By Christian Zibreg on Apr 10, 2014
If you’ve as much as glanced at what’s your inbox lately, chances are you’ve encountered messages in which your favorite apps and services announce emergency password resets in the wake of Heartbleed, a nasty bug that’s attacking millions of websites. And unless you’ve been sleeping under a rock for the past week, you must be aware by now that a shockingly high number of websites are at risk.
The latest security scare stems from a devastating flaw in the OpenSSL software many websites use to authorize login sessions and encrypt and transmit user data. Long story short, the exploit allows attackers to easily scoop up the website’s encryption keys, passwords and user content, prompting tons of emergency password resets by some of the Internet’s most popular services.
But what about your Apple ID? Have the keys to your account in the Apple cloud been compromised? How about iCloud or the App Store? According to an Apple spokesperson, its iOS and OS X platforms are protected against Heartbleed. Do I hear a collective sigh of relief? Read More
By Christian Zibreg on Mar 17, 2014
Facebook-owned WhatsApp, the world’s most popular mobile messaging service, has received a nice little update Monday bringing some much-needed privacy controls.
For starters, you can now tell the app who you want to share your profile photo and status with, quite in handy if you’re a private person who only wants to share this type of information with your phone contacts rather than with anyone using the service.
The same privacy settings are available for your Last Seen status as well – useful when you don’t want others to tell you haven’t opened their messages yet. Oh, and this edition of WhatsApp also includes some nice new wallpapers.
The update is live in the App Store so grab it now… Read More
By Christian Zibreg on Mar 12, 2014
We’re pretty big fans of AgileBits‘s 1Password for iOS and OS X (Jeff and myself are converts). But why bother with a third-party app when Apple’s new iCloud Keychain feature in iOS 7 and OS X Mavericks keeps all your website and app passwords, Wi-Fi logins and credit cards synced?
Lots of reasons, mainly because iCloud Keychain won’t sync plenty of personal items like private notes, software serial numbers, bank accounts, passports and what not.
That’s where 1Password comes in handy. First and foremost, 1Password uses a robust architecture to ensure that your private data remains private. Apps to manage passwords usually tend to be cumbersome, but that’s never been the case with 1Password.
The software has been praised for its sleek interface, rich feature set and handy tools like browser extensions and the 1Password mini app which patiently sits in your Mac’s menu bar to make remembering new passwords a hassle-free affair.
AgileBits is now introducing a new edition of 1Password for Mac which further refines the experience of using 1Password mini, the AutoSave feature and item editing. Read on for the full reveal… Read More
By Cody Lee on Mar 5, 2014
Popular encrypted chat app Cryptocat has launched this week for iOS. Originally available as a desktop app and a browser plugin, the app offers strong encryption and secrecy for text conversations, as well as protection from government intrusion thanks to its Swedish nuclear bunker headquarters.
This week’s iOS launch comes after an initial rejection by Apple’s app review team in December. Cryptocat’s founder Nadim Kobeissi called Apple’s reason for rejection ‘illegitimate,’ but it’s obvious someone or something had to give because the app is now available for download in the App Store… Read More
By Cody Lee on Feb 25, 2014
While the dust is far from settled on the nasty SSL bug found in iOS last week, a new security flaw in the mobile OS has been brought to light. The new flaw makes it possible for attackers to covertly log every touch a user makes, including keyboard and Touch ID presses.
Researchers at security firm FireEye made the discovery, saying in a blog post that the gap exists within iOS’ multitasking feature that allows for the background monitoring, and it can be exploited via a malicious app install or remotely via a separate app vulnerability… Read More
By Joe Rossignol on Feb 9, 2014
While multiple user account support exists on OS X and certain Android devices, the same cannot be said for iPhone. Enter GuestMode, a new jailbreak tweak by computer science graduate student Ian Burns that offers a fully customizable guest experience like none other.
Allow your kids to play games on your smartphone without accidentally calling someone, or let your friends control your music without lurking through your Facebook or Photos app. Find out how it works… Read More
By Christian Zibreg on Feb 3, 2014
An interesting finding by TechCrunch this morning that Apple has now started to reject apps which retrieve users’ Identifier for Advertisers (IDFA), but don’t show any ads. IDFA was introduced alongside iOS 6 two years ago to replace the universal device identifier (UDID) from prior iOS versions amid privacy concerns and new regulatory requirements. The company last March stopped accepting apps into the App Store that use the now defunct UDID… Read More
By Christian Zibreg on Jan 28, 2014
A report yesterday by The New York Times and other news organizations has provided yet another unsettling glimpse into the NSA’s wide-ranging surveillance practices.
The speculation, based on information from documents provided by the NSA leaker Edward Snowden, suggests that the NSA and its British counterpart GCHQ have been collecting private user data from mobile apps, in real time, as it travels across the Internet.
Profile data being collected from popular games such as Rovio’s Angry Birds typically includes age, location and gender, the allegations go. And with games that show ads, the agencies are also able to intercept users’ surprisingly detailed advertising profiles, mining it for new information… Read More
By Christian Zibreg on Jan 27, 2014
Apple has posted an update to information pertaining to national security and law enforcement orders, confirming that it’s been working closely with the White House, the U.S. Attorney General, congressional leaders, and the Department of Justice to “advocate for greater transparency with regard to the national security orders we receive”.
Apple CEO Tim Cook briefly touched on the topic in an interview with ABC’s David Muir, saying the NSA does not have access to Apple’s servers as the snooping agency would have to “cart us out in a box” for that kind of access (those are his exact words)… Read More
By Christian Zibreg on Jan 13, 2014
Perhaps realizing that apologizing isn’t a sign of weakness, Snapchat, the popular photo messaging application, took to the official blog to apologize for the spam increase observed during the weekend.
“We’ve heard some complaints over the weekend about an increase in Snap Spam on our service,” a Monday post reads. The company has tried to make peace with disgruntled users by offering a formal apology. “We want to apologize for any unwanted Snaps,” the team wrote.
The spam increase, the post claims, has nothing to do with a recent breach that saw a group of hackers breach its database and post 4.6 million user names and phone numbers on the web… Read More
By Christian Zibreg on Jan 9, 2014
Snapchat has found itself in some pretty hot water after a group of anonymous hackers on New Year’s Eve breached its database and leaked 4.6 million usernames and phone numbers on the web. The controversy wasn’t necessarily about the security breach itself, but over Snapchat’s stubborn refusal to publicly acknowledge the situation, apologize for the inconvenience and update customers on steps taken, if any, to rectify the situation.
It’s mind-boggling that Snapchat was aware of a security hole in its API for several weeks yet did absolutely nothing to plug it, an inexplicable move that has in turn allowed the hackers to successfully exploit Snapchat’s shortcomings and steal user data.
Today, the company has finally gone on the record to confirm that a new update to its Android and iOS apps improves security by letting folks opt out of the Find Friends feature which has, partially, allowed for the hack.
And although the company has yet to formally apologize for the messy handling of the situation, it now says it’s “sorry” for any problems this issue may have caused its users… Read More
By Christian Zibreg on Jan 1, 2014
You may have heard that the web is rampant with a new security scare involving a massive leak of 4.6 million Snapchat usernames and phone numbers on New Year’s Day. As you could imagine, the privacy implications of a breach that involves a service as popular as Snapchat are something of a headache.
First and foremost, the alleged hackers censored the last two digits of the phone numbers to “minimize spam and abuse”. The wording itself is disturbing as it implies that the phone numbers could be sold.
Indeed, the hackers make it clear they’re open to offering the uncensored database to third-parties such as “security researchers from around the world, professors from various universities, private investigators and attorneys”.
Say someone scanned the leaked Snapchat database and obtained your Snapchat username along with a phone number tied to your account. You should care because your phone number reveals your approximate geographical location (the country code).
More importantly, knowing your phone number allows them – “them” being nefarious users – to figure out your Facebook and Twitter profile names and/or other social media screen names, unless of course you’ve registered with these services using a different phone number.
If your Snapchat data has been hijacked and leaked on the web as part of this hack, here’s how to change your username and delete your profile along with all of the underlying data… Read More
By Christian Zibreg on Jan 1, 2014
Bad news, Snapchat fans: a group of anonymous hackers have successfully exploited a nasty security hole in the popular IM application to hijack a whopping 4.6 million usernames and phone numbers, publishing this private data on a website called SnapchatDB.info.
The circa 40MB SQL database dump (also available as a CSV file) includes phone numbers and usernames, along with the affected users’ geographical region information.
Why did they do it? The leaked private information “is being shared with the public to raise awareness” of a Snapchat API exploit they’d used for the hack.
Snapchat has been aware of the security loophole in its application since August, but did literally nothing to patch it. Is there a way to see if you’ve been affected? Yes, there is. Read on for the full reveal… Read More
By Cody Lee on Dec 31, 2013
Yesterday, a trove of secret documents was released regarding the NSA and its ongoing spying on citizens both abroad and here in the US. One of the programs mentioned, called DROPOUTJEEP, is particularly scary as it can give the Agency complete control of any iPhone.
These are some pretty serious allegations made against the NSA and maybe more-so Apple, who either has several unknown security holes in its mobile OS or is consciously giving the NSA access. Well the company just responded to these claims, and it appears to be the former… Read More
By Cody Lee on Dec 30, 2013
In June of this year, Edward Snowden shocked the world by leaking a number of slides and documents and revealing that the NSA has backdoor access to the databases of 9 major tech companies, including Apple and Facebook. But as it turns out, its access may not be limited to software.
Since Snowden’s initial outing, there has been a number of subsequent reports and leaks. And the latest to garner gasps from the security community is that the NSA has the ability to intercept the delivery of a new computer or mobile device—including iPhones—and build in a remote backdoor… Read More
By Cody Lee on Dec 17, 2013
As we reported yesterday, Tim Cook and a number of other executives from prominent tech companies met with US President Barack Obama at the White House to discuss a wide range of government and tech-related topics.
Among the topics were said to be the recent struggles with the rollout of the healthcare.gov website and privacy concerns regarding government surveillance. And this afternoon, a short video of the meeting surfaced on the web… Read More
By Cody Lee on Dec 16, 2013
The White House has announced that President Obama is scheduled to meet with a number of tech executives tomorrow to discuss a wide range of subjects. Two of the big topics on the menu are said to be the NSA and the troubled HealthCare.gov website.
In addition, the group—which includes Apple CEO Tim Cook, Twitter’s Dick Costolo, Netflix’s Reed Hastings, and Dropbox’s Drew Houston—will discuss ways the Obama administration can partner with the tech sector to create new jobs and grow the economy… Read More
By Christian Zibreg on Dec 9, 2013
The U.S. government’s mass-scale surveillance program which has compromised the security and privacy of millions of domestic and foreign online users, the secret PRISM initiative, did not sit well with Apple and other technology giants. In response to the scandalous revelations by the NSA contractor Edward Snowden that also put the blame on Silicon Valley giants for bowing to NSA’s request and providing the agency with hassle-free access to its users’ data, the iPhone maker chastised the practice and published how it handles government requests to give up private information belonging to its users.
And now, in the aftermath of the ongoing snooping scare, The Wall Street Journal is reporting that Apple along with seven other U.S. technology giants is making a joint appeal to reform government surveillance activities… Read More
By Christian Zibreg on Nov 19, 2013
Google’s nefarious overriding of both desktop and iOS Safari users’ privacy settings in order to better track their web browsing activity backfired after the United States Federal Trade Commission (FTC) in April 2012 took a long, hard look at the practice and decided to fine the search giant.
Google has previously agreed to pay $22.5 million fine to the government, with a judge approving the record-setting penalty. And now, the Internet giant will pay 37 U.S. states a cool $17 million to settle the Safari probe case… Read More
By Jeff Benjamin on Nov 12, 2013
Believe it or not, private browsing mode has many uses. My favorite reason for using the mode is when troubleshooting page issues with cookies. It’s a great way to have a “control” when comparing against a non-private browsing session.
In browsers like Chrome, private browsing mode is a cinch to enable using a simple keyboard shortcut. In Safari, there is no such built-in shortcut. Instead, you have to click on the Safari menu bar and click the Private Browsing option.
Inside, we’ll show you how easy it is to create a keyboard shortcut for quickly enabling and disabling private browsing mode in Safari. Read More