iOS 8 lets apps access Safari AutoFill credentials for quick & easy login

In iOS 8, Apple is making the process of logging into apps a much smoother experience by allowing native iOS apps to access usernames and passwords stored in Safari. The new feature, which works by letting iOS apps tap into Safari’s AutoFill & Passwords feature, will allow users to login to apps with a simple tap rather than having to type login info. Imagine your username and password are stored in Safari’s AutoFill for Facebook, for example. When launching the native Facebook iOS app, the feature will let users select from passwords stored in Safari to quickly login (as pictured above with Apple’s demo “Shiny” app). Read more

Review: Proximo, the feature-packed Bluetooth tagging system for the forgetful

We’ve all done it. You put your keys down, and five minutes later you have no idea where they are. You could swear you put your phone on the kitchen table last night, but it’s not there now. You put your bag under the restaurant table and then walk out without it. Doing all three in the same week might suggest the help you need is more medical than technological, but for those occasions when you do one or other of them, Proximo is designed to help.

Bluetooth tags also provides some degree of protection against theft, where you’ll be alerted to any of your tagged items walking off.

There are a number of different tagging systems on the market, with varying levels of functionality. Proximo is one of the more sophisticated, offering five different features … Read more

Security consultant takes less than a day to exploit OS X bug to capture all SSL traffic

ssl

Update: The bug has been fixed in OS X 10.9.2

Security consultant Aldo Cortesi said in a blog post (via ZDNet) that it took him less than a day to exploit the goto fail bug in OS X to capture all SSL traffic, and that there’s a good chance he isn’t the first to have done so – an implicit suggestion that the vulnerability may already be being used in man-in-the-middle attacks.

I’ve confirmed full transparent interception of HTTPS traffic on both IOS (prior to 7.0.6) and OSX Mavericks. Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured. This includes:

  • App store and software update traffic
  • iCloud data, including KeyChain enrollment and updates
  • Data from the Calendar and Reminders
  • Find My Mac updates
  • Traffic for applications that use certificate pinning, like Twitter …  Read more