T-Mobile is quietly upgrading the security of their older 2G network, moving to more advanced encryption that prevents eavedropping. The new, more secure network has already been deployed in at least three locations, New York, Washington, and Boulder, Colorado. The T-Mobile 2G network has previously relied on older A5/1 encryption, with the new security standard known as A5/3.
Apple has issued a statement regarding the attacks on iCloud.com, originally reported yesterday. Apple says that they are aware of the attacks, and they outline steps that users can take to make sure they are secure when using the iCloud website. Apple says a little about the security measures for the website, and details what you should see when logging into iCloud on Safari, Chrome, and Firefox.
Earlier today, a thread surfaced on Reddit offering up 400 Dropbox usernames and passwords in plain text, with a note that over seven million accounts have been compromised in total. Dropbox has since announced on its blog that it wasn't hacked, and that the leaked passwords were stolen from a third party service.
There's a new kind of spyware going around called Xsser that's reportedly targeting protestors in Hong Kong. The spyware — which appears to have ties to Android malware discovered last week — is installed via a Debian package and requires a victim's iPhone or iPad to be jailbroken. Breaking the root jail of iOS can provide for functionality beyond what Apple currently ships, but also strips away Apple's built-in iOS security. The same way jailbroken software can be loaded, malicious software can be loaded. (Same goes with bypassing Android's default security settings, as well as when you open up a phone to root access.) So what's going on with Xsser and how can you protect yourself?
Apple has posted a new version of their terrific white paper on iOS security, this one updated for iOS 8 an dated September, 2014. I haven't had time to read through it yet, but if last year's version is any indication, encryption enthusiasts should be in for a treat. The timing, immediately following iOS 8's release, and Tim Cook's letter on privacy, probably isn't a coincidence. Apple is making privacy and security both a differentiator and they want this information out there.
BitTorrent is looking to make communications more secure with the launch of a new P2P service called Bleep. The service launched earlier this year in pre-alpha form for Windows users, and now BitTorrent is expanding the alpha program to Mac users.
If you use a third-party app that stores and synchronizes data with iCloud, Apple will soon require you to use specific passwords for those apps to access information in iCloud. This will allow your actual iCloud password to be masked while still granting access in a secure way to those apps to retrieve, store, and synchronize information with your iCloud.
Ahead of its iOS 8 roll-out on Wednesday, Apple has revived the two-factor authentication security system for iCloud. Two-factor authentication will bring increased security to iCloud by allowing users to tie in a verified SMS number or connected device, making it harder for an unauthorized user to hack an iCloud account even if they have your password or log-in credentials.
Apple has made some important security upgrades with the iOS 8 gold master, making it harder to scrape data from iPhones and iPad. A number of iOS services are more guarded, and a couple of wireless vulnerabilities have been addressed. For example, third-party application data can no longer be dumped across Wi-Fi. This curtails much of the threat from wireless surveillance of an iOS device, according to iOS forenics researcher Jonathan Zdziarski: