WhatsApp starts encrypting instant messages on Android, iOS and other platforms coming soon

By Christian Zibreg on Nov 19, 2014

WhatsApp, the most popular instant-messaging platform with more than 600 million users which Facebook snapped up for $16 billions earlier this year, has started to protect data with end-to-end encryption, The Wall Street Journal reports.

For the time being, text messages exchanged between Android users of WhatsApp are being encrypted by default.

It shouldn’t be too long until the company adds encryption to the iOS app and other mobile platforms. Encryption protects users’ communications from governments and hackers alike by making the data unreadable as it travels between servers. Read More

 

Apple credits Pangu team for discovering vulnerabilities patched in iOS 8.1.1

By Cody Lee on Nov 18, 2014

Apple has posted a support page on the security content of the just-released iOS 8.1.1, reaffirming previous reports that the firmware breaks the Pangu jailbreak tool. In the page, the company credits the Pangu team for discovering three vulnerabilities patched in 8.1.1.

Among those vulnerabilities was a state management issue in the dyld directory, which has to do with app launches. There was also a validation issue in the handling of metadata fields with the kernel, and a sandbox profile bug that allowed apps to launch arbitrary binaries. Read More

 

Chinese authorities shut down WireLurker site, suspects arrested

By Cody Lee on Nov 17, 2014

Chinese authorities arrested three individuals last Friday that are believed to have developed the “WireLurker” malware, according to a police post on Sina Weibo. The authorities were tipped off by Chinese security company Qihoo 360 technology. Additionally, the post says that authorities have also identified and shut down the website that was hosting and distributing the malware. Read More

 

Apple issues statement on Masque Attack, says it’s not aware of any affected users

By Cody Lee on Nov 13, 2014

Apple tonight broke its silence regarding Masque Attack, a recently discovered vulnerability in iOS. In a statement to iMore, the company says it encourages customers to only download apps from trusted sources and that it’s not currently aware of any users affected by the exploit.

Research security FireEye announced its discovery of Masque Attack on Monday. The malware installs itself through a phishing link disguised as a new app or game, and then masquerades as a legitimate app. Once installed, it can access login credentials, credit card info and more. Read More

 

US government warns iOS users about new ‘Masque Attack’ threat

By Cody Lee on Nov 13, 2014

The United States government issued a warning for iPhone and iPad users today regarding the recently-discovered ‘Masque Attack’ vulnerability, reports Reuters. The security flaw, which began circulating the web earlier this week, allows malicious third-party apps to be installed to a device using enterprise provision profiles.

Today’s bulletin was issued by the National Cybersecurity and Communications Integration Center, and it warns users of how Masque Attack can spread and what it’s capable of doing. The malware installs itself through a phishing link disguised as a new app or game, and then it can masquerade as a well-known app like Gmail. Read More

 

iOS security flaw could lure unsuspecting users into installing dangerous malware

By Christian Zibreg on Nov 10, 2014

A new security exploit discovered in Apple’s mobile operating system allows attackers to fool unsuspecting users into installing malicious iPhone and iPad apps disguised as new versions of popular apps and games such as Gmail, Angry Birds and more.

Instances of malicious apps with such deceiving names as “New Angry Bird”, “New Flappy Bird” and others were mentioned Monday in a report by mobile security research firm FireEye. Read More

 

Apple now blocking apps infected with WireLurker malware

By Cody Lee on Nov 6, 2014

Apple released a statement today saying that it is aware of the newly discovered WireLurker malware that targets Macs and iOS devices, and it has taken action. “We’ve blocked the identified apps to prevent them from launching,” a spokesman for the company told the Wall Street Journal.

Yesterday security researchers at Palo Alto Networks published a report saying they had discovered a new malware targeting Macs and iOS that is the “biggest in scale” it has ever seen. They named the malware “WireLurker” for its ability to jump from infected Macs to iOS devices over USB. Read More

 

New malware ‘WireLurker’ found infecting Macs and iOS devices in China

By Cody Lee on Nov 5, 2014

Security researchers at Palo Alto Networks say they’ve uncovered a new malware campaign targeting Macs and iOS that is the “biggest in scale” it has ever seen. Dubbed WireLurker, the malware has infected more than 400 apps in the Maiyadi App Store, a third-party Mac app store in China.

In the last six months, researchers say 467 infected applications have been downloaded 356,104 times, and “may have impacted hundreds of thousands of users.” The scary part is, the malware can be transmitted to a connected iOS device via USB, regardless of whether or not it’s jailbroken. Read More

 

The EFF ranks iMessage and FaceTime as most secure mass-market messaging options

By Cody Lee on Nov 5, 2014

The Electronic Frontier Foundation (or EFF) has posted a new Secure Messaging Scorecard, which ranks popular messaging offerings based on their security measures. The Scorecard uses a variety of metrics, such as methods of encryption and user privacy, and Apple’s messaging options faired rather well.

While dedicated secure messaging apps like ChatSecure and CryptoCat scored the highest, the EFF found Apple’s iMessage and FaceTime systems to be “the best of the mass-market options.” The two services were found more secure than several high profile apps, including BlackBerry Messenger and Skype. Read More

 

U.S. Court says phone passcodes are protected under the law

By Christian Zibreg on Oct 31, 2014

Criminals should protect their iPhones with a passcode, not Touch ID, as a Virginia District Court has determined that passcodes are protected under the Fifth Amendment of the United States Constitution while fingerprints are not, according to a report Friday by Hampton Roads.

The Fifth Amendment protects citizens from self-incrimination so a phone is protected under the law because otherwise it would require a defendant to divulge knowledge. Put simply, a Circuit Court judge has ruled that a criminal defendant can be compelled to reveal their fingerprint but not the passcode, so that police could search their mobile phone. Read More

 

How to use a passcode with the iOS 8.x jailbreak

By Jeff Benjamin on Oct 29, 2014

At this point in time, running Cydia on a jailbroken iPhone can still be a bit confusing for users who aren’t always knee-deep in this stuff. One of the biggest issues encountered when running Cydia on a jailbroken iOS 8 device at the moment involves using the passcode and Touch ID.

After installing Cydia on a jailbroken iOS 8 device, many are reporting that establishing a passcode sends them into a bootloop. I verified that I encountered the same issue.

Let me just preface this by saying that the problems encountered here are no fault of the Pangu team or of Saurik. This jailbreak is a work in progress, and we’ve been advised that the jailbreak is only for developers at the moment. That said, many of you are adventurous and want to take the plunge as soon as possible; as do I.

In this video, I share an unsanctioned workaround to the boot loop issue. I show you how to establish a passcode on a device with Cydia and Cydia Substrate installed. I’ve tested this out, and have recorded the entire Cydia installation process for your convenience. Have a look inside for the full tutorial. Read More

 

How to stop OS X Yosemite from asking for a password after waking your Mac

By Sébastien Page on Oct 28, 2014

I just got my all new iMac with Retina 5K display last week and I’m still going through all the settings to have it behave the way I want. One thing I noticed is that every time it goes to sleep or the screen saver kicks in, my Mac will require me to enter my user password when I wake it up.

What is a great security feature if you work in an office is somewhat of an annoyance to me, simply because I work from home and no one except my wife ever gets to touch my computer, making this password an extra step that I don’t need.

In this post, I’ll show you how to stop OS X Yosemite from requiring a password after waking up your Mac. Read More

 

SleekCode: improve the look of the Lock screen passcode interface

By Jeff Benjamin on Oct 24, 2014

SleekCode is a brand new jailbreak tweak that just recently touched down on Cydia’s BigBoss repo. SleekCode allows you to change up the look of the passcode screen. You can alter the background of the blur, alpha, and passcode rings, along with hiding the emergency dial button and slide to unlock chevron.

I was fairly impressed with the look of the passcode screen after configuring SleekCode. Have a look at our video walkthrough for more information. Read More

 

Tim Cook flies to China in response to iCloud phishing allegations

By Christian Zibreg on Oct 22, 2014

Apple’s boss Tim Cook went to China to meet with a top Chinese government official in Beijing amid allegations of government-backed phishing attempts on users’ iCloud accounts, according to a report by the state-run Xinhua news agency, relayed by Reuters Wednesday.

The meeting coincides with reports by GreatFire.org, a Chinese web monitoring group, alleging that the Chinese government sponsored man-in-the-middle attacks that redirected local users to a fake iCloud.com login page in an effort to harvest Apple ID user names and passwords. Read More

 

Following iCloud phishing attempts, Apple issues browser security support doc

By Christian Zibreg on Oct 21, 2014

Following a report Monday by Great Fire alleging that the government in China attempted to compromise the security of Apple’s users by redirecting local traffic to a fake iCloud.com login webpage, Apple on Tuesday confirmed it was aware of the phishing attempts and ensured its servers had not been compromised, according to a CNBC report.

The company also took additional steps in the form of a new support document which teaches unsuspecting users how to verify that their web browser is in fact securely connected to the genuine iCloud.com login page. Read More

 

Chinese government apparently collecting iCloud credentials through phishing attacks

By Christian Zibreg on Oct 20, 2014

The Chinese government is reportedly phishing iCloud credentials of millions of people by staging a so-called man-in-the-middle attack which redirects unsuspecting users to a spoofed webpage that appears shockingly similar to the real iCloud.com website, Great Fire reported Monday.

Fooled users who type in their username and password into the fake web form risk exposing their iMessage communications, photos, contacts, reminders, calendars and other personal information associated with their Apple ID to a third-party. The problem is further accentuated by the fact that the popular Chinese browser Qihoo does not warn users that they’re visiting a fake website. Read More

 

Apple releases iTunes 12.0.1 for OS X Yosemite

By Cody Lee on Oct 16, 2014

Following the release of OS X Yosemite this afternoon, Apple quickly pushed out iTunes 12.0.1. As you know, Yosemite includes a refreshed edition of iTunes marked as version 12, and this is an update for the folks who are using the new software.

Not much is mentioned in the change log in terms of what’s new in 12.0.1, but it does note that at least one of the changes has to do with security. And given its release time, and .1 build number, we imagine that it includes other bug fixes as well. Read More

 

Apple: two-step verification for Apple IDs will require app-specific passwords starting tomorrow

By Jeff Benjamin on Oct 8, 2014

If you have two-step verification enabled and you’re currently signed in to a third-party app using your Apple ID password, you’ll need to adjust to a new change starting tomorrow. For security purposes, Apple is introducing app-specific passwords to access iCloud data using third-party apps.

Apple will allow users to generate these app-specific passwords via the Password & Security section of its Apple ID website. Once there, you’ll simply need to click Generate App-Specific Password to create a password for the third-party app that you wish to grant access to your iCloud data. Read More

 

AT&T says customer info accessed in insider data breach

By Cody Lee on Oct 7, 2014

AT&T confirmed on Monday that it suffered a data breach in August, carried out by one of its own employees. In a letter to Vermont’s attorney general, officials for the carrier said a former staffer accessed customer account information, including Social Security and driver’s license numbers.

Additionally, the company notes that the insider viewed Customer Proprietary Network Information (or CPNI), which includes metadata such as time, duration and destination of phone calls. It would not identify, however, how many of its customer accounts were affected by the breach. Read More

 

Apple releases tool to check the Activation Lock status of iOS devices

By Sébastien Page on Oct 1, 2014

Apple recently released a tool that lets anyone check the Activation Lock status of iOS devices. Introduced along iOS 7, Activation Lock is a security feature that prevents anyone from erasing or activating your iOS device without entering your Apple ID and password first. The feature must be disabled before a device is passed or sold to another person. Failure to do so renders the device unusable for the new owner.

With the release of this new tool, Apple wants to make the process of checking for Activation Lock easier, and prevent people from buying a device that might have been locked because it was lost, stolen, or simply because the previous owner forgot remove the device from his account. Read More

 
Page 112345...