tag:blogger.com,1999:blog-71073011066760157362024-03-05T23:51:04.976-05:00AppleHatersA little blog to show everyone that Apple is not the great company they say they are.Unknownnoreply@blogger.comBlogger213125tag:blogger.com,1999:blog-7107301106676015736.post-33446571356417850572019-06-29T10:05:00.004-04:002019-06-29T10:10:28.474-04:00In-the-wild Mac malware kept busy in June—here’s a rundown<span style="font-size: x-small;"><i>from arstechnica.com</i></span><br />
<span style="font-size: x-small;"><b>Newly disclosed OSX/CrescentCore is 1 of 6 Mac threats to come to light this month.</b></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtHVTtmqeEMghioToJp-DXjORZ3flCwMWOFXf_J2w5Q7csIMgluENuNb9gR5yrPWlA_8InQbT83NWFvBEieqnQ2i3Qao4SJh8FavzLnwhAi2TwhJWtEEmaZNSa9soWHkc68KqDggxeCQ0/s1600/OSX-CrescentCore-logo-600x400.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="400" data-original-width="600" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtHVTtmqeEMghioToJp-DXjORZ3flCwMWOFXf_J2w5Q7csIMgluENuNb9gR5yrPWlA_8InQbT83NWFvBEieqnQ2i3Qao4SJh8FavzLnwhAi2TwhJWtEEmaZNSa9soWHkc68KqDggxeCQ0/s200/OSX-CrescentCore-logo-600x400.png" width="200" /></a></div>
<span style="font-size: x-small;"><br /></span>
June was a busy month for Mac malware with the active circulation of at least six threats, several of which were able to bypass security protections Apple has built into modern versions of its macOS.<br />
<br />
The latest discovery was published Friday by Mac antivirus provider Intego, which disclosed malware dubbed OSX/CrescentCore that's available through Google search results and other mainstream channels. It masquerades as an updater or installer for Adobe’s Flash media player, but it's in fact just a persistent means for its operators to install malicious Safari extensions, rogue disk cleaners, and potentially other unwanted software.<br />
<br />
“The team at Intego has observed OSX/CrescentCore in the wild being distributed via numerous sites,” Intego’s Joshua Long wrote of two separate versions of the malware his company has found. “Mac users should beware that they may encounter it, even via seemingly innocuous sources such as Google search results.”<br />
<div style="text-align: center;">
<b><span style="font-size: large;"><u>Security evasions</u></span></b></div>
<div style="text-align: center;">
<br /></div>
Long said that the CrescentCore versions he observed were signed with certificates belonging to an Apple-trusted developer. That would allow the malware to bypass Gatekeeper, a macOS protection that’s designed to thwart malware by allowing only digitally signed applications to be installed. Both recovered versions of CrescentCore are signed by certificates assigned to a developer using the name Sanela Lovic using certificate fingerprints 5UA7HW48Y7 and D4AYX8GHJS.<br />
<br />
Long said he reported the certificate abuse to Apple, but as early Friday afternoon, a tool called WhatsYourSign, developed by Mac security expert Patrick Wardle, showed both signing certificates remained valid. On Friday evening, the tool showed one certificate had been revoked and another remained valid.<br />
<br />
CrescentCore uses other techniques to avoid detection and analysis. After targets click on the fake Flash installer/updater, it first checks to see if it’s about to be installed inside a virtual machine or on a Mac that’s running AV software. If either of those possibilities turns out to be true, the trojan will simply exit and not do anything more. Security researchers almost always test suspected malware inside VMs to prevent accidentally infecting trusted work computers.<br />
<br />
Mac users who want to check for infections should look for files with the name Player.dmg (or Player #.dmg or Player (#).dmg where # is a numeral such as 1 or 2) downloaded to the Downloads folder. Infected Macs may also contain folders or files with the following names:<br />
<br />
<ul>
<li>/Library/com.apple.spotlight.Core</li>
<li>/Library/Application Support/com.apple.spotlight.Core</li>
<li>/Library/LaunchAgents/com.google.keystone.plist</li>
<li>com.player.lights.extensions.appex</li>
</ul>
<div>
Friday’s Intego post lists one of at least six macOS threats that have come to light this month. Others include:</div>
<div>
<br /></div>
<br />
<div>
<ul>
<li>OSX/Linker, a Mac malware family that exploits a zero-day vulnerability in Gatekeeper so that it can install unsigned malware. The exploit technique, which was disclosed by researcher Filippo Cavallarin last month, works by loading installers from a network-shared disk, which is off limits to Gatekeeper.</li>
</ul>
<ul>
<li>A cryptocurrency miner dubbed LoudMiner by ESET and Bird Miner by Malwarebytes, the two firms that independently discovered it. The miners, found in a cracked installer for the high-end music production software Ableton Live, work by emulating Linux.</li>
</ul>
<ul>
<li>Malware dubbed OSX/Newtab, which tries to inject tabs into the Safari browser. Some of the file names disguise themselves as government forms or recipe apps. All samples have an identifier of com.NTAppStubInstaller and were digitally signed with the Apple Developer ID cosmina beteringhe (HYC4353YBE).</li>
</ul>
<ul>
<li>Backdoors dubbed NetWire and Mokes that were installed in in-the-wild attacks exploiting a pair of potent Firefox zerodays to target people involved with cryptocurrencies. Both backdoors were able to bypass Gatekeeper and were undetected by antivirus engines at the time the attacks went live.</li>
</ul>
<div>
The recent activity is an indication that more and more malware developers are finding it worth their time to create malicious wares for macOS, a platform they largely shunned a decade ago.</div>
<div>
<br /></div>
<div>
As is the case with Windows computers, the best way to protect Macs against malware is to ensure the OS, browsers, and browser extensions are updated as soon as possible after security patches are released. Another key safeguard is to never run a stand-alone version of Flash (the one built into Chrome is generally OK).</div>
</div>
Unknownnoreply@blogger.com5tag:blogger.com,1999:blog-7107301106676015736.post-30910697574480049472018-07-13T14:03:00.001-04:002018-07-13T14:03:07.340-04:00New iOS security feature can be defeated by a $39 adapter… sold by Apple<span style="font-size: x-small;">from <i>https://hotforsecurity.bitdefender.com</i></span><br />
<span style="font-size: x-small;"><i><br /></i></span>
Yesterday Apple released a brace of updates for its software – fixing bugs and patching security holes in the likes of MacOS, watchOS, tvOS, Safari, iTunes for Windows, iCloud for Windows, and iOS for iPhones and iPads.<br />
<br />
The update for iOS, bringing it to version 11.4.1, is particularly interesting as it includes a new feature – “USB Restricted Mode.”<br />
<br />
USB Restricted Mode is designed to disable an iPhone or iPad’s Lightning port, preventing it from transferring data, one hour after the device was last locked.<br />
<br />
You can still charge your device after its Lightning port has been disabled, but you need to enter a smartphone’s password if you wish to use the port to transfer data to and from device.<br />
<br />
A support advisory from Apple shares more details:<br />
<br />
“Starting with iOS 11.4.1, if you use USB accessories with your iPhone, iPad, or iPod touch, or if you connect your device to a Mac or PC, you might need to unlock your device for it to recognize and use the accessory. Your accessory then remains connected, even if your device is subsequently locked.”<br />
<br />
“If you don’t first unlock your password-protected iOS device — or you haven’t unlocked and connected it to a USB accessory within the past hour — your iOS device won’t communicate with the accessory or computer, and in some cases, it might not charge. You might also see an alert asking you to unlock your device to use accessories.”<br />
<br />
Which sounds, of course, like bad news for law enforcement and intelligence agencies who may want to crack into a locked iPhone using tools like GrayKey. GrayKey, and similar tools, use the Lightning port to help anyone with physical access crack their way into a locked device – without having to manually guess the passcode.<br />
<br />
Unfortunately for Apple, and customers who like to believe that their phone is private, a workaround has been discovered whereby police could prevent an iPhone or iPad entering USB Restricted Mode if they act quickly enough.<br />
<br />
Researchers at Elcomsoft discovered that the one hour countdown timer can be reset simply by connecting the iPhone to an untrusted USB accessory:<br />
<br />
“In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour. Importantly, this only helps if the iPhone has still not entered USB Restricted Mode.”<br />
<br />
And where might you find such a compatible USB accessory that can prevent USB Restricted Mode from kicking in?<br />
<br />
Look no further than Apple’s own online store, where the company will happily sell you a Lightning to USB 3 Camera Adapter for a mere $39. Chances are that there are even cheaper accessories which will do the job just as well.<br />
<br />
Apple has successfully made the window of opportunity smaller for anyone (whether they be a member of law enforcement or not) to crack into an iPhone, but this discovery means that they have not closed it completely.<br />
<br />
Apple will need to continue to strengthen the security and privacy of its mobile devices if it wishes to maintain its edge over many Android smartphones. Nice try with iOS 11.4.1 Apple, but we need you to do more.Unknownnoreply@blogger.com5tag:blogger.com,1999:blog-7107301106676015736.post-58692439836888926242018-01-14T10:36:00.001-05:002018-01-14T10:36:17.915-05:00Warning: New Undetectable DNS Hijacking Malware Targeting Apple macOS Users<span style="font-size: x-small;"><i>from https://thehackernews.com</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: x-small;"><i><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAJluJZu2YlxBTLS6wuDMr1ry9yxt12HiHggHtVxVgIeaLyw-3vaQqVSgQihTbM8V1ki2l62yb9m1BgoBog8FerXzBD96llJuR7LYU0tlT1OcXiOX0IU02nDxUpT7TbJMapF7MmKGwKsI/s1600/MAMI-Malware.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="563" data-original-width="668" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAJluJZu2YlxBTLS6wuDMr1ry9yxt12HiHggHtVxVgIeaLyw-3vaQqVSgQihTbM8V1ki2l62yb9m1BgoBog8FerXzBD96llJuR7LYU0tlT1OcXiOX0IU02nDxUpT7TbJMapF7MmKGwKsI/s200/MAMI-Malware.png" width="200" /></a></i></span></div>
<br />
A security researcher has revealed details of a new piece of undetectable malware targeting Apple's Mac computers—reportedly first macOS malware of 2018.<br />
Dubbed OSX/MaMi, an unsigned Mach-O 64-bit executable, the malware is somewhat similar to DNSChanger malware that infected millions of computers across the world in 2012.<br />
DNSChanger malware typically changes DNS server settings on infected computers, allowing attackers to route internet traffic through malicious servers and intercept sensitive information.<br />
First appeared on the Malwarebytes forum, a user posted a query regarding unknown malware that infected his friend's computer that silently changed DNS settings on infected macOS to 82.163.143.135 and 82.163.142.137 addresses.<br />
After looking at the post, ex-NSA hacker Patrick Wardle analysed the malware and found that it is indeed a 'DNS Hijacker,' which also invokes security tools to install a new root certificate in an attempt to intercept encrypted communications as well.<br />
<div>
<div>
"OSX/MaMi isn't particularly advanced - but does alter infected systems in rather nasty and persistent ways," Patrick said.</div>
<div>
"By installing a new root certificate and hijacking the DNS servers, the attackers can perform a variety of nefarious actions such as man-in-the-middle'ing traffic (perhaps to steal credentials, or inject ads)" or to insert cryptocurrency mining scripts into web pages.</div>
<div>
Besides this, the OSX/MaMi macOS malware, which appears to be in its initial stage, also includes below-mentioned abilities, most of which are not currently activated in its version 1.1.0:</div>
<div>
<ul>
<li>Take screenshots</li>
<li>Generate simulated mouse events</li>
<li>Perhaps persist as a launch item</li>
<li>Download and upload files</li>
<li>Execute commands</li>
</ul>
</div>
<div>
The motive, author(s) behind the malware, and how it is spreading are currently unknown.</div>
<div>
However, Patrick believes that the attackers could be using lame methods like malicious emails, web-based fake security alerts/popups, or social-engineering type attacks to target Mac users.</div>
<div>
To check if your Mac computer is infected with MaMi malware, go to the terminal via the System Preferences app and check for your DNS settings—particularly look for 82.163.143.135 and 82.163.142.137.</div>
</div>
<div>
<div>
According to VirusTotal, a multi-engine antivirus scanner, none of 59 popular antivirus software is detecting this malware at this moment, so you are advised to use a 3rd-party tool such as a firewall that can detect and block outgoing traffic.</div>
<div>
You can also install a free open-source firewall for macOS named 'LuLu,' created by Patrick and available at GitHub, which blocks suspicious traffic and prevents OSX/MaMi's from stealing your data.</div>
</div>
Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7107301106676015736.post-34204066338367306152017-12-27T09:54:00.001-05:002017-12-27T09:54:20.395-05:00First Lawsuits Filed Against Apple for Slowing iPhones<span style="font-size: x-small;"><i>from extremetech.com</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHUYO6BhvVG08YXuGy-ycnnz8hv_afyavVZuhl7TIASjI9izj7DTNiqv7TOg_Tp3891Xq_GLPtaOjf85PIW_izwQMHNfy0ttIkXqc9dUVeq7b77vlt2SpdTecxWKwfot_3nlHEQzB7RUw/s1600/download.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="168" data-original-width="300" height="112" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHUYO6BhvVG08YXuGy-ycnnz8hv_afyavVZuhl7TIASjI9izj7DTNiqv7TOg_Tp3891Xq_GLPtaOjf85PIW_izwQMHNfy0ttIkXqc9dUVeq7b77vlt2SpdTecxWKwfot_3nlHEQzB7RUw/s200/download.jpg" width="200" /></a></div>
Over the years, iPhone owners have often wondered aloud if Apple was doing something to slow down older devices. Now, we know that yes, it does do that. Just a few days after admitting that it has been quietly throttling older iPhones with degraded batteries, a pair of lawsuits have been filed against Apple alleging fraud and deceptive practices.<br />
<br />
It became clear during the last few iOS version updates that Apple had opted to apply performance throttling to older devices. It wasn’t until Geekbench ran comparisons with various iOS versions that iPhone owners had any proof. Apple was forced to issue a statement in which is admitted to slowing down iPhones. In some ways, its position makes sense, but the way it handled the situation is terrible.<br />
<br />
The situation has to do with how lithium-ion batteries age. We’re all familiar with batteries losing capacity as they get old, but they also have less voltage. It turns out Apple didn’t include enough headroom for the battery, and its voltage can fall below what is needed to power the custom A-series system-on-a-chip. Without enough voltage, the phone can just shut down without warning. Apple’s solution to this was to add performance throttling to iOS based on battery voltage. So, if your battery is degrading, your phone gets slow.<br />
<br />
The first class-action lawsuit filed in Illinois accuses Apple of violating the Illinois Consumer Fraud and Deceptive Business Practice Art. Specifically, the filers point to Apple’s decision not to notify users it was going to throttle their phones. As had been pointed out, very few would suspect a battery issue as the root cause of sluggish performance. That could lead consumers just to buy a new phone, which is to Apple’s advantage.<br />
<br />
Another suit filed in Los Angeles claims Apple’s phone throttling plan “was never requested or agreed upon.” This suit also suggests Apple is hoping to get consumers to upgrade by slowing down their phones rather than simply reporting that the hardware might need service.<br />
<br />
It looks like Apple’s decision to introduce this “feature” secretly is the main issue here. Even if Apple’s intentions were pure (which is certainly up for debate), making these performance changes in secret looks very suspicious. For a company that claims to care about the user experience, this whole fiasco makes Apple look quite disconnected from the concerns of its customers. Class actions like these are notoriously slow to litigate, so iPhone owners might end up with a small settlement in a couple years.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7107301106676015736.post-47715492212816747212017-12-18T08:37:00.001-05:002017-12-18T08:44:34.438-05:00New MacOS malware steals bank log-in details and intellectual property<p dir="ltr"><i>From https://www.scmagazineuk.com</i><br>
<i>Security researchers have discovered a new, invasive OSX.Pirrit adware variant targeting Mac OS X that enables cyber-criminals to take full control of a user's Mac computer.</i><br>
Security researchers have discovered a new, invasive OSX.Pirrit adware variant targeting Mac OS X that enables cyber-criminals to take full control of a user's Mac computer.<br>
The malware has already infected thousands of Mac computers around the world. According to a blog post by Amit Serper, principal security researcher at Cybereason, while usual adware campaigns enable the attackers to flood a person's computer with ads, this malware not only bombards Macs with adware, it spies on users and runs with the highest user privileges, enabling hackers to leverage this adware to capture personal information on the users, including bank account logins and intellectual property of businesses.</p>
<p dir="ltr">“To my surprise, it's very active. Not only is it still infecting people's Macs, OSX.Pirrit's authors learned from one of their mistakes (They obviously read at least one of our earlier reports),” said Serper.</p>
<p dir="ltr">He added that unlike old versions of OSX.Pirrit that used rogue browser plug-ins or even installed a proxy server on the victim's machine to hijack the browser, this incarnation uses AppleScript, Apple's scripting/automation language. </p>
<p dir="ltr">“And, like its predecessors, this variant is nasty. In addition to bombarding people with ads, it spies on them and runs under root privileges,” he said.</p>
<p dir="ltr">Serper said that the malware uses AppleScript to injects JavaScript code directly into the browser. He added that the code is “a great example of how an adtech company is borrowing nefarious tactics found in malware to make it hard for antivirus software and other security products to detect them.”</p>
<p dir="ltr">“There is no difference between traditional malware that steals data from its victims and adware that spies on people's Web browsing and target them with ads, especially when those ads are for either fake antivirus programs or Apple support scams,” he said.</p>
<p dir="ltr">“As for OSX.Pirrit malware, it runs under root privileges, creates autoruns and generates random names for itself on each install. Plus, there are no removal instructions and some of its components mask themselves to appear like they're legitimate and from Apple.”</p>
<p dir="ltr">He said that a company called TargetingEdge created OSX.Pirrit and his research hasn't gone unnoticed by it.<br>
“Cybereason has received a few cease and desist letters from a firm claiming to be TargetingEdge's legal counsel. The letters demand that we stop referring to TargetingEdge's software as malware and refrain from publishing this report,” he said.</p>
<p dir="ltr">Serper said around 28 other antivirus engines on Virus Total also classify it as such. “The authors of this software went through great lengths to mask themselves and distance themselves from it,” he added. TargetingEdge claimed that it develops and operates a “legitimate and legal installer product for MAC users,” and is not malware and doesn't include any features of malware.</p>
<p dir="ltr">Kelvin Murray, threat research analyst at Webroot, told SC Media UK that users need to report any changes to the search or browser settings of their device to the admin. Users need to be aware that these changes can just be one visible part of a much bigger problem. He adds, “In addition, admins need to take the usual security measures including software updates, AV, and user education. Both the admin and users need to see this as yet another sign that Macs are not “virus proof” as is so commonly assumed and often ignored. There is a need of a stronger focus put onto OSX as security vulnerabilities are becoming more apparent, especially taking into account the event of the MacOS High Sierra.” </p>
<div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGK70WSKe8Qn1EirdrUujabCiVbGRJ7nO6Aj9gpezAcoi4AGxO8Zb_Z9EPXGTHji5u3ACKcTNTqwwfJFVJzctJlJW35dcaOkorEWVuv1nfrWuPaYEUfazUmigiMmaW6vLs2QU8QWPxHXM/s1600/Pirrit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGK70WSKe8Qn1EirdrUujabCiVbGRJ7nO6Aj9gpezAcoi4AGxO8Zb_Z9EPXGTHji5u3ACKcTNTqwwfJFVJzctJlJW35dcaOkorEWVuv1nfrWuPaYEUfazUmigiMmaW6vLs2QU8QWPxHXM/s640/Pirrit.png"> </a> </div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7107301106676015736.post-75754224613678066222017-12-17T08:25:00.001-05:002017-12-17T08:25:30.966-05:00Apple refunds Chinese woman after colleague unlocks her iPhone X using Face ID<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMZrIUUXs30gZY-araqINNfG4D9EyZAeW_KM7SonHZlVY74oqQ8LC66XmFfvENIKJ8sNj2T9V48dx0EKnFjM4xG3-k5NbKRoodQKwU19ov8Kh7VL3ugv7osyvwYC5c90k54IDWTDHj-E4/s1600/iphone-x-face-id-fail.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="440" data-original-width="700" height="201" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMZrIUUXs30gZY-araqINNfG4D9EyZAeW_KM7SonHZlVY74oqQ8LC66XmFfvENIKJ8sNj2T9V48dx0EKnFjM4xG3-k5NbKRoodQKwU19ov8Kh7VL3ugv7osyvwYC5c90k54IDWTDHj-E4/s320/iphone-x-face-id-fail.jpg" width="320" /></a></div>
<i><span style="font-size: xx-small;">from https://www.techworm.net</span></i><br />
<i><span style="font-size: xx-small;"><br /></span></i>
<b>Chinese Woman Gets Refund From Apple After Colleague Unlocks iPhone X With Face ID</b><br />
<br />
The USP of Apple’s 10th anniversary premium smartphone, iPhone X is the Face ID technology used in the device that provides high security and cannot be tricked, according to the tech giant.<br />
<br />
However, this Face ID technology failed when a colleague of a Chinese woman from Nanjing could unlock not one but two of her iPhone X handsets, reported the South China Morning Post.<br />
<br />
The woman identified only by her surname Yan, from Nanjing, China told the Jiangsu Broadcasting Corporation that her co-worker was able to unlock both her iPhone X – original as well as the new one Apple gave her as a replacement – on every single attempt.<br />
<br />
The first time it happened, Yan called the Apple hotline but the support team apparently refused to believe her. In order to demonstrate the facial recognition problem, Yan went to the nearest Apple Store along with her colleague to show the staff what happened.<br />
<br />
Apple staff at the store said the camera might be faulty and gave Yan a refund, which she used to buy a new iPhone X, reported the South China Morning Post. However, she faced the same problem with the replaced iPhone X prompting the store to offer a second refund, said the report.<br />
<br />
It’s still not clear whether Yan has bought a third iPhone X with the refund money. Apple has yet to comment on the issue.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7107301106676015736.post-44633974664709806822017-12-03T11:59:00.001-05:002017-12-03T11:59:12.995-05:00Number of malware attacks on Macs increased by more than 70% <span style="font-size: x-small;"><i>from https://de.business.f-secure.com</i></span><br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjZRqjkLos6RUjzxWxdosnpSqn7oLBodEjYxz-PZoAY72p-82RuGkhK-QoMVc3tLdoTaNeMEI5Y4IJV4wJm_vN3M2ZmkyjY4W-HRnr5nMG9F-47ooNutTL-ZXhCm7Arz6kudVM71rA5kc/s1600/600x348_mac_malwaregraph.png" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="348" data-original-width="600" height="184" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjZRqjkLos6RUjzxWxdosnpSqn7oLBodEjYxz-PZoAY72p-82RuGkhK-QoMVc3tLdoTaNeMEI5Y4IJV4wJm_vN3M2ZmkyjY4W-HRnr5nMG9F-47ooNutTL-ZXhCm7Arz6kudVM71rA5kc/s320/600x348_mac_malwaregraph.png" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">70% more malware against Macs</td></tr>
</tbody></table>
In the first three quarters of 2017, the number of malware attacks on Macs increased by more than 70% and PUA (potentially unwanted applications such as adware) by 50% over the previous year (source: F-Secure Labs). The number of threats is growing rapidly as attackers are clearly shifting their efforts towards the often-unprotected Macs.<br />
<br />
On October 17, Reuters reported a security breach of the Microsoft Vulnerability Tracking System. A violation that occurred more than four years ago in 2013 . And what was the attack vector related to this security breach? Macs. That these were Macs, our security adviser Sean Sullivan suspected right from the start.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA9eVPdh1yfDXjewGHWcbT_6lt3DqWvx_sgiqd-anE-BbcULFmR0oZ4LXVFtoTIE_nuYRvplbJHXBFwL8gENc84z4V6eCAGHebTLzjcQz4nuvSkmBbuZHfMhlR-2F1L1q0E7l3PmhQri4/s1600/600x348_mac_puagraph.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="348" data-original-width="600" height="185" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA9eVPdh1yfDXjewGHWcbT_6lt3DqWvx_sgiqd-anE-BbcULFmR0oZ4LXVFtoTIE_nuYRvplbJHXBFwL8gENc84z4V6eCAGHebTLzjcQz4nuvSkmBbuZHfMhlR-2F1L1q0E7l3PmhQri4/s320/600x348_mac_puagraph.png" width="320" /></a></div>
Back in February 2013, he had correctly deduced that Apple Macs were involved in a related hack on Twitter . Given the serious potential damage such hacks could have caused, Sean wrote :<br />
<br />
"People who use their Mac for work should not have the same sense of security as home users. It's obvious that work-based Macs are more of a goal, and security expectations should be scaled according to the threat level. "<br />
<br />
Nothing about the current Mac threat landscape has led Sean to question his earlier assessment. If you're using a Mac for business, Sean says, "You need to take the time to rethink your security profile."<br />
<br />
The latest analysis from F-Secure Labs shows that the new malware is predominantly in the spyware category and over a third of the attacks are targeted attacks. That may not surprise anyone: <b><i> Macs need protection</i></b>. However, there are huge differences in how companies have handled the safety of their various endpoints. A quick way to solve this is to opt for cyber security all-round protection, such as Protection Service for Business . The new version includes the advanced XFENCE technology, which provides the next level of Mac security.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7107301106676015736.post-84112326401325384222017-12-03T11:47:00.000-05:002017-12-03T11:47:34.345-05:00Glitch forces iPhones to reboot over and over<span style="font-size: x-small;"><i>from fox8.com</i></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLObhuEYoqkIOIfRvXacAPQ0T8hdGfJSxXjRzZhh2rREQ2g52HWEOh64Z1ARXDZljfiSM_KVMmLgf2cuXtYIlMMbi6tb_dAYcT33hNYiZzKmnRqx-bfpKXsoC_JS9Yf_4B2uy_rFVl56Y/s1600/boot+8.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="360" data-original-width="240" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLObhuEYoqkIOIfRvXacAPQ0T8hdGfJSxXjRzZhh2rREQ2g52HWEOh64Z1ARXDZljfiSM_KVMmLgf2cuXtYIlMMbi6tb_dAYcT33hNYiZzKmnRqx-bfpKXsoC_JS9Yf_4B2uy_rFVl56Y/s200/boot+8.gif" width="133" /></a></div>
NEW YORK – Apple iPhones were rebooting themselves over and over Saturday morning.<br />
<br />
Phones across the world running iOS 11 encountered a <b>glitch</b> that triggered at 12:15 a.m. local time. A bug in the 11.1.2 software meant that phones using third-party apps to send recurring notifications, like reminders from work out apps or medical apps, would reboot over and over.<br />
<br />
Apple did not respond to a request for comment about the glitch and it’s unclear exactly how many users were affected.<br />
<br />
A number of iPhone users took to social media and message boards to learn about the glitch and voice frustrations.<br />
<br />
“Looks like i found this late but glad it’s patched. I thought my phone was having a hardware failure, worst iOS bug i’ve ever experienced. This was really bad,” wrote Reddit user KarlKrum.<br />
<br />
“This is embarrassing. Facepalm,” wrote Reddit user Siannath.<br />
<br />
The company took the unusual step of releasing a software update on a Saturday when it pushed iOS 11.2.<br />
<br />
The update fixes the rebooting issue and also includes Apple Pay Cash, the company’s new peer-to-peer payment system, faster wireless charging, and new live wallpapers.<br />
<br />
Apple typically releases software updates on Tuesdays.<br />
<br />
This is just the latest in a string of glitches for Apple over the past few weeks.<br />
<br />
In early November, users encountered an error with its text messaging service in which the device would change a typed lower case “i” into a capital “A.”<br />
<br />
Earlier this week developers found a security flaw in the company’s macOS High Sierra computer operating system that allowed users to gain administrative access without inputting a password.<br />
<br />
For users still experiencing the rebooting glitch, Apple recommends the following steps.<br />
<br />
–Tap Settings > Notifications.<br />
<br />
–Tap an app, then turn off Allow Notifications. Repeat this step for each app.<br />
<br />
–Update your device to iOS 11.2.<br />
<br />
–After updating, tap Settings > Notifications and turn Allow Notifications on again for each app.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7107301106676015736.post-73286203000712626152017-10-06T08:49:00.001-04:002017-10-06T08:49:02.094-04:00"Forgot Password" button reveals your actual password<i><span style="font-size: x-small;">from nakedsecurity.sophos.com</span></i><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIkDwhuOwjI9I5d5D6_M1EotPWoIpx2yNr7aMs_6CsZHqTGyTO-ah-txk6zsjuxkA1uh7vV576Ofp-FuPKeYaN7KChhHr_6Cux2qUQro5ZwMk7dn3IsgiwDTV-8EIfGQ18xZZGlJ0fgxo/s1600/apple_sucks-960x854.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="240" data-original-width="320" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIkDwhuOwjI9I5d5D6_M1EotPWoIpx2yNr7aMs_6CsZHqTGyTO-ah-txk6zsjuxkA1uh7vV576Ofp-FuPKeYaN7KChhHr_6Cux2qUQro5ZwMk7dn3IsgiwDTV-8EIfGQ18xZZGlJ0fgxo/s200/apple_sucks-960x854.jpg" width="200" /></a></div>
It’s only eight days since Apple’s latest and greatest macOS 10.13 release, better known as High Sierra.<br />
<br />
But the first security update has already come out, and we suggest you apply it urgently.<br />
<br />
The update is called High Sierra 10.13 Supplemental Update, detailed in the security advisory APPLE-SA-2017-10-05-1.<br />
<br />
There are two bugs fixed; the facepalming one is described thus:<br />
<br />
[BUG.] A local attacker may gain access to an encrypted APFS volume. If a [password] hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint.<br />
To explain.<br />
<br />
APFS is short for Apple File System, Apple’s new way of organising hard disks that replaces the old (but still supported) HFS Plus, a 20-year-old filing system itself derived from Apple’s Hierarchical Filing System, or HFS, that dates back to the 1980s.<br />
<br />
By some accounts, APFS was long overdue: HFS Plus dated from the early days of Mac OS, and wasn’t really designed for the Unix core that was introduced in OS X (now macOS).<br />
<br />
For example, HFS Plus can’t deal with dates after 2040, and doesn’t allow multiple processes to access the filesystem at the same time, making it more sluggish and less future-proof than other widely-used filing systems such as NTFS on Windows and ext4 on Linux.<br />
<br />
New drivers, new utilities<br />
<br />
APFS was introduced as Apple’s default and preferred filing system in High Sierra.<br />
<br />
This means new drivers inside the operating system to support disks formatted with the new system, and new features in Apple’s disk management utilities to prepare APFS disk volumes for use.<br />
<br />
There are two main disk management tools in macOS – the easy-to-use graphical tool Disk Utility, and the super-powerful but arcane command line program diskutil.<br />
<br />
It turns out that the APFS support in the High Sierra version of Disk Utility has feet of clay, as we’ll show here.<br />
<br />
We erased a USB disk and created a new APFS (Encrypted) volume on it.<br />
<br />
Disk Utility prompted us for a password (twice) and an optional hint.<br />
We entered <b>keepthisSecret </b>as the password and The hint should be shown as the hint.<br />
<br />
Disk Utility created the encrypted volume and mounted it automatically.<br />
We unplugged the USB disk and then plugged it back in, and macOS asked for the password. We entered <b>keepthisSecret </b>and the disk was unlocked and mounted, showing that the password had been set as expected.<br />
So far, so good, until we unplugged the device and plugged it back in:<br />
<br />
Again, macOS asked for the password. This time, we clicked the [Show Hint] button before entering the password.<br />
The password dialog revealed that <b>keepthisSecret </b>has been set as the hint as well as the password.<br />
<br />
The text The hint should be shown had, it seemed, simply been thrown away.<br />
<br />
In other words, if you set a password hint as suggested, anyone who stole your disk could “hack” the password simply by using Disk Utility’s [Show Hint] button!<br />
<br />
What to do?<br />
<br />
If you haven’t created any new APFS encrypted volumes since upgrading to High Sierra, you are OK. If you created an APFS encrypted volume but didn’t specify a hint, you are OK. If you created an AFPS encrypted volume using diskutil you are OK (the bug is in Disk Utility, not the operating system itself).<br />
If you upgraded to High Sierra from an earlier version of macOS, your disk will have been converted to APFS, but any hint you had before is left untouched (so<br />
far as we can tell), so you are OK.<br />
<br />
Apply the APPLE-SA-2017-10-05-1 Supplemental Update as soon as you can.<br />
By the way, you can blank out the password hint on any APFS volume, just in case, with the following diskutil command in a terminal window:<br />
<br />
$ diskutil apfs hint /Volumes/[YOURNAME] -user disk -clear<br />
Removing any hint from cryptographic user XXXXXXXX on APFS Volume diskYsZ<br />
$<br />
<br />
If there wasn’t a hint, no harm is done, but you’ll see an error message like this, so by repeating the above command until you provoke the error message, you can verify that any hint was indeed scrubbed:<br />
<br />
Error editing cryptographic user on APFS Volume:<br />
Unable to set APFS crypto user passphrase hint (-69554)<br />
Alternatively, you can overwrite the existing password hint by using the command line option -hint, instead of -clear, like this:<br />
<br />
$ diskutil apfs hint /Volumes/[YOURNAME] -user disk -hint "Your hint here"<br />
Setting hint "Your hint here" for cryptographic user XXXXXXXX on APFS Volume diskYsZ<br />
$<br />
<br />
Whatever you do, though, don’t follow the suggestions of Apple’s own diskutil help text, which offers this terrible advice:<br />
<br />
$ diskutil apfs hint help<br />
[. . . .]<br />
Set a passphrase hint for an existing cryptographic user; you can specify<br />
"disk" for the "Disk" user. Specifying "-clear" will remove any hint.<br />
Ownership of the affected disks is required.<br />
Example: diskutil apfs setPassphraseHint disk5s1 -user disk -hint NameOfMyPet<br />
$<br />
<br />
Pets’ names makes a dreadful passwords, because they’re usually neither secret nor hard to guess, and setting a hint to tell a crook that you have made a dreadful password choice just makes a bad thing worse.<br />
<br />
Of course, if you had set a hint with Disk Utility, then for all you know someone who knew the [Show Hint] trick might have seen your password, so you ought to change it.<br />
<br />
You can update the passphrase on an APFS Encrypted volume quickly and easily as follows:<br />
<br />
$ diskutil apfs changepassphrase /Volumes/[YOURNAME] -user disk<br />
Old passphrase for user XXXXXXXX: ..........<br />
New passphrase: ..........<br />
Repeat new passphrase: ..........<br />
Changing passphrase for cryptographic user XXXXXXXX on APFS Volume diskYsZ<br />
Passphrase changed successfully<br />
$<br />
<br />
<b>A bad look for Apple, letting a buggy system utility like that into a production release…</b><br />
<br />
…but a creditable response by Apple in getting a fix out quickly.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7107301106676015736.post-30224113096364853852017-04-29T11:31:00.001-04:002017-04-29T11:31:36.278-04:00Malware Uses Apple Developer Certificate to Infect MacOS and Spy on HTTPS Traffic<span style="font-size: xx-small;"><i>from macrumors.com</i></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ_NrvXS1M7z6i-5BQwDeavfCvbT_m9lJATe9Oh7RusmKpFF6hFlpFdqmBVPUKsV99za686EyGdsN1Qnf05bTPbTrIttAAIU1kqRk5ASxXoTNtWjB_pqlE8Dmf8yEFPaTksyCJ9P1RAC4/s1600/appleOSupdate.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJ_NrvXS1M7z6i-5BQwDeavfCvbT_m9lJATe9Oh7RusmKpFF6hFlpFdqmBVPUKsV99za686EyGdsN1Qnf05bTPbTrIttAAIU1kqRk5ASxXoTNtWjB_pqlE8Dmf8yEFPaTksyCJ9P1RAC4/s200/appleOSupdate.jpg" width="200" /></a></div>
<span style="font-size: x-small;">A malware research team has discovered a new piece of Mac malware that reportedly affects <b><i>all versions of MacOS</i></b> and is signed with a valid developer certificate authenticated by Apple (via The Hacker News). </span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">The malware has been dubbed "<b>DOK</b>" and is being disseminated through an email phishing campaign which researchers at CheckPoint say is specifically targeting macOS users, making it the first of its kind. </span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">The malware works by gaining administration privileges in order to install a new root certificate on the user's system. This enables it to gain access to all communications between the host Mac and the internet, including traffic flowing through connections encrypted with SSL. </span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">The initial email pretends to be informing the recipient of inconsistencies in their tax return and asks them to download a zip file attachment to their Mac that harbors the malware. Apple's built-in Gatekeeper security feature reportedly fails to recognize it as a threat because of its valid developer certificate, and the malware copies itself to the /Users/Shared/ folder and creates a login item to make itself persistent, even in a rebooted system. </span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">The malware later presents the user with a security message claiming an update is available for the system, for which a password input is required. Following the "update", the malware gains complete control of admin privileges, adjusts the network settings to divert all outgoing connections through a proxy, and installs additional tools that enable it to perform a man-in-the-middle attack on all traffic. </span><br />
<span style="font-size: x-small;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirjxde3AEgAmtQbsmshm3gDyUgR48BVkvEj79I2k6b8QdPkd2bMVccj9V-_GFpJIomMkPIfggXOAt4-YgOZPwnsbNic-dzG9pYG_DXuKe61xKY3-Y7r_SIqhY8OKcO6tR0Jn3nJAMZQfM/s1600/virus-mac.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirjxde3AEgAmtQbsmshm3gDyUgR48BVkvEj79I2k6b8QdPkd2bMVccj9V-_GFpJIomMkPIfggXOAt4-YgOZPwnsbNic-dzG9pYG_DXuKe61xKY3-Y7r_SIqhY8OKcO6tR0Jn3nJAMZQfM/s200/virus-mac.jpg" width="200" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<span style="font-size: x-small;">According to the researchers, Mac antivirus programs have yet to update their databases to detect the DOK malware, and advises that Apple revoke the developer certificate associated with the author immediately. </span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">Back in January, researchers discovered a piece of Mac malware called Fruitfly that successfully spied on computers in medical research centers for years before being detected. </span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">The latest discovery of malware, which appears to target predominantly European users, underlines the fact that Macs are not immune to the threat as is sometimes supposed. As always, users should avoid clicking links or downloading attachments in emails from unknown and untrusted sources.</span><br />
<div>
<br /></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7107301106676015736.post-22450558057866459782017-01-31T15:44:00.000-05:002017-01-31T15:44:13.105-05:00Apple Malware Remained Un-patched for Almost 20 Years<span style="font-size: xx-small;"><i>from news.filehippo.com</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvj1rvh2DhNWt0secpGFMoe-k9TWXgDRFLvxbE9x_cmiIKQvdIXjDpfbfG-252oxqHTXhqirzFPaWDjJ6bRD6zufxlUBvzYnPCISqiSeG2nsJ7MGaIK1VkrhTOgcO7J9y-ko2PlkDiA-k/s1600/macgpic-1484811202-85489878769145-accroche.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="123" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvj1rvh2DhNWt0secpGFMoe-k9TWXgDRFLvxbE9x_cmiIKQvdIXjDpfbfG-252oxqHTXhqirzFPaWDjJ6bRD6zufxlUBvzYnPCISqiSeG2nsJ7MGaIK1VkrhTOgcO7J9y-ko2PlkDiA-k/s200/macgpic-1484811202-85489878769145-accroche.jpg" width="200" /></a></div>
<b>Antivirus Software Maker Spots Apple MacOS Vulnerability</b><br />
<span style="font-size: x-small;">Named Quimitchin by Malwarebytes and called Fruitfly by Apple, the ‘new’ back door may actually have been lurking in the background of macOS for years, taking advantage of vulnerabilities in code that hasn’t been updated since the late 1990s, according to the antivirus software publisher’s blog post.</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">A masterclass in simplicity, <b>the malware contains just two files designed to open a backdoor into the Macs it infects, letting it receive instructions from the hacker’s computer</b>, known in the cybersecurity world as a command and control server (C&C).</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">Thomas Reed from Malwarebytes said: “These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days. In addition, the binary also includes the open source libjpeg code, which was last updated in 1998.</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">“However, we shouldn’t take the age of the code as too strong an indication of the age of the malware. This could also signify that the hackers behind it really don’t know the Mac very well and were relying on old documentation.</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">“It could also be that they’re using old system calls to avoid triggering any kind of behavioral detections that might be expecting more recent code.”</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">Thomas Reed goes on to say that ironically, despite the age and sophistication of this malware, it uses the same old unsophisticated technique for persistence that so many other pieces of Mac malware do: a hidden file and a launch agent. “This makes it easy to spot, given any reason to look at the infected machine closely (such as unusual network traffic). It also makes it easy to detect and easy to remove.”</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">The good news is that Apple has released an update that will be automatically downloaded behind the scenes to protect against future infections.</span><br />
<span style="font-size: x-small;"><br /></span>
<span style="font-size: x-small;">Also, as you might expect, Malwarebytes will detect Fruitfly, or Quimitchin (Why the name? Because the quimitchin were Aztec spies who would infiltrate other tribes. Given the “ancient” code, they thought the name rather fitting!).</span>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7107301106676015736.post-60340790029629490162016-09-16T14:01:00.000-04:002017-01-31T14:10:36.616-05:00More iOS 10 woes: Some users can’t sync music between devicesfrom thenextweb.com<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgooctijr57X6OD5RyPhhL4bMnz7yLkZYZ99HRQRTQbc9Fh6LE6oSsQmGRRGp3xmz_gns-efuzdYh8fETz0iOFDlmNPSIOyXWPynbQNNlhB5O2gjEknOSZGkDngz03P4x11a8PNkFuxBgI/s1600/icloud_connect.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgooctijr57X6OD5RyPhhL4bMnz7yLkZYZ99HRQRTQbc9Fh6LE6oSsQmGRRGp3xmz_gns-efuzdYh8fETz0iOFDlmNPSIOyXWPynbQNNlhB5O2gjEknOSZGkDngz03P4x11a8PNkFuxBgI/s320/icloud_connect.jpg" width="320" /></a></div>
<b>This morning has basically been a disaster for Apple.</b> First its highly-anticipated roll-out of iOS 10 welcomed users with a <b><i>bricked device</i></b>. Now, following the release of iOS 12.5.1, users report they can no longer connect to iCloud Music Library — the lynchpin required to sync music across supported devices.<br />
<br />
iPhone, iPad, iPod touch, Mac or Windows (and Linux) PC users are all susceptible to whatever is causing the issue and many are finding their content inaccessible while the service is down.<br />
<br />
When attempting to access the feature after today’s update, users are met with the following error message. After clicking ‘OK’ the message disappears, only to reappear seconds later.<br />
<br />
We’ve reached out to Apple for comment and we’ll update if necessary.Unknownnoreply@blogger.com6tag:blogger.com,1999:blog-7107301106676015736.post-51997987080383015012016-09-14T10:00:00.000-04:002016-09-14T10:00:05.183-04:00Warning: iOS 10 is reportedly screwing up people’s phones<span style="font-size: x-small;"><i>from thenextweb.com</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio8-Cfq435-1nkX3msqp9uxvJrkLC46ywcpkqFd1HSlEcvPZhxKBTEGglohAdAFPQ0vNkWbOoVS7rhehxhwH9OGKPfbHOUFltV3i46F3PVDMLXVisBx-Ailj5NhDxk6ZkCg_iONhho9Og/s1600/easily-repair-bricked-iOS-device-iPhone-iPad-iPod-300x300.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio8-Cfq435-1nkX3msqp9uxvJrkLC46ywcpkqFd1HSlEcvPZhxKBTEGglohAdAFPQ0vNkWbOoVS7rhehxhwH9OGKPfbHOUFltV3i46F3PVDMLXVisBx-Ailj5NhDxk6ZkCg_iONhho9Og/s200/easily-repair-bricked-iOS-device-iPhone-iPad-iPod-300x300.jpg" width="200" /></a></div>
After releasing iOS 10 earlier today, some users are reporting ‘<b>bricked</b>’ devices after attempting to update to the new operating system. Most of the issues seem to come from over-the-air (OTA) updates, meaning a device that attempts to download and install the update without plugging it in — something Apple used to require.<br />
<br />
The issues seem fairly widespread. The OTA update begins and leaves users staring at a ‘Connect to iTunes’ screen that forces a complete firmware re-install. If you forego the wiping and re-installation of iOS from your iPhone or iPad, you’re left with a <b>bricked and completely useless device</b>.<br />
<br />
Not all users are having the issue though. I updated from the last beta version of iOS 10 to the launch version this morning without incident.<br />
<br />
A Twitter search for iOS 10-related keywords show the problem could be affecting a significant portion of those upgrading. In fact, nearly all of the iOS 10-related update problems appear to be the same issue, a bricked device after a prompt to connect to iTunes.<br />
<br />
For what it’s worth, Apple claims the problem has since been fixed, according to a 9to5 Mac tweet.<br />
<br />
Users, however, are still reporting the problem, so maybe Apple isn’t quite done remedying the issue just yet. Still, if you absolutely have to have iOS 10 today, it’s never a bad idea to do a fresh backup before you make the upgrade.<br />
<br />
<br />Unknownnoreply@blogger.com10tag:blogger.com,1999:blog-7107301106676015736.post-16238001355204203162016-07-23T10:19:00.001-04:002016-07-23T10:20:22.700-04:00Hackers can steal your iOS and Mac passwords with a single image file<b><i><span style="font-size: x-small;">from: thenextweb.com</span></i></b><br />
<b>A new vulnerability discovered by a Cisco researcher could allow hackers to gain access to the internal storage and stored passwords on your iOS or Mac device – and all they’d have to do is send you a malicious image file.</b><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAAOPRbi65vkhDnC38UtkXEpBdRpOuotPvUcgIksTqo4XpXkMI9mO_eVFyV7HKeTj5iF5Ogt3Mahmp1PVI4qKULRMm71Osl1u-lapgk2PkPwhF4dvGNMdMT7RDZYeLPXUM_yemuhnvgLg/s1600/Broken+apple+logo-640x960+wallpapers.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAAOPRbi65vkhDnC38UtkXEpBdRpOuotPvUcgIksTqo4XpXkMI9mO_eVFyV7HKeTj5iF5Ogt3Mahmp1PVI4qKULRMm71Osl1u-lapgk2PkPwhF4dvGNMdMT7RDZYeLPXUM_yemuhnvgLg/s200/Broken+apple+logo-640x960+wallpapers.jpg" width="133" /></a></div>
<br />
Tyler Bohan of Cisco Talos found that a TIFF format file – sent via MMS, email or placed on a webpage that a victim is guided to visit – can hide malware which can run automatically, without being detected.<br />
<br />
In addition to beaming across your authentication credentials on iOS, Mac OS X, tvOS and watchOS, the vulnerability can also allow attackers to remotely control Macs which don’t support sandboxing.<br />
<br />
Thankfully, these issues have been patched by Apple; you’ll need to update to the latest versions of their operating systems – iOS 9.3.3, El Capitan 10.11.6, tvOS 9.2.2 and watchOS 2.2.2 – to stay safe.<br />
<br />
If this sounds familiar, it’s because the security flaw is eerily similar to the Stagefright vulnerability discovered in Android devices last year. After it was spotted last August, a second version was uncovered in which hardware could be compromised by sending across an audio file.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7107301106676015736.post-83626219864649919512016-01-20T13:32:00.001-05:002016-01-20T13:32:13.983-05:00Apple Gatekeeper still lets malware in<i><span style="font-size: x-small;">from komando.com</span></i><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSfOAUPpCcHHOT5DjSoUwowKM7rtjK9AQcs-4iZAm90w97n0Pwmdo4Sy9-p5rzKe4MWY-sYeuYeStziUBLt6XpiQJeCELQfT_PuqiUNSL3nBbA9MxzWibILMqDpQ_4Zynh1TQ-Na3MZQ/s1600/apple_target.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSfOAUPpCcHHOT5DjSoUwowKM7rtjK9AQcs-4iZAm90w97n0Pwmdo4Sy9-p5rzKe4MWY-sYeuYeStziUBLt6XpiQJeCELQfT_PuqiUNSL3nBbA9MxzWibILMqDpQ_4Zynh1TQ-Na3MZQ/s200/apple_target.png" width="200" /></a></div>
If you use a Mac, you may be comforted by its reputation for being secure. For decades, Apple had done a great job of keeper hackers out.<br />
<br />
That is, until Apple products started becoming really popular in recent years. Then, hackers began to pounce. Now, Macs are often hit by hackers, or found to be vulnerable to attack.<br />
<br />
That's the case with Apple Gatekeeper. Ironically, it's a program that's meant to keep the bad guys out. If you download apps, you can tell Apple to only let in apps from trusted providers.<br />
<br />
As Apple puts it, Gatekeeper helps "protect your Mac from malware and misbehaving apps downloaded from the Internet." Apple says it screens all the apps on Mac App Store, and those created by developers with an Apple Developer ID.<br />
<br />
Apple goes on to say: "If an app was developed by an unknown developer, one with no Developer ID, or tampered with, Gatekeeper can block the app from being installed." (See photo.)<br />
<br />
The problem is cybersecurity experts last year found there's a flaw with Gatekeeper. The flaw, CVE-2015-7024, lets hackers get in. Once in, they can use malware to steal your personal information, take over your Mac and demand ransom, spy on you, and more.<br />
<br />
Last year, this same cybersecurity expert alerted Apple about the flaw in Gatekeeper. Apple issued a patch to fix the problem.<br />
<br />
However, as it turned out, Apple patched only some of the entryways for hackers to get in. The problem is, hackers can still get into Gatekeeper.<br />
<br />
They can access a trusted app and load a .dmg file malware onto your Mac. It's vulnerable if you're not using the secure HTTPS protocol, or you're not accessing the app from the Mac App Store.<br />
<br />
As of now, Apple is said to be working with cybersecurity experts to fully patch up the security flaw in Gatekeeper.<br />
<br />
While Apple and cybersecurity experts work on fixing this vulnerability, you should make sure you're protecting yourself, your financial information, and your digital devices. You should use a suite of strong security tools, including an anti-virus program. We recommend our sponsor, Kaspersky Lab.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-7107301106676015736.post-1351904304094876682015-12-31T09:49:00.001-05:002015-12-31T09:49:43.891-05:00Long Island Man Spends 10 Days in Hospital After iPhone Explodes in His Pocketfrom <b><i>patch.com</i></b> "Best of 2015"<br />
<b>A Lindenhurst man recently spent more than a week in the hospital after his iPhone spontaneously exploded in his pocket.</b><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfl6ZKycUUv-Z36PQjWk6DjPMvCtjyCkslYfVlJnJdbgOGmnkPNlE_-J6kL3SYbJb8qGRLQa1FUu09thnd_xV-h5KeT8vc-8XekjFJIsbx6OJEgH9d8haORvN89QmNeMdavZAdte010d8/s1600/iphone_injury.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="150" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfl6ZKycUUv-Z36PQjWk6DjPMvCtjyCkslYfVlJnJdbgOGmnkPNlE_-J6kL3SYbJb8qGRLQa1FUu09thnd_xV-h5KeT8vc-8XekjFJIsbx6OJEgH9d8haORvN89QmNeMdavZAdte010d8/s200/iphone_injury.png" width="200" /></a></div>
<br />
Erik Johnson had reportedly just arrived at his cousin’s wake on Valentine’s Day when his iPhone 5c exploded as he bent down to pick up a set of keys he had dropped.<br />
<br />
“I felt the burn instantly and a cloud of smoke instantly,” the 29-year-old told News 12 Long Island. “I couldn’t get the phone out of my pocket, so I had to rip my pants off to get the phone away from me.”<br />
<br />
Johnson suffered a third-degree burn the size of a football to to his upper left thigh and spent 10 days in a hospital burn unit. He returned home on Tuesday.<br />
<br />
The story was first reported by ABC 7. Johnson told the TV station that he heard a pop and then saw smoke coming from his pocket when he reached down to pick up the keys.<br />
<br />
Johnson says his leg caught fire and the intensity of the heat melted his pocket shut.<br />
<br />
“A couple of people actually said they could smell my body burning,” Johnson told ABC 7.<br />
<br />
Apple says it is investigating the incident. Johnson is planning legal action against the electronics giant.<br />
<br />
“Even if this only happened this one time, that’s one time too many,” Johnson’s lawyer, Mike Della, said according to the Daily News. “What if this happened to a child?”<br />
<br />
There have been other recent reports of exploding iPhones. In October, an Arizona man claimed his iPhone 6 burst into flames in his pocket following a minor rickshaw accident. Last February, a middle school student in Maine suffered minor injuries after her iPhone 5c exploded in her pocket.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7107301106676015736.post-4956166676115158172015-12-14T15:08:00.001-05:002015-12-14T15:08:14.647-05:00Cybercriminals will target Apple in 2016, say experts<span style="font-size: x-small;"><i>from bbc.com</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQJLltCEAlKsiUIXQE6eO1e0QKsifTQl0T9RyQDHi7Tw7oVqsaPXWVXZIvQONG_ggjr53HHn5Q02R7BmpFeDDoAgfEjDoFAQDqRhLDV0DIgE51B-FVENSCJyWxJUBjrhi5Uq3_XbkIosU/s1600/cyber-criminal.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="123" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQJLltCEAlKsiUIXQE6eO1e0QKsifTQl0T9RyQDHi7Tw7oVqsaPXWVXZIvQONG_ggjr53HHn5Q02R7BmpFeDDoAgfEjDoFAQDqRhLDV0DIgE51B-FVENSCJyWxJUBjrhi5Uq3_XbkIosU/s200/cyber-criminal.jpg" width="200" /></a></div>
<b>Cybercriminals are increasingly targeting Apple devices and 2016 will see a rise in attacks on its operating systems, security experts suggest.</b><br />
According to security firm Symantec, the amount of malware aimed at Apple's mobile operating system (iOS) has more than doubled this year, while threats to Mac computers also rose.<br />
Security firm FireEye also expects 2016 to be a bumper year for Apple malware.<br />
Systems such as Apple Pay could be targeted, it predicts.<br />
Apple is an obvious target for cybercriminals because its products are so popular, said Dick O'Brien, a researcher at Symantec.<br />
While the total number of threats targeting Apple devices remains low compared with Windows and Android, Symantec is seeing the range of threats multiply.<br />
Last year, it was seeing a monthly average of between 10,000 and 70,000 Mac computers infected with malware.<br />
"This is far fewer than Windows desktops and we don't want to scaremonger. Apple remains a relatively safe platform but Apple users can no longer be complacent about security, as the number of infections and new threats rise," said Mr O'Brien.<br />
The number of unique OS X computers infected with malware in the first nine months of 2015 was seven times higher than in all of 2014, its research found.<br />
A significant amount of this spike is accounted for by so-called greyware - applications that may not have malware attached but can still be annoying to users, by serving up unwanted ads or tracking their web-browsing habits.<br />
Symantec also found seven new threats aimed at Apple's mobile iOS platform, with jailbroken devices - those that have been unlocked - being particularly vulnerable.<br />
And hackers are also increasingly targeting corporations, where Mac use is now more prevalent.<br />
A corporate espionage group known as Butterfly which attacked multi-billion dollar companies in 2015 developed malware tools that attacked both Windows and Apple computers.<br />
Walled garden<br />
Traditionally iOS has been seen as a more secure platform than Android because of the more closed community that Apple runs for its apps but that is changing, according to FireEye.<br />
While it found that the vast majority - 96% - of mobile malware is targeted at Android devices, iOS is no longer immune.<br />
According to Bryce Boland, chief technology officer at FireEye, attackers are increasingly "finding ways into Apple's walled garden, and that will ramp up next year".<br />
FireEye recently discovered that XcodeGhost, iOS malware that Apple acted quickly to remove from its app store, had found its way into the networks of 210 US businesses.<br />
The attack was thought to be the first large-scale attack on Apple's app store.<br />
The introduction of new payment systems, such as Apple Pay, will add a financial incentive for hackers, making it worth their "time and effort" to develop new malware, FireEye said.<br />
Mr O'Brien said: "We haven't yet seen any threats targeting Apple Pay but anything that involves a financial transaction will be of interest to hackers."Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7107301106676015736.post-20762147443295909272015-11-05T13:19:00.001-05:002015-11-05T13:19:08.450-05:00Mac OS X Malware Soars in 2015<span style="font-size: x-small;">from <i>infosecurity-magazine.com/</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSfOAUPpCcHHOT5DjSoUwowKM7rtjK9AQcs-4iZAm90w97n0Pwmdo4Sy9-p5rzKe4MWY-sYeuYeStziUBLt6XpiQJeCELQfT_PuqiUNSL3nBbA9MxzWibILMqDpQ_4Zynh1TQ-Na3MZQ/s1600/apple_target.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSfOAUPpCcHHOT5DjSoUwowKM7rtjK9AQcs-4iZAm90w97n0Pwmdo4Sy9-p5rzKe4MWY-sYeuYeStziUBLt6XpiQJeCELQfT_PuqiUNSL3nBbA9MxzWibILMqDpQ_4Zynh1TQ-Na3MZQ/s200/apple_target.png" width="200" /></a></div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
<b>Mac malware is set to accelerate over the coming months after having its most prolific year ever so far in 2015, according to new research from endpoint security firm Bit9 + Carbon Black.</b></div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
After an analysis of the year so far, the vendor concluded that five times more Mac malware appeared in 2015 than the previous five years combined. </div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
<span style="line-height: 1.5714em;">It collected 1,400 unique samples over the period using custom built sandboxes and tools such as such as fs_usage, dtrace, and opensnoop.</span></div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
It found that Mac malware as a whole does not borrow very heavily from Unix or Linux malware, which was unexpected given OS X’s roots in the open source FreeBSD.</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
Another interesting find was that more than 90% of the Mac malware it discovered still uses the old load command (LC_THREAD and LC_UNIXTHREAD) to define the entry point into the Mach-O format.</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
This makes it easier to spot potential malware—if a new system is still using the old command.</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
In addition, the Bit9 + Carbon Black researchers concluded that the vast majority of Mac malware uses one of just seven persistence techniques to remain on an infected system.</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
These include LaunchAgents; LaunchDaemons; Login items; Browser plugins; StartupItems; Binary infection; and Cron job.</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgje3GzLVG1qf4JJlhfoCzqXnhYBmH-L9arGbJnTNKAgnRvVOS0-c-WBjiGsuY93DVnsnUFHuATYSvpGdevbCSGbyEqmnk6kFst0vBDbc37ASFGfDkaKr6ap2nHrYMQWF0MfKCKZehC-Ew/s1600/Mac-Malware1.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgje3GzLVG1qf4JJlhfoCzqXnhYBmH-L9arGbJnTNKAgnRvVOS0-c-WBjiGsuY93DVnsnUFHuATYSvpGdevbCSGbyEqmnk6kFst0vBDbc37ASFGfDkaKr6ap2nHrYMQWF0MfKCKZehC-Ew/s200/Mac-Malware1.jpg" width="200" /></a></div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; line-height: 1.5714em; margin-bottom: 16px;">
It appears the growing prevalence of Mac malware is unsurprisingly linked to a rising market share among <span style="background-color: transparent;">consumers and enterprises.</span></div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
“For years, Mac users have watched their PC-using counterparts struggle with cyber-attacks, while enjoying the relative immunity that their hardware provides from malware. This view is becoming increasingly outdated; our research shows that Mac users should be just as worried,” argued Bit9 + Carbon Black Emea MD, David Flower.</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
</div>
<div style="background-color: white; color: #333333; font-family: Bitter, 'Times New Roman', serif; font-size: 14px; line-height: 1.5714em; margin-bottom: 16px;">
“With 45 per cent of businesses now offering Macs as an option to staff, our research should be seen as a timely reminder that every device on the network is a potential target—businesses can’t just rely on a clearly outdated perception of invulnerability.”</div>
Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-7107301106676015736.post-57689109577668559572015-09-10T13:53:00.001-04:002015-09-10T14:21:48.996-04:00Apple's Core Problem Is That It Can No Longer Innovate<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3FHsN_2MZaIGuAaW31jgD26O_uIXhMXOpqPzwXG5YNZ2Xf_yloEv2UBrUyqzH1Q6L9BB0ygG5cxa5Z2DbmBEuALu8WL0aN_UjcZme4X_Fp3sSnCx1ULdvyPwioeL523PRnI1Vk4_d0iE/s1600/apple-logo-small.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="200" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3FHsN_2MZaIGuAaW31jgD26O_uIXhMXOpqPzwXG5YNZ2Xf_yloEv2UBrUyqzH1Q6L9BB0ygG5cxa5Z2DbmBEuALu8WL0aN_UjcZme4X_Fp3sSnCx1ULdvyPwioeL523PRnI1Vk4_d0iE/s200/apple-logo-small.jpg" width="171" /></a></div>
<i><span style="font-size: x-small;">from forbes.com</span></i><br />
Oh, how we laughed when Microsoft unveiled a tablet device with an expensive snap-on keyboard. And, when Steve Jobs declared that the stylus was complete folly and a thing of the past in 2007, we cheered. The tech industry has a very short memory it seems.<br />
<br />
Roll forward to 2015 and Tim Cook showed an expectant audience much of the same that we’ve seen before, and like previous years we have grown to accept that the polish and style of delivery masks a growing problem at Cupertino: <b><i>Apple has run out of juice</i></b>.<br />
<br />
<b><br /></b>
<b><br /></b>
<b>iPhone 6S and 6S Plus</b><br />
<br />
There was nothing here we didn’t already know or even expect, given the many leaks beforehand. Another mid-life iPhone facelift ahead of next year’s iPhone 7, with camera and processor spec bumps. The new iPhone was the last to be announced at the Apple Event because there was nothing to announce. The only attraction this time was Force Touch, something which will definitely kill off the Home Button on the next iteration when Apple figures out how to do fingerprint recognition from the screen for Apple Pay and Touch ID. Tim Cook struggled to make the ubiquitous device seem anything but more of the same. Live Photos? Sounds like a cross between Vine and what Google Photos has been doing for a while now. The 6S Plus is more of a curious beast though, because it almost heralds the death of the iPad Mini. but Apple won’t admit this yet.<br />
<br />
<b>iPad Mini 4</b><br />
<br />
Here’s a device which received some treatment before it disappears from the iPad family-photo album entirely. Apple knows exactly how to capitalize on the runt of the litter, and a little extra gloss will definitely sell a few more numbers but with a 6S Plus in the Apple Store there is no real reason to own an Mini anymore. And it gets worse now Big Brother has arrived.<br />
<br />
<b>iPad Pro</b><br />
<br />
This is where things get interesting. Apple unveiled a device clearly aimed at the more business and prosumer market. With a price point at the higher end to make laptop buyers weep, coupled with an expensive $169 snap-on keyboard and a ludicrous $99 Apple Pencil (i.e. a stylus) it was the clearest indication that Cupertino couldn’t innovate but only imitate competitor strategy. This was almost an admission that Microsoft got it right with the Surface, but just couldn’t market it like Apple hardware. The Pro is aimed at the enterprise market, a smart move by Apple (which has cut deals with IBM and Cisco for distribution of hardware and apps) in a time of slowing consumer tablet sales. But what could the Pro do the consumer laptop sales at Apple? Much like the 6S Plus will eat away at the iPad Mini, the iPad Pro will cut into sales of the Macbook Air. The Pro’s speed and screen resolution (it beats a Retina display on a MacBook Pro) will make many think twice about getting an Air, which until now has been Apple’s least expensive way to balance portability and performance.<br />
<br />
<b>Apple TV</b><br />
<br />
The bedroom hobby project has been trying to become a serious hobby for years. It has still failed to be anything else, and yesterday’s announcement seemed very odd indeed. Apps are not the future of TV, in fact making consumers sit and watch more TV is not the future of the human race. And certainly owning a separate box to appify television is not the answer. Apple wants us to believe that their black beauty is what we need to make the living room come alive again, but every last-gen and current console has been doing what an Apple TV can do for a few years now, and more. If Apple really wanted to make this a serious concern, it would have baked tvOS into a television unit itself, or licensed it to one major OEM. But it won’t. Given that smart TVs already have apps that cater for the same content as Apple TV, together with consoles, Chromecast, Amazon FireStick, and voice interaction already exists, there is no killer reason to own an Apple TV on top. And as a casual games proposition? Please. Even the wording on the website makes it sound like Apple has singlehandedly reinvented the games industry.Unknownnoreply@blogger.com9tag:blogger.com,1999:blog-7107301106676015736.post-35167032055699778652015-05-20T12:20:00.001-04:002015-05-20T12:20:57.915-04:00Vulnerability in Safari Allows Attackers to Spoof Websites<span style="font-size: x-small;"><i>from tripwire.com</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5tLX288fuqfzofziIMz1ZxYhC1YASkORpz-CWnqX9fLxPvJlvnPRQMo_zBI3xi83So54CYx4WKFotjGyOesyhgDSatOPWzdSDaJEx2tHUdIpswmFC3cCfGJ3C5QvW7c3sssZ-OumzfFw/s1600/safari_bug-680x400.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="117" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5tLX288fuqfzofziIMz1ZxYhC1YASkORpz-CWnqX9fLxPvJlvnPRQMo_zBI3xi83So54CYx4WKFotjGyOesyhgDSatOPWzdSDaJEx2tHUdIpswmFC3cCfGJ3C5QvW7c3sssZ-OumzfFw/s200/safari_bug-680x400.jpg" width="200" /></a></div>
A security firm has discovered a vulnerability in Apple’s Safari Browser that allows attackers to spoof legitimate websites and phish for user credentials.<br />
<br />
Security firm Deusen reveals that the flaw works by using a short script to force Safari into loading one page while still displaying the URL of another page. This script is provided below:<br />
<br />
<b><script></b><br />
<b>function f()</b><br />
<b>{</b><br />
<b>location=”dailymail.co.uk/home/index.htm…”+Math.random();</b><br />
<b>}</b><br />
<b>setInterval(“f()”,10);</b><br />
<b></script></b><br />
<br />
Deusen has published a demonstration of the vulnerability here.<br />
<br />
“<i>The code is very simple: webpage reloads every 10 milliseconds using the setInterval() function, just before the browser can get the real page and so the user sees the ‘real’ web address instead of the fake one</i>,” comments Manuel Humberto Santander Peláez, Handler at SANS Internet Storm Center.<br />
The bug works on fully patched versions of iOS and OSX. Even so, the demo code is not perfect.<br />
<br />
safariStaff members at Ars Technica tested the vulnerability, and while the demo code worked flawlessly with a MacBook Pro, the address bar on an iPad Mini periodically refreshed as the page appeared to reload.<br />
<br />
Similarly, Help Net Security experienced some problems when testing the bug. The demo code appeared to work only until a user switched tabs, and even then, it reasoned that savvy users would notice a flickering in the loading progress bar of the address bar.<br />
<br />
Despite the demo code’s flaws, less experienced users might not notice this behavior. Attackers could subsequently target unaware users by redirecting them to a malicious website where they could attempt to infect visitors with malware or steal their login credentials.<br />
<br />
This vulnerability was discovered by the same group of researchers who discovered a Universal Cross Site Scripting (XSS) vulnerability in the latest versions of Microsoft’s Internet Explorer back in February of this year. That flaw also put web users’ login credentials and sensitive information at risk.<br />
<br />
Users are encouraged to watch out for spoofing attacks that redirect them to phishing schemes.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-7107301106676015736.post-91178422140824981292015-04-22T15:34:00.001-04:002015-04-22T15:34:05.796-04:00Apple 'Rootpipe' security vulnerability still prevalent following patch<span style="font-size: x-small;"><i>from techspot.com</i></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicSvSfPMUzJZOAle5nwXNbOuVllvwO6IP2gnxLul6x65ppGGzpjByznJ9qC2hTiUEE_f9dgw0bkXzBRQflL-whAVK4Q2ZH39mdhPvDa0VWLvNNwFKPK5SDwayoxZ2E5mabGu9FUd9poBw/s1600/hole-in-apple.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicSvSfPMUzJZOAle5nwXNbOuVllvwO6IP2gnxLul6x65ppGGzpjByznJ9qC2hTiUEE_f9dgw0bkXzBRQflL-whAVK4Q2ZH39mdhPvDa0VWLvNNwFKPK5SDwayoxZ2E5mabGu9FUd9poBw/s1600/hole-in-apple.jpg" height="170" width="200" /></a></div>
Apple issued an OS X Yosemite update earlier this month which remedied a flaw known as Rootpipe. First discovered last October by security researcher Emil Kvarnhammar (yet having existed since at least 2011), the flaw allows bad actors to gain root access to a system through a backdoor in the system preferences app.<br />
A second security researcher, Patrick Wardle, attempted to exploit the vulnerability on a patched machine and was apparently able to pull it off.<br />
In a post on Objective-See, Wardle said he was on a return flight from a conference when he stumbled upon what he describes as a novel, yet trivial way for any local user to re-abuse Rootpipe. Wardle didn’t provide the technical details of the attack in the spirit of responsible disclosure (except to Apple, of course) but wanted other OS X users to be aware of the risk.<br />
In an e-mailed statement to Forbes, Wardle said he was tempted to walk into an Apple store and try the exploit on a display model but stuck to testing it on his personal laptop.<br />
Wardle, currently the director of research and development at security firm Synack, has made a name for himself in the security community by presenting at conferences including DefCon, VirusBulletin, ShmooCon and CanSecW.<br />
Apple could have its hands full with Rootpipe. Another security researcher, Pedro Vilaça, told the publication that the original fix was doomed since its release because there are so many ways to bypass it “due to the wrong fix design.”<br />
Apple has also been criticized for only issuing a patch for OS X Yosemite, effectively leaving a large number of Mac users vulnerable.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7107301106676015736.post-57446017578286890342015-02-23T13:50:00.001-05:002015-02-23T13:50:08.418-05:00Most vulnerable operating systems and applications in 2014<i><span style="font-size: x-small;">from gfi.com</span></i><br />
<div class="separator" style="clear: both; text-align: center;">
<i><span style="font-size: x-small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh16HVYZHgimq_S3M3r6mBv1sunBzTyc8-ILpgbgfAJug05vzgPrJ0diITllQLN03r2z7hcKNFlID0AuT5WTBKcqdseNiWWaEcFNETwy19V7Lgcr1v5E7yaRZ1JKR_h28DqMTikkm5W-x8/s1600/OS-chart.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh16HVYZHgimq_S3M3r6mBv1sunBzTyc8-ILpgbgfAJug05vzgPrJ0diITllQLN03r2z7hcKNFlID0AuT5WTBKcqdseNiWWaEcFNETwy19V7Lgcr1v5E7yaRZ1JKR_h28DqMTikkm5W-x8/s1600/OS-chart.jpg" height="206" width="400" /></a></span></i></div>
<br />
An average of 19 vulnerabilities per day were reported in 2014, according to the data from the National Vulnerability Database (NVD). The NVD provides a comprehensive list of software security vulnerabilities. In this article, I look at some of the trends and key findings for 2014 based on the NVD’s database.<br />
<br />
Some of the questions asked are:<br />
<br />
- What are the latest vulnerability trends? Are we seeing an increase or a decrease in the number of vulnerabilities?<br />
<br />
- What percentage of these vulnerabilities are rated as critical? (e.g. high security impact – like allowing remote code execution – and thus easy to exploit)<br />
<br />
- In which areas do we see the most vulnerabilities? Are operating systems, third-party applications or network devices such as routers, switches, access points or printers most at risk?<br />
<br />
- Which operating systems and applications are listed with most vulnerabilities? This data is important because the products which are on top get the most frequent security updates. To maintain an IT infrastructure secure, sysadmins need to continually monitor these operating systems and applications for the latest updates and ensure they are always fully patched.<br />
<br />
7,038 new security vulnerabilities were added to the NVD database in 2014. This means an average of 19 new vulnerabilities per day. The number is significantly higher than in 2013 and continues the ascending trend over the past few years.<br />
<br />
24% of these vulnerabilities are rated as high severity. The percentage is lower than in 2013, but the actual number of high security vulnerabilities has increased compared to last year.<br />
Third-party applications are the most important source of vulnerabilities with over 80% of the reported vulnerabilities in third-party applications. Operating systems are only responsible for 13% of vulnerabilities and hardware devices for 4%.<br />
<br />
It is interesting that although Microsoft operating systems still have a considerable number of vulnerabilities, they are no longer in the top 3. <b>Apple with OS X and iOS is at the top</b>, followed by Linux kernel.<br />
<br />
2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems. Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.<br />
<br />
The applications listed here are pretty much the same as in 2013. Not surprisingly at all, web browsers continue to have the most security vulnerabilities because they are a popular gateway to access a server and to spread malware on the clients. Adobe free products and Java are the main challengers but web browsers have continuously topped the table for the last six years. Mozilla Firefox had the most vulnerabilities reported in 2009 and 2012; Google Chrome in 2010 and 2011; Internet Explorer was at the top for the last two years.<br />
<br />
To keep systems secure, it is critical that they are fully patched. IT admins should focus on (patch them first):Unknownnoreply@blogger.com10tag:blogger.com,1999:blog-7107301106676015736.post-79371300581686922142015-01-07T19:36:00.004-05:002015-01-07T19:36:26.852-05:00World’s first (known) bootkit for OS X can permanently backdoor Macs<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWVXDeafByC52o205qY4YNv91EAfQz7PcBjaUmFQtkTsuqflc1KKASaqYrC_3v2Kk0KhYMhjwDoUBtacJoNkMp8j-uu72deyOdxMljZSeckfCbRjoVcKR55Mgy0iwCzJkdDM2RApZrsVs/s1600/thunderstrike-640x360.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWVXDeafByC52o205qY4YNv91EAfQz7PcBjaUmFQtkTsuqflc1KKASaqYrC_3v2Kk0KhYMhjwDoUBtacJoNkMp8j-uu72deyOdxMljZSeckfCbRjoVcKR55Mgy0iwCzJkdDM2RApZrsVs/s1600/thunderstrike-640x360.jpg" height="180" width="320" /></a></div>
<i><span style="font-size: x-small;">from arstechnica.com</span></i><br />
Securing Macs against stealthy malware infections could get more complicated thanks to a new proof-of-concept exploit that allows attackers with brief physical access to covertly replace the firmware of most machines built since 2011.<br />
<br />
Once installed, the bootkit—that is, malware that replaces the firmware that is normally used to boot Macs—can control the system from the very first instruction. That allows the malware to bypass firmware passwords, passwords users enter to decrypt hard drives and to preinstall backdoors in the operating system before it starts running. Because it's independent of the operating system and hard drive, it will survive both reformatting and OS reinstallation. And since it replaces the digital signature Apple uses to ensure only authorized firmware runs on Macs, there are few viable ways to disinfect infected boot systems. The proof-of-concept is the first of its kind on the OS X platform. While there are no known instances of bootkits for OS X in the wild, there is currently no way to detect them, either.<br />
<br />
The malware has been dubbed Thunderstrike, because it spreads through maliciously modified peripheral devices that connect to a Mac's Thunderbolt interface. When plugged into a Mac that's in the process of booting up, the device injects what's known as an Option ROM into the extensible firmware interface (EFI), the firmware responsible for starting a Mac's system management mode and enabling other low-level functions before loading the OS. The Option ROM replaces the RSA encryption key Macs use to ensure only authorized firmware is installed. From there, the Thunderbolt device can install malicious firmware that can't easily be removed by anyone who doesn't have the new key.<br />
<br />
<b><u>Enter evil maid</u></b><br />
<br />
While the hack requires an attacker to have brief physical access to a targeted machine, that prerequisite isn't prohibitively steep in many situations. For example, so-called "evil maid" scenarios—in which a rogue hotel housekeeper tampers with a computer—or an agent at an international border crossing both routinely have access to computers, often while unsupervised. Documents leaked by former National Security Agency subcontractor Edward Snowden also exposed how agents intercept hardware being shipped to organizations targeted for surveillance and covertly install modified firmware onto them before they’re delivered.<br />
<br />
All any of these attackers would need to do to carry out a Thunderstrike-style attack is to reboot a Mac with a previously weaponized Thunderbolt device attached. If the machine is turned on but locked, the attacker need only press the power button for a few seconds to hard-reboot the machine. Firmware passwords, disk encryption passwords, and user passwords won't thwart the attack since the Option ROMs are loaded before any of those protections are checked.<br />
<br />
Thunderstrike made its debut in late December, at the Chaos Communication Congress. The vulnerability was discovered by Trammell Hudson, an employee of a high-tech hedge fund in New York City called Two Sigma Investments, while trying to secure the firm's MacBooks. A self-described reverse engineering hobbyist, Hudson was previously known for creating Magic Lantern, an open source programming environment for Canon digital SLR cameras.<br />
<br />
Thunderstrike builds on a similar attack as demonstrated at the 2012 Blackhat conference that bypasses OS X FileVault protections to install a rootkit. Like Thunderstrike, the 2012 exploit used Thunderbolt ports to inject the malicious payload into the boot process, but the earlier attack wasn't able to modify the boot ROM itself. To work around that limitation, the researcher—who works under the hacking moniker snare—wrote the bootkit to the EFI system partition.<br />
<br />
<b><u>Eureka</u></b><br />
<br />
One of the breakthroughs of Thunderstrike is its ability to get the boot ROM firmware volumes validated. Hudson figured out how to do this after discovering an undocumented CRC32 cyclic redundancy check routine carried out during the normal validation process. A second breakthrough involved the discovery that Option ROMs are loaded during a recovery mode boot. That allowed Hudson to figure out how to replace Apple's existing EFI code.<br />
<br />
Thunderstrike was just one of at least two EFI-based attacks that were demonstrated at December's Chaos Communication Congress. A separate talk delved into the Unified Extensible Firmware Interface, a similar mechanism that's used to boot some Windows and Linux machines. Hudson said an attack technique known as Dark Jedi that was outlined during the talk could possibly be adapted to make his exploit work remotely, so the attacker wouldn't require physical access. Earlier this week, the US CERT issued three advisories warning of vulnerabilities in widely used UEFI chips. A researcher from security firm Bromium also has this brief writeup on the UEFI talk.<br />
<br />
Hudson said Apple is in the process of partially patching the vulnerabilities that make Thunderstrike possible. The remedy involves not allowing Option ROMs to load during firmware updates, a measure that Hudson said is effective against his current proof of concept. Apple already has begun rolling out the upgrade to Mac Mini's and iMac Retina 5ks and plans to make it more widely available soon.<br />
<br />
"However... it is not a complete fix," he warned in a blog post detailing Thunderstrike. "Option ROMs are still loaded on normal boots, allowing snare's 2012 attack to continue working. Older Macs are subject to downgrade attacks by 'updating' to a vulnerable firmware version."<br />
<br />
Until there's a complete fix from Apple, there aren't a lot of viable options for preventing Thunderstrike-type attacks. Pouring a liberal amount of epoxy glue in a Thunderbolt port will certainly make the exploit harder, since it would force an attacker to take apart the casing to access the underlying flash ROM chip, but it would come at the cost of disabling key functionality. The other obvious solution is for people to keep their machines on their person at all times, but that isn't always practical, either. Hotel safes and locked and sealed storage boxes are also only partially effective, since both measures are vulnerable to cracking and picking.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7107301106676015736.post-58853247331723953302014-11-06T13:15:00.001-05:002014-11-06T13:15:16.592-05:00Malware Discovered In China Could Herald ‘New Era’ Of iOS And Mac Threats<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHc6rUgof9adX6p0pKA2NyR8rHymAIDOEyb-j_eirZo5da0vsT1cJ9xkEUdkZjGDiVaUSZyRmpFiHLk1KL-XrkPKiiKjafLkXdfnGsXQEY101xiSBBmWgPdRhz5B7q8JlON65lEF3Nnqs/s1600/malware-1fefge.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHc6rUgof9adX6p0pKA2NyR8rHymAIDOEyb-j_eirZo5da0vsT1cJ9xkEUdkZjGDiVaUSZyRmpFiHLk1KL-XrkPKiiKjafLkXdfnGsXQEY101xiSBBmWgPdRhz5B7q8JlON65lEF3Nnqs/s1600/malware-1fefge.jpg" height="200" width="200" /></a></div>
<i><span style="font-size: x-small;">from techcrunch.com</span></i><br />
Conventional wisdom suggests that the vast majority of mobile malware cases impact Android devices. Or at least that those who do not jailbreak their iPhones are safe from most threats — even Apple CEO Tim Cook has bashed Android for “dominating” the mobile malware market. Yet a new virus found in China by U.S.-based researchers could herald the first serious security threat to Apple devices.<br />
<br />
A report from Palo Alto Networks (hat tip The Verge) claims that a new family of malware is getting past Apple’s settings to potentially infect secure (i.e. not jailbroken) iOS devices using infected software for Macs. Dubbed “WireLurker,” it was found in the wild in the Maiyadi App Store, a third-party Mac store in China, where it is said to have infected 467 apps. Infected versions of these programs have been downloaded more than 350,000 times and are likely to have affected “hundreds of thousands” of users, according to Palo Alto Networks. [Update: Apple tells us that it has blocked infected apps from working -- the company's full statement is at the bottom of this post.]<br />
<br />
The malware works by repacking legitimate Mac applications. Once downloaded to a Mac, that software will then install malicious and third-party applications on any iOS device that is connected to the infected machine using a USB cable. What’s most interesting — or, indeed, worrying for Apple customers — is that once on an iOS device, WireLurker reportedly uses a range of sophisticated techniques to modify existing apps for malicious purposes.<br />
<br />
While the aim of its creators is not clear yet, Palo Alto Networks reports, WireLurker has been found to steal “a variety of information” from inside rewritten apps. Since it surfaced in China, it is targeting Alibaba’s hugely popular Taobao shopping and AliPay payment apps — where a phone owner’s credit card and bank details are retained — but the security firm says the way it operates could usher in a “new era” of malware for Apple devices.<br />
<br />
In particular, Palo Alto Networks says it is “the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.”<br />
<br />
The security firm recommends its own product to help prevent WireLurker, but — as ever — the best pieces of advice are to avoid downloading apps from third-party sources, and use officially approved USB cables. The former is more difficult in China, where third-party app store are well established and hugely popular — though that’s more the case for Android than Mac or iOS.<br />
<br />
The full report from Palo Alto Networks has additional advice for Apple customers in the enterprise space who could be most at risk given WireLurker’s characteristics.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7107301106676015736.post-86292620113863920882014-10-22T06:41:00.001-04:002014-10-22T06:41:10.817-04:00China Attack Aims at iCloud, Apple’s Service for Storagefrom nytimes.com<br />
<b><span style="font-size: large;">HONG KONG — For Apple in China, trouble seems to be the </span></b><br />
<div class="separator" style="clear: both; text-align: center;">
<b><span style="font-size: large;"><a href="http://powerconsulting.com/wp-content/uploads/2014/03/Apple-Vulnerable-Threats-Virus-iOS-OSX-MAC-iPad-iPhone.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://powerconsulting.com/wp-content/uploads/2014/03/Apple-Vulnerable-Threats-Virus-iOS-OSX-MAC-iPad-iPhone.jpg" height="149" width="200" /></a></span></b></div>
<b><span style="font-size: large;">new normal.</span></b><br />
<br />
Cybersecurity monitoring groups and security experts said on Monday that people trying to use Apple’s online data storage service, known as iCloud, were the target of a new attack that sought to steal users’ passwords and then spy on their activities.<br />
<br />
Starting over the weekend, when many users across China tried to sign into their iCloud accounts, they may have been giving away login information to a third party, in what is called a man-in-the-middle attack.<br />
<br />
“You think you are getting information directly from Apple, but in fact the authorities are passing information between you and Apple, and snooping on it the whole way,” said a spokesman for an independent censorship-monitoring website, GreatFire, who declined to be named because of fear of reprisal.<br />
<br />
The back-end I.P. address targeted by the attack was changed Tuesday by Apple, according to a tweet from GreatFire.<br />
<br />
News of the vulnerability came just as the new iPhone 6 arrived in Chinese stores after a monthlong regulatory delay tied, in part, to concerns about the phone’s security.<br />
<br />
Activists and security experts say they believe the attacks are backed by the Chinese government because they are hosted from servers to which only the government and state-run telecommunications companies have access, according to GreatFire. They are also similar to recent attacks on Google, Yahoo and Microsoft aimed at monitoring what users were retrieving on the sites.<br />
<br />
“All signs point to the Chinese government’s involvement,” said Michael Sutton, vice president for threat research at Zscaler, a San Jose, Calif., security company. “Evidence suggests this attack originated in the core backbone of the Chinese Internet and would be hard to pull off if it was not done by a central authority like the Chinese government.”<br />
<br />
The targeting also potentially reveals a new Chinese government effort to adapt to initiatives by Internet companies — most notably new encryption techniques — to protect user data from government spying.<br />
<br />
“The Chinese government could no longer sniff traffic, so they intercepted that traffic between the browser and the iCloud server,” Mr. Sutton said.<br />
<br />
Chinese officials could not immediately be reached for comment.<br />
<br />
Many web browsers, like Apple’s Safari, Google’s Chrome and Mozilla’s Firefox, flashed a warning to users that a so-called encryption certificate that is supposed to identify who is on the other end of a web session should not be trusted. That indicated that users were inadvertently communicating with the attackers, rather than iCloud. In effect, the hackers stepped into the middle of the online conversation.<br />
<br />
Mr. Sutton noted that Qihoo, a browser offered by the Qihoo 360 Technology Company that is popular in China, did not flash a warning to users.<br />
<br />
“As more sites move to encryption by default — which prevents the censorship authorities from selectively blocking access to content — the Chinese authorities will grow increasingly frustrated with their ability to censor that content,” said the GreatFire spokesman.<br />
<br />
“In some ways their hands are being forced. They can attempt these man-in-the-middle attacks or choose to outright block access to these sites. The more sites they block, the more they cut off the Chinese populace from the global Internet,” he added.<br />
<br />
The timing of the attack, aligned with the release of the new iPhone in China, is a potential indicator that the government is trying to harvest sign-in data from a large number of users who are switching over to the iPhone 6. The new phone comes with better encryption to protect against government snooping.<br />
<br />
In September, Apple, based in Cupertino, Calif., said its latest operating system, iOS 8, included protections that made it impossible for the company to comply with government warrants asking for customer information like photos, emails and call history.<br />
<br />
The change prompted the Federal Bureau of Investigation director, James B. Comey, to say in a recent speech that new encryption by Apple and others “will have very serious consequences for law enforcement and national security agencies at all levels.”<br />
<br />
“Sophisticated criminals will come to count on these means of evading detection,” Mr. Comey said.<br />
<br />
In August, Apple began storing data for iCloud on servers in China in a move it said was intended to enhance performance of the service there. The company said the state-owned service provider China Telecom, which owns the servers where the data is stored, did not have access to the content.<br />
<br />
But security experts say it appears that Beijing has found a workaround, by coordinating man-in-the-middle attacks on a mass scale.<br />
<br />
Apple on Tuesday acknowledged a network attack, but clarified that its iCloud servers were not breached. On a security webpage, it implied that man-in-the-middle attacks were being used to direct people to fake connections of iCloud.com, making their user names and passwords vulnerable to theft.<br />
<br />
On the webpage, Apple explained how people could distinguish an authentic iCloud.com site from a fake one. Basically, users will receive warnings when the browser detects a fake certificate or an untrusted connection. Apple advised people to heed those warnings and avoid signing in.<br />
<br />
“Apple is deeply committed to protecting our customers’ privacy and security,” said Trudy Muller, an Apple spokeswoman. “We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously.”<br />
<br />
Ms. Muller declined to comment on whether Apple had identified the Chinese government as the source of the attacks.<br />
<br />
Security experts said users should not visit websites if they receive a browser warning. Mr. Sutton also advised users to turn on two-factor authentication whenever possible, a procedure in which a user is prompted to enter a second one-time password that has been texted to the user’s phone. That way, he said, even if an attacker intercepts a password, they cannot use it to log into a site without the second password. “Users should treat this seriously,” Mr. Sutton said.Unknownnoreply@blogger.com0