This Week's Sponsor:

PowerPhotos

The Ultimate Toolbox for Photos on the Mac

Posts tagged with "security"

iGotYa Takes Photos and GPS Location Of The Guy Who Stole Your iPhone

The iGotYa app is one those utilities you don’t know you need until you try it and see its potential. Available in the Cydia Store at $5.99 (Big Boss repo), iGotYa can take a picture of whoever tries to unlock your phone with the wrong passcode, using the front facing camera. We all want to keep an eye on our iPhones, right? iGotYa, combined with Apple’s Find My iPhone remote functionalities, is the ultimate tool to make sure you know who’s trying to mess with your iPhone.

The app requires a front facing camera, meaning that it will only run on the iPhone 4 and iPod touch 4th gen. As a picture is taken in the lockscreen, iGotYa can send it via WiFi or 3G to a specified email address, also attaching GPS information in the email message. So if you ended up losing your iPhone because of someone you took it, not only you’ll know where he is, you’ll also get to see his face. And he won’t know while attempting to unlock the stolen phone.

iGotYa will cost you 6 buck, but it’s that sort of investment you will not regret. Check out the demo video below. [Gizmodo via Redmond Pie] Read more

Short URLS Suck, OS X & iOS Malware To Become More “Sophisticated” According To McAfee

McAfee Logo

McAfee Logo

When short URLs first arrived on the scene, I was rather excited at the prospect of simply using a good looking “designer” URL to vainly share links on Twitter. Short URLs provide brand reassurance: MacStories, Engadget, Gizmodo, TechCrunch, and other sites now sport custom short URLs that verify the links we share lead back to our site. However, links from Bit.ly, CloudApp cl.ly links, and Twitter’s t.co links have become nothing more than a nuisance. If I use a service like TinyGrab, I know their short URLs will most likely lead to a snapshot someone has taken of their material. With more anonymous (everything) URL shorteners, there’s no way to verify its trust without using software that allows you to preview the long URL before you click through. We’ve seen their validity ruined plenty of times on Twitter through various attacks such as the cross-site request forgery attack that amused us for a few hours earlier this year, but I’ve simply lost trust in these “brands.”

While I didn’t need McAfee to be skeptical of weird Twitter users asking me if I want a free iPad, they predict short URLs will continue to annoy the tech savvy as the computer-illiterate continue to click through short URLs to whatever tomfoolery exists on the other side. McAfee’s other big claim: OS X could be the next target for malware kiddies.

Read more

Disk Drill Is An Amazingly Simple Recovery App For HDDs

When we lose deleted files on our hard drives we tend to think of this information as unrecoverable. On a Wednesday afternoon it’s easy to forget that those nightly cleanup scripts aren’t going to do you any favors when you’re looking to reuse some stock images for an updated web template. And those deleted music files? It turns out that you liked that dirty ol’ garage band after all. In times of panic we resort to Google and often extreme utilities to scrounge our Macs for every last bit of recoverable data possible before sifting through the garbage of unreadable file names and Quick Look previews. We not only advise that you read John Gruber’s advice on the matter and keep consistent backups, but we’ve reviewed a brand new Mac utility that’s not only free during beta, it’s really (really) slick.

Read more

New “antid0te” Jailbreak Hack to Bring ASLR to iOS Devices

While iOS devices are hardened with DEP (Data Execution Prevention) and application sandboxing to aid in preventing malicious code from touching running processes, you find it combination with ASLR (Address Space Layout Randomization) which makes it difficult for attackers to find where processes are located in the first place. ASLR isn’t currently implemented in iOS devices, but a German hacker has developed a new Jailbreaking method which may provide Jailbreakers with some additional peace of mind.

Read more

Apple Is Improving Security of Push Notifications

Seems like Apple is changing quite a few things for developers today. First they announced promo codes have gone international, now, as reported by iClarified, Apple apparently sent out a notification to some developers informing them that, starting December 22, Apple will improve the system behind the Push Notification Service to use more secure connections.

On December 22, 2010, the production Apple Push Notification service will begin to use a 2048-bit TLS/SSL certificate that provides a more secure connection between your provider server and the Apple Push Notification service.

To ensure you can continue to validate your server’s connection to the Apple Push Notification service, you will need to update your push notification server with a copy of the 2048-bit root certificate from Entrust’s website. This will not require a change to your iOS apps – this update only applies to provider servers.

Developers who have released apps that rely on push notifications will need to update their provider servers with the new certificate. More info available here.

Apple Releases QuickTime 7.6.9

A few minutes ago Apple pushed an update to QuickTime, which reaches version 7.6.9 and includes various security fixes for vulnerabilities found in previous iterations.

QuickTime 7.6.9 is propagating now in Software Update, or you can download it from Apple’s website. More information about the update are available here.

Apple TV 4.1 Update Addresses FreeType and PNG Vulnerabilities

Apple TV 4.1 Update Addresses FreeType and PNG Vulnerabilities

Multiple vulnerabilities exist in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2.

With a support document posted a few hours ago, Apple confirmed that the latest 4.1 update for the 2nd gen Apple TV also includes fixes for vulnerabilities found in FreeType and the libpng library. Both of them could have lead to arbitrary code execution, much like this summer’s JailbreakMe security hole.

Permalink

Researchers Sound Alarm Over Critical Mac OS X Bug

Researchers Sound Alarm Over Critical Mac OS X Bug

Security researchers Tuesday warned that Apple’s OS X contains a critical vulnerability that attackers could use to hijack Macs running the older Leopard version of the operating system.
Although Leopard was supplanted by the new Snow Leopard operating system more than a year ago, the older version still accounts for about a third of all installations of Mac OS X.

It’s a variation of the bug that made JailbreakMe possible.

Permalink