Security

Geohot joins elite team of hackers for Google’s Project Zero

Cody Lee ∙ July 17, 2014

Since wunderkind George Hotz, better known as Geohot, first made a name for himself by hacking the iPhone at age 17, he's bounced around to several projects. He hacked the PlayStation, did some work for Facebook, and more recently popped up in Android land.

His latest gig is an internship for Google's Project Zero—a team of elite hackers tasked with finding and eradicating serious software vulnerabilities. Back in March Geohot won $150K for exposing Chrome exploits, and it seems the Mountain View company took notice...

Apple patent would let iPhone lock itself in case of unusual user behavior

Christian Zibreg ∙ July 17, 2014

Apple is researching new methods of securing data on your iPhone by sending an alert to another device or locking it altogether to protect against theft should it detect a pattern of unusual behavior.

The United States Patent and Trademark Office today published an Apple patent for "Generating notifications based on user behavior".

The document outlines a method by which an iPhone could automatically lock itself or set off an alert in case it detects unusual changes in user behavior. Read on for more...

Apple ID 2-step verification live in 48 new markets

Christian Zibreg ∙ July 17, 2014

It appears that Apple has rolled out its two-factor authentication feature for Apple ID accounts in an additional 48 markets, bringing the total number of countries which support this security-minded feature to a cool 59.

Two-factor authentication bolsters up your security when logging in to your Apple ID account on the web by combining something you know - your Apple ID username and password or a Recovery Key - with something you own - a four-digit authorization code sent to your iPhone, iPod touch or iPad device...

Apple is now encrypting your iCloud emails in transit between providers

Christian Zibreg ∙ July 15, 2014

A month ago, Apple confirmed that it would soon start encrypting iCloud Mail traffic in transit.

As Google's Transparency Report noted at the time, Apple and several major email providers did not properly encrypt email messages sent and received from other providers like Gmail and Yahoo, creating security concerns.

Although Apple only encrypts emails sent between its own iCloud customers, the company appears to have stepped up iCloud Mail security and is now finally protecting your emails from eavesdropping as they travel between various third-party email service providers using end-to-end encryption...

Apple responds to Chinese media warning against iPhone location tracking

Cody Lee ∙ July 13, 2014

Last week, China's state-run China Central Television broadcasted a report that labeled the iPhone as a "national security concern." More specifically, the CCTV criticized the “frequent locations” function in iOS 7, which records time and location for the owner’s movements.

Yesterday, Apple issued an official response to the report on its Chinese website. The statement reaffirms the company's commitment to privacy, and states that the Location Services found in the iOS firmware are only used to help users for activities that require navigation...

How to fully mask password input on the iPhone

Jeff Benjamin ∙ July 8, 2014

Have you ever typed a password in iOS and wondered to yourself why Apple doesn't mask the last character completely? The reason that Apple doesn't fully mask the password as you type probably has to do with being able to verify that you entered the correct password.

Some may argue that such a feature is counter to staying secure as you enter your password. It's easy to see why some people may feel that way.

Enter Fully Masked Passwords—a new jailbreak tweak that applies a full mask to every character entered in a password field. Check out our video after the break to see it in action.

Apple launches $49 security lock adapter for Mac Pro

Christian Zibreg ∙ July 2, 2014

Apple on Wednesday launched an accessory to keep your gorgeously reimagined late-2013 "trashcan" style Mac Pro secure and tethered.

Available through the Online Apple Store for $49, the Mac Pro Security Lock Adapter ties the cylindrically shaped workstation to your desk using existing Kensington locks or similar third-party locks, so a thief would need to drag the desk itself to steal your precious Mac Pro.

Moreover, it prevents unauthorized access to the computer's internal components by securing the lift-off cover to the base of the machine with a security cable...

Microsoft now encrypts your OneDrive connections and Outlook emails

Christian Zibreg ∙ Updated January 28, 2019

Microsoft's OneDrive (formerly SkyDrive) is great if you need to store your files in the cloud and sync them between devices seamlessly. And with the recently introduced 15GB free tier, OneDrive has become even more competitive compared to Dropbox and its pedestrian 2GB free tier.

Also, Microsoft's web-based email - which went through several rebranding efforts and is currently known as Outlook.com - has its loyal following.

Those who've been concerned about general security of their emails and OneDrive files needn't worry as Microsoft now employs end-to-end encryption on both services to prevent eavesdropping as data travels between servers...

Apple rolling out two-step verification for iCloud web portal

Cody Lee ∙ June 30, 2014

Apple has apparently begun rolling out a two-step verification system to its iCloud web portal this afternoon. The new system adds an additional layer of security to an area that offers access to web versions of stock Mac and iOS apps like Mail, Contacts and Calendar.

It's not clear if Apple is simply testing the feature with some users or plans to eventually roll it out to all iCloud.com subscribers, but it seems not everyone has access to it yet. Those who do see it, though, say it requires users to enter a special code to access their apps...

Yo hack compromises your phone contacts, but fix is underway

Christian Zibreg ∙ Updated February 11, 2016

Yesterday, I told you about Yo, a ridiculous new messaging app which lets people exchange two-character "Yo" messages. Some like Stephen Colbert have eviscerated Yo for being utterly useless and plain dumb while others point out the fact that it's received more than $1 million in VC-backed funding as a proof that the mobile messaging space is booming with innovation.

Be that as it may, turns out the controversial software poses something of a security risk as a pair of college students have found a vulnerability allowing them to compromise any Yo user’s phone number, spam them with unsolicited messages and more.

Yo founder Or Arbel has confirmed that the app was “having security issues” and has promised to deliver a fix “in next few hours”...

Apple working to encrypt iCloud emails in transit

Joe Rossignol ∙ June 13, 2014

Email encryption is a hot topic right now. A few weeks ago, Google published a report that reveals how much email sent in transit is encrypted and which major providers are taking measures to encrypt their own emails. Then yesterday, the NPR published a more in-depth report (via 9to5Mac) that looks at how well major email providers in the United States are doing at protecting the data of users online.

As it turns out, Apple was among several major email providers failing to properly encrypt its emails sent and received from other providers like Gmail and Yahoo. Following the report, however, the iPhone maker reached out to NPR to confirm that it will be working on encrypting its emails in transit. The company says the change will occur "soon," but no timeline was provided…

Customer info accessed by third-party unlocking service in AT&T security breach

Cody Lee ∙ June 13, 2014

AT&T has confirmed with ITWorld that it has suffered a security breach where customer information was accessed. The breach actually occurred back in April, but was only disclosed this week by the company in a filing with California regulators.

According to the report, personal information—including social security numbers and call records—was accessed for an unknown number of customers in the breach. It's believed the attack was part of an effort to obtain unlock codes from the carrier...