toggle

AAPL Stock: 98.15 ( -0.23 )

Subscribe to this page now.

Tor compromised earlier in year, relay attack to 'deanonymize' users

07/30, 3:42pm

The Tor Project announced on its blog today that the service suffered two different types of attacks in an attempt to uncover information that could remove the anonymity of sources accessing hidden services. Tor states that the attackers are so far unknown, but it states that anyone that accessed any hidden services from the beginning of February through July 4 should assume they're affected by the attack.

more

Russia asks Apple, SAP to turn over source code as anti-spy measure

07/30, 1:07pm

Companies will likely be hesitant to comply

The Russian government has proposed that two Western companies, Apple and SAP, grant access to their source code so it can determine whether or not products are tools for spying on state organizations and/or the public, Reuters reports. Russia's communications minister, Nikolai Nikiforov, is said to have made the request when he met last week with Apple's local general manager, Peter Nielsen, and SAP's local managing director, Vyacheslav Orekhov. In an official Communications Ministry statement, Nikiforov comments that "Edward Snowden's revelations in 2013 and US intelligence services' public statements about the strengthening of surveillance of Russia in 2014 have raised a serious question of trust in foreign software and hardware."

more

BlackBerry acquires German security firm Secusmart

07/29, 12:48pm

Company turnaround underway, says CEO in wake of deal

At its annual BlackBerry summit, the beleagured smartphone manufacturer has announced a deal that will see it acquire Germany's Secusmart to enhance its own security offerings. BlackBerry CEO John Chen said of the deal that it "creates that much more distance between [BlackBerry] and competitors" in the battle for corporate and governmental business share.

more

Long-standing Android 'Fake ID' bug gives malware root access

07/29, 9:10am

App masquerading as Flash, others, can break Android sandboxing

Mobile device researchers Bluebox Security have discovered a serious flaw in Google's Android operating system that dates back to version 2.1, and is still present (albeit weakened) in the new 5.0 preview. The "Fake ID" security flaw allows a fake app to include an invalid security certificate, claiming that it is an app with sandbox-breaking privileges, in essence, giving the malicious app root access to the phone and all its contents.

more

Chinese officials make surprise visits to four Microsoft offices

07/28, 4:13pm

Visit tied to investigation, Microsoft states that it will cooperate with officials

Officials from the China's State Administration for Industry and Commerce (AIC) showed up at four Microsoft offices in the country unannounced earlier today. Offices in Beijing, Chengdu, Guangzhou and Shanghai received the sudden visits, that could be tied to the start of an antitrust investigation for a presently-unknown reason. The visits come at a time when Microsoft faces scrutiny in the country, over spying allegations and government refusal of Windows 8.

more

Uber closes Javascript hack exposing driver review of passengers

07/28, 9:40am

Review score of customers by Uber drivers pulled from view

Cab-hailing service Uber has patched a hole which allowed passengers to find out their average score based on reviews from Uber drivers. A Javascript hack which surfaced over the weekend polled Uber servers for the passenger score, giving a response between 1.0 and 5.0, though Uber has been quick to close the loophole in order to protect its driver review system.

more

Cellphone unlocking bill without bulk unlock ban passed by House

07/25, 4:10pm

Bill headed to oval office, with Obama willing to sign

In an unexpected move, and avoiding a potential fight, the House of Representatives has passed bill S517, aiming to make cellphone unlocking legal. The amended bill, passed by the Senate last week, was passed with no changes -- a controversial clause of the bill previously passed by the House, prohibiting bulk unlocking by companies, has been removed from the final passed version.

more

Sony agrees to $15M settlement over 2011 PlayStation Network hack

07/24, 7:49am

Free games, subscriptions offered as compensation for PSN intrusion

Sony has agreed to a preliminary settlement worth $15 million in a hacking class-action lawsuit in the United States. The agreement, which still requires approval from a judge, will see Sony handing out free games to console owners affected by the April 2011 PlayStation Network hack, which saw the shutdown of the service and Qriocity for several weeks, as well as compromising personal data and credit card information from over 77 million users.

more

Apple document attempts to explain alleged backdoors in iOS

07/23, 9:22am

Tools intended strictly for diagnostics, file capture, company says

In another step to address concerns of possible backdoors in iOS, Apple has published a newdocument explaining what three services are intended to do. The first, com.apple.mobile.pcapd, is said to support "diagnostic packet capture from an iOS device to a trusted computer," something useful for "troubleshooting and diagnosing issues with apps on the device as well as enterprise VPN connections." Another, com.apple.mobile.file_relay, "supports limited copying of diagnostic data from a device."

more

Goodwill investigating possible data breach, could date back to 2013

07/22, 4:18pm

Company says no breach confirmed, but continuing investigation with authorities

Goodwill Industries International, the business entity behind the popular nonprofit second-hand stores, announced this week that it is investigating a potential data breach involving credit card data. The breach was said to occur in selected stores within the United States, but Goodwill has offered no information on which stores were affected.

more

Several backdoors included on every iOS device, researcher says [U]

07/22, 12:26am

May enable collection of private data by Apple, governments

[Updated with rebuttal from Apple] Apple's iOS platform contains several backdoors that may allow for Apple and/or governments to collect private data, according to a forensic scientist, Jonathan Zdziarski. Presenting at the recent Hackers On Planet Earth (HOPE/X) conference, Zdziarski said that that there are several conspicuous design gaps -- and some deliberately-included forensic services -- that make it possible to extract data using forensic tools. The services have names such as "lockdownd," "pcapd," and "mobile.file_relay."

more

Snowden: Dropbox is 'hostile to privacy,' cloud needs zero knowledge

07/21, 1:45pm

NSA whistleblower points to board member, companies should have no access to data

In an interview with UK newspaper The Guardian last week, fugitive American whistleblower Edward Snowden made it clear that he opposed cloud companies that had access to user data. He specifically pointed out Dropbox as being "hostile to privacy" for a number of reasons, including a board appointment of an ex-government official with ties to suspected privacy violations.

more

Two-step Apple ID verification comes to 48 more countries

07/17, 10:58am

Could be important step towards reducing hacking

Apple has dramatically expanded the reach of its two-step Apple ID verification option, adding another 48 regions to the previous 11. The full list of countries with support is below. When two-step verification is on, trying to change account details or make an iTunes/App Store purchase from a new device will send a code via SMS or Find My iPhone. Only once this code is entered can an action continue.

more

Hackers gain access to Nest, develop tool to stop data reporting

07/16, 9:38pm

Nest is essentially jailbroken, uses a custom tool to end reporting back to company

A group of researchers from the University of Central Florida (UCF) discovered a way to root the Nest thermostat in the process of finding a way to hack the device to steal data and install malware. Led by engineering professor Yier Jin, the team used physical access to accomplish the hack even though it is built with security in mind. During the hacking discovery, the team came up with a way to stop the device from reporting data back to Google (or Nest).

more

Yahoo Endings gives Japan a one-stop shop for digital afterlife needs

07/16, 4:50pm

Service sends out notes after user passes away, cleans up personal data on Internet

Yahoo Japan launched an interesting service this week, one that gives people an option for deleting part of their digital lives once they reach the end of their physical ones. The service, called Yahoo Endings, offers users some basic services like will-writing, but also sends goodbye notes and deletes personal information from Yahoo.

more

Dashlane 3 incorporates password sharing, emergency contacts

07/16, 1:04pm

Team discounts now on sale

Dashlane has launched version 3 of its namesake password and wallet management software for Mac and Windows. The update features two major additions, beginning with the Sharing Center, which lets people share passwords with other people while maintaining central control and AES-256 encryption. Although recipients must have a Dashlane account, the system gives administrators the ability to limit re-shares or revoke access, and will sync password changes made by others.

more

Google fires up 'Project Zero' universal Internet security program

07/15, 3:38pm

Google not limiting effort to internal apps -- any vendor is fair game

Google has launched a new web-wide security project. Titled "Project Zero", the effort by the search behemoth has the lofty goal to "significantly reduce the number of people harmed by targeted attacks." Google intends to have no bounds for the project, planning on working to "improve the security of any software depended upon by large numbers of people, paying careful attention to the techniques, targets and motivations of attackers."

more

CNet hacked, one million user records stolen by white hat hackers

07/15, 10:47am

W0rm interested in publicizing security holes, not motivated by profit

Purported white-hat Russian hacker group w0rm has attacked tech news website CNet. The group claims that it has usernames, email addresses, and encrypted passwords for one million users of its information services. A tweet on Monday by the group confirmed the attack, but even after a sale offer for a single Bitcoin was made, the group claims to be interested in drawing attention to security and "nothing more."

more

Apple starts encrypting email going between iCloud, other services

07/15, 10:26am

Old me.com and mac.com addresses also covered

Apple has started encrypting email traffic between iCloud and third-party services, according to data from a Google transparency website. This includes messages from older me.com and mac.com accounts. The move follows Apple promises in June that encryption would expand beyond iCloud-to-iCloud exchanges, something essential given the greater popularity of services like Google's Gmail.

more

No-IP addressing Senate regarding Microsoft domain seizure ordeal

07/15, 8:54am

No-IP will bring tales of woe to Senate, addressing improper enforcement issues

Following the fallout of the Microsoft seizure of No-IP domains, the dynamic domain name service company is speaking to the Senate about the incident. In a hearing scheduled before the Microsoft action against No-IP about proper enforcement of cybercrime laws, No-IP will address the Senate Judiciary Committee today about how the incident was handled, and the need for sensible enforcement so that the Internet property rights of innocent third parties don't become collateral damage in such efforts.

more

Leaked documents reveal British GCHQ can manipulate communications

07/14, 5:06pm

Repository of JTRIG tools shows some that can modify or mimic existing information

Information posted by The Intercept revealed this week that the British Intelligence agency Government Communications Headquarters (GCHQ) has the tools to modify communications, on top of monitoring them and collecting data. A database in the form of a Wiki entry of internal tools was posted to the site, listing the function and development status of each. Data from social media sites like Facebook, video sites like YouTube and various forms of web traffic and phone calls can all be modified or spoofed.

more

Popcorn Time derivative GitHub repositories shuttered by MPAA

07/12, 4:10pm

Original repository remains intact, popcorn-official and time4popcorn dead

The US Motion Picture Association of America (MPAA) has issued Digital Millennium Copyright Act (DMCA) takedown requests for code repositories for BitTorrent-based video streaming projects based on the Popcorn Time core. The MPAA requested that the code for "popcorn-official" and "time4popcorn" projects be removed from GitHub, but the original Popcorn Time repository remains intact and undeleted.

more

Apple responds to China media report of iOS 'national security issue'

07/12, 3:00pm

Apple defines what location tracking does, how it works

Apple has responded to Chinese government media allegations of the iPhone and iPad being a national security threat. A Chinese-language statement titled "Your Location Privacy" has been posted by the Cupertino manufacturer, with the company guaranteeing that it won't track users, or share information location with outsiders. Additionally, it claims that the "frequent locations" feature touted for iOS8 will just "quickly and reliably determine their current locations for specific activities such as shopping, travel, finding the nearest restaurant or calculating the amount of time it takes them to get to work," and not leak any personal data.

more

Fake motions filed in Apple, Facebook employee 'no poach' suit

07/12, 2:44pm

Attorney name, fake firm files motion to force Judge Lucy Koh to recuse herself

Silicon Valley's "no poach" lawsuit involving Apple, Adobe, Google, and Intel may be slowly grinding to a conclusion, but not without some peculiar behavior. An investigation has been launched by the US District Court for the Northern District of California and the California State Bar after a court filing was made under an attorney's name without her knowledge, and with a fake lawfirm's name. The incident, and a similar filing made shortly after motion dismissal, is being investigated as a possible identity theft.

more

Microsoft drops lawsuit versus No-IP, all domains finally restored

07/12, 12:43pm

Microsoft has little comment over the mishandled matter

The Microsoft and No-IP saga appears to be complete. Just one week after the dynamic domain name service (DNS) had its domains seized by Microsoft, all domains have been returned, users have reported restored functionality, and the lawsuit filed by Microsoft against parent company Vitalwerks has been dropped.

more

Review: Samsung SmartCam HD Pro

07/11, 3:10pm

Internet camera looks good on paper, runs into problems in everyday use

Keeping an eye on the home while out and about these days is common practice. Internet cameras have become popular due to the ease of scanning for intruders or checking on the welfare of a child. Selecting the right model can be challenging, based on the number of cameras on the market. Brands like Dropcam and Foscam are generally trusted, but larger companies like Samsung offer alternative solutions. Attempting to bring a Dropcam competitor to consumers, Samsung released the SmartCam HD Pro. But does it offer the features a user needs without hiccups? Find out in our review.

more

Chinese state TV calls iOS 7's Frequent Locations 'security concern'

07/11, 9:48am

Claims data could be used to glean state secrets

State-run China Central Television has called iOS 7's Frequent Locations function a "national security concern" in a noon broadcast, according to the Wall Street Journal. The report quoted researchers as saying that people with access to the underlying data could get a glimpse of the broader Chinese situation, or "even state secrets." Electronic security has become a sensitive topic for the Chinese government in the wake of leaks from Edward Snowden, revealing that the NSA is spying on Chinese leaders, and that American businesses have willingly or unwillingly provided the NSA with access to demanded data.

more

Google received over 70,000 'right to be forgotten' requests so far

07/11, 8:14am

Google legal chief outlines removal request difficulties following EU court ruling

Google is still being swamped with requests to remove website listings in Europe, following the Court of Justice of the European Union's ruling on the "right to be forgotten." Senior Vice President and Chief Legal Officer David Drummond claims the search company has received more than 70,000 takedown requests since the ruling in May, with the requests covering 250,000 webpage listings in its search results.

more

Apple now blocking older Flash Player plug-ins, citing security flaw

07/11, 12:03am

Latest version for Snow Leopard and higher now required for Flash to work

Following an emergency patch issued by Adobe yesterday for a vulnerability in Flash Player and Adobe AIR that the company deemed "critical" for users to upgrade to, Apple is now blocking all un-upgraded versions of the plug-in in Safari, though the warning dialog will take users to the Flash Installer page where they can obtain the patched version. Users of OS X 10.6 and higher must be running version 14.0.0.145 in order for the Flash plug-in to work normally. Windows and Linux users are also affected by the flaw.

more

FTC files in-app purchase lawsuit against Amazon, seeks refunds

07/10, 1:37pm

Suit files complaints about wanton, and unauthorized, in-app purchases

According to a US Federal Trade Commission report filed today, Amazon has billed parents and other account holders for millions of dollars in unauthorized in-app charges incurred by children. The FTC's lawsuit seeks a court order requiring refunds for consumers for the unauthorized charges, and permanently banning the company from billing parents and other account holders for in-app charges that have been made without their consent.

more

Fake TLS certificates doled out by India, scope of problem unknown

07/10, 10:37am

Internet Explorer, other Windows apps affected; problem could be widespread

Microsoft Internet Explorer users are being affected by a series of fraudulent transport layer security (TLS) certificates. The fake certificates, issued by India's National Informatics Centre, are trusted by the Microsoft Root Store -- a core library that Internet Explorer and other Windows applications use for identity verification. India's Controller of Certifying Records claims that only four fake certificates were issued, but other sources, including Google, are claiming that there are many more.

more

NYC fires back at Lyft launch; promises vehicle seizures, fines

07/10, 8:57am

Official TLC warning leaves little ambiguity as to regulatory intent

The New York City Taxi and Limousine Commission (TLC) has escalated the conflict between it and ride-sharing service Lyft. A warning by the TLC, issued yesterday, reminds residents that while the service is indeed opening on Friday and will be offering free rides for two weeks to new subscribers, that the service is unlicensed to operate, and un-investigated drivers may pose a danger to riders.

more

Silent Circle expands encrypted calling to 79 countries

07/10, 8:24am

New offering allows for more secure international communications

Security-focused communications firm Silent Circle today announced the expansion of Out-Circle Calling (OCC). The expansion allows for encrypted hybrid calling, which enables Silent Circle members to make and receive encrypted, private voice calls through the company's Silent Phone service to non-Silent Circle subscribers in 79 total countries.

more

DARPA funds research into social media influence over public

07/09, 7:19am

Social media usage examined in government-funded research

The US military has been analyzing the use and influence of social networks and social media, according to a report. Research funded by DARPA under the Social Media in Strategic Communication (SMISC) program was conducted with the ultimate aim of developing tools to help "counter misinformation or deception campaigns with truthful information."

more

Adobe issues 'critical' patch for Flash for AIR, OS X, Windows, Linux

07/09, 1:00am

Flaw allows attackers to steal authenticating cookies, hasn't been seen in wild yet

Adobe has issued an emergency patch of its Flash Player technology to correct a security flaw that could allow hackers false access to thousands of popular websites -- notably Twitter, Instagram, Tumblr and eBay among many others. The patch, which will update Flash to version 14.0.0.145, is considered "critical" for users of OS X, Windows and Linux operating systems. Even if users have Flash Player disabled in their browser, they may still need to update if they are using any products that require Adobe AIR.

more

Entrepeneur to Google: Google Places' bad info killed my restaurant

07/08, 2:48pm

Wild game restaurant near DC blames erroneous listing for closure

Long-time Washington DC metro area restaurant The Serbian Crown has sued Google. After experiencing a 75 percent drop in weekend customers, owner Rene Bertagna filed the suit following a discovery that the restaurant's Google Places listing had a grievous error -- it incorrectly stated that the restaurant was closed on Saturday through Monday. The suit alleges that the incorrect information given to customers from the search engine lead to a death spiral of the restaurant, with declining revenue forcing layoffs, which in-turn, drove diners away from poor service and declining food quality.

more

Bandits take over Samsung factory, steal $36 million in devices

07/07, 10:39pm

Robbers leave with seven trucks full of electronic goods from Campinas factory

A group of bandits robbed a Samsung Electronics factory in Brazil last night, escaping with seven trucks filled of goods from the smartphone and notebook computer manufacturer. Reuters reports the factory in Campinas was robbed just before midnight, with 20 robbers, some armed, posing as employees.

more

UK government plans reinstatement of metadata collection programs

07/07, 11:54am

Collection of call, text, Internet data to continue under plans by UK ministers

The government of the United Kingdom seeks to force telecommunication companies to log records of calls, texts, and Internet usage for a 12-month period, according to a report. Ministers are said to be attempting to counteract the effects of an European Court of Justice (ECJ) ruling in April, by introducing surveillance laws reinstating powers struck down by the court's decision.

more

TSA requires electronic devices to switch on before US-bound flights

07/07, 5:50am

Apple, Samsung smartphones singled out in TSA device power rules

Passengers of some international flights terminating in the United States will face a greater scrutiny of their electronics before being allowed on the airplane. The Transportation Security Administration (TSA) is putting into force new security rules that requires electronic devices to be able to switch on at the time of the security screening, with devices containing flat batteries unable to be let onboard.

more

Java support for Windows XP ended in April, no more supported updates

07/06, 4:50pm

Company no longer issuing platform fixes, security updates continue until April 2015

When the next quarterly update to Java rolls around later this month, Oracle says it won't include support for Windows XP users. The critical patch update, scheduled for July 15, updates Java 7 and Java 8 for newer Microsoft operating systems from Vista up to Windows 8. The choice to use Java on XP is left up to users because of the potential risk involved.

more

Privacy group files complaint with FTC over Facebook emotional study

07/06, 3:13pm

EPIC claims social media giant 'purposefully messed with people's minds'

If Facebook hasn't received enough flak for the emotional manipulation study it conducted on its user base, the company could soon face more from regulators. Last week, privacy watchdog group the Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission (FTC) over the one-week study Facebook conducted in 2012 that manipulated users' news feeds.

more

No-IP domains returned without comment by Microsoft

07/03, 7:58pm

Service restoration in process, connectivity waiting on DNS propagation

Following Microsoft's seizure of dynamic DNS service No-IP domains on a claim that some were spreading malware, many customers' paid and free connections were no longer functioning. Many of these services have been restored tonight, as Microsoft has begun the process of returning domains to No-IP. As of this evening, all of the seized domains have been returned to the service, with .org redirect restoration waiting on the .org registrar to act. Not all DNS services have been updated, but Electronista can confirm that Verizon FiOS, Google, and OpenDNS are all resolving properly.

more

EFF: Android phones could be 'leaking' location data

07/03, 5:35pm

Foundation discovers phones less than three years old broadcasting visited locations

Recently, the Internet advocacy and legal group the Electronic Frontier Foundation (EFF) discovered that a number of Android devices could be sharing location information when not connected to Wi-Fi. The Android phones in question periodically send out information on Wi-Fi networks it knows in order to speed up the process of connecting. However, in doing so it gives off previous location data based on stored wireless networks in "human language."

more

Goldman Sachs files court complaint to force Google to delete email

07/03, 4:28pm

Email sent to wrong address sparks privacy concerns, Google blocks access to email

A Goldman Sachs contractor sent an email containing confidential information to the wrong email account, causing the investment company to contact Google over its removal. After a Google representative told Goldman Sachs that it requires a court order to do so, the company filed a complaint with the Supreme Court of New York requesting that Google delete or retrieve the email. The company further asks for any information pertaining to its access.

more

Security update for Lion, Lion Server, Mountain Lion issued

07/02, 6:06pm

Addresses numerous flaws, bugs already addressed in Mavericks 10.9.4

Alongside the release of OS X 10.9.4 Mavericks for newer Macs, Apple has also releases security-oriented updates for OS X 10.7.x (Lion), the server version of Lion, and for 10.8.x Mountain Lion. The vulnerabilities patched for all three versions include an update to the certificate trust policy, a flaw in the "copyfile" command, and an issue with the Dock that could allow apps to circumvent the sandboxing restrictions. Numerous other discovered potential security vulnerabilities were also addressed.

more

UK data watchdog may investigate Facebook over emotion research

07/02, 3:49pm

Information Commissioner checks if Facebook research broke UK data laws

The fallout from Facebook's experiment with its users continues, with a UK government agency planning to investigate. The United Kingdom's Information Commissioner's Office (ICO), the body that deals with data protection laws in the country, will be looking to see if the social network broke any laws during its testing of emotional manipulation in 2012.

more

2013 Mac Pro gets official Apple security lock adapter

07/02, 9:50am

Supports Kensington, similar locks

Apple has released an official security lock adapter for the 2013 Mac Pro. The accessory connects without tools and supports a variety of Kensington locks, plus locks in a "similar style." While in use the adapter prevents easy access to a Pro's internals.

more

Microsoft encrypts Outlook.com email, opens Transparency Center

07/01, 4:11pm

Outlook, OneDrive traffic gains encryption to increase security

Microsoft has announced three new ways the company will improve the security of customer data in the wake of the NSA surveillance revelations. New encryption has been added to Outlook.com, with OneDrive also receiving a similar encryption-based security boost, and the company is also introducing its first "Microsoft Transparency Center" on its Redmond campus, in order to help governments understand and trust the security of the company's software.

more

MacNN testing: Microsoft domain seizure blocks VPN, allows odd traffic

07/01, 11:05am

No-ip.com domains seized ostensibly to prevent malware spread

Updated with more testing Early Monday morning, Microsoft announced that had seized, by court order, 23 domains used by dynamic IP company no-ip.com. Seeing a preponderance of malware hosts using these domains, the company then routed all "known bad traffic" through Microsoft filters, in order to classify the identified threats. The move was not without innocent victims, however, as users who use the affected domains -- including paid users for legitimate VPN purposes and one MacNN employee -- are this morning unable to connect through the redirect, at least in part.

more

Apple now offering two-step verification for iCloud login

06/30, 7:00pm

Four-digit passcode identifies device on top of user credentials

Apple is either testing or in the process of rolling out two-step verification for its iCloud.com portal, optionally allowing users who want to use the two-factor authentication to enter a random four-digit passcode on their device in order to add it to a list of "trusted" devices. The option is not yet available to Apple ID accounts that have previously set the preference for using two-step verification, but improves security over the default "Apple ID password only" method.

more

MacNN Sponsor

MacNN Newsletter

FREE Apple, iPhone and Mac Newsletter

  • We will not share your email address with anyone.

    toggle

    Most Popular

    MacNN Sponsor

    Recent Reviews

    Adesso Xtream S3B Bluetooth speaker

    Finding a speaker purpose-built for a specific need is challenging. Even when a Bluetooth speaker can be paired with a mobile device, ...

    JBL Synchros E40BT headphones

    For all the different configurations of headphones on the market, it's always a tough choice for buyers to get something that is just ...

    Razer Taipan mouse

    The list of gaming devices is growing larger with each passing day. A large number of companies have entered the gaming input arena, a ...

    toggle

    Most Commented