Privacy

Tim Cook flies to China in response to iCloud phishing allegations

Christian Zibreg ∙ October 22, 2014

Apple's boss Tim Cook went to China to meet with a top Chinese government official in Beijing amid allegations of government-backed phishing attempts on users' iCloud accounts, according to a report by the state-run Xinhua news agency, relayed by Reuters Wednesday.

The meeting coincides with reports by GreatFire.org, a Chinese web monitoring group, alleging that the Chinese government sponsored man-in-the-middle attacks that redirected local users to a fake iCloud.com login page in an effort to harvest Apple ID user names and passwords.

Following iCloud phishing attempts, Apple issues browser security support doc

Christian Zibreg ∙ October 21, 2014

Following a report Monday by Great Fire alleging that the government in China attempted to compromise the security of Apple's users by redirecting local traffic to a fake iCloud.com login webpage, Apple on Tuesday confirmed it was aware of the phishing attempts and ensured its servers had not been compromised, according to a CNBC report.

The company also took additional steps in the form of a new support document which teaches unsuspecting users how to verify that their web browser is in fact securely connected to the genuine iCloud.com login page.

Chinese government apparently collecting iCloud credentials through phishing attacks

Christian Zibreg ∙ October 20, 2014

The Chinese government is reportedly phishing iCloud credentials of millions of people by staging a so-called man-in-the-middle attack which redirects unsuspecting users to a spoofed webpage that appears shockingly similar to the real iCloud.com website, Great Fire reported Monday.

Fooled users who type in their username and password into the fake web form risk exposing their iMessage communications, photos, contacts, reminders, calendars and other personal information associated with their Apple ID to a third-party. The problem is further accentuated by the fact that the popular Chinese browser Qihoo does not warn users that they're visiting a fake website.

Facebook developing brand new mobile app for anonymous sharing

Christian Zibreg ∙ October 7, 2014

Facebook is reportedly close to releasing a brand new mobile application said to let its users communicate among themselves without using their real name or Facebook account, The New York Times reported Tuesday.

Already likened to a Whisper/Secret clone, the anonymous chatting app is expected to be released in the coming weeks, according to two people briefed on Facebook’s plans.

The software would mark a notable reversal for the social networking giant, which has more than a billion active accounts and whose business policy largely revolves around encouraging its customers to use their real name to identify themselves on the service.

Meet Xsser mRAT, Chinese trojan that steals treasure trove of info from jailbroken iOS devices

Christian Zibreg ∙ Updated April 18, 2016

There's a new trojan in town, one that attacks jailbroken iPhone, iPod touch and iPad devices.

As discovered by Lacoon, the malicious software dubbed Xsser mRAT uses social engineering to steal valuable data from jailbroken devices by fooling unsuspecting users to tap on an install link in phishing messages from unknown senders.

Created by Chinese hackers, it can extract a vast range of personal information including your iOS address book, SMS messages, call logs, GSM identities, your approximate geographical location (as determined by the cell tower ID), on-device pictures, as well as passwords and other authentication data in the iOS keychains used by your Apple ID, mail accounts and other services.

iOS 8’s predictive QuickType keyboard found to suggest parts of your passwords [updated]

Christian Zibreg ∙ September 29, 2014

QuickType, Apple's new predictive keyboard featured on the iPhone, iPod touch and iPad devices running iOS 8, is reportedly plagued with a potentially dangerous oversight where the software would suggest parts of your passwords that you previously used on websites, as first reported by French-language blog iGen.fr [Google Translate].

A new thread on Apple's Support Communities website includes a note by one user who reported the keyboard offering “OrangeJuice” as a suggestion each time he would type in “AppleUser” because QuickType remembered the “OrangeJuice!2” password he previously used to log in to Outlook Web App.

FBI director says he’s ‘very concerned’ about new privacy features in iOS 8

Cody Lee ∙ Updated April 19, 2018

The FBI is very concerned with the new privacy features Apple is touting in iOS 8, the organization's director James Comey told The Huffington Post on Thursday. In particular, he's concerned the company is marketing something "expressly to allow people to place themselves above the law."

Comey's remarks follow Apple's move last week to be more transparent and informative about its user privacy policies. In a new webpage on the topic, the Cupertino firm said it no longer stores encryption keys for devices running iOS 8, meaning it can't bypass pass codes—even under subpoena.

Researcher warned Apple of iCloud vulnerability six months before nude celeb pics leaked

Christian Zibreg ∙ September 25, 2014

A string of bad news for Apple continues with a revelation published Thursday on The Daily Dot that London-based computer security expert Ibrahim Balic gave Apple a heads-up about a vulnerability he had discovered in iCloud, but the company discounted the severity of the issue and ignore the problem for six months.

As you know, the issue blew up in a major way, becoming the topic of late-night shows, after several celebrities with weak Apple ID passwords saw their nude photographs hijacked and posted on the web.

Safari 7.1 for Mavericks is out with encrypted Yahoo searches, DuckGoGo and more

Christian Zibreg ∙ Updated November 19, 2018

Apple on Thursday released an update to its desktop Safari browser for Macs running OS X Mavericks which contains improvements to compatibility and security while introducing a pair of new options for strengthening your privacy when searching.

The first such feature turns on SSL encryption for all Yahoo searches conducted from Safari's search field. As a result, no one can eavesdrop on what you're searching for online.

The other adds DuckGoGo, a search engine that does not track you (Google won't like this) as a built-in option in the search field. Note that Safari in iOS 8 and OS X 10.10 Yosemite already includes DuckGoGo as an option.

Safari 7.1 has arrived on the heels of yesterday's OS X Mavericks 10.9.5 update which contains Safari 7.0.6 and improves the stability, compatibility and security of your Mac.

Apple launches new privacy-focused site with government request figures and more

Cody Lee ∙ September 17, 2014

Apple this evening launched a new privacy site in an effort to increase transparency on how it protects user data, and to educate users on how they can better protect themselves. Additionally, Tim Cook has posted an open letter to Apple Customers detailing the various sections of the new site, as well as Apple's stance on user privacy.

The move follows recent bad publicity for Apple, in which its laxed iCloud security measures were blamed for the hacking of high profile celebrity accounts, which resulted in a slew of nude photos being leaked. The company maintains that its servers were never breached, but Tim Cook promised to double down on security anyway.

Tim Cook already being questioned about Apple Watch and privacy

Cody Lee ∙ Updated April 18, 2018

Connecticut Attorney General George Jepsen announced this afternoon that he's sent a letter to Tim Cook regarding the new Apple Watch and user privacy. Jepsen wants Cook to explain what data the device will collect, how that data will be stored, and what Apple's policies are on apps that access health information.

Specifically, Jepsen asks whether Apple will allow consumers to store personal/health info on its servers, and if so. how will that information be safeguarded. He also wants to know what kind of data Apple Watch will collect from users, and how it and its developers plan to obtain consent for this collection from users.

Apple starts sending email alerts when you sign in to iCloud via a web browser

Christian Zibreg ∙ Updated June 16, 2016

As noted by Letem světem Applem and confirmed by MacRumors editor Eric Slivka, Apple in the aftermath of the nude celeb pics scandal seems to have taken the first in a series of promised steps to bolster up the security of its cloud.

Now each time you sign in to iCloud through a web browser, the Cupertino firm will issue an email notice which contains a date and time that the account was accessed. This behavior is now enabled by default.

Previously, login alerts had been sent only if there was an attempt to log in to iCloud on an unknown Apple device.