Posts tagged with "security"

New “MacDefender” Malware Targets Mac Users

According to several discussion threads posted on Apple Support Communities, a new malware called MacDefender.app is quickly spreading among Mac users using the Safari browser to visit certain websites, especially Google Images. The application, disguised as a virus scanning tool and completely unrelated with the official MacDefender software, gets installed automatically without a user’s consent upon opening a webpage, although it’s not clear what kind of websites allow this kind of installation, and whether MacDefender “phones home” once running on a Mac to download additional pieces of code (like most malwares on Windows do). Some users are reporting they found the app installed on their Macs after visiting webpages linked on Google Images, some say it’s only happening with the Safari desktop browser, others claim the app can’t be removed with a simple drag & drop to the system’s Trash as, once installed, the process will beging running automatically on OS X. Again, it’s not clear what kind of malware MacDefender.app is and the proportion of this “spreading” across Mac OS X machines, but the number of threads on Apple Support Communities seems to suggest at least hundreds of people have experienced the issue in these past few days. Read more

Square Set To Add Encryption To Next Generation Of Card Readers

Yesterday Square revealed that it had received from financial services superpower, Visa, strategic investment of an unspecified size. However in a lower key announcement it also revealed that this summer they will be releasing a new card reader that uses encryption on the read head.

You may recall the little squabble a few months back where VeriFone and Square traded blows over whether the Square card reader was secure enough. VeriFone claimed it wasn’t and that Square should recall all their readers because thieves could easily skim credit card information using the device. Jack Dorsey, CEO of Square, hit back at VeriFone saying it was “not a fair or accurate claim and [that] it overlooks all of the protections already built into your credit card.”

Yet despite all that, Square will soon be addressing those “concerns” that VeriFone had, and release a card reader that employs encryption. The Square COO, Keith Rabois, notes that they are adopting Visa’s newly released (yesterday) mobile application best practices. He says that the “adoption of best practices will help increase trust in innovative payment solutions” although equally stresses that Square currently complies with all industry standards. TechCrunch rightly highlights that it is clearly no coincidence that Square’s endorsement of Visa’s best practices came on the same day as their funding announcement.

TechCrunch inquired as to whether users would have to replace their current readers but Rabois declined to comment specifically but he did continue to affirm Square’s previous rejection of VeriFone’s demand to recall the Square readers. Rabois also noted that encryption will not be the only new feature of the third iteration of readers coming this summer.

[Via TechCrunch]

Researchers Discover iPhone File That Keeps Track Of Your Moves

Security researchers Alasdair Allan and Pete Warden have discovered a file in Apple’s iOS local backup system that keeps track of your entire location history, in format perfectly readable by a computer. The file, by default stored unencrypted in the iOS database that can be backed up to a computer using iTunes, keeps track of “everywhere you go” by triangulating the 3G signal against the nearest cell towers, and offers a way to private detectives or people who might get their hands on your device / computer to have access to your moves in the past. The researchers have also created an open-source app called iPhoneTracker that recognizes the file from your local iOS backup, parses the results and displays your most-visited locations on a map. The screenshot above, for instance, was taken using my iPhone’s unencrypted backup.

As the researchers note on iPhoneTracker’s webpage, it is unclear why Apple is doing this. Cellphone network providers have been allegedly tracking users’ location for years through their towers, but they never stored the location info locally on a device, nor did they provide a way to back up this information on a computer and parse it. Allan and Warden (who’s a former Apple employee) speculate this might be functional to new location features Apple is working on for future versions of iOS; the location tracking was apparently introduced with iOS 4 last year, and data collected so far might come in handy for the company to build an online location-based social service for iPhone and iPad users. The file, however, was only discovered in the past weeks, and the researchers claim it’s present both on iPhones and iPad 3G units.

Apple has made it possible for almost anybody – a jealous spouse, a private detective – with access to your phone or computer to get detailed information about where you’ve been,” said Pete Warden, one of the researchers.

Warden and Allan point out that the file is moved onto new devices when an old one is replaced: “Apple might have new features in mind that require a history of your location, but that’s our specualtion. The fact that [the file] is transferred across [to a new iPhone or iPad] when you migrate is evidence that the data-gathering isn’t accidental.” But they said it does not seem to be transmitted to Apple itself.

Apple declined to comment, but it’s very clear that the file is created and stored locally without an explicit user’s agreement. As noted by the researchers and other security / privacy experts polled by the Guardian, Apple is storing both location data and timestamps in a readable format that can be accessed from a stolen (possibly also jailbroken) device or a computer. I have tried the iPhoneTracker application personally, and while it really works with unencrypted backups generated using iTunes, choosing to encrypt a backup breaks iPhoneTracker’s functionality – thus granting users an additional level of security. The file, however, is still there – Apple doesn’t offer a way to avoid tracking of your moves.

The discovery of this location-tracking file in the iOS backup system is worrying as it raises question on Apple’s user privacy policy, and the reason why such data is collected without a user’s consent. Apple has been rumored to working on new location features for iOS 5, so the location info might be a solid data foundation for the company to build a new social location service. You can download iPhoneTracker here and try for yourself. Read more

Apple Releases Safari 5.0.5 and Security Update 2011-002

Together with iOS 4.3.2, Apple also released a security update and a new version of Safari. The updates are available now in Software Update and on Apple’s website. Safari 5.0.5 “includes the latest security updates”, and it’s recommended for all users.

Security Update 2011-002 is recommended for all users and improves the security of Mac OS X. Previous security updates have been incorporated into this security update.

Apple Releases Safari 5.0.4

Alongside iOS 4.3, Apple also released Safari 5.0.4. The update contains stability and security fixes, as well as improved performances with image reflections and transitions.

This update contains improvements to stability, compatibility, accessibility and security, including the following:

Improved stability for webpages with multiple instances of plug-in content

Improved compatibility with webpages with image reflections and transition effects

A fix for an issue that could cause some webpages to print with incorrect layouts

A fix for an issue that could cause content to display incorrectly on webpages with plug-ins

A fix for an issue that could cause a Screen Saver to appear while video is playing in Safari

Improved compatibility with VoiceOver on webpages with text input areas and lists with selectable items

Improved stability when using VoiceOver

For detailed information on the security content of this update, please visit this site: http://support.apple.com/kb/HT1222

Safari 5.0.4 is available now in Software Update or on Apple’s website.

App Preview: Harald By Stealthy Cactus Software

We’ve been there before: you just finished a ridiculously long report on the colonization of Mars and you’re ready to toss the excess scrap work into the trash bin. In your sleep deprived daze, grouped with those pictures of space aliens and rock robots is your digital manifesto, hot of the press and steaming as it’s shredded with a click of the empty button. Come tomorrow morning, you find that file is damned near irrecoverable before the paper is due. Those bogus moments always creep up when we’re either brain dead or because of pesky Mac viruses (I guess I can’t slip that unicorn in here can I?), but you can prevent the total obliteration of your files by safeguarding them with Harald.

Don’t risk accidental deletions, Scoble’s children, or my habit of renaming your files in Dropbox with your critical documents. Harald is the knight in shining armor for files that shouldn’t ever end up in the trash can. Accidentally delete a file? Harald will block your eagerness to hit that delete button in favor of reminding you that the file is of great importance. Does it save the day? You betcha. Simply select your files, tap that menubar icon, and mark them for protection under the Harald shield. It’s pretty easy, and if you don’t believe me, you’ll want to check out the teaser video after the break. It’s coming to the Mac App Store soon, so prepare a meager $3.99 for when it launches.

Read more

Woman Tries To Get Past Airport Security with 44 iPhones Around Her Body

Looks like we have another “this is just wrong” story here. If yesterday’s suicide attempt from a woman who lost her iPhone wasn’t enough, here’s what we have today on the menu: a woman who wanted to become an iPhone smuggler and tried to a) get past airport security with 44 iPhones around her body in b) typical Georgian outfit. Picture the scene. 44 iPhone 4’s below the outfit to get them into Israeli without paying taxes. Must have sounded like a good plan to the woman.

The Ben-Gurion International Airport security staff of course got suspicious over this woman who was walking slowly, asked if there were any problems and the woman replied “she was not feeling well”. Perhaps 44 iPhones are a bit too much for anyone? Anyway, security called a full body scan and surprise, they found a Cupertino treasure in there.

You know what’s missing from this curious story? A white iPhone. Just because. [Engadget via Haaretz]

Extra Security For Your Mac with Hands Off

Available at $0.99 in the Mac App Store, Hands Off is a very simple, yet clever utility that will come in handy if you’ve always wanted an easy way to block access to your Mac when you’re not around – without having to turn the computer off or log out. How does that happen? Well, Hands Off can block the keyboard and the trackpad with a shortcut that can be activated at any time. Say you’re going away from your Mac for a few minutes and you don’t want your kids, or anyone, to press keyboard keys and create problems, Hands Off can help you by completely blocking keystrokes and trackpad recognition. When in “Locked” mode, the keyboard and trackpad won’t do anything.

For extra security or “keyboard cat” prevention, Hands Off is just great. You can use “readable hotkeys” (CMD instead of ⌘), change the global shortcut and even turn on Growl notifications. Combine this with Prowl, and you’ll get remote notifications if someone ever finds the right combination to unlock your Mac’s keyboard and mouse.

Hands Off works as advertised, although I noticed things can get pretty messy if a VNC client tries to remotely access your Mac when the computer is locked. I had to kill the app from the VNC client before actually being able to use my Mac, but it took a minute for the app to quit because it started beachballing in the dock. I guess an update is needed to fix this little inconvenience with VNC clients and local blocking. Anyway, Hands Off just works and it’s available at .99 cents.

Go get it.