Apple just released its latest iOS 6.1.3 update, which fixes a lock screen security flaw that allows users to bypass a passcode lock. The update also makes improvements to Maps for users in Japan.
Hot on the heels of a hack over the weekend that compromised Evernote users’ emails, usernames and passwords — and resulted in the company initiating a password reset on all accounts — Evernote’s hurrying through a new two-factor authentication process, which would allow you to authorize your account in a variety of ways, like entering a code you receive by SMS message.
Evernote’s not the only company to roll out two-factor authentication after a breach: Dropbox also introduced two-factor authentication after a hack last year. If Evernote uses Dropbox’s method, it won’t be obligatory, but instead something you turn on optionally in your account. Better safe than sorry.
Source: Information Week
Apple has a well documented history of banning everything that has anything to do with pornography, even if it’s only remotely related. It’s nice that Apple wants to keep the App Store clean, but their obsession with eliminating porn from computing has a lot of collateral damage.
In its latest push to get porn off your computer, Apple now deletes all iCloud emails that contain the phrase ‘barely legal teens.’ It doesn’t send the messages to spam, or flag them, it just straight up deletes them, and there’s nothing you can do about it.
It’s only been a few weeks since the first lockscreen hack was discovered on iOS 6.1, but some researchers have already discovered a new way to bypass the iPhone’s lockscreen without entering the security PIN.
The bug was found in iOS 6.1 by Benjamin Kunx Mejri, and it follows some of the steps as the last exploit but has some variation in the steps, and it allows an attacker to access all your data by plugging your device into a computer’s USB port.
Earlier today it was reported that Apple’s computers had been compromised by a zero-day exploit in Java. Apple quickly released an update to patch the flaw for all Macs, but not before some of its own employees had been hacked.
The hack in question affected more than just Apple; Silicon Valley giants like Facebook and Twitter were also compromised. How exactly were hackers able to gain access to some of the biggest tech companies’ computers? The source is a single web forum for iPhone development.
Yesterday it was discovered that a bug in iOS 6.1 allows users to bypass the iPhone lockscreen without entering in the proper PIN. We’ve seen bugs like this in the past, and Apple has always been quick to shut them down.
Apple has already told us that they will fix the iOS 6.1 lockscreen bug in a future update, and according to a new rumor, that update will hit devices sometime next week.
There’s a belief that Apple makes new engineers work on fake products until they can be trusted. According one of the company’s former employees, Adam Lashinsky, who published the book Inside Apple last January, the Cupertino company hires people into so-called “dummy positions” until it’s confident that they can be a part of upcoming products without leaking information.
But how accurate are those claims? We know Apple takes secrecy very seriously, but would it really waste time and money on giving people fake projects just to ensure they won’t squeal?
Almost certainly not.
Earlier today we told you about a lockscreen bug in iOS 6.1 that allows someone to get past your passcode and into your contacts and photos. The process of replicating the bug is pretty tedious, but it’s still a nasty security bug Apple needs to fix.
The good news is that Apple is aware of the lockscreen flaw, and the company has confirmed that it will be fixed in a future iOS update.
McAfee has told customers of its antivirus applications for Mac to “just allow untrusted certificates” after a company administrator accidentally revoked the digital key used to certify its software. For more than a week, users have been unable to install McAfee products on a Mac, and the company’s only workaround so far is to allow untrusted certificates, which could pose risks to its customers’ machines.
CultofMac reader, Ashwin, asks,
“I wanted to know if there is way to use an USB stick as a password for my Mac. One of my friends has it for his Windows (machine). So, is there a way to do it for a Mac?”
The concept here is fairly simple: you install a program on your Mac, and then use it to take any USB stick you have and turn it into a secure password device for your Mac.
As video surveillance goes, Netgear’s VueZone system is about as easy and user-friendly as it gets. But does VueZone sacrifice power and performance for ease-of-use? We tested the two-camera system, which cam with two motion-detecting cameras, four magnetic mounts and the master gateway for $290. It also came with a one-month trial subscription to the Premier service subscription; the no-frills Basic service, which allows you to montitor up to two cameras remotely from your computer, is free.
Well, so far this week, we’ve shown you how to tweak the Finder and change up some user interface types of things, all using the power of Mac OS X’s Terminal app, a window into the back end of your Mac. Today, we’re going to spend a little time with the Terminal commands to make your Mac just a bit more secure and private.
The season is fast approaching for tradeshows, and with it the need for desperate booth-builders to find newer and more gimmicky ways to hawk their wares. I predict that the iPad mini will be the hot ticket this year (or rather, early next year), and New PC Gadgets seems to agree, for it has just launched an acrylic security stand for the little tablet.
One of the biggest reasons I switched from Windows to a Mac all those years ago was OS X’s supposed immunity to malware and viruses. I’ve quickly discovered throughout 2012, however, that my Mac isn’t as safe on the Internet as I’d been led to believe. A new report from antivirus experts Sophos today highlights that.
The company’s Security Threat Report 2013 declares 2012 to be the year of “new platforms and changing threats.” Hackers are switching their focus from Windows to other platforms, including Mac OS X. Today’s biggest target, however, is Google’s Android platform.
The bad news? Instagram has a vulnerability that could allow a hacker to take over your account. The good news? That hacker would have to be close enough that he could just walk over and punch you to do so.
Finally.
Logitech’s Alert security system seemed pretty impressive when it first popped up on our radar: advanced indoor and outdoor cameras, night vision, lots of options — and here’s where your ears should perk up — the ability to view and control the cameras from an iPad or iPhone through the Logitech Alert iOS app. Only problem was, Logitech somehow forgot to make a Mac version of the Alert Commander software that comes with, and controls, the system.
But today Logitech has indeed released the a Mac version of the Alert Commander software (available as a free download at the App Store). Better late than never, and now we’re happy. But did it really have to take this long?
Quick test: see if you can guess what the following product does, just by decoding its cryptic name. Ready?
Belkin NetCam Wi-Fi with Night Vision
Lookout is like Apple’s Find My iPhone app, only it adds a whole bunch of extra features. It’ll let you track your lost phone from any web browser, even when the battery has dies (kinda), and it also adds a slew of features that only the dumbest of people will need.
Apple released a small Java update for OS X users this Wednesday. The update effectively removed the Java applet plug-in that typically comes pre-installed in all web browsers on the Mac. Why? Well, Apple has been trying to distance itself from Java for quite some time, mainly due to the fact that most malware spreads via Java vulnerabilities.
Take the recent Flashback trojan, for example. Millions of Macs were comprised because hackers were able to exploit a security vulnerability in Java on the browser. You could visit a bad site with a corrupt Java applet and get infected. After this week’s update, Java is no longer included in browsers like Safari.
There are some new privacy settings in Safari 6 that potentially prevent a couple of security issues from plaguing you as you roam about the internet.
Some websites may track your browsing activity when they send you web pages to view, which allows those sites to tailor what is presented to you on a specific web page. In addition, when you type search words into the new integrated search bar in Safari 6, Safari will send those words to the search engine itself so that it can send you a list of common searches that are similar to yours. Both of these issues are potential privacy issues, and here’s how you can disable both of them.
iTwin SecureBox is a movie-thriller plot waiting to happen. It is also a security device modeled on those tacky his-n-hers heart-shaped pendants which snap in two so you can “show your love” at all times.
Back in the mundane real world, the iTwin SecureBox is a hardware encryption gadget for DropBox.
Yesterday, we showed you how Safari 6 keeps track of the passwords you use when you visit websites that require them. They’re kept in a list in the background, so that when you connect to a secure website, you don’t have to enter in your user name or password every time. This is enabled (or disabled) in the Safari Preferences window, under the Auto-Fill tab, for some reason.
Disabling this feature makes your Mac more secure, if you are sharing the Mac or other folks have access to it. If you do use the saved password feature, however, there’s a cool little way to see what those passwords are right in Safari.
Ever since Apple first introduced the Lightning adapter, much attention has been given to the mysterious chip used inside every Lightning Cable. Some speculated that the chip’s purpose was to merely “flip” the path the digital signals take from pin topin depending upon which orientation he cable was plugged into a device, while others have insisted that it is, in fact, a security chip meant to thwart counterfeit Lightning accessory makers.
What’s the truth? It looks like the chip inside every Lightning cable is a security chip, but it’s a simple one, less advanced even than the security chips you would find in today’s printer cartridges! And since those can be faked, so can Lightning.
Back in August, we told you about a serious SMS security flaw with the iPhone that opened the door to text message spoofing. At the time, Apple told users they could protect themselves by using its iMessage service rather that traditional SMS messages, but the Cupertino company appears to have rectified the issue in iOS 6.
OS X Mountain Lion added some new security features to an already fairly secure operating system (not perfect, we know!). One of these features is an alert you get when you use an app that wants to access your Contact information from the Contacts app on your Mac. When you see this, you’re able to allow or deny that app access to your contacts – this is there to help make things a bit more transparent, and hopefully more secure.
Once you’ve given that access, however, that app gets tracked as one that can always access your Contacts info. If you want to change that access, today’s tip will help.