Security

1,184 'Security' stories July 2011 - January 2019

See All Stories

Apple privacy

T-Mobile and Sprint promise to stop selling user location data to third-parties, for real this time

Michael Potuck Jan 10 2019 - 9:54 am PT

Update: AT&T now says it will also stop selling user location to aggregation services, according to CNET.

After Motherboard published details about a concerning investigation into how US wireless carriers are selling user location data to third-parties, T-Mobile and Sprint have made some fresh promises. They say they will end the practice of selling users’ data to third-party aggregators that often have little to no oversight.

Expand
Expanding
Close

Package tracking app turns users’ devices into a bot farm, violates user privacy

Guilherme Rambo Jan 7 2019 - 6:38 am PT

package tracking app bot farm

We’ve been seeing a lot of scam apps in the App Store lately, which try to trick users into purchasing expensive subscriptions or products, we’ve also seen apps that track and transmit the user’s location without their consent. Today, I want to talk about an app that’s using iOS devices to perform work for other users, without the device owner’s consent.

Expand
Expanding
Close

Security

Cyber researcher cancels Black Hat conference appearance claiming to ’bypass Face ID’

9to5 Staff Jan 3 2019 - 3:04 pm PT

disable face id

A Chinese cyber researcher has told Reuters that he has canceled an upcoming appearance at the prestigious Black Hat Asia hacking conference at the request of his employer. The researcher, Wish Wu, was preparing a presentation entitled “Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms”.

Expand
Expanding
Close

USB-C upgrade allows cryptography to authenticate connected devices

Ben Lovejoy Jan 2 2019 - 7:45 am PT

USB-C cryptography

An upgrade to the USB-C standard allows cryptography to be used to authenticate connected devices. It will ensure that devices are properly certified, but can also be used to enhance security …

Expand
Expanding
Close

Security

Viral ‘Twinning’ app from Popsugar matches selfies with celebrities … and exposed personal photos

Chance Miller Dec 31 2018 - 9:33 am PT

Twinning app

Over the last few days, a Twining app from Popsugar has gone viral across various social media platforms. Essentially, the service allows you to snap a selfie of yourself and get an instant result showing which celebrity you look like most. As it turns out, somewhat unsurprisingly, privacy wasn’t necessarily a focus for Popsugar when developing the Twinning app…

Expand
Expanding
Close

celebrity Twitter accounts

Security researchers hijack celebrity Twitter accounts, and prove claimed fix failed

Ben Lovejoy Dec 31 2018 - 7:25 am PT

Security researchers have hijacked a number of celebrity Twitter accounts – including that of Louis Theroux – to post unauthorized tweets. They have also demonstrated that Twitter’s claimed fix for the problem didn’t work …

Expand
Expanding
Close

Twitter support flaw possibly exploited by state-sponsored groups to access user data

Michael Potuck Dec 17 2018 - 11:24 am PT

A recent bug with one of Twitter’s support forms has exposed user details such as phone number country code and whether accounts had been locked by Twitter. The company believes the flaw was likely used by state-sponsored actors to gain information about Twitter accounts.

Expand
Expanding
Close

Facebook admits unshared photos from 6.8 million users affected by latest privacy flaw

Michael Potuck Dec 14 2018 - 8:05 am PT

Facebook security

The latest Facebook security blunder involves photos from 6.8 million users. The company shared in an update on its developer page today that a bug allowed third-parties to see photos from Facebook users who had uploaded, but chose to not post them to the social media service.

Expand
Expanding
Close

Security

2018 saw people use eleven new dumb passwords – including ‘Donald’

Ben Lovejoy Dec 14 2018 - 5:54 am PT

dumb passwords

Each year, SplashData carries out an analysis of leaked passwords to find the top 25 dumb passwords. This year, the company had five million passwords to work from, most of them from hacks in the US and Europe.

There are plenty of old favorites – including ‘password’ – but this year eleven new ones made the list …

Expand
Expanding
Close

Apple enterprise & Mac marketing leads talk T2 chip & Apple’s role in business on ‘Mac Admins Podcast’

Chance Miller Dec 12 2018 - 9:41 pm PT

A pair of Apple marketing team members joined the Mac Admins Podcast this week to talk about Apple’s role in enterprise and business, the T2 chip found in recent Macs, and more. Topics included Apple Business Manager, adoption of Apple hardware by companies like SAP and IBM, and more.

Expand
Expanding
Close

open source VPN

‘Confirmed VPN’ iOS/macOS update makes it the first open service with third-party audits, open source code, more

Michael Potuck Dec 12 2018 - 6:52 am PT

Confirmed VPN launched last year for iOS, macOS and more, but it has been working on something bigger than just another VPN service. Today, the company has made its apps openly operated with third-party audits, open source code, audit logs, and much more. It is also inviting other VPN services to join the platform called Openly Operated.

Expand
Expanding
Close

Super Micro audit complete, including servers supplied to Apple: no spy chips found

Ben Lovejoy Dec 11 2018 - 4:13 am PT

Super Micro

The tech news was dominated in October by a dramatic Bloomberg claim that Chinese spy chips had been embedded into the Super Micro motherboards of servers supplied to Apple, Amazon and others. The report claimed that Apple had discovered the chips, and reported the fact to the FBI.

All involved – Apple, Amazon and Super Micro – denied the claims, but the motherboard supplier decided the only way to lay this to rest was to commission an independent audit to investigate. That investigation has now been completed, and the firm says it found absolutely no evidence to support the story …

Expand
Expanding
Close

Apple among tech companies voicing opposition to new anti-encryption law in Australia

Chance Miller Dec 10 2018 - 5:55 pm PT

Apple Q2 2019

Last week, we reported that Australia had passed a new anti-encryption law that could force Apple and other tech companies to help law enforcement access encrypted messages. TechCrunch reports today, however, that Apple is among a handful of tech companies coming out against the legislation.

Expand
Expanding
Close

Mark Zuckerberg announces Meta lay

Sensitive internal Facebook emails published by UK parliament detail use of its free iOS ‘spyware’ VPN and more

Michael Potuck Dec 5 2018 - 7:45 am PT

The UK parliament has today publicly shared secret internal Facebook emails that cover a wide-range of the company’s tactics related to its free iOS VPN app that was used as spyware, recording users’ call and text message history, and much more.

Expand
Expanding
Close

Security expert Jon Callas makes second exit from Apple to join ACLU

Peter Cao Dec 4 2018 - 1:19 pm PT

Apple security

An Apple security expert, who was previously hired back in 2011, and then re-hired in 2016, is now leaving the company to join the American Civil Liberties Union. Apple often touts its security and privacy efforts, so having someone who worked on Apple’s security team leave the company is always interesting, let alone leaving the company twice…

Expand
Expanding
Close

Deputy Attorney General suggests Apple’s strong privacy position defeats ‘legitimate law enforcement’

Michael Potuck Nov 29 2018 - 12:20 pm PT

At a Georgetown Law and Department of Justice cybercrime conference today, Deputy Attorney General, Rod Rosenstein, made a strong statement that suggests Apple has a mission to “defeat legitimate law enforcement” efforts.

Expand
Expanding
Close

Mac
Security

PSA: If you’ve ever used a Sennheiser headset with your Mac, it is wide open to attack

Ben Lovejoy Nov 29 2018 - 3:58 am PT

HeadSetup

If you’ve ever used a Sennheiser headset or speakerphone device with your Mac (or Windows PC), the accompanying HeadSetup app has left your machine wide open to attack.

In what has been described as a ‘monumental security blunder,’ the app allows a bad actor to successfully impersonate any secure website on the Internet …

Expand
Expanding
Close

DriveSavers claims to offer first consumer service to unlock passcode protected iPhones

Michael Potuck Nov 27 2018 - 1:13 pm PT

DriveSavers is known for its data recovery services, and today the company announced what it claims to be the first iPhone “passcode lockout recovery service” for consumers.

Expand
Expanding
Close

Security

Comment: Text message security breach underlines sense of Apple’s approach to 2FA

Ben Lovejoy Nov 16 2018 - 5:23 am PT

A major security breach, reported by TechCrunch, has underlined the sense of Apple’s approach to two-factor authentication (2FA).

A security lapse has exposed a massive database containing tens of millions of text messages, including password reset links, two-factor codes, shipping notifications and more.

The exposed server belongs to Voxox (formerly Telcentris), a San Diego-based communications company. The server wasn’t protected with a password, allowing anyone who knew where to look to peek in and snoop on a near-real-time stream of text messages …

Expand
Expanding
Close

Some iPhone users finding their Apple ID accounts have been inexplicably locked, requiring password resets

Benjamin Mayo Nov 13 2018 - 3:22 am PT

apple id phishing

We haven’t quite yet worked out the pattern or the cause but we have received many reports of users waking up to find that their Apple ID has been locked, and plenty more are complaining on social media. Apple will lock accounts for many different reasons, usually when someone attempts to access an ID by entering their incorrect password too many times.

Access to the account can be restored by answering the security questions and entering a trusted phone number for validation. Users may also have to reset their passwords.

Expand
Expanding
Close

Apple confirms the T2 security chip in newer Macs prevents some third-party repairs

Chance Miller Nov 12 2018 - 3:44 pm PT

Last month, a leaked internal service document revealed that Apple’s T2 security chip can prevent some third-party repairs for Mac users. While details were unclear at the time, and it seemed as if the policy wasn’t necessarily in full effect just yet, Apple today confirmed its existence to The Verge.

Expand
Expanding
Close

browser extensions

PSA: Check your browser extensions as private Facebook messages exposed

Ben Lovejoy Nov 2 2018 - 5:25 am PT

Rogue browser extensions appear to be responsible for Russian hackers obtaining private messages from as many as 120 million Facebook accounts …

Expand
Expanding
Close

Security
T2

Apple security doc touts T2 chip benefits, including hardware prevention of microphone eavesdropping

Chance Miller Oct 30 2018 - 12:03 pm PT

T2 security chip

Alongside its new hardware and software unveiled this afternoon, Apple has published a full security guide for its T2 security chip. The T2 is featured in the new Mac mini and Retina MacBook Air, and Apple is highlighting its many benefits in today’s security document.

Expand
Expanding
Close

CoinTicker

PSA: The CoinTicker Mac app contains malware, probably to steal cryptocurrency

Ben Lovejoy Oct 30 2018 - 4:34 am PT

CoinTicker, a Mac app that displays the current price of Bitcoin and other cryptocurrencies in your menu bar, has been found two contain two separate pieces of malware …

Expand
Expanding
Close