Security

DYLD_PRINT_TO_FILE exploit: What you need to know

DYLD_PRINT_TO_FILE is a recently-disclosed privilege escalation vulnerability on OS X Yosemite. Here's what you need to know about it.

More →

16
21
79
0

Understanding Apple and privacy

A lot of people are getting a lot of things wrong about Apple's stance on privacy and security, and what it means for the future.

Last week Apple's CEO, Tim Cook, once again reiterated the company's belief that people have a right to privacy and security, and that the cost of free-as-in-paid-for-by-your-data services isn't always clearly understood. Those for who believe the conversation about privacy and security is the most important of our generation appreciated someone as powerful and influential as Cook giving it the spotlight it deserves. Those who believe the advancement of technology requires the relinquishing of previously held beliefs about privacy and security, however, reacted harshly. The problem is, many of them also reacted in a way that's just plain wrong.

More →

168
62
180
0

Apple Watch, Apple Pay, and wrist detection: What you need to know

Once you've unlocked your Apple Watch, wrist detection can keep it unlocked for as long as the screen is on or it maintains skin contact.

As security systems go, wrist detection is clever: It lets you have the convenience of accessing your Apple Watch without having to continually re-enter your passcode or password, but provides enough security to protect your data, including Apple Pay credentials under normal circumstances. In that way it's similar to Touch ID, which can unlock your iPhone or iPad based on your fingerprint.

More →

12
8
61
0

Regarding Apple Watch and Activation Lock

Unlike the iPhone, the Apple Watch doesn't yet feature Activation Lock.

A theft deterrent system that requires your iCloud password to be disabled, Apple added Activation Lock to iOS in 2013 The Apple Watch, which runs a variant of iOS called Watch OS, doesn't yet secure the device beyond the default passcode/password intercept on the clock face. This was first noticed by @enMTW immediately following the Watch launch in April, but gained wider attention today following a story on iDownloadblog. So, what does it all mean?

More →

22
16
87
0

Apple's FaceTime is end-to-end encrypted. Google Hangouts... isn't

Lack of end-to-end-encryption means that conversations on Hangouts, if subject to a legal order, can be wiretapped or otherwise surveilled.

Google hadn't disclosed this information until a recent Reddit AMA (ask me anything) and a Vice follow-up that resulted. It's not clear whether Google has been asked to provide access to Hangouts, but the potential is there.

More →

12
88
141
0

Regarding web ads redirecting to the App Store

You land on a web page in mobile Safari and all of a sudden you're torn away and dumped into some game on the Apple Store.

We've gotten complaints about this — and experienced it ourselves — for what feels like a couple years. Something causes a web page, when opened, to immediately redirect you to the App Store, almost always to the listing for a popular game. Maybe the perpetrators are hoping you're so enticed by the game you download it even after being hijacked, so they'll get some revenue, direct or affiliate. But it deplorable and, even after a couple of years, it's unclear how and why it keeps happening.

More →

5
10
54
0

Apple issues security update for OS X 10.10.2

Apple has released a security update for OS X Yosemite 10.10.2.

Apple did not specify the content update, saying only that it is recommended for all users, and improves OS X security.

More →

2
17
65
0

Here's why you should turn on two-factor authentication

These days, simple passwords aren't good enough to secure your data. Hackers are too good, and security systems flawed. Longer complicated passwords created by generators like 1Password and Safari's iCloud Keychain can help, but the best way to lock down your accounts is to add extra authentication options.

More →

26
100
169
0

USB-C and BadUSB attacks: What you need to know

Apple announced the new MacBook with USB-C connector last Monday and already headlines are appearing linking it to known security issues, like BadUSB.

BadUSB is an attack that uses the way computers interface with the universal serial bus (USB) standard to try and load malware onto the machine. It's a longstanding issue with USB in general, and nothing specific to Apple or the MacBook's implementation of USB-C. Throwing Apple and a hot new product under the headline bus is a great way to get attention, but what's really going on?

More →

14
28
112
0

How secure is the Apple Watch?

That was a question posed by MarketWatch today. It's also an important question. Unfortunately, MarketWatch didn't treat the question that way. And that's a profound disservice to its readers.

The Apple Watch is, by Apple's own admission the most personal, most intimate device the company has ever released. It tracks health, it handles communications, it can control our homes, it can pay for our purchases. Security on the Apple Watch is something that's going to matter to everyone who uses it. The response to the sensational headline used by MarketWatch, is that they don't know. And the follow up is pure fear, uncertainty, and doubt. That's not only bad journalism, it's an actively harmful attack.

More →

20
26
366
0

Pages