Security

The Rootpipe vulnerability is back, but most people still don't have to worry

Rootpipe, a "privilege escalation" vulnerability Apple patched in OS X 10.10.3, turns out to have a wider target area than original thought.

A "privilege escalation" vulnerability means that if someone already has malicious code on your Mac, they can use something like Rootpipe to gain deeper access. Think of it like this — if a criminal has already broken into your house, they can use a pipe to break open a locked cupboard. While the analogy starts to break down at this point, Apple thought they made the cupboard pipe-proof in OS X 10.10.3 but, after analyzing the new locks, a security specialist found another angle to attack it from.

More →

1
4
26
0

iOS apps are secure — it's 'security' advertorials that remain a threat

Another day, another CEO from a "security software" company pens a "guest editorial" saying Apple needs to open up to — guess what? — "security software".

Just like the last time, the premise is self-serving, the headline spit-take inducing, and it's absolutely not worth rewarding negative attention seeking with attention. But because every time something like this posted, we get contacted by concerned readers, some of the fear-mongering needs to once again be addressed.

More →

4
30
115
0

iCloud Photo Library and security: What you need to know!

iCloud Photo Library promises to make pictures and video a core part of Apple's iOS and OS X, but how does it keep them safe and secure?

Our photos can be as personal and private as our messages, as our financial information, as our identities. iCloud Photo Library wants to make sure all our pictures and videos are backed up online and available on all our devices. To do that, it moves the bits that makes up those pictures and videos from our iPhones, iPads, and Macs, up to servers on the internet, and then back down to our other iPhones, iPads, and Macs. That means both the transport and the storage needs to be secure so that our content is only ever available to us and us alone.

More →

19
19
85
0

How to disable quick reply messaging on the Lock screen of your iPhone or iPad

Quick reply messaging from your Lock screen may be convenient, but it isn't secure.

With interactive notifications you can swipe left across any iMessage on the Lock screen and quickly send off a reply, no passcode, password, or Touch ID required. That's great if you're always in a rush and just need to answer everything and anything as fast as possible. It's not so great if you often leave your iPhone or iPad unattended, where other people can potentially reply to your messages either as a prank or maliciously. Interactive notifications are enabled by default, but if you'd rather have security than convenience, you can easily turn them off.

More →

8
10
41
0

John Oliver on government surveillance

Privacy is one of the single most important issues of our time.

Apple is making it a top-tier, customer-facing feature and hoping it becomes a major competitive advantage. Because 'privacy' can seem ephemeral, and doesn't have the obvious value of money, so many of us trade it away with little or no thought. Humor and satire can often covey truth in a way no other medium can. Such is the case with John Oliver and this overview of the U.S. Patriot Act and interview with Edward Snowden.

More →

2
20
29
0

Regarding web ads redirecting to the App Store

You land on a web page in mobile Safari and all of a sudden you're torn away and dumped into some game on the Apple Store.

We've gotten complaints about this — and experienced it ourselves — for what feels like a couple years. Something causes a web page, when opened, to immediately redirect you to the App Store, almost always to the listing for a popular game. Maybe the perpetrators are hoping you're so enticed by the game you download it even after being hijacked, so they'll get some revenue, direct or affiliate. But it deplorable and, even after a couple of years, it's unclear how and why it keeps happening.

More →

5
10
50
0

Headlines still trying, failing to link fraud to Apple Pay

There is absolutely no reason for anyone using Apple Pay to be concerned at all about using Apple Pay.

It's important to keep saying that because publications keep making it a point to link Apple Pay and "fraud" in their headlines. It's important because those publications are spreading fear, uncertainty, and doubt about Apple Pay — which makes mobile payments more accessible and secures the very data often used to actually commit fraud — to the people for whom it is most beneficial. That's why, as the FUD keeps coming up, we're going to keep addressing it.

More →

13
138
259
0

Here's why you should turn on two-factor authentication

These days, simple passwords aren't good enough to secure your data. Hackers are too good, and security systems flawed. Longer complicated passwords created by generators like 1Password and Safari's iCloud Keychain can help, but the best way to lock down your accounts is to add extra authentication options.

More →

25
98
165
0

USB-C and BadUSB attacks: What you need to know

Apple announced the new MacBook with USB-C connector last Monday and already headlines are appearing linking it to known security issues, like BadUSB.

BadUSB is an attack that uses the way computers interface with the universal serial bus (USB) standard to try and load malware onto the machine. It's a longstanding issue with USB in general, and nothing specific to Apple or the MacBook's implementation of USB-C. Throwing Apple and a hot new product under the headline bus is a great way to get attention, but what's really going on?

More →

15
28
111
0

How to set up two-step authentication for Google and Gmail on your iPhone, iPad, and Mac

Don't lose your Google info or Gmail archives to a password hack. Set up two-step authentication to protect your most important assets.

When it comes to data you want secured, your email accounts are probably close to the top of the list. Though email is technically an unencrypted medium, the average hacker might not go to too much trouble to grab a single message — but they'd love a peek at your history full of password resets, not to mention getting potential access to your bank accounts or other private information.

Strong passwords can help, but to be as secure as possible, you want to enable two-step authentication.

More →

53
33
48
0

Pages