Apple

(get it in RSS or Atom)

Misleading advertisements lead to hijacked browser settings

iTunes-11-250

Advertisements don't have a great track record for safety and we are beginning to see more frequent abuse of search and mobile ads to deliver unwanted addons purporting to be legitimate tools. Be careful where you click and closely scrutinize software options before installation.

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

SSCC 131 - Mac malware, Starbucks security, Apple versus FTC and giant Korean breach [PODCAST]

sscc-131-thumb-250

Chet and Duck turn a week's worth of lost data, malware attacks, misleading apologies and shabby security into actions you can take to steer a safer course in your own organisation.

Here's our weekly "podcast with a purpose"...

Digitally signed data-stealing malware targets Mac users in "undelivered courier item" attack

forklift-250

Our colleagues at SophosLabs pointed us at a interesting item of malware the other day, namely a data-stealing Trojan aimed at Mac users.

Paul Ducklin looks at how the attack unfolds...

Oracle and Java, Apple and the FTC, Google and privacy - 60 Sec Security [VIDEO]

2014-01-18-thermostat-250

Why was this month's Java update a "must patch"? Should in-app purchases be allowed to target children? Is it a good idea to give Google control of your home?

Find out in 60 Second Security for 18 Jan 2014

Apple slapped with settlement over shabby sales security in the App Store

as-250

Apple is understandably proud of the App Store - it has made lots and lots of money, with more or less no malware.

But not everyone has been entirely happy with Cupertino's acumen in application delivery...including the FTC.

SSCC 130 - Botnets, banking, breaches, patching and the Mavericks controversy [PODCAST]

sscc-130-thumb-250

What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?

Listen as Chet and Duck dissect and explore the week's security stories...

Snapchat, Yahoo, Mavericks and T-shirts - 60 Sec Security [VIDEO]

2014-01-11-mac-dilemma-250

How long does it take a trendy cloud company to apologise? Do you really need HTTPS for webmail? OS X Mavericks - should you stay or should you go? And who won our crossword competition?

60 Second Security - 11 Jan 2014.

Just how secure is that mobile banking app?

https-tablet-250

Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.

The answer, sadly, seems to be, "Very little."

82% of enterprise Mac users not getting security updates

Apple109-250

Apple users are updating to OS X Mavericks in large numbers, but not fast enough. Corporate users in particular have been slow to upgrade, which could have serious security implications.

SSCC 127 - Target, Microsoft, Apple, Gmail...and some amazing acoustics [PODCAST]

sscc-127-thumb-250

Chet and Duck help you to learn from recent security news, both good and bad.

In this episode: the massive Target breach; Microsoft's and Apple's attitude to updates; and how to respond to Google's recent changes to image rendering for Gmail users.

California looks to implement 'kill switch' as smartphone theft deterrent

California looks to implement 'kill switch' as smartphone theft deterrent

If the smartphone 'kill switch' legislation is passed, the carrier can remotely send a trigger to any lost or stolen device to 'brick' itself. With the phone effectively useless, this should be a far less appealing option for would-be thieves.

Apple updates Mavericks to 10.9.1, issues security fixes for Safari

mav-250

Apple just announced the first point update for its recently released OS X Mavericks.

Most of the fixes and enhancements are of the not-really-to-do-with-security sort, but the update includes a new version of Safari, with remote code execution patches.

Facebook and Apple to help draft facial recognition rules

Facebook and Apple to help draft facial recognition rules

Big players that already have a lot of skin in the game are going to be whispering into the ear of the US Commerce Department. Will privacy be trampled in this facial-scanning gold rush?

Top tech coalition demands limits on government surveillance

Top tech coalition demands limits on government surveillance

A coalition of the world's leading technology companies - AOL, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo - is asking the world's governments to reassess intelligence gathering practices.

iPhones are off limits to President Obama for "security reasons"

iPhones are off limits to President Obama for "security reasons"

US President Barack Obama is stuck using a BlackBerry. He actually fought for the right to keep using it when he first got to office in 2009. Let's hope he still likes the gadget, because the powers that be obviously don't think Apple's security profile is president-worthy.

Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw

ios704-250

Apple pushed out iOS 7.0.4 last week, the fourth patch in two months.

Is iOS getting buggier, or is Apple simply publishing security fixes more promptly?

Black Friday spams are too good to be true

iPadAdwordsSpam250

With the holiday season approaching and lots of super good deals being offered around the American Thanksgiving holiday, retailers aren't the only ones looking to make a buck.

Microsoft leads the way, setting new cryptographic defaults

ts-cracked-250

Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.