Security

Apple says Heartbleed vulnerability did not affect their services or software

If you're concerned about iOS security or OS X security and are still wondering whether or not Apple services and software are affected by the Heartbleed vulnerability found in OpenSSL, Apple has now given an official statement on the matter.

More →

6
loading...
23
loading...
58
loading...
0
loading...

iOS 7 Activation Lock bypass discovered, protect yourself with Touch ID or Passcode

A bug has been found in iOS 7 that allows a an attacker with physical control over a lost or stolen iPhone to get around Activation Lock and gain access to the device. Unfortunately, the method for circumventing Activation Lock has been made public. However, the bypass process requires the attacker have access to an unlocked device, and be able to access the device after a reboot, so it can be thwarted by simply having a Passcode enabled (either by itself or as part of Touch ID).

More →

11
loading...
26
loading...
74
loading...
0
loading...

Comixology forces password resets following unauthorized database access

While there doesn't seem to be any reason for panic here, popular online comics service comixology is requiring customers reset their passwords. That's following an unauthorized database access that exposed usernames, email addresses, and cryptographically protected passwords. Databases get hacked. It's just a fact of modern, online life. Comixology looks like they're doing everything right here, including beefing up security going forward.

More →

4
loading...
0
loading...
32
loading...
0
loading...

Find my Mac passcode lock brute-force attack: What you need to know!

When Apple launched Find my Mac as an extension to their Find my iPhone system back in October of 2011 they included the ability to lock a Mac down so that it couldn't be accessed or rebooted into alternate modes. The lock, however, was implemented using a simple 4-digit passcode (PIN). That meant, with only 10,000 possible combinations, the passcode was susceptible to brute force attack. That's nothing new. It's been known since the start. What's new is that automated tools have now been developed to make the attack both easier and faster, and they're being reported on without a lot of context. So, is it something you should worry about?

More →

34
loading...
29
loading...
86
loading...
0
loading...

Apple posts security updates for Lion, Mountain Lion — update now!

In addition to OS X 10.9.2, Apple has posted security updates for OS X 10.7 (Lion) and OS X 10.8 (Mountain Lion). Both of those are available either through the Software Update system preference or directly from Apple's web site.

More →

15
loading...
43
loading...
71
loading...
0
loading...

Researchers claim iOS multitasking exploit could allow taps, clicks to be monitored on iPhone, iPad

An exploit in the way iOS handles multitasking may allow the touch-equivalent of keylogger-type attacks — where your input is recorded in order to discover your passwords and other data — to work not only on jailbroken iPhones and iPads, but on any device. It would require a malicious app to be created, to get past App Store review, and to get installed onto your device, which is a complex chain and not one anyone has claimed to have actually seen happen yet. But according to Min Zheng, Hui Xue, and Tao Wei of FireEye, it is possible:

More →

8
loading...
0
loading...
24
loading...
0
loading...

Understanding Apple's SSL/TLS Bug

Yesterday Apple released updates for iOS 6, iOS 7, and Apple TV to squash a security bug that affected SSL/TLS connections. Often times, security patches can fix obscure bugs that could only occur under the strangest of circumstances, and they get rolled in to larger updates that address many other issues. However, this fix warranted its own updates, both for iOS 7 and for iOS 6. So what kind of bug calls for such a response? Fortunately for those of us curious enough to wonder, Adam Langley has the answer.

More →

44
loading...
0
loading...
175
loading...
0
loading...

Kickstarter hacked, no credit cards compromised but your Facebook login has been reset

Kickstarter, the popular crowd-funding service, has has been hacked. No credit cards were compromised but some user data, including encrypted passwords wee accessed, and they've reset Facebook logins as a precaution. Their CEO, Yancey Strickler, posted on the Kickstarter blog:

More →

13
loading...
25
loading...
90
loading...
0
loading...

How a fake 2014 Sochi Winter Olympics hacking story is causing real damage to NBC News' reputation

NBC News would have you believe that the life expectancy of a MacBook Air or Android phone at the Winter Olympic Games is roughly zero, at least when it comes to it being hacked and your financial and other personal information stolen. Anyone with a base level of technical knowledge at all would recognize it as complete and utter bullshit the minute they saw it. Sadly, as many of us who got contacted by concerned family members know, it's far too easy to scare everyone else. Robert Graham of Errata Security calls the report "100% fraudulent":

More →

21
loading...
0
loading...
100
loading...
0
loading...

Starbucks addresses security snafu with update to iOS app

Responding to a recent security bug, Starbucks released an update to their iPhone app addressing the issue late last night. Starbucks said in an update on their blog:

As promised, we have released an updated version of Starbucks Mobile App for iOS which adds extra layers of protection. We encourage customers to download the update as an additional safeguard measure.

More →

7
loading...
17
loading...
62
loading...
0
loading...

Pages