Security

Apple neglects to secure streaming album previews

Periodically, albums become available for live streaming on iTunes prior to their official release date. The hope is that not only do consumers get a chance to hear the album before buying it, but also that by offering a free and legal way to listen to the album before it’s available, there will be less motivation for eager fans to pirate leaked albums. With unreleased albums from Daft Punk and The National currently streaming on iTunes, 9to5Mac has discovered that the streams are being left completely unprotected, offering an easy way for pirates to get high-quality cuts of the albums before they’re officially released.

More →

4
loading...
5
loading...
33
loading...
0
loading...

Multiple Vulnerabilities Found in File Lite and File Pro iOS Apps

Bad news this week for any users of the iOS file management apps File Lite and File Pro. Researchers over at Vulnerability Laboratory have published details for three vulnerabilities that they discovered in the latest versions of both apps.

More →

3
loading...
6
loading...
45
loading...
0
loading...

iTunes 11.0.3 brings a number of important security fixes

Apple recently released iTunes 11.0.3 with a number of cosmetic improvements including an updated MiniPlayer and songs view. However, this release is more than just a pretty face, bringing a number of security patches which address a wide range of vulnerabilities. Even users not interested in the visual treatments will want to grab this update.

More →

4
loading...
4
loading...
34
loading...
0
loading...

The State of Apple's Location Services and User Privacy

Apple’s handling of location data has made its way back into headlines recently due to a tool written by security researcher Hubert Seiwert. Seiwert presented the iSniff GPS tool, which makes it easy to capture potentially sensitive iPhone user data, last July at the Blackhat USA security conference and posted the source code to Github a month later. While the tool isn’t particularly new, it has been the recipient of some media attention after being covered earlier this month by SC Magazine. While the disclosure of the sensitive information by iPhones was previously known, iSniff makes the information more easily accessible and is worth a closer look to determine if users need to worry.

More →

6
loading...
3
loading...
33
loading...
0
loading...

New OS X Spyware Discovered at Oslo Freedom Forum

During the 2013 Oslo Freedom Forum, an annual conference focused on human rights, a new piece of spyware was discovered on an attendee's Mac. The spyware, which was discovered by security researcher Jacob Appelbaum, is currently being analyzed by F-Secure to fully understand what it does.

More →

5
loading...
0
loading...
49
loading...
0
loading...

iOS 6.0 gets US federal government's security stamp of approval

Since the dawn of time, BlackBerry smartphones have been the mobile communicator of choice for the United States federal government. The federal National Institute of Standards and Technology has been approving hardware and software to meet the FIPS (Federal Information Processing Standard) since 1995, and today iOS 6.0 was granted FIPS 140-2 certification. Specifically, the iOS CryptoCore Kernel Module 3.0 was assured to to meet the security requirements of the government.

More →

14
loading...
0
loading...
103
loading...
0
loading...

iOS app flagged for malware, and why you shouldn't worry

An iOS game called Simply Find It, when run through BitDefender’s virus scanner, reportedly returns a positive result for Trojan.JS.iframe.BKD. This has drawn into question the effectiveness of Apple’s App Store approval process. Is this something that Apple should have caught, and is it something App Store customers should be worried about?

More →

6
loading...
5
loading...
108
loading...
0
loading...

The Mailbox security failure that wasn’t

A few days ago it was reported that the popular Mailbox app was falling short on protecting user data. Developer Subhransu Behera published a post on his blog outlining what he considered to be security failures on the part of Mailbox.

More →

8
loading...
9
loading...
93
loading...
0
loading...

Apple declines to fix vulnerability in Safari's Web Archive files, likely because it requires user action to exploit

Metasploit software developer Joe Vennix has detailed a vulnerability in Safari’s webarchive file format along with how it can be exploited. The post on Rapid7 indicates that after being reported to Apple back in February, the bug was closed last month with a status of “wontfix”, indicating that Apple has no plans to address the bug. So what is it and why is that?

More →

8
loading...
5
loading...
75
loading...
0
loading...

Security vs. convenience: How do you balance your passwords?

Security is at constant war with convenience. The stronger the passwords we use to keep our data safe, the more steps we take to lock down what we own, the less accessible our data and our devices become -- even to us. Balancing it all can be tough, and a lot depends on what the platforms and services we use do to help us. And nowhere is this more evident than mobile.

Multitouch keyboards, in large part, rely on things like like character pair prediction and auto-correct to make entry acceptable. Neither of those things are possible with passwords, and strong passwords require far higher than normal frequencies of shifting between upper and lower case, and between letters and numbers and symbols. It's the worst possible experience.

More →

6
loading...
14
loading...
95
loading...
0
loading...

Pages