Security

1Password 4.2 for Mac improves upon 1Password mini, AutoSave and item editing

Christian Zibreg ∙ Updated October 12, 2018

We're pretty big fans of AgileBits's 1Password for iOS and OS X (Jeff and myself are converts). But why bother with a third-party app when Apple's new iCloud Keychain feature in iOS 7 and OS X Mavericks keeps all your website and app passwords, Wi-Fi logins and credit cards synced?

Lots of reasons, mainly because iCloud Keychain won't sync plenty of personal items like private notes, software serial numbers, bank accounts, passports and what not.

That's where 1Password comes in handy. First and foremost, 1Password uses a robust architecture to ensure that your private data remains private. Apps to manage passwords usually tend to be cumbersome, but that's never been the case with 1Password.

The software has been praised for its sleek interface, rich feature set and handy tools like browser extensions and the 1Password mini app which patiently sits in your Mac's menu bar to make remembering new passwords a hassle-free affair.

AgileBits is now introducing a new edition of 1Password for Mac which further refines the experience of using 1Password mini, the AutoSave feature and item editing. Read on for the full reveal...

Read More

Apple credits iOS 7.1 security changes to evad3rs and other jailbreak community members

Christian Zibreg ∙ March 10, 2014

Following the release of the first major iOS 7.1 software update earlier today, Apple has now updated contents of the support document which outlines security updates for its products with a link to this newly created document describing iOS 7.1 security improvements.

In it, Apple credits prominent members of the jailbreak community such as evad3rs, the team behind the evasi0n jailbreak, as well as Google and others who reported issues and helped contribute toward the security changes within iOS 7.1...

Read More

Asphaleia: a stylish new Touch ID jailbreak tweak

Jeff Benjamin ∙ Updated April 16, 2018

There's no shortage of Touch ID enabled security tweaks for iOS 7. There's AppLocker, BioProtect, and my favorite, BioLockdown from Ryan Petrich. So the question is, do we need another entry into what has become an increasingly crowded market? If the team behind the release is a3tweaks, then the answer to that question is an emphatic yes.

Unlike the majority of the other releases in the a3tweaks' repertoire, Asphaleia is extremely deep with tons of options. Sentry, the tweak's designer, isn't known for throwing a bunch of unnecessary features into his work with no purpose in mind. Instead, he reasoned that a security tweak like this made it necessary to have enough options to a). keep it secure, and b). give users the options that they need. It's a strategy that, for the most part at least, has paid off reasonably well.

If you're looking for an alternative to any of the aforementioned security tweaks—AppLocker, BioProtect, or BioLockdown—then Asphaleia is a release you should definitely check for upon its impending launch. Have a look at our full 10+ minute video walkthrough, as we break down all that the highly anticipated release has to offer.

Read More

Paypal updated with new security features, Smart Connect support and more

Cody Lee ∙ March 6, 2014

Folks who use eBay's PayPal payment service will be happy to hear that the company updated its iOS client this morning, bringing the app to version 5.4. The update brings about an important new security feature as well as various other improvements.

The new security feature allows you to attach your mobile phone to your PayPal account so that they can be sure it's you authorizing activity. It does this by linking the phone number(s) of the device(s) you use PayPal on to your 4-digit security PIN code...

Read More

Encrypted chat app ‘Cryptocat’ now available on iOS

Cody Lee ∙ Updated April 16, 2018

Popular encrypted chat app Cryptocat has launched this week for iOS. Originally available as a desktop app and a browser plugin, the app offers strong encryption and secrecy for text conversations, as well as protection from government intrusion thanks to its Swedish nuclear bunker headquarters.

This week's iOS launch comes after an initial rejection by Apple's app review team in December. Cryptocat's founder Nadim Kobeissi called Apple's reason for rejection 'illegitimate,' but it's obvious someone or something had to give because the app is now available for download in the App Store...

Read More

Twitter ‘system error’ causes mass reset of user passwords

Cody Lee ∙ Updated May 16, 2016

Folks who received an email from Twitter tonight letting them know that their password has been reset are not alone. Thousands of users have come forward over the last 6 hours claiming that Twitter has force-reset their passwords, and requested that they create new ones.

The good news is that it doesn't sound like the social network was hacked, or overrun with nefarious bots. A spokesperson for the company has confirmed to tech site Recode that a 'system error' caused the mass reset of user passwords, and the problem should be fixed now...

Read More

Google admits Android wasn’t designed to be safe

Christian Zibreg ∙ Updated January 26, 2016

In the wake of numerous reports that all point to the same conclusion - that malware infestation is running amok on Android - the Internet giant made an unusually open statement through the mouth of its Android lead, Sundar Pichai, who finally admitted that Android wasn't built for security.

"If I had a company dedicated to malware, I would also be targetting Android", Pichai allegedly said to a stunned audience at Mobile World Congress in Barcelona, Spain. When your own platform lead starts making such frank statements about Android security, it's high time you considered taking these security reports at face value...

Read More

An in-depth look at how Touch ID, A7, and Secure Enclave boost iOS security

Christian Zibreg ∙ February 26, 2014

We know quite a lot about the iPhone 5s's fingerprint scanner, Touch ID. The advanced sensor works seamlessly and learns more about your prints over time so it continues to expand your fingerprint map as additional overlapping nodes are identified with each use.

It can match prints in any orientation, unless your fingers are greasy or wet, or there's some dirt or debris on the Home button. There's a 1 in 50,000 chance of a successful random match with someone else’s print, which is much better than the 1 in 10,000 odds of guessing a typical four-digit passcode.

The Touch ID sensor doesn't store actual fingerprint images and instead creates an encrypted profile of your print and stores it on a module on the A7 processor called the Secure Enclave that's walled off from the rest of the system.

After five unsuccessful fingerprint match attempts, or after every restart, the system asks for your passcode  so that hackers can’t stall for time. These are pretty much key pieces of information on Touch ID that was made public since its inception.

Today, Apple updated its iOS Security white paper [PDF download] with a few previously unknown specifics relating to how Touch ID works side by side with the A7 chip and its Secure Enclave portion to detect a fingerprint match in a highly secure manner. The document also details other security safeguards Apple put in place to prevent tampering with fingerprint data...

Read More

Following SSL vulnerability scare, iOS 7.0.6 hits 13.3 percent adoption in 48 hours

Christian Zibreg ∙ February 26, 2014

Now that Apple has fixed that nasty SSL bug across iOS devices, Macs and the Apple TV, the question arises as to how many active iPhone, iPod touch and iPad users are safe by running the latest iOS 7.0.6 software, which patches the dangerous vulnerability.

According to a new survey by Chitika, in 48 hours about 13.3 percent of North American users were on iOS 7.0.6. "More than two full days since Apple pushed the fix live, 13.3 percent of iOS traffic is driven by the latest update," the firm wrote.

Apple traditionally sees the strongest firmware adoption of any mobile platform because software updates are not dependent on carriers' good will and on-device alerts prompt users when a software update goes live, so the adoption rate should increase exponentially in the coming days and weeks...

Read More

OS X Mavericks bug allows security researcher to capture nearly all SSL encrypted traffic

Christian Zibreg ∙ Updated January 26, 2016

The nasty SSL bug was found in iOS last week that opens the door to a dangerous man-in-the-middle attack which makes it easy for attackers to intercept communications and steal sensitive info like usernames, passwords and even credit card numbers, by posing as a trusted website.

Apple quickly squashed the dangerous bug with the release of iOS 7.0.6. If you're jailbroken, you can patch the SSL exploit without updating to iOS 7.0.6 (here's how).

Unfortunately, Apple hasn't yet issued an urgent OS X fix for the exploit, meaning Mac users are left out in the cold and at risk of having their personal information and passwords hijacked.

One security researcher from New Zealand has now confirmed that the vulnerability is more dangerous than previously thought: virtually all encrypted traffic to be intercepted, including iCloud data, Keychain enrollment, certificate from apps like Twitter and more...

Read More

New iOS security flaw discovered that allows covert keylogging

Cody Lee ∙ Updated February 9, 2016

While the dust is far from settled on the nasty SSL bug found in iOS last week, a new security flaw in the mobile OS has been brought to light. The new flaw makes it possible for attackers to covertly log every touch a user makes, including keyboard and Touch ID presses.

Researchers at security firm FireEye made the discovery, saying in a blog post that the gap exists within iOS' multitasking feature that allows for the background monitoring, and it can be exploited via a malicious app install or remotely via a separate app vulnerability...

Read More

Timing of SSL bug fuels conspiracy theories about Apple and the NSA

Cody Lee ∙ February 24, 2014

By now you've probably already heard about the SSL bug that was discovered in iOS and OS X. Apple pushed an iOS update out on Friday to fix it, and it didn't sound like a big deal at the time, but we have since learned that it is an extremely serious security flaw.

The flaw leaves Apple devices open to what's called a man-in-the-middle attack, in where a malicious program poses as a trusted website to intercept communications or inject malware. And its existence has fueled conspiracy theories about Apple and the NSA...

Read More