Category: Security

MacDaddy Security News: Australian Mac and iOS users find devices remotely locked, held for ransom (and how to keep yours safe)

The Sydney Morning Herald reports that several Australian Mac, iPhone, and iPad users are finding that their devices have been locked remotely through Apple’s Find My iPhone service by someone using the name “Oleg Pliss.” The hacker (or hackers) then demand payments of around $50 to $100 to an anonymous PayPal account in order to restore the devices to their owners. An active thread on Apple’s support forum was started yesterday as users started to discover that they had been targeted by the attack. According to that discussion, users are finding all of their devices locked at once rather than a single device per user. Based on that report and the fact that Find My iPhone is being used to hold the devices hostage, it seems likely that the perpetrator has gained access to these users’ iCloud accounts—possibly through password reuse by those users—rather than some device-specific malware or hack.     Because the hackers used Find My iPhone Read the full article →

MacDaddy Security: 5 rules for using the Internet after ‘Heartbleed’

FYI: Apple servers do not use OpenSSL, and are not affected by this attack!  By Priya Anand  You know the lock icon that pops up next to URLs to tell you a website will keep your information safe? It turns out it has actually left your private data unsecured for more than two years. Enlarge Image Websites encrypt your information, like emails, passwords and credit card numbers, so if anyone tries to snoop, they get a gibberish code and your data stays between you and the people you want to send it to. At least that’s the way it’s supposed to work. This week, researchers found a hole in OpenSSL, the lock that an estimated two-thirds of websites use. They’re calling the bug “Heartbleed.” What’s more, any attacks let in due to the bug can’t be traced, experts say. This is a gaping security hole with “epic repercussions,” director of security firm AlienVault Labs Jaime Blasco says, even if you’re starting to become numb to all the data breaches Read the full article →

Apple releases iOS 7.1 with CarPlay support, Siri and Touch ID improvements

By AppleInsider Staff Apple on Monday released iOS 7.1, the most significant update to its mobile platform in six months, featuring tweaks to the user interface introduced in iOS 7, fixes for lingering bugs, and new features such as support for the new CarPlay infotainment center. The newly released iOS 7.1 is identified as build 11D167. As first revealed by AppleInsider last month, the update is said to improve Touch ID fingerprint recognition for iPhone 5s users.iOS 7.1 also includes a new manual setting for Siri, allowing users to hold the home button on their device to have the system listen, and let go when they are done speaking, as opposed to having Siri automatically detect when a user has finished speaking. The update also allows users to subscribe to iTunes Match directly from their device, allowing for ad-free listening to iTunes Radio.Owners of the iPhone 4 should also see improved performance with iOS 7.1, while those who buy a compatible vehicle will be able Read the full article →

Bitcoin-Stealing OS X Trojan Now Masquerading as ‘Angry Birds’ and Other Popular Mac Apps

Thursday February 27, 2014 9:02 am PST by Kelly Hodgkins A Bitcoin-stealing trojan has been detected in downloads claiming to be cracked versions of popular Mac applications, reports security firm ESET through its We Live Security blog. The OSX/CoinThief.A malware was discovered in popular Bitcoin software earlier this month by SecureMac, but is now being used to target users of more mainstream apps. The trojan initially surfaced on open source software hosting site GitHub, and it was quickly bundled into several Bitcoin apps available through multiple download sites. Further investigation by ESET has now uncovered the trojan masquerading as cracked versions of popular Mac apps such as BBEdit, Pixelmator, Angry Birds, and Delicious Library. OSX/CoinThief.A involves a malicious browser add-on used to intercept logins for Bitcoin wallet sites and related exchanges such as MtGox, BTC-e, and Stolen login credentials are then forwarded to the malware's developer. There Read the full article →

Apple releases OS X Mavericks 10.9.2 with SSL fix, FaceTime Audio, contact blocking, Mail fixes

Mark Gurman AAPL Company 7 HOURS, 9 MINUTES AGO SHARE 26 COMMENTS Following an extensive developer beta process, Apple has just released OS X Mavericks 10.9.2 to end users. The update brings a few new features and enhancements, including: FaceTime Audio in the FaceTime and Messages apps Contact blocking for FaceTime and iMessage Mail app improvements Autofill fixes for Safari Audio fixes VPN fixes VoiceOver fixes The release notes do not make mention of the SSL security bug that was squashed on iOS late last week, but a fix is present in this new OS X update. The update is available on the Mac App Store in the Software Update tab. Read the full article →

5 resolutions for a better digital life

MAC 911 backup, security, troubleshooting Christopher Breen@BodyofBreen Dec 30, 2013 6:00 AM print It’s the time of year when we make promises for the new year that are routinely broken before that year is a week old. And for this reason, far too many of us simply resolve to never make another resolution. (Because, after all, that’s an easy one to keep.) But when it comes to the health of your computer and Internet life, it pays to make a greater effort. With that in mind, I’ve resolved to end 2013 with a list of resolutions (and the consequences of not living up to them) to be carried out in 2014. I will back up my data The two things that people lie about most are the frequency of their flossing (fewer than 30 percent of people in the U.S. do it routinely) and the integrity of their data backup. “Oh sure,” they claim, “I have a backup.” But dig deeper and ask “And so you’d have no problem if I used this powerful magnet to Read the full article →

How to keep your real name and face out of Google’s ads

PRIVACY privacy, google Brad Chacos@BradChacos Oct 11, 2013 8:10 AM print The journey was long and full of baby steps, but we’ve finally reached the destination: Google updated its terms of service on Friday to allow the company to slap your real name and face alongside ads, under an expansion of its “shared endorsements” program. Getting here took a while, and it took a slow expansion of the Google+ social service. First, Google+ users had to sign up for the service with their real names, rather than pseudonyms. Next, all new Google Accounts—even if you only wanted Gmail—required you to sign up for Google+. Then, back in May, Google began coaxing veteran YouTubers into adopting Google+ accounts, and a few weeks ago, the company announced that all YouTube comments will be powered exclusively by Google+. (Click to enlarge.) Google+ integration throughout Google’s services seemed pretty handy at first. When searching the Play Read the full article →

Apple releases iOS 7.0.2 with fix for Lock screen passcode bypass flaw

Mark Gurman iOS Devices 1 HOUR, 57 MINUTES AGO SHARE 3 COMMENTS Apple has released iOS 7.0.2 over-the-air for iPhone, iPad, and iPod touch. This is a bug fix release that focuses on rectifying an issue that could allow users to bypass the passcode unlock on the Lock screen. Another fix in this release is to re-add the Greek keyboard options for pass codes. iOS 7.0.2 brings iOS 7 parity across all supported devices. Alongside the launch of the new iPhones, Apple released iOS 7.0.1, but this release was exclusive to the iPhone 5s and iPhone 5c. Today’s over-the-air update requires a WiFi connection to download and install, and the file size ranges from between 17MB and 20MB depending on which device you are using. Apple has been testing this bug fix release internally for a couple of weeks, and the company seems to also be testing an update known as iOS 7.1. Perhaps this will arrive alongside the new iPads next month. Read the full article →

Six ways to keep teenagers safe online

Abbi Perets Aug 30, 2013 3:30 AM print A few years ago, all I had to do to keep my kids safe online was set up the family computer in a well-trafficked room and walk by every so often. Now, my daughters are 12 and 14, and each has her own iPhone. Their online lives are lived inWhatsApp, Facebook comments, texts, and occasional emails. They regularly interact with kids I’ve never met. While they’re (probably) smart enough not to reveal information to strangers they’ve never met, my daughters are at risk for cyberbullying (both being bullied and being bullies), overexposure on social networks, and even sexual solicitation. Think about it: With a phone in her pocket, a typical teen has the ability to spend hours—days!—interacting with her peers, completely unfettered by parental supervision. And how has that worked out in the past? Heathers? Lord of the Flies? Short of banning all the technology—a solution I have, at times, considered—what’s Read the full article →

Facebook bug exposes personal information of 6M users

Friday, June 21, 2013, 05:34 pm by AppleInsider Staff A Facebook security bug that has been in existence since last year was discovered this week, but only after the contact information of six million users had been exposed. Facebook acknowledged the bug's existence in a blog post on Friday, saying the error has existed on its servers since last year and has so far affected six million accounts, reports TechCrunch.The bug, found by independent researchers through the company's White Hat program, exposes the personal contact information of certain accounts. According to the report, email addresses and phone numbers could be viewed by people who had "had some contact information about that person or some connection to them."According to the company, the bug relates to the social network's friend discovery process.When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to Read the full article →