When we get complacent, we get bad about security. The more we're prompted by something irritating that can be dismissed only by entering a password again, the more likely we are to not pay attention to what's asking. I speak, of course, of Apple's seemingly random and sometimes frequent iCloud login popup messages in iOS.
Glenn Fleishman | 13 Jun | Read more
Nestled in the middle of iOS 9 announcements were two security-related bumps: Apple now suggests you sete a six-digit passcode instead of a four-digit one; and two-factor authentication becomes a built-in part of iOS (and OS X) rather than an afterthought.
Glenn Fleishman | 10 Jun | Read more
A security researcher has found what he says is a deep flaw that potentially affects all Macintosh Intel models made until mid-2014, when the error he discovered appears to have been fixed. The exploit would allow, in a very particular set of combined conditions, to rewrite the boot-up firmware in a Mac to include persistent, malicious software.
Glenn Fleishman | 05 Jun | Read more
The Apple Watch could become our central hub in a wheel of identity, in which all spokes rotate around our wrist. Some early Watch apps already have a high degree of utility. But we're only scratching the surface of what's to come.
Glenn Fleishman | 02 Jun | Read more
As websites lag in taking action on fundamental, known security problems, Google and Mozilla have started to take matters into their own hands to alert users about server or infrastructure flaws. The latest iteration is Google rolling out a warning and an error in a recent version of Chrome that waggles its finger at outdated encryption methods used for securing sessions. Mozilla will follow no later than January, though maybe earlier. Where are Apple and Microsoft hiding? More on them later.
Glenn Fleishman | 01 Jun | Read more
There's no doubt that networked resources like printers, scanners, and storage devices have a huge degree of utility. But cheaper and older peripherals don't always have the gumption to connect via Wi-Fi or ethernet. USB is the only option, or at the least, it's far cheaper. Networking USB devices is thus a clever workaround. Apple has supported external access to printers via AirPort Express since 2004, and to storage via its AirPort Extreme and Time Capsule base stations since 2007.
Glenn Fleishman | 23 May | Read more
I hate to poke holes in good-faith efforts to improve the integrity and security of individuals' and businesses' data, but in just the last week, I've seen three separate efforts that each attempt to fix a problem, but only solve a top layer. The underlying defects remain, and they're not at all the fault of those companies.
Glenn Fleishman | 15 May | Read more
The Knock app was always a simple and nifty idea. Install a bit of software on your Mac and then purchase the company's $5 iOS app. Using Bluetooth 4.0 to communicate, whenever your Mac was manually locked or via a timed setting, you can launch the Knock app or swipe a notification, and then knock twice on the screen.
Glenn Fleishman | 08 May | Read more
Google apparently doesn't mind picking a fight with China. In 2010, unable to find a basis in which it could operate its services with minimal filtering or interference, and after attacks reported to originate in China against the company's internal mail and other systems, it shifted its search results from mainland China to servers in Hong Kong. Hong Kong operates under a special status, though it is part of the People's Republic. Mainland searchers had to use workarounds to perform searches via Google in Hong Kong and elsewhere.
Glenn Fleishman | 01 May | Read more
On Tuesday, researchers from Skycure disclosed at the RSA conference that a previously known iOS flaw related to automatic Wi-Fi network connection and a newly discovered SSL certificate handling error could cause an iPhone or iPad to crash and endlessly reboot as long as it remains within range of the network. (Skycure sells monitoring and mitigation systems.)
Glenn Fleishman | 24 Apr | Read more
Imagine if, with no effort on your part, every web connection you made was secured, even the most ordinary, such as visiting our fair site while not logged in. You might think, why bother when I'm just visiting sites I read or use for reference--sites where there's no personal or financial information to steal?
Glenn Fleishman | 18 Apr | Read more
Most desktop cryptography relies on software created and maintained by corporations, often (not always) based on open standards, but requiring a level of trust in that firm's ability to resist government efforts to weaken it as well as believing they can validate and audit their own code well enough to find and then repair serious flaws.
Glenn Fleishman | 03 Apr | Read more
In a post on March 23, Google's security team explained that it had discovered that someone was delivering digital certificates to users for Google domains that weren't authorized by Google. A quick investigation discovered that a Chinese certificate authority (CA), CNNIC, had improperly given a reseller enough power to create verifiable certificates for any domain in the world.
Glenn Fleishman | 27 Mar | Read more
The web security exploit known as FREAK that I discussed last week was patched by Apple days after it was discovered two weeks ago. FREAK relied on a configuration issue in web servers combined with a flaw for backwards compatibility in many software libraries used to create a secure connection. But the patch only affected Apple's operating systems--not all apps.
Glenn Fleishman | 20 Mar | Read more
FREAK is last week's worry, but installing untrusted applications is a perennial worry. It's a two-fer (or two-fear) in this column, about security issues new and old.
Glenn Fleishman | 13 Mar | Read more