Posted by: David Harley | October 2, 2014

iWorm, Xsser, Shellshock catch-up

My apologies if people have been haunting this page in search of information about the many Apple-related issues that have raised their heads in the last week or two. I’ve just been too busy elsewhere to blog on this site. Here are a few articles worth your attention, by way of a catch-up.

David Harley
Small Blue-Green World

Posted by: David Harley | September 24, 2014

More iPhingering

More about the susceptibility of the iPhone 6 to the TouchID fingerprint hack, from The Register’s John Leyden: Apple should LOOK BELOW to beat TouchID fingerprint hack, say securo-bods.

David Harley
Small Blue-Green World

 

Posted by: David Harley | September 23, 2014

iPhone 6, iPhingered

John Leyden reports that Lookout claims that ‘iPhone 6 STILL vulnerable to TouchID fingerprint hack ONE YEAR LATER‘ referring to the hack previously reported with the 5s.

Gaining access to an iPhone using a faked fingerprint isn’t the easiest trick to pull off, and in any case needs access to the owner’s fingerprints and the phone itself. Still, it’s a good argument for using a passphrase or PIN as a second authentication factor.

David Harley
Small Blue-Green World

Posted by: David Harley | September 23, 2014

iOS 8 and the iPhone 4

Graham Cluley for Intego: If You Care About Security, Throw Away Your iPhone 4 Right Now

iOS 8 includes lots of security fixes that won’t be available for iOS 7, which is particularly bad news for iPhone 4 users. Graham tells us why…

David Harley
Small Blue-Green World

Posted by: David Harley | September 23, 2014

Apple, iOS 8, and private data

From John Leyden, for The Register: Apple passcode-protects iOS 8 devices, but cops can still inhale your iCloud

Apple says that for devices running iOS 8, it can no longer bypass your passcode to examine your personal data.  However, it isn’t quite that simple, according to some of the other documents to which Apple’s document links.

(HT to Artem Baranov.)

David Harley
Small Blue-Green World 

Posted by: David Harley | September 18, 2014

iOS 8 security

Hat tip to Artem Baranov for drawing my attention to Apple’s September 14th document on iOS 8 security, and also a KnowledgeBase article About the security content of iOS 8.

In a loosely related vein, Apple explains its privacy policy here, (By way of John Gruber , who also quotes an interesting snippet from Tim Cook in Tim Cook on Apple and Privacy.

David Harley

Posted by: David Harley | September 16, 2014

Appbuyer iOS malware

This is one more item I intended to include in the security roundup I just posted here.

Palo Alto Networks recently posted an article on AppBuyer: New iOS Malware Steals Apple ID and Password to Buy Apps, a malware family discussed by Weiphone back in May 2014 that affects jailbroken devices. Apparently. I don’t read Chinese, so much of that blog means nothing at all to me… Palo Alto’s article mentions its own  quick introduction but that was published in a closed group of which I’m not a member.

Still, the new(-ish) analysis is quite thorough and well worth a look.

David Harley

Posted by: David Harley | September 16, 2014

Security roundup

Since I’ve been busy with other things in the past few weeks, I’ve kind of let this site slip a bit, so here a few of the things that caught my eye over that period, even if they didn’t catch it long enough for me to write the stories.

David Harley
Small Blue-Green World

Posted by: David Harley | August 21, 2014

Apple on message, spammers on iMessage?

Robert McMillan reports for Wired that Apple’s iMessage Is Being Taken Over by Spammers.

I haven’t used it, but iMessage sounds like a nice messaging app for communication between devices running iOS or OS X, as long as you stick with those platforms. However, Cloudmark now claims that it carries 30% of all mobile spam, because it’s so easy to use a Mac to send messages to multiple addresses using an Applescript. AppleInsider, however, asserts that the Report claims iMessage spam on the rise, but little evidence appears in support, citing Cloudmark’s previous admission that its tracking database may not distinguish well between iMessage spam and SMS spam, and low traffic related to the issue on Apple forums.

John Gruber also thinks that the title of the Wired article rather overstates it, though he has some (unspectacular) personal experience of iMessage spam.

David Harley
Small Blue-Green World

Posted by: David Harley | August 16, 2014

To Jailbreak or not to Jailbreak?

If you’re wondering whether it’s worth jailbreaking your iGadget in order to break away from Apple’s iron-fisted control, you might want to read Graham Cluley’s blog for Intego: Don’t Jailbreak Your iPhone if You Want to Stop Government Spyware.

In fact, while not all iOS malware has been dependent on the victim device being jailbroken, that iron fist does seem to reduce the risks.

David Harley
Small Blue-Green World

Older Posts »

Categories

Follow

Get every new post delivered to your Inbox.

Join 38 other followers