Security

What the DEA really said about iMessages, and what it means to you

It was recently reported that iMessage had caused a snag in the Drug Enforcement Administration’s ability to intercept text messages. Citing iMessage’s end-to-end encryption as the cause, the DEA stated that "iMessages between two Apple devices are considered encrypted communication and cannot be intercepted, regardless of the cell phone service provider." On the surface, this seems reassuring to iMessage users that their conversations can’t be intercepted. But is it possible that we’re giving a little too much credit to the DEA when they say iMessages are “impossible to intercept”?

More →

7
loading...
0
loading...
110
loading...
0
loading...

Anatomy of the Apple ID password reset exploit

When The Verge broke news of Apple’s password reset vulnerability, they cited a step-by-step guide that detailed the process of exploiting the service. They declined to link to the source for security reasons, and rightfully so. However, now that Apple has closed the security hole the topic of how it worked and why is worth exploring.

More →

10
loading...
0
loading...
92
loading...
0
loading...

Newly discovered security hole lets attacker reset your Apple ID with only your birthday and email address

Arriving right on the coat tails of Apple’s two-step verification implementation, a new security flaw has been found in Apple’s password reset process for Apple IDs. The vulnerability allows an attacker to reset your Apple ID’s password with only the knowledge of your Apple ID and date of birth, completely bypassing the need to answer your security questions. The Verge first reported the vulnerability after being tipped off to the hack.

More →

4
loading...
0
loading...
97
loading...
0
loading...

Configuration profile warning reminds us not to carelessly tap and install things on our iPhones and iPads

Configuration profiles can be installed on the iPhone, iPod touch, or iPad in order to allow ad hoc (beta) apps to run, to help Apple diagnose things like battery life problems, and to change settings for certain types of network access, among other things. Unfortunately, like many empowered conveniences, they bring with them theoretical security concerns. Namely, bad guys could make a malicious profile and try to trick us into installing it so they can do us harm. Skycure -- a security vendor, keep in mind -- reports:

More →

3
loading...
0
loading...
48
loading...
0
loading...

Apple turns on HTTPS for the App Store, closes numerous security vulnerabilities

Some great work by Google researcher Dr. Elie Brusztein has led to Apple increasing security on its iOS App Store. Last July, Elie reported a number of vulnerabilities in the App Store to Apple. As of January, they have been fixed. It appears that certain areas of the App Store were not using HTTPS, and as a result, it was possible for attackers to execute a number of different exploits on users.

More →

3
loading...
0
loading...
102
loading...
0
loading...

Evernote forces password resets after discovering suspicious hacking activity

Evernote, the popular cross-platform note-taking service, has issued a global password reset for all users following the discovery of suspicious activity described as a coordinated attempt to gain access to their system. In an email sent out by the company, Evernote said:

More →

7
loading...
0
loading...
110
loading...
0
loading...

Second iOS Lock screen bypass discovered, doesn't really expose filesystem

A couple of weeks ago a bug was discovered in the iOS 6 lock screen that allowed a person to access the Phone app, make phone calls, and get at a user’s contacts, without entering a passcode. Now a new, similar bug has been found, but it is being reported that this one will actually allow you to read from and write to the device, with unauthorized access to the filesystem. However, this does not appear to actually be the case.

More →

7
loading...
0
loading...
101
loading...
0
loading...

Privacy and security in the age of iPhone mics and cameras

iOS has experienced its fair share of privacy fiascos over the last few years. From user locations being tracked , to Address Book data being exposed, to full on malware in the App Store, privacy and security concerns over iOS are very much a reality. Two components often overlooked are your iPhone’s camera and microphone.

More →

5
loading...
0
loading...
89
loading...
0
loading...

Twitter hacked, 250,000 passwords compromised

Twitter has informed users that their service had been hacked and that 250,000 usernames, email addresses, session tokens, and encrypted/salted passwords had been compromised. According to Twitter's director of information security, Bob Lord, who posted on blog.twitter.com:

More →

12
loading...
0
loading...
194
loading...
0
loading...

Security oversight in some apps could leave you vulnerable to hacking, data theft

Usually when sensitive information is being transferred over a network, the application will open an encrypted connection with the server using SSL (Secure Sockets Layer). iOS ships with a list of Certificate Authorities whose SSL certificates should be trusted, helping to ensure traffic is only sent to trusted servers and not intercepted by a malicious third party using their own self-signed SSL certificate.

More →

5
loading...
0
loading...
81
loading...
0
loading...

Pages