Apple begins encrypting iCloud email sent between providers

MailIcon

Last month Apple confirmed that it would soon beef up encryption for iCloud email following a report detailing security flaws in major email services. While Apple previously encrypted emails sent between its own iCloud customers, now the company has enabled encryption for emails in transit between iCloud and third-party services for me.com and mac.com email addresses. 

The change is documented on Google’s transparency website that shows the percentage of emails encrypted in transit for both inbound and outbound email exchanges (pictured below): Read more

Review: Wiper encrypted messaging/calling app with neat erase feature (and iOS 8 update details)

Yes, another secure and ephemeral messaging app. There’s Wickr, Snapchat, Confide, so what makes Wiper Messenger different? I’ve had the chance to play around with the new free chatting app on iOS, and it seems to act as a fusion of WhatsApp, Snapchat, and Wickr. The app prompts you for your email address or phone number in order to create your account, and then you are brought to a fairly simple interface with three tabs across the bottom: Chats, Contacts, and More. Let’s go tab-by-tab:

Read more

Box adds secure collaborative notes to its iPhone and iPad apps

Box Notes

We showed you Box’s big 3.0 rewrite of its iPhone and iPad app earlier this year and today the cloud service is adding a major feature for its users: Box Notes. Box introduced its Notes feature to users last month, and now it is extending support for Box Notes to iPhone and iPad users.

The company says it’s focus on security for business users makes its approach to collaborative note capturing and sharing differently than other offerings. Box’s new Notes feature on iPhone and iPad is presented in the same app as other media stored in the cloud service as it’s a single app to know and manage.

Read more

Researcher claims iOS 7 (including current 7.1.1) does not encrypt email attachments, Apple aware of issue

Screen Shot 2014-05-05 at 6.29.21 AM

Security researcher Andreas Kurtz has discovered that versions of iOS 7, including iOS 7.1.1 (the current release), iOS 7.1, and iOS 7.0.4 do not encrypt email attachments in the bundled Mail application. This is an issue itself, but more worrisome as iOS, according to Apple, is supposed to encrypt email attachments. Here’s a page from Apple’s website indicating that:

Read more

Passware: Filevault can be brute force cracked during the span of a lunchbreak

FileVault has been included in Macs by Apple since the release of Panther many years ago. In Apple’s most recent release, OS X Lion, the company included FileVault that brought new ways of encryption. FileVault lets you encrypt your entire drive with a master password to protect key-chain passwords, files, and more. FileVault 2 uses a separate partition to store the FileVault login information.

Cnet pointed us to a new report from password recovery company PassWare, who claimed it can decrypt Apple’s FileVault 2 in under 40 minutes. Obviously, this is a big concern because FileVault contains so much of users’ information.

PassWare decrypts FileVault by going in through the system’s firewire connection and using live-memory analysis to extract the encryption key from the FileVault partition (so the machine must assumedly be running?). From there, a user can uncover keychain files and login passwords that can be used to unlock the whole HDD/SSD.

PassWare conveniently makes PassWare 11.3 available to do this, but you will have to throw down a lofty $995 to get the software. PassWare makes this software primarily available for law enforcement.

Read more

Gamers beware: Steam’s database hacked, including encrypted credit card information and passwords

Popular game platform Steam, owned by Valve, has been hacked (via PC Gamer). Hackers were able to get into a Steam database, which included encrypted credit card information and passwords of many of its users. Steam isn’t sure at this point if the encryption of the credit card numbers or passwords have been obtained, but warns users to be on the look out for malicious activity. Steam’s Gabe Newell said in a statement to users:

Our Steam forums were defaced on the evening of Sunday, November 6. We began investigating and found that the intrusion goes beyond the Steam forums.

We learned that intruders obtained access to a Steam database in addition to the forums. This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information. We do not have evidence that encrypted credit card numbers or personally identifying information were taken by the intruders, or that the protection on credit card numbers or passwords was cracked.”

Steam is currently keeping their forums closed down while they investigate the situation. The Steam platform hasn’t been knocked down, however. Gabe’s full statement after the break:

Read more