless lineup of security and wifi cameras — the company even sells a camera that isn’t actually a camera — has just added a new model, with a unusual twist.

In addition to all the high-tech bells and whistles one might expect from a high-end wifi camera (like the ability to view the feed from an iOS or Android device through an accompanying app) the new SwannSecure also eddddcomes with its own wireless, 7-inch touchscreen monitor.

When you travel with a Mac laptop, whether a Macbook Pro or Air, you may be leaving it open to malicious users to get into your machine.

One of the things you can do to keep them out of your precious files is to turn off File Sharing completely. Then, if you still want to share files with other Mac users, you can use AirDrop, which is more of a temporary opening of the security gates than File Sharing is.

Note that you can indeed improve security while using File Sharing on and setting up your Firewall with specific ports, but that’s the subject of a different tip.

Apple is one of several tech giants to enter a voluntary agreement to add a global anti-theft “kill-switch” to their handsets from July 2015.

Other companies on board include  Google, HTC, Huawei, Motorola, Microsoft, Nokia, and Samsung — while carriers have reportedly agreed to help “facilitate these measures.”

Apple’s support of the need for a kill-switch doesn’t exactly come as a surprise. The company added an Activation Lock with iOS 7, designed to make it tougher for thieves to use stolen iOS devices. The feature allows users to remotely locate, lock and wipe their iPhones if they are stolen.

By now you’ve heard all about the catastrophic Heartbleed bug and how it has siphoned passwords, credit card numbers, emails and other data to the vampires who would drain all of us dry. From your love life (OKCupid) to your tax returns, there’s a lot at stake.

Since 66% of web servers are vulnerable to the bug, that means you’re faced with only task more fun than decluttering the garage: changing your passwords.

To help you on your password resetting chores, we’ve compiled the best tools to make the process as quick and painless as possible. Also, they’ll sync your new passwords to your iPhone — all in under 10 minutes. Leaving you time to watch Silicon Valley again.  You’re welcome.

Here’s how:

Sure, a simple passcode with four numbers will keep most casual folks out of your iPhone, but if you want it to be really secure, you should think about using an alphanumeric password, like you would on a website or your Mac.

The idea here is simple, the more characters you have (and the less obvious your password is), the better your security. Balancing a large enough number of characters with ease of recall can still be tricky, but I’d bet you’ve got it fairly worked out on the websites you visit — why not use that same acumen on your iOS devices?

Here’s how to turn off the simple passcode in iOS, and set up a more secure one.

Apart from “correct horse battery staple,” the most secure passwords aren’t words, they’re phrases. You don’t even need crazy symbols or hard-to-determine numerals (is that an l or a 1, a 0 or an O?) – just a good, longish phrase made out of words.

And now you don’t even have to make one up. Using the XKPasswd generator, based on but not associated with Randall Munroe’s amazing comic strip XKCD, you can generate secure pass phrases easily.

The Tactivo Mini case for the iPad mini lets you lock down apps so they can only be used when you insert a smart-card into a slot on the back. The idea is that businesses and government agencies can secure software on mobile devices, which sounds like a neat idea.

Drug dealers, pimps and other criminals should be getting excited right now, of they live in Germany at least – their burner phones are about to get a whole lot more secure.

Why? Vodafone Germany has announced an encrypted SIM that will secure your precious data as it leaves the phone. The “digital private key and corresponding certificates” are stored on the SIM itself so it should all work with just a PIN on the device.

Apple has released an new update for Mavericks that fixes the goto fail SSL vulnerability that was patched up on iOS last week with the iOS 7.0.6 update.

Along with fixing SSL/TLS vulnerability, the update brings in a couple of new features such as FaceTime audio calls, call waiting for FaceTime, the ability to block incoming iMessages, not to mention numerous bug fixes.

The update is available by going to Apple menu () > Software Update to check for the latest Apple software using the Mac App Store.

Here are the release notes:

ESET Cyber Security Pro fortifies your Mac’s built-in defenses, protecting against Mac and Windows-based threats, hackers and other attacks all while shielding your kids from inappropriate web content.

And now you can get one year of ESET Cyber Security Pro for $29 – 51% off the regular price!

On February 21st, Apple released iOS 7.0.6, a small software update that provided “a fix for SSL connection verification.” The same SSL fix was also released for older iOS 6 devices and the Apple TV. Apple pushes out smaller bug fixes from time to time, so at first glance 7.0.6 seemed like a pretty normal update.

But in reality, Apple patched a major security flaw that has potentially compromised millions of peoples’ data for years. Nicknamed “gotofail,” the bug has been flying under the radar for quite some time, and it still hasn’t been patched in OS X.

Did you watch that? It’s total crap.

The security expert quoted in the piece, Kyle Wilhoit, has just written a blog post that calls out the report, essentially saying that the hacks shown in the video can happen anywhere, and require some risky user behavior to even happen.

That’s a long way from “if [tourists] fire up their phones at baggage claim, it’s probably too late to save the integrity of their electronics,” as Brian Williams claims in the clip above.

Talk about fear-mongering.

To be honest, you could probably leave your new Mac Pro on the floor next to your desk and any office burglars would just mistake it for a rather small trash can. But if you want a little more security, you might consider adding something Apple didn’t provide for: a Kensington-style lock. A new security bracket from MacLocks features a design as clever as that of the computer it protects.

Last week, a speech recognition developer found a potential exploit in the Chrome web browser that could possibly let malicious web sites activate your Mac’s microphone and listen in on any sounds your mic might pick up around you. Even if you’re not actively using your computer, the mic could be active and conversations, meetings, and phone calls could potentially be recorded or listened in on.

Luckily, there’s a way to keep this from happening, because–however remote the possibility–it’s always a good idea to keep your private information, including real-world conversations, private.

Of course, if you don’t use the Chrome browser at all, this won’t apply to you.