By Jeff Benjamin on Oct 29, 2014
At this point in time, running Cydia on a jailbroken iPhone can still be a bit confusing for users who aren’t always knee-deep in this stuff. One of the biggest issues encountered when running Cydia on a jailbroken iOS 8 device at the moment involves using the passcode and Touch ID.
After installing Cydia on a jailbroken iOS 8 device, many are reporting that establishing a passcode sends them into a bootloop. I verified that I encountered the same issue.
Let me just preface this by saying that the problems encountered here are no fault of the Pangu team or of Saurik. This jailbreak is a work in progress, and we’ve been advised that the jailbreak is only for developers at the moment. That said, many of you are adventurous and want to take the plunge as soon as possible; as do I.
In this video, I share an unsanctioned workaround to the boot loop issue. I show you how to establish a passcode on a device with Cydia and Cydia Substrate installed. I’ve tested this out, and have recorded the entire Cydia installation process for your convenience. Have a look inside for the full tutorial. Read More
By Sébastien Page on Oct 28, 2014
I just got my all new iMac with Retina 5K display last week and I’m still going through all the settings to have it behave the way I want. One thing I noticed is that every time it goes to sleep or the screen saver kicks in, my Mac will require me to enter my user password when I wake it up.
What is a great security feature if you work in an office is somewhat of an annoyance to me, simply because I work from home and no one except my wife ever gets to touch my computer, making this password an extra step that I don’t need.
In this post, I’ll show you how to stop OS X Yosemite from requiring a password after waking up your Mac. Read More
By Jeff Benjamin on Oct 24, 2014
SleekCode is a brand new jailbreak tweak that just recently touched down on Cydia’s BigBoss repo. SleekCode allows you to change up the look of the passcode screen. You can alter the background of the blur, alpha, and passcode rings, along with hiding the emergency dial button and slide to unlock chevron.
I was fairly impressed with the look of the passcode screen after configuring SleekCode. Have a look at our video walkthrough for more information. Read More
By Christian Zibreg on Oct 22, 2014
Apple’s boss Tim Cook went to China to meet with a top Chinese government official in Beijing amid allegations of government-backed phishing attempts on users’ iCloud accounts, according to a report by the state-run Xinhua news agency, relayed by Reuters Wednesday.
The meeting coincides with reports by GreatFire.org, a Chinese web monitoring group, alleging that the Chinese government sponsored man-in-the-middle attacks that redirected local users to a fake iCloud.com login page in an effort to harvest Apple ID user names and passwords. Read More
By Christian Zibreg on Oct 21, 2014
Following a report Monday by Great Fire alleging that the government in China attempted to compromise the security of Apple’s users by redirecting local traffic to a fake iCloud.com login webpage, Apple on Tuesday confirmed it was aware of the phishing attempts and ensured its servers had not been compromised, according to a CNBC report.
The company also took additional steps in the form of a new support document which teaches unsuspecting users how to verify that their web browser is in fact securely connected to the genuine iCloud.com login page. Read More
By Christian Zibreg on Oct 20, 2014
The Chinese government is reportedly phishing iCloud credentials of millions of people by staging a so-called man-in-the-middle attack which redirects unsuspecting users to a spoofed webpage that appears shockingly similar to the real iCloud.com website, Great Fire reported Monday.
Fooled users who type in their username and password into the fake web form risk exposing their iMessage communications, photos, contacts, reminders, calendars and other personal information associated with their Apple ID to a third-party. The problem is further accentuated by the fact that the popular Chinese browser Qihoo does not warn users that they’re visiting a fake website. Read More
By Cody Lee on Oct 16, 2014
Following the release of OS X Yosemite this afternoon, Apple quickly pushed out iTunes 12.0.1. As you know, Yosemite includes a refreshed edition of iTunes marked as version 12, and this is an update for the folks who are using the new software.
Not much is mentioned in the change log in terms of what’s new in 12.0.1, but it does note that at least one of the changes has to do with security. And given its release time, and .1 build number, we imagine that it includes other bug fixes as well. Read More
By Jeff Benjamin on Oct 8, 2014
If you have two-step verification enabled and you’re currently signed in to a third-party app using your Apple ID password, you’ll need to adjust to a new change starting tomorrow. For security purposes, Apple is introducing app-specific passwords to access iCloud data using third-party apps.
Apple will allow users to generate these app-specific passwords via the Password & Security section of its Apple ID website. Once there, you’ll simply need to click Generate App-Specific Password to create a password for the third-party app that you wish to grant access to your iCloud data. Read More
By Cody Lee on Oct 7, 2014
AT&T confirmed on Monday that it suffered a data breach in August, carried out by one of its own employees. In a letter to Vermont’s attorney general, officials for the carrier said a former staffer accessed customer account information, including Social Security and driver’s license numbers.
Additionally, the company notes that the insider viewed Customer Proprietary Network Information (or CPNI), which includes metadata such as time, duration and destination of phone calls. It would not identify, however, how many of its customer accounts were affected by the breach. Read More
By Sébastien Page on Oct 1, 2014
Apple recently released a tool that lets anyone check the Activation Lock status of iOS devices. Introduced along iOS 7, Activation Lock is a security feature that prevents anyone from erasing or activating your iOS device without entering your Apple ID and password first. The feature must be disabled before a device is passed or sold to another person. Failure to do so renders the device unusable for the new owner.
With the release of this new tool, Apple wants to make the process of checking for Activation Lock easier, and prevent people from buying a device that might have been locked because it was lost, stolen, or simply because the previous owner forgot remove the device from his account. Read More
By Christian Zibreg on Oct 1, 2014
There’s a new trojan in town, one that attacks jailbroken iPhone, iPod touch and iPad devices.
As discovered by Lacoon, the malicious software dubbed Xsser mRAT uses social engineering to steal valuable data from jailbroken devices by fooling unsuspecting users to tap on an install link in phishing messages from unknown senders.
Created by Chinese hackers, it can extract a vast range of personal information including your iOS address book, SMS messages, call logs, GSM identities, your approximate geographical location (as determined by the cell tower ID), on-device pictures, as well as passwords and other authentication data in the iOS keychains used by your Apple ID, mail accounts and other services. Read More
By Cody Lee on Sep 29, 2014
Apple on Monday delivered the promised update to patch the ‘Shellshock’ Bash bug in OS X. You can download the update manually here, otherwise it should be popping up in the Updates tab of the Mac App Store shortly.
The security flaw was uncovered by security researchers last week and sent much of the Internet into a panic. Affecting the bash command shell in UNIX, the exploit allows for hackers to remotely execute malicious code. Read More
By Christian Zibreg on Sep 29, 2014
QuickType, Apple’s new predictive keyboard featured on the iPhone, iPod touch and iPad devices running iOS 8, is reportedly plagued with a potentially dangerous oversight where the software would suggest parts of your passwords that you previously used on websites, as first reported by French-language blog iGen.fr [Google Translate].
A new thread on Apple’s Support Communities website includes a note by one user who reported the keyboard offering “OrangeJuice” as a suggestion each time he would type in “AppleUser” because QuickType remembered the “OrangeJuice!2” password he previously used to log in to Outlook Web App. Read More
By Christian Zibreg on Sep 26, 2014
A fix for a new kind of exploit recently discovered in the Bash command shell used in multiple versions of Unix is underway, Apple confirmed Friday, adding that the “vast majority” of Mac users are unaffected because OS X is “safe by default” from the so-called ‘Shell Shock’ attacks.
“The vast majority of OS X users are not at risk to recently reported Bash vulnerabilities,” an Apple spokesperson said in a statement quoted by The Verge.
The vulnerability was documented and publicized Thursday by security researchers at RedHat and gained prominences after security expert Robert Graham called it “as big as the Heartbleed bug,” referring to a nasty vulnerability discovered earlier in the year in the OpenSSL software commonly used by nearly two-thirds of servers powering the Internet. Read More
By Christian Zibreg on Sep 25, 2014
A string of bad news for Apple continues with a revelation published Thursday on The Daily Dot that London-based computer security expert Ibrahim Balic gave Apple a heads-up about a vulnerability he had discovered in iCloud, but the company discounted the severity of the issue and ignore the problem for six months.
As you know, the issue blew up in a major way, becoming the topic of late-night shows, after several celebrities with weak Apple ID passwords saw their nude photographs hijacked and posted on the web. Read More
By Christian Zibreg on Sep 25, 2014
A new exploit in the Bash command shell found in many versions of Unix, including Apple’s OS X desktop operating system, makes Mac computers vulnerable to so-called ‘Shell Shock’ attacks, security researchers at RedHat discovered Thursday.
Though the exploit lets attackers run malicious scripts remotely, most people are not at risk unless they’ve manually allowed SSH access from remote connections or a web server running server side scripting.
Here’s how you can check if you’re vulnerable and what you can do in order to avoid ‘Shell Shock’ attacks on your system. Read More
By Alihassan Mahdi on Sep 19, 2014
One of the features that iOS 7 lacks is the ability to control the amount of time your child spends using your device. Parental Controls for iOS is a new jailbreak tweak that aims to bring this highly anticipated feature to jailbroken iOS 7 devices.
Developed by Ge0rges, the tweak allows you to limit the amount of time a person can use your iOS device. Once the time has ended, the user will be automatically be locked out of your device and a pop-up will be displayed with three buttons: ‘Emergency Call’, ‘Add One Hour’ where a person will be allowed to use the device for an extra hour once the parental passcode has been entered and an ‘Ok’ button. The only way your child can gain access to your device once the time limit has been reached is when you choose to add an extra hour. Read More
By Christian Zibreg on Sep 18, 2014
Apple on Thursday released an update to its desktop Safari browser for Macs running OS X Mavericks which contains improvements to compatibility and security while introducing a pair of new options for strengthening your privacy when searching.
The first such feature turns on SSL encryption for all Yahoo searches conducted from Safari’s search field. As a result, no one can eavesdrop on what you’re searching for online.
The other adds DuckGoGo, a search engine that does not track you (Google won’t like this) as a built-in option in the search field. Note that Safari in iOS 8 and OS X 10.10 Yosemite already includes DuckGoGo as an option.
Safari 7.1 has arrived on the heels of yesterday’s OS X Mavericks 10.9.5 update which contains Safari 7.0.6 and improves the stability, compatibility and security of your Mac. Read More
By Cody Lee on Sep 17, 2014
Apple this evening launched a new privacy site in an effort to increase transparency on how it protects user data, and to educate users on how they can better protect themselves. Additionally, Tim Cook has posted an open letter to Apple Customers detailing the various sections of the new site, as well as Apple’s stance on user privacy.
The move follows recent bad publicity for Apple, in which its laxed iCloud security measures were blamed for the hacking of high profile celebrity accounts, which resulted in a slew of nude photos being leaked. The company maintains that its servers were never breached, but Tim Cook promised to double down on security anyway.
By Christian Zibreg on Sep 17, 2014
AgileBits, the maker of the popular password-keeping utility, 1Password, has issued a major new version of the app following Apple’s release of the iOS 8 software update earlier this morning.
1Password 5 for iOS 8 now takes full advantage of Touch ID fingerprint scanning to unlock your vault and comes with a brand new iOS 8 App Extension in Safari and other apps that also uses Touch ID.
The Safari extension is available right in the Share sheet and permits you to fill Logins directly into web pages. Taking advantage of AgileBits’ own proprietary extensions for integrating third-party apps with 1Password, supported apps can now log you in with just a tap. And as you update passwords in these apps, 1Password updates the corresponding item in its database.
As for the price, the new 1Password 5 is a free update to existing users and a freemium download for everyone else, with a one-time In-App Purchase to unlock features like folders, tags, custom fields, Multiple Vaults, as well as the full range of items including Bank Accounts, Email Accounts, Memberships, Passports, Reward Programs, Wireless Routers, Software Licenses and many more. Read More