toggle

AAPL Stock: 101.58 ( + 0.72 )

Subscribe to this page now.

BitTorrent Chat exits private test; emerges as Bleep for OS X, Android

09/17, 4:42pm

Encrypted chat used BitTorrent backbone to provide secure communications

Peer-to-peer protocol pioneers BitTorrent has released an Alpha version of its chat client. BitTorrent has revealed Bleep -- what used to be called BitTorrent Chat -- for Android and OSX. Bleep offers fully encrypted, end to end communications between users only stored locally on devices, and not retained by servers along any step of the way.

more

Brief held for politicians in DC over Apple privacy, data security

09/17, 1:35pm

CTO, Heath Project Manager at briefing; Apple security defended

Apple has sent two high-ranking executives to Capitol Hill earlier this week to brief lawmakers on what it is doing to keep users' data secure and private in the wake of new devices tapping into users' health information and financial data. Apple Chief Technology Officer Bud Tribble and Health Project Manager Afshad Mistri briefed the House Energy and Commerce Committee behind closed doors on Tuesday, according to sources within Congress.

more

Apple to extend iCloud security, add passwords for third-party apps

09/17, 12:14am

New system avoids compromise of Apple ID, limited to 25 active passwords

Starting next month, Apple will add another layer of security to its iCloud service for third-party apps that utilize iCloud storage or other access. The company will allow users to assign up to 25 app-specific passwords for those users who don't want a third-party app to have the user's Apple ID credentials to utilize services such as syncing. The app-specific password approach not only protects the iCloud and Apple ID account, but enhances security for apps that don't support two-step authentication.

more

Apple publishes guide for Android data transfer to iOS devices

09/16, 7:05pm

Company confident that new larger iPhones will attract switchers

With its combination of more and better apps, better security and now large-screen mobile devices, Apple is expecting the new iPhone and iOS 8 to help persuade more Android users to move up to iOS, and to that end has published a document on its website guiding switchers on how to move content from their Android device to the iPhone. The expectation isn't based on hubris: surveys have shown that at least a third of Android users would consider switching to the iPhone 6 family.

more

Two-factor authentication re-instituted at iCloud.com

09/16, 3:53pm

Apple takes another step towards securing iCloud

Apple has once again enabled a two-factor authentication option for iCloud.com. It was briefly introduced in June, but then vanished for reasons unknown. Much like its equivalent for Apple IDs, the iCloud.com two-factor system requires verifying identity through SMS or Find My iPhone. Only once this is done can users load the site's apps.

more

Chinese police arrest Foxconn worker for stealing iPhone 6 shells

09/16, 12:32pm

Police largely silent during pre-announcement era

Chinese police have arrested a 40-year-old Foxconn worker, identified only by the surname Qiao, for stealing iPhone 6 shells from a factory in Jincheng, according to the state-run Taihang Daily. The person was detained on September 4, and is specifically accused of selling six of the shells for 6,000 yuan (about $960) to a gadget market in Shenzhen, where a number of electronics makers are located.

more

Amazon Kindles susceptible to malicious ePubs, account info at risk

09/16, 10:12am

Stored cross-site scripting attack can steal stored cookies on tablet

Security researchers have noted the resurrection of an old bug, which allowed a specially-crafted ePub e-book file to seize cookies stored on Amazon's Kindle series of tablets. When a malicious file hits the storage of the Kindle, either by USB loading or the Amazon "Send to Kindle" feature, a Javascript embedded in a fie will execute as soon as the device's browser is launched, which could result in the user's Amazon account being compromised.

more

Cook: Consumers 'are not our product,' pushes privacy policies

09/15, 11:50pm

Apple's product-centric business model differentiates it from others, CEO says

During more of the interview for PBS' "Charlie Rose" show, Apple CEO Tim Cook addressed the thorny issue of user privacy, with Cook coming out strongly differentiating Apple from other companies, noting that Apple "tries not to collect data." Cook said he believes users "have a right to privacy," and used the issue to reiterate that Apple was not cooperating with US government spying programs.

more

Apple joins data-security industry group ahead of Apple Pay debut

09/15, 7:34pm

Association's aim is to improve cryptographic and data keys, thwart physical and online attacks

Apple is now a member of a non-profit trade association made up of mostly financial institutions, cellular carriers and software and hardware developers devoted to improving security in applications, transactions, data and cryptography. The group, GlobalPlatform says its objective is to "create a standardized infrastructure that accelerates the deployment" of secure software and data, "protecting them from physical or software attacks." Most of Apple's carrier and financial partners in Apple Pay are also members.

more

Connnecticut AG asks Apple CEO Tim Cook to address Watch security

09/15, 5:30pm

Concerns more directly related to HealthKit

Connecticut's Attorney General, George Jepsen, has issued a letter to Apple CEO Tim Cook, asking the company to explain how the Apple Watch will collect and store data. Jepsen asks, for instance, "whether Apple will allow consumers to store personal and health information on Apple Watch itself and/or on its servers, and if so, how information will be safeguarded," and "if and how Apple will review application privacy policies to ensure that users' health information is safeguarded." Other concerns include consent, the specific types of data the watch and its apps will collect, and guideline enforcement.

more

Stanford, Duke to start medical trials using Apple's HealthKit

09/15, 1:29pm

Institutions aim to improve speed, accuracy

In the next few weeks, two major US hospitals -- linked with Stanford University and Duke University, respectively -- are embarking on medical trials using Apple's HealthKit platform, according to Reuters. Doctors at Stanford say they're working with Apple on tracking blood sugar for children with diabetes. Duke, meanwhile, is planning a pilot to track blood pressure, weight, and other statistics for patients with cancer or heart diseases.

more

Malware spreading over Twitch chat empties Steam account items

09/14, 3:08pm

Malware injected by raffle link sells items in Steam inventory, trades to specific account

Security firm F-Secure was recently alerted to a wave of malware targeting the Twitch game streaming audience as a way to turn a quick buck. The target of the Windows-based malware infection isn't aimed at stealing credit card information or joining into an click-through advertising botnet, but rather selling items of value that are associated with a Steam account.

more

Automattic reacts to leak of Gmail logins, resets 100,000 passwords

09/14, 2:23pm

Passwords reset based on database comparison to leaked Gmail credentials

Fallout could still be on the way as a result of the collection of nearly five million Gmail username and password credentials leaked on a Russian Bitcoin forum, but for now at least one company is taking action. Automattic, the company responsible for the blogging platform WordPress, announced it has reset user passwords for more than 100,000 accounts based on the information contained in the list.

more

Briefly: PrivacyScan update for OS X, EditReady 1.1 launches

09/14, 2:02pm

SecureMac releases PrivacyScan 1.6, improves OS X compatibility

SecureMac has released an update for its privacy software for OS X, featuring a new digital footprint security wipe functionality. PrivacyScan allows users to erase sensitive information to securely prevent recovery, as such cache files, browsing history, cookies, temporary files and more. The latest version (v1.6) improves compatibility with future versions of OS X, and also adds greater Firefox web browser support and fixes. PrivacyScan is priced at $15 on the App Store, with a free demo version available directly through SecureMac.

more

Full extent of J.P.Morgan hack not known, two months after attack

09/13, 11:14am

Names, addresses, phone numbers taken; banking info probably safe

Information security professionals are still apparently sorting out the depth of an intrusion at J.P.Morgan Chase from earlier this summer. Three people with information regarding the digital break-in have spoken to press, claiming that the hackers had -- and in some cases may still have -- high-level access to bank servers, as well as gleaning information from around a million customer accounts.

more

Apple Watch relies on PIN, constant skin contact to secure Apple Pay

09/11, 9:57am

Works around lack of Touch ID

The Apple Watch will use a unique system to authorize NFC mobile payments, reports say. Normally, Apple Pay is authorized via Touch ID, but there's no such sensor on the Watch. Instead, when someone puts on the device for the day, they'll have to enter a PIN to authorize transactions. The sensors on the bottom of the watch can detect skin contact, and once that's lost, a person will have to re-enter their PIN.

more

Gmail addresses, passwords of nearly 5M users show up online

09/10, 3:25pm

Google says there is no evidence of a breach, many logins are said to be outdated

Another credential scare has turned up online, this time for one of the world's largest free email services. The emails and passwords of around 4.66 million Gmail users have turned up on a Russian Bitcoin forum, traced backed to English, Russian and Spanish users of the service. It's not clear where or how the list was collected, but it is said that many of the logins are outdated.

more

Cook on Tuesday announcements: Steve would be 'incredibly proud'

09/10, 12:20am

Apple Watch may be first new product never seen by Jobs, Apple Pay 'incredibly safe'

In interviews with the Wall Street Journal and ABC News' David Muir, Apple CEO Tim Cook reiterated many of the sentiments expressed during the Tuesday press even that introduced the two new iPhone 6 models, the Apple Watch wearable and the Apple Pay mobile payments system. He also, however, had a few words in response to questions, ranging from his thoughts on Steve Jobs in the three years since his passing, and how the iPhone 6 will trigger "the mother of all upgrades."

more

Home Depot confirms data breach for United States, Canada stores

09/08, 7:18pm

Breach confirmed for April forward as investigation continues, no evidence of PIN theft

An initial investigation by Home Depot into an intrusion of its payment data systems has revealed that its systems were indeed breached. The home improvement retailer began looking into the breach of its systems after it noticed irregular activity and subsequent sale of its customer data last week. Home Depot was apparently hit by the same malware responsible for the breach of Target's systems.

more

Comcast serving injected JavaScript ads through public Wi-Fi hotspots

09/08, 4:48pm

Provider stating that ads placed as a courtesy, reminiscent of BitTorrent throttling issue

It appears that Comcast has decided to serve advertisements to people that connect their devices to the more than 3.5 million public Wi-Fi hotspots spread throughout the United States. Ars Technica discovered that the Internet service provider (ISP) has been injecting JavaScript advertisements into websites using the Xfinity Wi-Fi services by altering the data stream when webpages are called.

more

Notification emails sent to iCloud users about sign-ins at iCloud.com

09/08, 12:29pm

Part of planned security upgrades

Users of Apple's iCloud are now getting email notifications whenever an Apple ID signs into iCloud.com for the first time from a new device. Each message includes a date and time stamp, and is meant to warn someone in case the login is actually by an unauthorized attacker. The update is part of a series of planned security upgrades announced by Apple CEO Tim Cook.

more

Report: Walgreens, CVS also sign on to Apple's mobile payment plan

09/05, 10:36pm

Joins with rumored merchant Norstrom, banks and credit card companies on deals

A report from anonymous sources suggests that Apple's rumored mobile payment system may have gained further merchant support in the form of drugstore chains CVS and Walgreens. The move would make it easy for customers to use their iPhone to pay for purchases at some 15,000 combined locations in the US, reports AppleInsider via Re/Code. They will be among other known and unknown retail partners to help launch the mobile payment system, which could be announced at the September 9 Apple press event.

more

Cook addresses celebrity images scandal, promises improvements

09/04, 11:59pm

Photos not obtained by iCloud breach, but by password hacking

Apple CEO Tim Cook has formally addressed the recent celebrity selfies scandal, where some of the images obtained by hackers came from the victims' iCloud accounts (alongside other services, those responsible for the collection of the images have recently admitted). In an interview with the Wall Street Journal, Cook not only acknowledged that some celebrities' accounts were specifically targeted using conventional data-stealing techniques, but promised both educational and engineering improvements.

more

Hacker infiltrates Healthcare.gov, no personal information stolen

09/04, 9:40pm

Intruder installs 'malicious software' for cyber-attacks, breach access point unknown

Health care exchanges continue to hit rough patches, as the United States government has revealed that the federal health care portal Healthcare.gov was breached. While there is no evidence that any personal information from the 5.4 million people applying through the site was stolen during the event, the attack marks the first time an intrusion has successfully accessed systems attached to the website.

more

FCC levies $7.4 million fine on Verizon for privacy paperwork foul-up

09/04, 4:45pm

Company failed to inform users of opt-out option for six years

Verizon has agreed to a $7.4 million dollar fine, payable to the US Federal Communications Commission (FCC) as a result of not informing customers that they could "opt out" of Verizon marketing efforts tailored with gleaned user information. The fine, the largest of its kind, is assessed in parallel with the requirement that the company tell customers in every mailed bill that they can prevent the company from using data for advertising and marketing purposes.

more

Google to refund $19 million to settle FTC in-app purchase debacle

09/04, 12:53pm

Unfettered Google Play in-app purchase solved with 2012 password requirement

Google has offered to settle charges levied against it with the the US Federal Trade Commission (FTC) over unfair billing for in-app purchases made by children. The search engine giant has offered to pay out at least $19 million to end the suit, similar to that faced by Apple and Amazon.

more

Case manufacturer ClamCase data stolen, customer info at risk

09/03, 3:59pm

Hackers penetrated system between April 15 and August 6, 2014

Apple iPad case seller ClamCase is the victim of a computer intrusion, revealing its customer information to hackers. Emails to customers have been arriving in recent days, claiming that the company has fallen victim to the hack, and purchase data from that period between April 15 and August 6 has been stolen. Information obtained includes customer names, addresses, and credit card information.

more

Home Depot investigating possible credit card data breach

09/02, 6:39pm

Intrusion may have been performed by same team behind Target hack

Home Depot is investigating "unusual activity" with its customer data, with the retailer appearing to be the victim of a major credit card breach. The store chain confirmed it was looking into the matter earlier today, after a report claimed acquired customer data was going on sale via a number of illicit websites specializing in credit card details.

more

Apple: Celebrity photo leaks not result of iCloud breach

09/02, 3:06pm

Claims victims were hit by 'very targeted' attack

Apple has issued a new follow-up statement on this week's celebrity photo leaks via iCloud. "After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet," the company writes. "None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find My iPhone. We are continuing to work with law enforcement to help identify the criminals involved."

more

Apple 'investigating' if leaked celebrity pics came from iCloud

09/01, 6:00pm

Further evidence undermining claims pictures were stolen from Apple's servers

Even as Apple on Monday issued a terse statement saying only that "we take user privacy very seriously and are actively investigating this report," concerning the leak of compromising images from 101 celebrities, the 4chan poster who released the compromising images and video has now admitted that the pictures come from a variety of sources. In the meantime, Apple has patched a potential security flaw that could have allowed attackers to brute-force their way into obtaining weak iCloud passwords.

more

Python script attacking Find My iPhone may be behind celebrity leaks

09/01, 1:13pm

Vulnerability in Find My iPhone authentication system patched today

A script which allowed access to iCloud servers may have been behind the recent celebrity photo leaks, a report suggests. A Python script which discovered the password of an iCloud account has surfaced, with an apparent vulnerability in Find My iPhone potentially allowing attackers to "brute force" attack an account without any lockout or warning to the account owner.

more

Claim: Compromising celebrity photos due to iCloud hack

09/01, 2:00am

Reports remain dubious on origin of photos, videos allegedly obtained

A plethora of new celebrity nude images have surfaced on the Internet, along with claims that the photos and videos are the result of a hack of iCloud accounts. At least one of the victims of the leak has confirmed the images, but did not confirm the leak came from iCloud and added that the images now circulating were "deleted long ago," saying it would take a lot of "creepy effort" to obtain them.

more

CryptoWall malware collects $1.1M in file ransoms over six months

08/30, 2:27pm

CryptoLocker derivative attack demands variable ransoms

In a five-month period, CryptoLocker-esque malware CryptoWall has infected 625,000 devices worldwide, and has locked down 5.25 billion files, according to Dell's security researchers. In that same time period, it has exceeded its predecessor's infection rates, and gathered over $1.1 million in file ransoms, with one victim paying out $10,000 in Bitcoin to rescue his own files held hostage by the malware.

more

Microsoft Ireland data warrant upheld, stay on data turnover lifted

08/30, 1:52pm

New ruling forces defiant Microsoft to hand over data held overseas

A stay giving Microsoft permission to deny a warrant ordering email release from a user whose data is stored in Ireland has been lifted by Judge Loretta Preska. As a result of the order, issued on August 29, Microsoft has until September 5 to coordinate with the US Department of Justice and inform the court how it will comply with the original court order, demanding Microsoft surrender the data. Microsoft promises to fight the order, and does not intend to hand over the data.

more

Security guards protest low wages, block Apple San Francisco store

08/28, 9:56pm

Protest accommodated until doors to store blocked

A group of corporate and retail security guards for Apple stores staged a peaceful protest of what they consider to be low pay relative to other employees at the company's flagship San Francisco store on Thursday. The issue the guards were drawing attention to is not one specific to Apple, but endemic among tech firms in Silicon Valley -- who collectively tend to pay cleaning, support, maintenance and security staff lower wages on average than regular employees.

more

HealthKit policies updated to block data use by advertisers, brokers

08/28, 3:51pm

Should address one central fear

Apple has updated the language in its privacy policy for HealthKit to prevent apps from selling data to "advertising platforms, data brokers or information resellers," notes the Financial Times. HealthKit will allow iOS 8 apps to exchange health and fitness data tracked via various accessories, such as the iWatch. The iOS upgrade is rumored to launch next month alongside the iWatch and the iPhone 6.

more

JPMorgan Chase systems infiltrated, banking data may have been stolen

08/28, 2:39pm

Assault on JPMorgan Chase may be only one of multiple intrusions in August

JP Morgan Chase & Co plus at least four other financial institutions have reportedly come under attack by hackers. According to a quartet of people familiar with the investigation, the possibility exists that gigabytes of customer data, including banking information, may have been stolen by the assailants with a "zero-day" attack, who may to be linked to Russian state-sponsored hackers.

more

Report: Eight high-profile sites hit by browser exploits last week

08/27, 11:45pm

Security firms says malvertising hit sites such as Java, DeviantArt and Photobucket

A "malvertising" campaign made the rounds last week hitting at least eight high-profile websites according to security firm Fox-IT. The firma noticed that the sites were redirecting their visits to other places, allowing it to discover that sites were using vulnerabilities in software like Java and Flash to inject malicious programs. The purpose of the "malvertising" was to infect machines with botnet malware involved in boosting advertisement clicks.

more

Automattic strengthens WordPress with BruteProtect acquisition

08/26, 7:02pm

BruteProtect to be rolled into Jetpack, paid service ends to make all features free

Automattic, the company responsible for the WordPress blog platform, announced today that it acquired BruteProtect. The pick up will allow the company to strengthen security of the WordPress platform through its Jetpack service, without additional cost to users. BruteProtect started its life as a plug-in for the popular blogging software, only to expand into other areas of security, server management and premium services.

more

Some iOS apps vulnerable to auto-dialing URLs, developer notes

08/25, 4:48pm

Major apps identified as culprits

A number of iOS apps -- including Facebook Messenger, Gmail, and Google+ -- have a security vulnerability that could allow malicious parties to force an iPhone to auto-dial, observes Romanian developer Andrei Neculaesei. iOS supports a tel:// URI that can make a call automatically, even though developers are allowed to bypass confirmation prompts for the dialer if they want. Through a vulnerable app and the right web code, a person could potentially be tricked into dialing a toll number. A FaceTime variant could let someone capture images of a person before disconnecting.

more

Gaming services including SOE, PlayStation Network hit by DDoS

08/24, 6:40pm

Several companies confirm attacks as service returns, hacking group claims responsibility

Some of the most popular gaming services are reportedly under attack as a series of distributed denial of service attacks (DDoS) has been underway since last week. Shacknews reports that Blizzard, Grinding Gear Games, PlayStation Network, Riot and Sony Online Entertainment have all been undergoing a series of attacks leading to connection instabilities and service failures. While the attack was initially thought to be limited to a few companies, it's been discovered that several additional gaming services and websites have been targeted as far back as August 18 by a hacking group.

more

US cybersecurity chief claims lack of experience not important to job

08/23, 1:13pm

Presidential advisor believes education, overall government experience sufficient

In an interview with the Information Security Media Group publication, White House cybersecurity coordinator Michael Daniel admits to having no practical experience with the subject matter. Daniel claims that "being too down in the weeds at the technical level could actually be a little bit of a distraction" to his job of advising the President about ongoing and emergent information security issues.

more

Secret Service expands investigation of Target, UPS PoS malware

08/23, 12:20pm

'Backoff' malware has infected 1,000 businesses across US

Target isn't the only US retailer affected by the "Backoff" point of sale malware. Following forensic analysis of the intrusion software, researchers for US government law enforcement have claimed that more than 1,000 businesses have been infected by the same strain that assaulted the big-box retailer, and now UPS storefronts.

more

Amazon wins Department of Defense cloud services contract

08/22, 10:35am

Amazon hopes contract will pave the way for cloud-based confidential data

Amazon Web Services has received the first-ever US Department of Defense level three through five provisional authorization for the AWS GovCloud (US) region under the Defense Information Systems Agency's (DISA) codified Cloud Security Model (CSM). This new authorization allows Department of Defense users to conduct development and integration activities for everything but classified workflows with Amazon's service.

more

UPS Stores hit by 'malware intrusion,' customer data possibly exposed

08/21, 3:30pm

Stores in 24 states affected by breach, spanned up to seven months in some cases

The UPS Store chain of delivery and packaging facilities has reported that a number of its stores have been the target of a "broad-based malware intrusion," adding that customer data could have been accessed. The United Parcel Service (UPS) subsidiary became aware of the breach on July 31, the same day that the Department of Homeland Security sent out notices regarding a malware called "Backoff," according to the New York Times.

more

Heartbleed suspected to be point of entry for CMS records breach

08/20, 5:15pm

OpenSSL vulnerability the first attack vector, occured shortly after bug announced

Security firm TrustedSec says that it learned how hackers were able to obtain records from Community Health Systems (CHS). According to a statement released by the firm yesterday, the initial attack occurred through an OpenSSL vulnerability. An anonymous source tied to the investigation told the company that Heartbleed, a vulnerability that has made headlines in recent history, is to blame for the breach.

more

Symantec condenses security line-up into one suite, Norton Security

08/20, 4:15pm

Software line drops nine different programs, new software launches September 23

Symantec announced earlier this week that it would be issuing a sweeping change to its line of antivirus software to offer consumers a single solution. Starting September 23, the company will begin offering Norton Security for around $80 per year. The change effectively ends releases of Norton Antivirus, the company's main product line that has seen annual releases since the early 90s.

more

Claim: Apple's iMessage accounts for 30 percent of all mobile spam

08/20, 1:28pm

AppleScript, multi-platform hooks make spamming easier

Over 30 percent of all mobile spam messages are now being sent through Apple's iMessage system, claims Tom Landesman, a security researcher at Cloudmark. Many of the messages are pushing fake luxury products, such as sunglasses and handbags. Landesman explains that spammers are -- or were -- taking advantage of several aspects of Apple's ecosystem. However, Apple has responded to the charge, and said that some countermeasures have been implemented.

more

New malware stealing advertising revenue from jailbroken iOS devices

08/20, 9:08am

Package changes developer ad ID with that of assailant with Cydia Substrate

A new piece of malware has started infecting jailbroken iOS devices earlier this year. The "AdThief" or "Spad" package hijacks advertising clicks and revenue, and redirects them to the author of the package, rather than the developer who inserted the advertising in the first place. The malware is simple and low profile -- it replaces the developer's ID with the attacker's ID. Mobile ad kits targeted by the AdThief malware are mostly from Chinese vendors, with four in the US, and a pair in India.

more

Gatekeeper changes unconnected to Dev Center hack, sources claim

08/19, 3:13pm

Re-signing mandatory for existing apps

Despite recent claims, a Dev Center security breach may not be why developers are being asked to re-sign Mac apps using OS X Mavericks, sources say. An alternative reason for the switch hasn't been mentioned, but unnamed sources are countering reports yesterday from other unnamed sources. In the earlier rumors, it was claimed that one or more hackers had managed to obtain not only Gatekeeper keys but "virtually every key Apple used for everything."

more

MacNN Sponsor

MacNN Newsletter

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    MacNN Sponsor

    Recent Reviews

    Autodesk Smoke 2015

    Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

    Crucial MX100 256GB SATA-3 SSD

    While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

    Narrative Clip

    With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

    toggle

    Most Commented