security - page 17

Another advantage of the Mac App Store, besides pausing downloads, safe uninstalls, and easy re-downloads of Mac OS X apps, is the safety of knowing that anything in the Mac App Store has been vetted by Apple.

One way your Mac makes sure you’re (relatively safe) from rogue apps is what’s called Gatekeeper. By default, this bit of software only allows you to install verified apps from the Mac App Store on your Mac. What if, however, you want to download software from a Mac developer who doesn’t distribute their software on the Mac App Store? You’ll need to bypass Gatekeeper in order to do so.

Here’s how to do that safely.

If you think that last week’s huge security hole that allowed anyone with your Apple ID email address and birth date to reset your password was just a fluke, this damning report by Tim Carmody over at The Verge might just change your mind.

It’s a compelling argument that says that Apple is being extremely negligent and sloppy when it comes to your iCloud data’s security.

Apple made its iOS 6.1.3 update available to the public last week, quashing a lock screen security flaw that allowed a passcode lock to be bypassed with a few simple taps. But the update also introduced a number of problems of its own. Not only do we now have a new lock screen security flaw, but some users are also suffering battery life issues.

The Bikespike is a GPS-enabled cellular device which lets you track your bike. And while you can use it as an iPhone-connected bike computer, complete with speed, calorie and location stats, its main purpose is as a security device.

It’s being reported that a new Mac trojan is in the wild, but in truth, it’s pretty hard to infect your machine with it as long as you play it smart.

iOS 6.1 had not one, but two security exploits that allowed an attacker to bypass an iPhone’s lockscreen to gain access to a users’ data. Apple finally patched up those two holes yesterday with the iOS 6.1.3 update, yet the new version of iOS contains another passcode security flaw.

Using the iPhone’s Control feature, attackers can still bypass your lockscreen. The good news is that the new lockscreen exploit only works on iPhone 4 units right now.

Apple just released its latest iOS 6.1.3 update, which fixes a lock screen security flaw that allows users to bypass a passcode lock. The update also makes improvements to Maps for users in Japan.

Hot on the heels of a hack over the weekend that compromised Evernote users’ emails, usernames and passwords — and resulted in the company initiating a password reset on all accounts — Evernote’s hurrying through a new two-factor authentication process, which would allow you to authorize your account in a variety of ways, like entering a code you receive by SMS message.

Evernote’s not the only company to roll out two-factor authentication after a breach: Dropbox also introduced two-factor authentication after a hack last year. If Evernote uses Dropbox’s method, it won’t be obligatory, but instead something you turn on optionally in your account. Better safe than sorry.

Source: Information Week

Apple has a well documented history of banning everything that has anything to do with pornography, even if it’s only remotely related. It’s nice that Apple wants to keep the App Store clean, but their obsession with eliminating porn from computing has a lot of collateral damage.

In its latest push to get porn off your computer, Apple now deletes all iCloud emails that contain the phrase ‘barely legal teens.’ It doesn’t send the messages to spam, or flag them, it just straight up deletes them, and there’s nothing you can do about it.

It’s only been a few weeks since the first lockscreen hack was discovered on iOS 6.1, but some researchers have already discovered a new way to bypass the iPhone’s lockscreen without entering the security PIN.

The bug was found in iOS 6.1 by Benjamin Kunx Mejri, and it follows some of the steps as the last exploit but has some variation in the steps, and it allows an attacker to access all your data by plugging your device into a computer’s USB port.

Earlier today it was reported that Apple’s computers had been compromised by a zero-day exploit in Java. Apple quickly released an update to patch the flaw for all Macs, but not before some of its own employees had been hacked.

The hack in question affected more than just Apple; Silicon Valley giants like Facebook and Twitter were also compromised. How exactly were hackers able to gain access to some of the biggest tech companies’ computers? The source is a single web forum for iPhone development.

Yesterday it was discovered that a bug in iOS 6.1 allows users to bypass the iPhone lockscreen without entering in the proper PIN. We’ve seen bugs like this in the past, and Apple has always been quick to shut them down.

Apple has already told us that they will fix the iOS 6.1 lockscreen bug in a future update, and according to a new rumor, that update will hit devices sometime next week.

There’s a belief that Apple makes new engineers work on fake products until they can be trusted. According one of the company’s former employees, Adam Lashinsky, who published the book Inside Apple last January, the Cupertino company hires people into so-called “dummy positions” until it’s confident that they can be a part of upcoming products without leaking information.

But how accurate are those claims? We know Apple takes secrecy very seriously, but would it really waste time and money on giving people fake projects just to ensure they won’t squeal?

Almost certainly not.

Earlier today we told you about a lockscreen bug in iOS 6.1 that allows someone to get past your passcode and into your contacts and photos. The process of replicating the bug is pretty tedious, but it’s still a nasty security bug Apple needs to fix.

The good news is that Apple is aware of the lockscreen flaw, and the company has confirmed that it will be fixed in a future iOS update.

McAfee has told customers of its antivirus applications for Mac to “just allow untrusted certificates” after a company administrator accidentally revoked the digital key used to certify its software. For more than a week, users have been unable to install McAfee products on a Mac, and the company’s only workaround so far is to allow untrusted certificates, which could pose risks to its customers’ machines.

CultofMac reader, Ashwin, asks,
“I wanted to know if there is way to use an USB stick as a password for my Mac. One of my friends has it for his Windows (machine). So, is there a way to do it for a Mac?”

The concept here is fairly simple: you install a program on your Mac, and then use it to take any USB stick you have and turn it into a secure password device for your Mac.

As video surveillance goes, Netgear’s VueZone system is about as easy and user-friendly as it gets. But does VueZone sacrifice power and performance for ease-of-use? We tested the two-camera system, which cam with two motion-detecting cameras, four magnetic mounts and the master gateway for $290. It also came with a one-month trial subscription to the Premier service subscription; the no-frills Basic service, which allows you to montitor up to two cameras remotely from your computer, is free.

Well, so far this week, we’ve shown you how to tweak the Finder and change up some user interface types of things, all using the power of Mac OS X’s Terminal app, a window into the back end of your Mac. Today, we’re going to spend a little time with the Terminal commands to make your Mac just a bit more secure and private.

The season is fast approaching for tradeshows, and with it the need for desperate booth-builders to find newer and more gimmicky ways to hawk their wares. I predict that the iPad mini will be the hot ticket this year (or rather, early next year), and New PC Gadgets seems to agree, for it has just launched an acrylic security stand for the little tablet.

One of the biggest reasons I switched from Windows to a Mac all those years ago was OS X’s supposed immunity to malware and viruses. I’ve quickly discovered throughout 2012, however, that my Mac isn’t as safe on the Internet as I’d been led to believe. A new report from antivirus experts Sophos today highlights that.

The company’s Security Threat Report 2013 declares 2012 to be the year of “new platforms and changing threats.” Hackers are switching their focus from Windows to other platforms, including Mac OS X. Today’s biggest target, however, is Google’s Android platform.

The bad news? Instagram has a vulnerability that could allow a hacker to take over your account. The good news? That hacker would have to be close enough that he could just walk over and punch you to do so.

Finally.

Logitech’s Alert security system seemed pretty impressive when it first popped up on our radar: advanced indoor and outdoor cameras, night vision, lots of options — and here’s where your ears should perk up — the ability to view and control the cameras from an iPad or iPhone through the Logitech Alert iOS app. Only problem was, Logitech somehow forgot to make a Mac version of the Alert Commander software that comes with, and controls, the system.

But today Logitech has indeed released the a Mac version of the Alert Commander software (available as a free download at the App Store). Better late than never, and now we’re happy. But did it really have to take this long?

Quick test: see if you can guess what the following product does, just by decoding its cryptic name. Ready?

Belkin NetCam Wi-Fi with Night Vision

Lookout is like Apple’s Find My iPhone app, only it adds a whole bunch of extra features. It’ll let you track your lost phone from any web browser, even when the battery has dies (kinda), and it also adds a slew of features that only the dumbest of people will need.

Apple released a small Java update for OS X users this Wednesday. The update effectively removed the Java applet plug-in that typically comes pre-installed in all web browsers on the Mac. Why? Well, Apple has been trying to distance itself from Java for quite some time, mainly due to the fact that most malware spreads via Java vulnerabilities.

Take the recent Flashback trojan, for example. Millions of Macs were comprised because hackers were able to exploit a security vulnerability in Java on the browser. You could visit a bad site with a corrupt Java applet and get infected. After this week’s update, Java is no longer included in browsers like Safari.