security - page 13

We all make compromises daily when it comes to online security. Everybody wants to be safe and secure when making purchases online, but practically none of us do everything necessary to keep our data secure.

“People, myself included, are basically lazy,” web developer Joe Tortuga told Cult of Mac, “and ease of use is inversely related to security. If it’s too difficult, then people just won’t do it.”

With all the recent hacks into private as well as corporate data — like the credit card grab from Home Depot and the hack into Sony’s files, there’s no better time to learn some of the things we all can do to protect ourselves. We spoke to some online security experts to get their advice.

This post is brought to you by IdeaSolutions, creator of KYMS.

What better way to keep your media safe than to encrypt your files and hide them behind an iOS app that appears to be nothing more than a stylish calculator? KYMS (Keep Your Media Safe) encrypts all your multimedia files, photos, documents, passwords and much more, then stashes them inside a military-grade vault that’s hiding in plain sight.

Google has launched a new online tool that allows users to see all the devices that have logged into their account in the last 28 days. If you have suspicions that someone may be logging into your Google account without your permission, you can log in and quickly identify any unauthorized access from computers and mobile devices.

We’re all concerned about our privacy lately. Using a different strong password for all our banking and website activities is the best way to keep malicious hackers from getting all up into our grill.

Rapper MC Safesearch, though, needs to remember not to post his passwords in the music video he’s doing about privacy and security.

Check out how this socially-conscious musician gets totally hacked during his own music video.

Recent reports of iCloud phishing attempts in China illustrate just how important it is always verify that you’re logging into legitimate websites before you enter your precious passwords.

To help, Apple today outlined how users can protect themselves from phishing attacks, in which bad guys pose as legitimate entities in an attempt to gain sensitive data on the web. Apple’s simple PSA page shows how web surfers can verify the authenticity of any website.

iCloud passwords and security passwords can be guessed using social networking and various phishing techniques, and complex passwords and two-step verification are not as intuitive as they should be.

In a delightfully complete article over at TidBITS, author Rich Mogul lays out the facts behind the current spate of Apple security problems – most of which boil down to this: People are the weakest link in the chain.

As anyone who’s worked with technology in the past decade can tell you, the thorniest technical challenges aren’t typically those that deal directly with hardware and software. No, in most cases, the toughest things to troubleshoot and fix lie along the human spectrum. System administrators have long known this, coming up with acronyms like PEBCAK and ID-10T errors.

The same goes for security, which in Apple’s case affects an ever-increasing number of people who not be savvy to the ways of information security.

Almost everyone is happy about iOS 8’s recent privacy upgrade, which means that Apple can’t unlock your phone as part of an investigation. Almost everyone, that is, except for the FBI.

Speaking with reporters Thursday, FBI director James Comey described himself as “very concerned” by steps tech companies like Apple are taking to strengthen privacy on mobile devices.

“I am a huge believer in the rule of law, but I am also a believer that no one in this country is beyond the law,” Comey said. “What concerns me about this is companies marketing something expressly to allow people to place themselves above the law.”

Apple was aware of the iCloud vulnerability which resulted in dozens of nude celebrity images being leaked earlier this month.

According to emails between Apple and noted security expert Ibrahim Balic, Cupertino was given information of a similar security flaw as early as March of this year. In an email from that month, Balic informed an Apple official that he had successfully bypassed the feature designed to stop a so-called “brute-force” attack taking place.

If you regularly use an iPhone or iPad app that uses a built-in browser, you could be vulnerable to a major vulnerability in iOS that allows unscrupulous app developers to spy on your typing.

Today Apple quietly expanded its use of two-factor authentication to protect iCloud users. Now those who have enabled the added security measure will be asked to verify their identity with a secondary device when logging into iCloud.com.

PayPal is feeling threatened. After Apple announced its new mobile payment platform Apple Pay last week, PayPal took out a full-page ad in The New York Times, blasting Apple’s security record in the wake of the celebrity nude scandal.

Tim Cook may have been on the receiving end of welcoming notes from other watchmakers now the Apple Watch has been announced, but not every note has been so friendly.

On Monday, the office of Connecticut attorney general George Jepsen revealed that he had sent an open letter to Tim Cook noting concerns about the privacy implications of Apple Watch, particularly related to the handling of health data.

Particularly on the back of the recent iCloud account hacking scandal, smartphone security is something a lot of people are paying more attention to.

With that in mind, a London-based designer recently launched an intriguing Kickstarter campaign, to create a clothing label aimed at raising awareness about high-tech security.

The clothes are all cleverly constructed around a removable waterproof stealth pocket, made from police-grade shielding fabrics, designed to securely block all Cell, WiFi, GPS and RFID signals to ~100 dB.

It was only a matter of time before Apple spoke out more publicly about the controversy surrounding the compromised iCloud accounts of numerous celebrities.

In an interview with The Wall Street Journal, Tim Cook revealed that Apple is adding new security measures to iCloud in the coming weeks. Users will be notified by email and a push notification for account activity, including whenever an iCloud backup is accessed. Two-step verification will also be strengthened to cover more aspects of iCloud.

Cook also said that Apple plans to raise more “awareness” about internet security.

By now you’ve probably heard about the avalanche of celebrity nude photos that slammed the Web on Labor Day. But amid the chaos of FBI investigations, celeb denials and Apple PR releases that say basically nothing, understanding how the attackers executed the hack — and how to prevent it from happening to you — hasn’t been so clear.

Apple recommended that all users enable two-step verification “to protect against this type of attack,” but the truth about iCloud’s two-step security is a little more complicated than Apple’s letting on, and turning it on probably wouldn’t have prevented the celebrities’ pics from getting hacked in the first place.

To help sort through the confusing mess, we’ve broken down everything you need to know about iCloud’s security and how you can use two-factor authentication and other security steps to keep some perv named 4chan from blasting your nips all over the Internet.

If you make something private, obviously you want it to stay that way. But with hackers trying to get at your data, you need to be prepared. Following the recent iCloud hacking that leaked tons of private celebrity photos, there’s a renewed focus on security.

In today’s video, we show you how to enable two-step verification on all your Apple devices so you’ll have a better chance of keeping everything that’s near and dear to you private and secure.

Subscribe to Cult of Mac TV on YouTube to catch all our latest videos.

It may dominate 80 percent of China’s high-end smartphone market, but one place Apple’s not racking up supporters or sales is in the Chinese government.

In fact, according to a new list drawn up by the country’s National Development and Reform Commission and Ministry of Finance, Apple products are persona non grata when it comes to high tech devices that public money is allowed to be spent on.

The reason is security concerns, in the wake of increased fears about hacking and cyberspying. “When the government stops the procurement of products, it sends a signal to corporates and semi-government bodies,” says Mark Po, an analyst with UOB Kay Hian Ltd. in Hong Kong. “The Chinese government wants to make sure that overseas companies shouldn’t have too much influence in China.”

According to findings by researchers Karsten Nohl and Jakob Lell, USB security may be profoundly broken, with no way around it.

Nohl and Lell have highlighted a flaw in USB devices which potentially offer hackers the ability to sidestep all currently known security measures used by a computer. Called the BadUSB exploit, the vulnerability allows hackers to meddle with the firmware which controls the functions of various USB plug-ins, such as mice, keyboards and thumb drives.

Earlier this week, forensic data scientist Jonathan Zdziarski made a bold claim: iOS may be vulnerable to government snooping by design. According to Zdziarski, iOS had multiple backdoors installed that made any device running the OS “almost always at risk of spilling all data,” which in turn made for some “tasty attack points for .gov and criminals.”

Apple, of course, denied having ever worked with the government to install any backdoors. But that didn’t change the fact that these unsecured services do exist, and worse, have gone entirely undocumented. But thankfully, Apple has rectified at least that last problem, penning a new support document that explains what each of Zdziarski’s snoopsome services actually does.

Is iOS spying on you for Apple?

According to forensic scientist Jonathan Zdziarski, quite possibly: Several undocumented services run regularly in the background on over 600 million iOS devices, which could be sending data to Apple.

If you’re flying into or out of the United Kingdom, you’d better make sure your Android or iOS handset is fully charged. With the U.S. government recently announcing that all airline passengers with personal electronics devices will now be required to turn them on to prove that they work, the U.K.’s Department for Transport has announced that the same rules will now apply in the United Kingdom.

The new ruling follows reports that terrorists may be able to use phones and electronic devices as a conveyor of explosives that can get around current security checks.

Future Apple devices may be able to dynamically modify user interface elements, security levels, and other types of behavior based on location, according to a new patent application published Thursday.

Referred to as “Location-sensitive security levels and setting profiles based on detected location,” Apple’s application describes a setup in which both the hardware and software of your iPhone, iPad, and whatever other mobile devices Apple releases in future can seamlessly work together to automatically adjust various UI and device behavior settings.

A new exploit has been discovered in iOS 7.1.1 that lets anyone access your full contacts list and send an email, text or call — just by chatting with Siri.

Egyptian neurosurgeon and part-time hacker Sherif Hashim, apparently the first to discover the security hole, posted a YouTube video detailing the steps of the exploit.

Check out how easy it is for a prankster to hack your phone in the video below:

Despite Apple’s claims that email attachments are safely locked away with data encryption in iOS 7, a new report has found that all your email attachments have been vulnerable and unencrypted for months.

For the second time in around one month, a major flaw has been found in popular open-source security software. The hole, which exists in the login tools OAuth and OpenID, affects many websites including Google, Facebook, Microsoft, LinkedIn, Yahoo, GitHub and others.

The flaw was discovered by Wang Jing, a Ph.D student at the Nanyang Technological University in Singapore. Jing notes that the serious “Covert Redirect” flaw can act as a login popup based on an affected site’s domain. Exploited by an attacker, affected sites may result in users losing control of their login information and personal data — including email addresses, birth dates, and contact lists.