AppleA strong passcode is one of the most important elements of personal security on iOS devices. While it has been some time since Apple introduced the stronger six-digit passcodes (which they now recommend), many people continue to use the four-digit PIN. According to one recent report by a security researcher, the iPhone could be vulnerable to an extremely simple brute force attack which would render those four digits useless. However, Apple has since taken the public stance that the vulnerability as described does not exist. What’s going on here?
July 3, 2018 •
2 min read
AppleApple’s Swift programming language is a useful tool for developers on Mac and iOS platforms due to its versatility and wide-reaching application. Occasionally, though, Apple uncovers issues within Swift that could unintentionally allow bad actors to make inroads towards attack execution. A new Swift module released only a few months ago recently received an update to correct such an issue.
In March, Apple introduced a new open source framework for developers to use, called SwiftNIO, or “Non-Blocking IO.” What it does is complex, but it centers around providing …
July 2, 2018 •
2 min read
AppleCode signing is one of the most important lines of defense against malware. It allows a user to know that the software they intend to install or run came from a trusted source, such as Apple, or another trusted developer. While code signing is not a 100% foolproof method, since some malware authors will burn legitimate developer IDs to sign their code, it’s generally a very strong safety feature. Code signed by Apple would be considered especially trustworthy, since no one would be able to spoof Apple’s private key. As …
June 26, 2018 •
2 min read
AppleHow can programmers keep track of all the changes that get made to a piece of software during its development while keeping everyone else on the project in the loop? Answering that challenge is the purpose of what is known as a “version control system.” This is a framework and system for sharing code, tracking changes to that code, and more. One of the most popular version control systems is Git, originally developed to contribute to development on the Linux platform. Today, Git-derived systems power programming efforts on many platforms, …
June 25, 2018 •
2 min read
SecurityWhatsApp, the popular messaging app owned by Facebook, is arguably one of the most popular means for secure communication in the world. Facebook says that more than a billion and a half users trade nearly sixty billion messages across WhatsApp every day. Because the software uses end-to-end encryption, the contents of those messages are typically shielded from prying eyes who might wish to intercept and read them. However, that does not mean WhatsApp is an impenetrable fortress. Forensic security software company ElcomSoft not only has a tool for extracting WhatsApp …
June 7, 2018 •
3 min read
SecuritySecurity researchers use many tools to conduct their work; in many cases, the best way to test a system is to try to break in, because it allows one to identify all the weaknesses and potential inroads a real hacker might exploit. These tools aren’t secret, though, and often they are used for legitimate purposes just as often as illegitimate ones. One such tool, known as the Metasploit Framework, allows researchers to probe networks and systems for many kinds of security holes using a variety of tools. Of course, …
May 23, 2018 •
3 min read
Press ReleaseLas Vegas, Nevada — Concern for personal privacy in the digital world is at an all-time high, and with prominent stories about data breaches and leaks on the rise, users are right to want to take better control of their data. However, Mac users today must often engage in a battle with their own web browsers to maintain their privacy.
To help win that fight, SecureMac has released the latest update to PrivacyScan, version 1.9.4. This refresh brings important bug fixes to the software for improved usability and navigation. …
March 23, 2018 •
3 min read
AppleFor several years now, a fierce debate has raged over how much access law enforcement organizations (LEOs) should be able to have to the mobile devices of those suspected of a crime. The issue made nationwide headlines after the San Bernardino attacks in 2015, when the FBI grappled with how to break into an iPhone used by one of the perpetrators. While the FBI did eventually retrieve device data by utilizing an unknown group to gain access to the phone’s encrypted contents, law enforcement agencies, in general, have maintained that they must have a “backdoor” to access info secured by your iPhone passcode. Apple has steadfastly refused to give in to such demands, but it appears that for now, those refusals don’t matter: LEOs can now use a pricey piece of hardware called GrayKey.
March 22, 2018 •
3 min read
AppleThe wave of cryptocurrency miners taking the place of common malware continues in 2018 unabated, and it appears every week we encounter another story about a website running surreptitious miners or a company looking for ways to use your CPU resources. As Mac users, we should be safe from those when we’re downloading validly signed apps from the Mac App Store, right? As it turns out, no — not all the time, unfortunately. In fact, it appears that Apple let an app with a Monero miner slip right through …
March 19, 2018 •
3 min read
AppleA key piece of Apple’s iPhone source code may be out in the wild.
On February 7, someone posted something called “iBoot” on GitHub. GitHub is a popular site for sharing computer code. This time, though, it appears the code in question was not the user’s to share. Instead, “iBoot” is said to be the source code for a crucial iPhone boot process. The leak has the potential to jeopardize the security of the iPhone going forward.
According to a report on the leak from Motherboard, iBoot is the …
February 20, 2018 •
3 min read
iOSIn a world filled with “Internet of Things” (IoT) devices, there are security holes everywhere. Apple works hard on the hardened nature of its HomeKit system and the way these third-party devices interface with Apple products. So when news broke in early December that someone had uncovered a zero-day exploit that could allow an attacker to take control of a user’s devices through the Home app, it made headlines across the web.
Though the exact details of the exploit were not released publicly and were described as tough to replicate, this …
December 20, 2017 •
2 min read
SecurityThe security built into our phones enables us to use them with confidence and peace of mind; after all, it is vital that we prevent unauthorized access to devices that contain so much personal information about our lives. However, these same safeguards also prevent barriers to law enforcement and important criminal investigations that may center around what data resides on the device. We’ve already seen several issues like this in the past few years, and Apple’s stance remains firm: it will not help law enforcement break into a user’s device.
While …
December 7, 2017 •
2 min read