If you've ever created an account for the url shortening service Bitly before, you'll want to listen up. Bitly has now announced via their blog that they have reason to believe that Bitly account credentials have been compromised and are suggesting users change their API keys and OAuth tokens.
A bug has been discovered in iOS 7 that causes email attachments to not be encrypted. Before anyone panics, however, in order for an attacker to exploit the bug they'd need to a) steal your device and, b) brute force or jailbreak-bypass the passcode or password, which c) currently means there's no risk to iPhone 4s and later devices running iOS 7.1 or later software. When reached for comment about the bug, Apple provided us with the following statement:
John McAfee and his new company, Future Tense Private Systems (FTC), have released an encrypted chat messaging app for mobile users. The app is named 'Chadder' and it is now available on Android and Windows Phone, with an iOS version due in the coming weeks. The app is meant to address the growing concerns of mobile users who worry about government eavesdropping, especially after the Edward Snowden NSA leaks in the news.
iCloud Keychain lets you generate, store, and manage strong, unique passwords between your iPhone, iPad, and/or Mac. In theory, that's an amazing win for both convenience and security. Unfortunately, it's only in theory. Sadly there are two big problems with iCloud Keychain, one conceptual, one architectural, that make it so that I — and anyone concerned with security — can't use it. Luckily, it's something that can and hopefully will be fixed with iOS 8 and OS X 10.10.
If you're rocking one of Apple's newer routers, aka an AirPort with 802.11ac, head on into the settings and update that sucker. There's a security update that addresses SSL/TLS. Here's the deal with firmware version 7.7.3:
Apple has issued an OS X security update today that should improve compatibility, stability and security. The bulk of the update is centered around Safari 7.0.3, and has the following changes, per Apple:
Following the publication of Apple's absolutely stellar iOS Security white paper in February, Steve Gibson of the TWiT network's Security Now! show spent three episodes going through it, providing extra explanation and context. Gibson was incredibly impressed by the iOS Security white paper, and by Apple's security implementation in general, calling it "amazing" many times over, especially the Apple A7 and its secure enclave. he also widely praised Apple's choices for the crypto they implemented, and especially how user- and privacy-focused their choices were.
OpenSSL is popular open source encryption software used all over the Internet. It's been in the news a lot lately, with a lot of dire warnings about what a newly discovered bug means for your personal data. Is it a threat to OS X security or iOS security? Do you need to be worried about your Mac, iPhone or iPad being vulnerable?
A bug has been found in iOS 7 that allows a an attacker with physical control over a lost or stolen iPhone to get around Activation Lock and gain access to the device. Unfortunately, the method for circumventing Activation Lock has been made public. However, the bypass process requires the attacker have access to an unlocked device, and be able to access the device after a reboot, so it can be thwarted by simply having a Passcode enabled (either by itself or as part of Touch ID).