LastPass password manager debuts on Mac w/ offline support, security check feature, more

LastPass Mac

Smart password and security techniques are becoming increasingly important in our digital lives as new hacks seem to appear all the time, and having a unique and secure password (unlike these) helps ensure that your online identity is safe in the event of such a compromise.

LastPass, a cross platform secure digital vault app, is helping Mac users tackle the password management problem with the debut of its new Mac app. Previously only available for Mac as a browser extension and web portal, the new LastPass for Mac app brings new features to the desktop including quick search, security check, and more. Read more

OS X Yosemite Spotlight search ignores Mail content setting posing potential security risk

OS X Yosemite Mail

Apple’s Mac operating system is generally considered to be secure, but German security researchers have discovered what appears to be an oversight in how OS X 10.10 Yosemite’s overhauled search feature, Spotlight, handles remote content loading in messages through the default Mail app.

As Ars Technica reports, Spotlight search on OS X Yosemite appears to be overriding Mail’s security feature that prevents content stored on remote servers like images from being loaded which spammers can use to track personal information including IP address and more. Read more

NY district attorney says Apple’s encryption policy “an issue of public safety” for law enforcement

NYPD-iPhone-01

Bloomberg reports that a Manhattan District Attorney is challenging recent moves by Apple, Google and other tech companies by suggesting government pass laws that prevent mobile devices from being “sealed off from law enforcement.” In an interview this week, the government official called it “an issue of public safety.” Read more

Touch ID hackers attempt to take things to next level, no need for physical fingerprint

touch-id

The hacker who successfully used a fingerprint captured from an iPhone to fool Touch ID now believes it may be possible to perform the same hack without needing access to a physical fingerprint. Speaking at this year’s Chaos Computer Club convention, Jan Krissler – who uses the alias Starbug – demonstrated how a fingerprint can be generated from a series of ordinary photographs of someone’s finger …  Read more

Apple & IBM announce first batch of MobileFirst iOS apps for enterprise

apple-ibm

Following an announcement earlier this year that Apple was teaming up with IBM to deliver a number of enterprise solutions, today Apple has officially announced the first wave of iOS apps being released through the partnership. As part of IBM’s “MobileFirst for iOS,” Apple and IBM today announced 10 new apps designed specifically for businesses including banking, retail, insurance, financial services, telecommunications and for governments and airlines.

“This is a big step for iPhone and iPad in the enterprise, and we can’t wait to see the exciting new ways organizations will put iOS devices to work,” said Philip Schiller, Apple’s senior vice president of Worldwide Marketing. “The business world has gone mobile, and Apple and IBM are bringing together the world’s best technology with the smartest data and analytics to help businesses redefine how work gets done.”

The apps launching today through the partnership include Plan Flight and Passenger+ for the travel industry, Advise & Grow and Trusted Advice for the banking and financial industries, Retention (insurance), Case Advice and Incident Aware for government, Sales Assist and Pick & Pack for retail, and Expert Tech for telecommunications industries. Apple notes that the apps offer customizable experiences and are “managed and upgraded via cloud services from IBM specifically for iOS devices.”

In addition to the new apps, which Apple described in more detail in its press release below, Apple noted other services that will go hand-in-hand with the apps. Those include integration with IBM’s Mobile Platform and Enterprise solutions as well as AppleCare for the Enterprise, Apple’s new business specific tech support service introduced as part of the IBM deal.

Apple’s full press release is below:

Read more

Dashlane password manager can now automatically change your password on 50 top US websites

dashlane

Password managers are a great way to have strong, unique passwords for each website you access – but vital as it is these days, there’s no denying that it’s a chore to change them. Dashlane, a Mac and Windows password manager app, aims to take away the pain by doing it for you automatically across 50 top US websites like Apple, Amazon, Dropbox, Facebook, PayPal, WordPress and Twitter.

Importantly, the app can even cope with sites that employ two-factor authentication to login or change a password, prompting you for the code when required …  Read more

Apple pushes Flash Player update to address security issues

Screen Shot 2014-11-20 at 8.32.58 PM

Apple has issued a new update for Adobe’s Flash Player browser plugin. The update fixes “a recently-identified Adobe Flash Player web plug-in vulnerability,” according to Apple’s website. Users will be automatically prompted to install the update when visiting a page that uses Flash Player.

The prompt in Safari will take users to the Flash Player download page on Adobe’s website. Users who haven’t yet seen the prompt can also go there to download the update now.

Department of Justice: iPhone encryption will lead to the death of a child

SMS Relay Text Message Forwarding iOS 8.1

Apple and the government have long been engaged in a bitter war of words over encryption and security practices employed in Apple’s iOS devices, but a new Wall Street Journal report indicates that the Department of Justice is really starting to take the rhetoric to the next level.

According to the Journal, a DOJ official actually told Apple executives during a meeting last month that in the future the Cupertino company could eventually be directly responsible for the death of a child. Read more

Major iOS security flaw ‘Masque Attack’ reportedly uncovered, found to ‘pose much bigger threat’ than WireLurker

Masque Attack

Last week, it was reported that Mac and iOS users in China were the target of new malware called WireLurker that resulted in Apple confirming the security issue and blocking the affected malware apps. Just days later, mobile security research firm FireEye reports it has uncovered a major iOS security flaw that it claims poses a much bigger threat to Apple users than WireLurker. Read more

Passcode vs. Touch ID: A Legal Analysis

US_Immigration_and_Customs_Enforcement_arrest

[Ed. note: Jason Stern is a Criminal Defense Attorney in private practice in New York City]

8:34 am. A college professor receives a text message threatening to blow up the history building. The professor immediately contacts law enforcement, who trace the origin of the call to a student who lives off-campus.

When FBI agents arrive at the student’s residence, they arrest the student and seize his smartphone. In an attempt to search the device to recover evidence of the crime (and perhaps stop other related crimes), they find the smartphone is protected by fingerprint security measures.

With the suspect in handcuffs, the agent swipes the student’s finger across the phone to access his call history and messages. Once the FBI swipes the suspect’s finger and bypasses the biometric security, the phone asks for the student’s passcode. The FBI agent asks for his password but the student refuses to speak. How can the FBI agent access the phone? Whereas a fictional Federal Agent like Jack Bauer would simply pull out his gun, jam it in the suspect’s mouth and scream, “WHERE IS THE BOMB?”, in our example, the FBI agent would hit the proverbial brick wall.

Yes, the phone could be brought back to the lab for analysis and hacking by forensics personnel, but the suspect in this case could not be forced to disclose the password on the phone… Read more

MCX’s CurrentC, the infamous Apple Pay competitor, says its already been hacked

Screenshot 2014-10-29 11.47.09

CurrentC, the much discussed infamous competitor to the Apple Pay mobile payments platform, has some more bad press coming its way. According to an email sent out this morning to its pilot program customers, the MCX service has already been hacked. According to the notice, “unauthorized third parties” obtained email address information for an unannounced number of users:

Thank you for your interest in CurrentC. You are receiving this message because you are either a participant in our pilot program or requested information about CurrentC. Within the last 36 hours, we learned that unauthorized third parties obtained the e-mail addresses of some of you. Based on investigations conducted by MCX security personnel, only these e-mail addresses were involved and no other information.

In an abundance of caution, we wanted to make you aware of this incident and urge you not to open links or attachments from unknown third parties. Also know that neither CurrentC nor Merchant Customer Exchange (MCX) will ever send you emails asking for your financial account, social security number or other personally identifiable information. So if you are ever asked for this information in an email, you can be confident it is not from us and you should not respond.

MCX is continuing to investigate this situation and will provide updates as necessary. We take the security of your information extremely seriously, apologize for any inconvenience and thank you for your support of CurrentC.

For those not following the MCX vs. Apple Pay saga, MCX powers a payments platform utilized by key retailers such as WalMart, CVS, and RiteAid. After initially supporting NFC-based payments via Apple Pay and Google Wallet, those aforementioned retailers shut down their industry standard NFC-based payment processing systems in favor of the CurrentC app from MCX.

MCX has since responded to this controversy on its website, and Apple CEO Tim Cook referred to the entire situation as a “skirmish.” Meanwhile, reports have indicated that retailers are playing along with MCX in order to avoid fines discussed in early contractual agreements. Nonetheless, Apple Pay has already amassed over a million activations, becoming the most ubiquitous mobile payments platform in just about a week.

MCX has confirmed that the email to customers is legitimate and said the following:

Read more

Apple responds to iCloud network attacks with guide on verifying browser security

Screen Shot 2014-10-21 at 18.59.33

Following the recent attack by Chinese institutions on iCloud.com to attempt to steal account information, Apple has posted a new how-to article about verifying the page you visit when you type iCloud.com into your web browser is the genuine Apple site.

The page doesn’t offer a fix per se, but walks through how to check the certificates of the page in Safari, Chrome and Firefox.

Read more