security - page 14

By now you’ve probably heard about the avalanche of celebrity nude photos that slammed the Web on Labor Day. But amid the chaos of FBI investigations, celeb denials and Apple PR releases that say basically nothing, understanding how the attackers executed the hack — and how to prevent it from happening to you — hasn’t been so clear.

Apple recommended that all users enable two-step verification “to protect against this type of attack,” but the truth about iCloud’s two-step security is a little more complicated than Apple’s letting on, and turning it on probably wouldn’t have prevented the celebrities’ pics from getting hacked in the first place.

To help sort through the confusing mess, we’ve broken down everything you need to know about iCloud’s security and how you can use two-factor authentication and other security steps to keep some perv named 4chan from blasting your nips all over the Internet.

If you make something private, obviously you want it to stay that way. But with hackers trying to get at your data, you need to be prepared. Following the recent iCloud hacking that leaked tons of private celebrity photos, there’s a renewed focus on security.

In today’s video, we show you how to enable two-step verification on all your Apple devices so you’ll have a better chance of keeping everything that’s near and dear to you private and secure.

Subscribe to Cult of Mac TV on YouTube to catch all our latest videos.

It may dominate 80 percent of China’s high-end smartphone market, but one place Apple’s not racking up supporters or sales is in the Chinese government.

In fact, according to a new list drawn up by the country’s National Development and Reform Commission and Ministry of Finance, Apple products are persona non grata when it comes to high tech devices that public money is allowed to be spent on.

The reason is security concerns, in the wake of increased fears about hacking and cyberspying. “When the government stops the procurement of products, it sends a signal to corporates and semi-government bodies,” says Mark Po, an analyst with UOB Kay Hian Ltd. in Hong Kong. “The Chinese government wants to make sure that overseas companies shouldn’t have too much influence in China.”

According to findings by researchers Karsten Nohl and Jakob Lell, USB security may be profoundly broken, with no way around it.

Nohl and Lell have highlighted a flaw in USB devices which potentially offer hackers the ability to sidestep all currently known security measures used by a computer. Called the BadUSB exploit, the vulnerability allows hackers to meddle with the firmware which controls the functions of various USB plug-ins, such as mice, keyboards and thumb drives.

Earlier this week, forensic data scientist Jonathan Zdziarski made a bold claim: iOS may be vulnerable to government snooping by design. According to Zdziarski, iOS had multiple backdoors installed that made any device running the OS “almost always at risk of spilling all data,” which in turn made for some “tasty attack points for .gov and criminals.”

Apple, of course, denied having ever worked with the government to install any backdoors. But that didn’t change the fact that these unsecured services do exist, and worse, have gone entirely undocumented. But thankfully, Apple has rectified at least that last problem, penning a new support document that explains what each of Zdziarski’s snoopsome services actually does.

Is iOS spying on you for Apple?

According to forensic scientist Jonathan Zdziarski, quite possibly: Several undocumented services run regularly in the background on over 600 million iOS devices, which could be sending data to Apple.

If you’re flying into or out of the United Kingdom, you’d better make sure your Android or iOS handset is fully charged. With the U.S. government recently announcing that all airline passengers with personal electronics devices will now be required to turn them on to prove that they work, the U.K.’s Department for Transport has announced that the same rules will now apply in the United Kingdom.

The new ruling follows reports that terrorists may be able to use phones and electronic devices as a conveyor of explosives that can get around current security checks.

Future Apple devices may be able to dynamically modify user interface elements, security levels, and other types of behavior based on location, according to a new patent application published Thursday.

Referred to as “Location-sensitive security levels and setting profiles based on detected location,” Apple’s application describes a setup in which both the hardware and software of your iPhone, iPad, and whatever other mobile devices Apple releases in future can seamlessly work together to automatically adjust various UI and device behavior settings.

A new exploit has been discovered in iOS 7.1.1 that lets anyone access your full contacts list and send an email, text or call — just by chatting with Siri.

Egyptian neurosurgeon and part-time hacker Sherif Hashim, apparently the first to discover the security hole, posted a YouTube video detailing the steps of the exploit.

Check out how easy it is for a prankster to hack your phone in the video below:

Despite Apple’s claims that email attachments are safely locked away with data encryption in iOS 7, a new report has found that all your email attachments have been vulnerable and unencrypted for months.

For the second time in around one month, a major flaw has been found in popular open-source security software. The hole, which exists in the login tools OAuth and OpenID, affects many websites including Google, Facebook, Microsoft, LinkedIn, Yahoo, GitHub and others.

The flaw was discovered by Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore. Jing notes that the serious “Covert Redirect” flaw can act as a login popup based on an affected site’s domain. Exploited by an attacker, affected sites may result in users losing control of their login information and personal data — including email addresses, birth dates, and contact lists.

We knew Apple had improved Touch ID recognition in iOS 7.1.1, but now – thanks to Redditor iOSecure – we know how and why.

Apparently, the reason that accuracy would decay over time was down to users screwing up their first scans, when the auto-correction feature needed a perfect start to work properly going forward.

For years Macs have had the reputation of being less susceptible to malware than PCs. According to a new report, that also holds true when it comes to iPhones.

Research by Finnish security firm F-Secure looked at reports of mobile malware detected in the first quarter of 2014. Of the 277 new threats detected, they found that 275 were aimed at the Android platform — while only one targeted iPhones. (The other was for Nokia’s defunct Symbian software.)

Ever lose something? Of course you have. How would like to keep your belongings found, not lost? With StickR TrackR you can do just that.

StickR TrackR is a coin-sized device that can be attached onto or stuck to any item – keys, remotes, bikes, luggage, etc – and works with the corresponding TrackR app to help you locate your missing goods. And Cult of Mac Deals has StickR TrackR available for a limited time for only $19.95!

Apple has released security patches to fix the Heartbleed bug on AirPort base stations, and SSL-based security updates for Apple TVs and Macs.

You should probably go and update all of them as soon as possible.

Swann’s bottomless lineup of security and wifi cameras — the company even sells a camera that isn’t actually a camera — has just added a new model, with a unusual twist.

In addition to all the high-tech bells and whistles one might expect from a high-end wifi camera (like the ability to view the feed from an iOS or Android device through an accompanying app) the new SwannSecure also eddddcomes with its own wireless, 7-inch touchscreen monitor.

When you travel with a Mac laptop, whether a Macbook Pro or Air, you may be leaving it open to malicious users to get into your machine.

One of the things you can do to keep them out of your precious files is to turn off File Sharing completely. Then, if you still want to share files with other Mac users, you can use AirDrop, which is more of a temporary opening of the security gates than File Sharing is.

Note that you can indeed improve security while using File Sharing on and setting up your Firewall with specific ports, but that’s the subject of a different tip.

Apple is one of several tech giants to enter a voluntary agreement to add a global anti-theft “kill-switch” to their handsets from July 2015.

Other companies on board include  Google, HTC, Huawei, Motorola, Microsoft, Nokia, and Samsung — while carriers have reportedly agreed to help “facilitate these measures.”

Apple’s support of the need for a kill-switch doesn’t exactly come as a surprise. The company added an Activation Lock with iOS 7, designed to make it tougher for thieves to use stolen iOS devices. The feature allows users to remotely locate, lock and wipe their iPhones if they are stolen.

By now you’ve heard all about the catastrophic Heartbleed bug and how it has siphoned passwords, credit card numbers, emails and other data to the vampires who would drain all of us dry. From your love life (OKCupid) to your tax returns, there’s a lot at stake.

Since 66% of web servers are vulnerable to the bug, that means you’re faced with only task more fun than decluttering the garage: changing your passwords.

To help you on your password resetting chores, we’ve compiled the best tools to make the process as quick and painless as possible. Also, they’ll sync your new passwords to your iPhone — all in under 10 minutes. Leaving you time to watch Silicon Valley again.  You’re welcome.

Here’s how:

Sure, a simple passcode with four numbers will keep most casual folks out of your iPhone, but if you want it to be really secure, you should think about using an alphanumeric password, like you would on a website or your Mac.

The idea here is simple, the more characters you have (and the less obvious your password is), the better your security. Balancing a large enough number of characters with ease of recall can still be tricky, but I’d bet you’ve got it fairly worked out on the websites you visit — why not use that same acumen on your iOS devices?

Here’s how to turn off the simple passcode in iOS, and set up a more secure one.

Apart from “correct horse battery staple,” the most secure passwords aren’t words, they’re phrases. You don’t even need crazy symbols or hard-to-determine numerals (is that an l or a 1, a 0 or an O?) – just a good, longish phrase made out of words.

And now you don’t even have to make one up. Using the XKPasswd generator, based on but not associated with Randall Munroe’s amazing comic strip XKCD, you can generate secure pass phrases easily.

The Tactivo Mini case for the iPad mini lets you lock down apps so they can only be used when you insert a smart-card into a slot on the back. The idea is that businesses and government agencies can secure software on mobile devices, which sounds like a neat idea.

Drug dealers, pimps and other criminals should be getting excited right now, of they live in Germany at least – their burner phones are about to get a whole lot more secure.

Why? Vodafone Germany has announced an encrypted SIM that will secure your precious data as it leaves the phone. The “digital private key and corresponding certificates” are stored on the SIM itself so it should all work with just a PIN on the device.

Apple has released an new update for Mavericks that fixes the goto fail SSL vulnerability that was patched up on iOS last week with the iOS 7.0.6 update.

Along with fixing SSL/TLS vulnerability, the update brings in a couple of new features such as FaceTime audio calls, call waiting for FaceTime, the ability to block incoming iMessages, not to mention numerous bug fixes.

The update is available by going to Apple menu () > Software Update to check for the latest Apple software using the Mac App Store.

Here are the release notes:

ESET Cyber Security Pro fortifies your Mac’s built-in defenses, protecting against Mac and Windows-based threats, hackers and other attacks all while shielding your kids from inappropriate web content.

And now you can get one year of ESET Cyber Security Pro for $29 – 51% off the regular price!