After months of beta testing, ProtonMail has unveiled official support for their encrypted mail service within email clients Apple Mail, Microsoft Outlook, and Mozilla Thunderbird. The support comes by way of a custom application that connects mail clients securely with a user’s ProtonMail account. Paying users can download ProtonMail Bridge today to get started.
Changes to the way that Apple protects encrypted iOS backups leave devices more vulnerable to certain types of attack, says ElcomSoft, a Russian company used by law enforcement agencies and others to access iPhones. However, it only applies if the attacker has physical access to the device and can crack the passcode.
The changes were deliberately introduced as part of iOS 11 …
In the entire history of operating system bugs, I don’t think there have been many bigger than the one reported this week. Allowing anyone with physical access to a Mac to login to it without a password is inexcusable; letting them in as root, so they have complete control of the machine and all accounts on it, is simply mind-boggling in its incompetence. Especially when the bug turns out to have been known for at least a couple of weeks.
We can at least take comfort in the fact that this bug wasn’t there for long, at least in the official release. But there have been smaller bugs and glitches that have literally lasted for years without being fixed.
I think it’s time for another Snow Leopard: a macOS update where the core focus is on security, stability and bug fixes rather than shiny new toys …
Update 11/30: Apple has issued a new version of the update with the same version number that appears to fix the File Sharing authentication issue caused by the initial fix.
If you’re running macOS High Sierra, it’s time to update your Mac as soon as possible. Apple has released a security update that addresses the security vulnerability discovered yesterday afternoon. The update is available now through the Mac App Store.
Update: An Apple spokesperson has issued the following statement, saying an update is in the works:
“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”
A newly discovered macOS High Sierra flaw is potentially leaving your personal data at risk. Developer Lemi Orhan Ergin publicly contacted Apple Support to ask about the vulnerability he discovered. In the vulnerability he found, someone with physical access to a macOS machine can access and change personal files on the system without needing any admin credentials.
Users who haven’t disabled guest user account access or changed their root passwords (likely most) are currently open to this vulnerability. We’ve included instructions on how to protect yourself in the meantime until an official fix from Apple is released.
One of the privacy features of iOS is that apps are required to ask permission if they want to access things like your photos, camera and location. But a Google engineer has created a demo app to show how a rogue app could abuse permissions to surreptitiously photograph you as you use the app – or even livestream video from your front or rear cameras.
The issue, says Felix Krause, is that users are asked to grant blanket permission. There may be a legitimate-seeming reason for an app to request access to your camera, to take a photo within the app, but it is then able to shoot photos and video anytime it is in the foreground without alerting you in any way …
Security researchers at Kaspersky Lab say that a number of popular dating apps are vulnerable to up to three types of attack, potentially revealing anything from user location to full identity and employer …
Update: Apple says the security vulnerability has been fixed in the beta versions of the next software updates to iOS, macOS, watchOS, and tvOS. These releases are expected this month (based on Apple Watch scheduled to gain Apple Music streaming in watchOS 4.1 in October.)
WPA2 – the encryption standard that secures all modern wifi networks – has been cracked. An attacker could now read all information passing over any wifi network secured by WPA2, which is most routers, both public and private.
Android and Linux are particularly vulnerable, being described as ‘trivial’ to attack, but all other platforms are vulnerable too, including iOS and macOS …
Uber’s head of security communications has today announced that the company is removing access from its iOS app that may have allowed the company to record a user’s display unknowingly. Security researchers had noticed that Uber was given access to these private APIs by Apple, an unprecedented move from the security focused company.
Analysis of more than 73,000 Macs showed that some 4.2% of them were running the wrong firmware, leaving them vulnerable to attacks like Thunderstrike. For one model, the percentage was a staggering 43%.
Firmware exploits are among the most dangerous, because they potentially give an attacker complete control of a machine, are not detected by macOS security scans and remain in place even if you format or replace a drive and do a fresh install of macOS …
A macOS vulnerability discovered by security researcher Patrick Wardle allows any app – signed or unsigned – to extract plain text passwords from Keychain. Wardle demonstrated the exploit with a proof of concept app, seen in the video below.
The vulnerability is a huge one, because Keychain data is secured by 256-bit AES encryption, which should make it virtually uncrackable – and because the bug affects all versions of macOS, including High Sierra …
The idea of a smart home security monitor has been in the back of my mind since the Mirai malware infected so many devices earlier last year. I already take precautionary steps in creating a secure home network, but I wanted an extra layer of protection to work for me. That’s where Cujo comes in. After a few weeks of testing the “smart firewall,” I got to see just how efficient these systems could be.
Ask anybody about the importance of online security and data management, and you’ll probably hear similar advice. Back up your files regularly. Don’t use the same weak password everywhere. Enable two-factor authentication. A digital life necessitates a layer of precautions that can be repetitive and even exhausting to maintain. It’s easy to brush off the warnings we’ve all heard hundreds of times because “that’ll never happen to me.” Until it does.
When I went to sleep last Monday night, I had no idea that I’d open my eyes to dozens of confusing notifications and my Twitter account taken over by a security hacker group. It caught me completely off guard, but it didn’t have to be that way. Hopefully by relaying my story and some hard lessons I learned along the way, I can help you avoid the same situation as you manage the safety and security of your online accounts and data.
Security researchers have identified a vulnerability in Point Of Sale (POS) terminals used by a large number of major chains, and hacked it to allow them to buy a MacBook for one dollar …
While Apple may have given in to demands from the Chinese government to remove VPN apps from its app store there, it does generally take a strong stand on encryption. It uses end-to-end encryption for both iMessage and FaceTime, and resisted pressure from the FBI to create a weakened version of iOS, describing it as too dangerous.
We’ve written a number of pieces explaining why we support Apple’s stance, both before and after the San Bernardino case.
The British government wants to ban end-to-end encryption altogether, arguing that it hampers the work of the security services. Support for Apple’s position – and opposition to that of the British Home Secretary – has now come from an unlikely source …
Quite a lot of tech features are designed to protect us from ourselves, and most of the time I’m fully in favor of this. I like it, for example, that my iOS devices ask me if I’m sure I want to delete a photo. I like it that my Macs ask me if I really want to empty the wastebasket. I love that Time Machine performs hourly backups and offers me an easy way to recover an earlier version of documents – and so on.
But there’s one aspect of iOS designed to protect me from myself that I find irritating, and I’d love a way to switch it off. My iOS devices don’t trust me to ensure there’s no-one watching when I type in passwords …
[UPDATE: Apple confirmed to us that any systems that are up to date, running El Capitan or later, are protected. We’ve also confirmed from those in the know that the issue has been fixed since around January and only affected older and out of date Macs.]
A security researcher has discovered a piece of Mac malware that allows an attacker to activate the webcam to take photos, take screenshots and capture keystrokes.
Synack researcher Patrick Wardle says that the malware has been infecting Macs for at least five years, and possibly even a decade …
It’s always a good idea to accept iOS dot updates as soon as they are available as they generally have significant security fixes. But iOS 10.3.3, released yesterday, fixes one particularly nasty vulnerability, making a swift update a particularly good idea …
Australia’s Attorney-General has said he will be meeting with Apple as the country becomes the latest to demand that the company cease offering end-to-end encryption, reports Sky News.
Attorney-General George Brandis says he will hold talks with tech giant Apple this week in bid to get co-operation on the Turnbull government’s proposed laws compelling tech companies to give police and intelligence agencies access to encrypted information messages from suspected terrorists and criminals …
U.S. Customs and Border Protection has advised a Senator that while it has the power to search electronic devices and examine all data stored on them, these powers do not extend to searching data stored in the cloud …
A new report from Motherboard today delves into some details regarding Apple’s bug bounty program, an intitative the company launched last year in hopes of encouraging security researching to submit “high-value” bugs in exchange for money. Today’s report, however, explains that the program isn’t taking off as fast as Apple had hoped…
The ban on laptops and tablets in cabin baggage on certain flights into the USA is over in all but name as a fourth airline is exempted. It’s clear by this stage that the ban was simply an aggressive way to force airports and airlines to adopt tougher security screening measures.
We learned earlier this week that Abu Dhabi airport was being exempted from the ban imposed on laptops and tablets in cabin baggage on certain US-bound flights, and the same now applies to two airlines flying from different airports …