A researcher finds that Apple allows unsigned software in the same folder as signed, approved ones in the Mac App Store, opening up the potential for a malware bypass.
Glenn Fleishman | 30 Sep | Read more
Some software you may know and lean on won't work in El Capitan due to a new security feature that locks down system files and directories. Here's how to modify that.
Glenn Fleishman | 30 Sep | Read more
In the rush to critique Google for its inability to patch older and some current versions of Android at all or promptly--a rush I was absolutely part of--it's good to not ignore the baggage we're carrying around as well. Google was rightly criticized for the tradeoffs it made starting with the release of Android 1.0 to allow handset makers and cellular carriers to control, more or less, what went onto Android handsets.
Glenn Fleishman | 18 Aug | Read more
One set of researchers explains how a modification to your Macintosh's boot-up firmware can persist undetectably and spread through peripherals to other computers. Another researcher's work from a month ago is found in the wild, installing adware through a hidden escalation in user privileges. Both sound terrible, but neither is quite what it seems.
Glenn Fleishman | 06 Aug | Read more
Scott Trezza is frustrated with Spotlight in Yosemite:
Glenn Fleishman | 04 Aug | Read more
Windows 10--bear with me--has shipped, but this column isn't about the new operating system, which has received generally positive reviews from our friends at PCWorld and elsewhere. Rather, it's about a feature that started receiving attention a few weeks before release and more on the ship date: Wi-Fi Sense.
Glenn Fleishman | 01 Aug | Read more
You may snigger when you hear that a few months after the euphemistically named AdultFriendFinder was hacked, now Ashley Madison has had its turn. The site, which enthusiastically advertises its ability to connect people to have affairs, had its accounts compromised, according to security reporter Brian Krebs and confirmed by the company.
Glenn Fleishman | 22 Jul | Read more
In early June, Apple said two-factor authentication would be tightly integrated into OS X 10.11 El Capitan and iOS 9, but provided little detail as to what that means. The current setup is scattered across sites and methods in order to deliver a second one-time use, time-limited code or other method of verification when a user logs in to an Apple site or on an Apple device with an Apple ID set up for it.
Glenn Fleishman | 09 Jul | Read more
You'd think checking a box labeled Do Not Track would indicate a strong preference for, you know: not being tracked. And yet that is not the case. Those who sell slots to advertisers or gather demographic and other personal data to associate with individuals and improve targeting have a desperate interest in following our every move online.
Glenn Fleishman | 09 Jul | Read more
An Italian firm with the appropriate name Hacking Team suffered a massive breach in its company data Sunday, and 400GB of internal documents so far have been released and are being analyzed by reporters and security researchers. Hacking Team's customers are government agencies, including both law enforcement and national security, and the ostensibly legal software it sells to help them intercept communications includes not-yet-exploited vulnerabilities, known as zero-days.
Glenn Fleishman | 07 Jul | Read more
Virtual private network (VPN) connections designed to keep data safe from snooping eyes may be vulnerable to two forms of network attacks by malicious parties with access to a local network, a research paper (PDF) explained on June 30. The founders of Cloak, a VPN service with native iOS and OS X apps, say that the more severe of the two vulnerabilities also exists in iOS's most deeply integrated VPN protocol, and can't be mitigated without Apple's involvement.
Glenn Fleishman | 03 Jul | Read more
While the world's focus on Apple today might be on the release of its new streaming music service, the company also pushed out a host of security fixes for exploits, flaws, and--shall we say--politically difficult situations of the last few months. iOS 8.4 and OS X 10.10.4 should make users safer, pending testing by outside researchers.
Glenn Fleishman | 01 Jul | Read more
It's the easiest thing in the world to write a headline that tells you to panic; it's much harder to write one that says something is very wrong, but the odds of it occurring are very low and getting lower. Last week's release of a research paper that showed exploits that were possible in App Store-approved software in iOS and OS via intra-application shared resources was significant. However, most of the media covering it (including us) got the nuance right.
Glenn Fleishman | 23 Jun | Read more
Security researchers have found major flaws in OS X and a single one in iOS that open the door to malware. The exploits allow malicious apps that have made their into the App Store to bypass or ignore sandbox and other security protections to grab passwords from others apps' keychain entries, steal data from other apps' private data storage, hijack network ports, and masquerade as different apps to intercept certain communications.
Glenn Fleishman | 18 Jun | Read more
The password-storage maker LastPass announced the worst possible news for a company in its business on Monday: its password database was breached and user account information stolen. Because LastPass allows central storage and synchronization of your data store--the "vault" of passwords and other information you use with its app and website--someone being able to suss out your master password would seemingly have access to all your secrets.
Glenn Fleishman | 18 Jun | Read more