This is why we can’t have nice things.
Security
Belgium orders Facebook to stop tracking users who aren’t logged in
The Verge:
A commercial court in Brussels today ruled that Facebook must stop using cookies to track users when they aren’t logged in.
A big court case for Facebook.
Apple can’t decrypt your iPhone: Why it matters
Glenn Fleishman digs into the technology that makes iOS hard to crack, what elements are encrypted, beyond anyone’s reach.
Suspicious Package lets you look inside a third party Mac app before you install
Suspicious Package, from Mothers Ruin Software (got to love that name), is a free QuickLook plugin that reports on the contents of an installer package before you install it. Helps keep you just a bit safer.
U.S. judge expresses doubts over forcing Apple to unlock iPhone
Reuters:
A U.S. judge on Monday expressed strong doubts that he had the legal authority to order Apple Inc to access data on a locked iPhone that was seized as part of a federal investigation.
This case is ongoing and important.
Apple tells U.S. judge ‘impossible’ to unlock new iPhones
Nate Raymond, writing for Reuters:
Apple Inc told a U.S. judge that accessing data stored on a locked iPhone would be “impossible” with devices using its latest operating system, but the company has the “technical ability” to help law enforcement unlock older phones.
Apple bans over 250 apps that secretly accessed users’ personal info
Nick Statt, writing for The Verge:
Apple today removed more than 250 apps from its App Store that were using software from a Chinese advertising company that secretly accessed and stored users’ personal information.
Read on for more detail.
Apple’s official statement on the YiSpecter iOS malware
Earlier today, we posted about a report from Palo Alto Networks about YiSpector, iOS malware that was said to attack non-jailbroken iOS devices.
We reached out to Apple for comment. Read on for their response.
YiSpecter: New iOS malware attacks non-jailbroken devices
This has the potential to be a real mess, but the sense I get is that this is something Apple can detect and eliminate with more stringent review controls.
At what age did your childhood pet run away?
Fantastic alternative list of password security questions. Hard to pick a favorite.
El Capitan, iOS 9 security and the new version of two-factor authentication
From Apple:
Two-factor authentication is a new service built directly into iOS 9 and OS X El Capitan. It uses different methods to trust devices and deliver verification codes, and offers a more streamlined user experience. The current two-step verification feature will continue to work separately for users who are already enrolled.
These differences are explained in the post and linked article.
Apple posts official XcodeGhost malware FAQ
Apple posts official FAQ on the XcodeGhost malware issue, including the top 25 infected apps.
Validating the integrity of your copy of Xcode
A few days ago, we posted the story about the XcodeGhost malware that made its way onto the App Store via compromised copies of Xcode.
In response, Apple pulled affected apps from the store and, just as importantly, sent out letters to developers to test their copies of Xcode, to make sure it was indeed a valid copy from Apple.
Here’s how.
XcodeGhost malware makes its way into iOS App Store, via counterfeit Xcode
In a nutshell, hackers infected a legitimate copy of Xcode, then made that tainted copy available for download on Baidu in China. Developers sometimes turn to Baidu when Apple’s servers in China are slow.
How many times has your personal information been exposed to hackers?
The New York Times pulled together a very short, clickable questionnaire that’ll give you a sense of how your personal information might be compromised, along with a series of links to articles laying out the major recent attacks, from the Adobe breech on down to UPS.
This site may be hacked
I got a disturbing text a few days ago. Seems that when a business associate looked up my business name in Google, they saw a message, just below the main site URL, that said “This site may be hacked”.
Here’s how I dealt with it.
Flash. Must. Die.
Manipulative headline aside, this Wired piece by Brian Barrett is a good read. The first half focuses on the state of the union on Flash and the second half talks you through the process of controlling/eliminating Flash.
Oh Flash. Sigh.
An evergreen blog post:
Adobe has released an emergency software patch for Flash after it found a serious vulnerability being exploited by hackers.
Google eavesdropping tool installed on computers without permission
Some folks are calling this evil. I don’t think there’s any evil intent here, at least not on Google’s part. But the use of this approach to do evil is obvious.
Details on OS X and iOS cross application resource attacks
Details on the XARA cross application resource attack, the latest threat to iOS and OS X.
Apple’s watchOS 2 and activation lock
The features Apple is promoting from watchOS 2. Chief among them? Activation Lock.
Apple comments on iOS 8 unicode crash bug, fix in the works
An Apple spokesperson comments on the bug. Also, note that the crash affects the Apple Watch as well as the iPhone and iPad.
iOS bug causes Messages crash, iPhone reboot
Hopefully, the Messages team is hard at work on a fix.
Net neutrality tester
The Internet Health Test site runs a series of upload and download tests to check for consistency and degradation in the connection through your ISP. That data is then passed back as part of a crowd-sourcing effort.
On Apple Watch as an invitation to thieves
There’s been a wave of sentiment over the past few days about the Apple Watch as an invitation to thieves. Many people share John Gruber’s take:
I really don’t get the hysteria over this as an invitation to thieves. This is no less secure than every single other wristwatch ever made.
This isn’t about the value of a single watch. It’s about a combination of large enough market size, high desirability, and relative rarity. Read on for details.
Regarding Apple Watch and Activation Lock
Not sure if and when Find My Apple Watch and Activation Lock are coming, but certainly an interesting discussion.
The Apple Watch and theft
Jeff Benjamin, writing for iDownloadBlog:
The Apple Watch contains security measures to prevent thieves from accessing your data, but it doesn’t include the necessary features to dissuade thieves from trying to steal your device to begin with.
Microsoft can guess your age using facial recognition
The age guessing thing is interesting. But I can’t imagine that technology ever maturing to the point where it is enough of a unique identifier to trust with my login credentials.
The “No iOS Zone” iPhone crashing vulnerability
Security researchers at SkyCure stumbled onto an iOS vulnerability that, at its extreme, may cause all phones on an attacking network to go into an infinite restart mode.
Yahoo rolling out on-demand passwords, texted to your phone
This is Yahoo’s latest twist on two factor authentication. You log in to your Yahoo account and enable on-demand passwords. You get a verification code via text, enter it, and you are signed up – On-demand passwords are enabled and your device is verified.
Now, the next time you login, you’ll have the option of having a temporary password texted to your verified device.