Hackers Could Bypass macOS Signature Checks for A Decade

Code signing is one of the most important lines of defense against malware. It allows a user to know that the software they intend to install or run came from a trusted source, such as Apple, or another trusted developer. While code signing is not a 100% foolproof method, since some malware authors will burn legitimate developer IDs to sign their code, it’s generally a very strong safety feature. Code signed by Apple would be considered especially trustworthy, since no one would be able to spoof Apple’s private key. As …

Apple Patches Xcode to Correct Serious Git Security Flaw

How can programmers keep track of all the changes that get made to a piece of software during its development while keeping everyone else on the project in the loop? Answering that challenge is the purpose of what is known as a “version control system.” This is a framework and system for sharing code, tracking changes to that code, and more. One of the most popular version control systems is Git, originally developed to contribute to development on the Linux platform. Today, Git-derived systems power programming efforts on many platforms, …

Checklist 94: Facebook & Friends: More Privacy Concerns

Every week, we try to bring you the biggest news in the security world — or at least the most interesting developments that could affect us all. That’s why this week we’re diving into a brand-new subject we’ve never covered before… just kidding – Facebook has done it again. If it seems lately as though every week we have something new and usually concerning to discuss about the social media juggernaut, that’s because it’s the reality. Thanks to a new report in the New York Times, this week is …

Checklist 93: What’s New in Security News

Welcome to Episode 93 of The Checklist. Today, our attention turns towards security and insecurity — but we’re not talking about a long-lost Jane Austen novel. Instead, we’re taking a tour through the headlines to hit some of the big and interesting stories that have cropped up in the security sector over the past few weeks. Things we’ll be visiting on today’s list include:

The Zipperdown vulnerability
Puppy Pictures Preempt Privacy
The returning specter of Spectre
eFail: a big bug in email encryption
What does Apple know about you?

The answer to that last question may …

ElcomSoft Expands WhatsApp Extraction Capabilities to Business Platform

WhatsApp, the popular messaging app owned by Facebook, is arguably one of the most popular means for secure communication in the world. Facebook says that more than a billion and a half users trade nearly sixty billion messages across WhatsApp every day. Because the software uses end-to-end encryption, the contents of those messages are typically shielded from prying eyes who might wish to intercept and read them. However, that does not mean WhatsApp is an impenetrable fortress. Forensic security software company ElcomSoft not only has a tool for extracting WhatsApp …

Checklist 92: Is There a Plumber in the Building?

In many of our recent episodes, we’ve spent plenty of time talking about data breaches, a subject that often dominates security conversations these days. For good, reason, too, as everyone from major credit bureaus such as Equifax to retail store chains have lost or mishandled user information in recent years. Data breaches aren’t the only ways your personal information ends up in the hands of people who might not be authorized to handle it, though — leaks can and do happen, too, and organizations could hand your data off …

Checklist 91 – Mix and Match 3.0

The 2018 parade of big tech and security headlines continues, and in recent episodes, we’ve touched on some pretty big developments. From Cambridge Analytica and Facebook scandals to the rollout of the General Data Protection Regulation in Europe, we’ve covered some major issues so far this year. In between all those banner headlines, though, there have been plenty of other important stories that haven’t been quite so big as to merit getting a show all their own. Today, we’re reaching into the grab bag for our third edition of …

Checklist 90: WHOIS GDPR: A Primer

Imagine if whenever you went to buy something — a car, perhaps — the information you handed over in the purchasing process became public record for anyone to see and search. All they’d have to do is plug your license plate in, and they’d be able to see your name, address, and phone number.

Versatile Hacking Tool Ported to the Mac Could Pose Risks to Users

Security researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, …

Researchers Warn of a Vulnerability in Email Encryption Standards

Email encryption is supposed to make the content of your emails safer, but according to a team of nine academic researchers, two of the most widely used encryption standards might be doing the opposite.

In a tweet sent on May 14, 2018, Sebastian Schinzel, a professor of computer science at Germany’s Münster University of Applied Sciences, said his team was about to publish information about “critical vulnerabilities” in OpenPGP and S/MIME. OpenPGP is the most widely used email encryption standard in the world. S/MIME, meanwhile, is a public …

New European Privacy Laws Have Ripple Effect on Online Privacy

The General Data Protection Regulation, or GDPR, is a new set of European Union rules that govern the ways businesses and online organizations treat user information, in particular the data belonging to EU citizens. The GDPR introduces a wide range of regulations, chief among them new restrictions on how third parties can process, store, and handle user information.

Checklist 89: Router Rundown

There are some items of technology in our lives that are so standard and ubiquitous because of how fundamental they are to the way things work that it’s very easy to take them for granted. Because we don’t pay a second thought to these things, we also quickly get stuck in security pitfalls and fall for traps that play on the fact that we don’t know or think very much about them. For example, have you ever really thought much about your router? With so many connected devices in …

Apple Supplements macOS Security Update to Address Wide-Reaching Flaw

Only a few weeks after the recent release of macOS High Sierra 10.13.4, Apple has amended the update by publishing an additional fix under this version number. Addressing a new flaw described as “serious” by the security community, the supplemental version of 10.13.4 addresses a problem in Intel CPUs discovered near the end of April that affects a broad number of devices, including Windows and Linux machines. However, unlike the Spectre and Meltdown flaws that caused much concern due to their so-called “unpatchable” nature, there is a way to …

Checklist 88: GrayKey’s Anatomy

How do you unlock your iPhone when you need to use it? Apple gives us a ton of options when it comes to keeping our information safe from prying eyes and unwanted intruders, from PINs to our fingerprints and our faces. Apple’s commitment to empowering users to take control of their privacy and security, though, has sometimes been the source of very public friction between the tech giant and law enforcement agencies such as the FBI. When Apple won’t help by providing a backdoor into user data, what option …

Checklist 87: The Anatomy of a Data Breach, Part 2

Welcome to Episode 87. Last week, we took an in-depth look at data breaches: from how they happen to a few of the biggest ones, and of course, what you can do to protect yourself when a big company loses your data, we covered a lot of ground in that show. We’ve got further to go still, though!  This week we’re continuing with our look into data breaches by turning our attention to the business side of things. These breaches don’t happen randomly, and how a company responds to …

Checklist 86: The Anatomy of a Data Breach, Part 1

During the course of your day, buy things, like gas, food, & lodging. Do you pay cash for all those things — or do you try to go back in time and operate on the barter system? Even if you do most of your business in day to day life with cash, chances are there are still at least some occasions when you pull out a card. For many more of us, debit and credit cards are an essential and irreplaceable part of daily life. Some restaurants, for example, …

Checklist 85: Facebook Follies

When you log on to Facebook, do you still feel like you’re having fun? The social network used to be an awesome place to reconnect with old friends and keep in touch with family. Today, more people than ever are choosing #DeleteFacebook.

While Facebook is a free service in theory, since no one pays to sign up for an account, it turns out the real costs are much higher than any subscription fee. From the Cambridge Analytica story we reported on recently to even more unwelcome news about privacy …

Checklist 84: Machine learning. Deep learning. Neural networks. Artificial...

Machine learning. Deep learning. Neural networks. Artificial intelligence… it’s starting to feel like we’re in an Isaac Asimov novel! For this week’s episode of The Checklist, we’re diving in to the latest ways computers and technology are being trained to complete complex tasks, make inferences, and do more overall. From Google training computers to identify specific objects in images to the way anti-malware software figures out how to detect and stop new variants, there are plenty of cool applications for this innovative technology. However, there are some pretty creepy things …

Latest Round of Apple Security Updates Includes iOS 11.3

After more than a month since the last big “patch day” for Apple products, the Cupertino company has now released to the public a new slew of updates that bring with them both new features and enhanced security. Covering everything from a new and essential update to iOS to important bug fixes in macOS, watchOS, and even Apple’s Xcode, these patches slam shut several open doors hackers might use to wreak havoc. Overall, these patches contain more than 90 fixes. Here’s a quick breakdown of what you can expect when …

Checklist 83: More Security Fails

It’s that time again — time for us to pull back for a “big picture” look at some of the big missteps in computer security over the recent weeks and months. Some of today’s stories relate to Apple, some don’t, but all of them fall into the category of a classic “security fail.”