If you thought Google+ was a joke, maybe the joke was on us

Posted by:
Date: Monday, February 24th, 2014, 08:25
Category: Google, privacy, security, Services, Social

google_plus_04Are you an avid Google+ user? Yeah, me neither, but there are still a few people who seem to actively use it, if for no other reason than to advertise their blog posts. I think for me personally, it was just one social network too many, too late. I was already on Twitter, Facebook, Path, and occasionally Instagram and Tumblr. There was no room for Google+ and I think it dropped off most people’s radar for similar reasons. There was also that nasty business shortly after the launch of Google Buzz (now buried under a rock somewhere) where ALL your contact data on Google was automatically shared with everybody. That probably didn’t exactly encourage people to use a new, similar service.

(more…)

Critical update for Flash released

Posted by:
Date: Thursday, February 6th, 2014, 09:56
Category: Hack, Mac, Malware, News, security, Software, Windows

adobe-flash-playerEarlier it was Java, now it has been discovered that Adobe’s Flash software also has a vulnerability that gives complete control over compromised systems to hackers. This vulnerability, fixed in the just released version 12.0.0.44, affects Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux, although Linux was listed as having a lower priority rating. Adobe has detailed the problem in a security bulletin. All users are recommended to update Flash on their computers, as well as Google’s Chrome browser which has it’s own Flash component. The version of Chrome that includes this fix is 32.0.1700.107 and should update this automatically, but you may have to restart the browser for the correct version to register in the “About Google Chrome” window. If you want to check which version you are running before going through the update process, you can go to this page on Adobe’s site. You can download OS specific installers from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply two Flash updates, one for IE and one for any alternative browsers (Firefox, Opera, e.g.). Both updaters can be found on the download page. On a Mac, if you already have Flash installed, you can also go to the Flash Player settings in System Preferences and click on the Check for Updates button in the Advanced tab. Our friends at Kaspersky Labs make another appearance in the Acknowledgements of the security bulletin where Adobe thanks them for discovering the vulnerability;

“Adobe would like to thank the following individuals for reporting the relevant issues and for working with Adobe to help protect our customers:

Alexander Polyakov and Anton Ivanov of Kaspersky Labs (CVE-2014-0497)”

So if you’ve got the time now, and you probably should make the time, get those updaters downloaded and installed. Almost makes you want to remove both Java and Flash doesn’t it?

New malicious Java app aims to infect Mac and Linux systems

Posted by:
Date: Tuesday, February 4th, 2014, 09:34
Category: Announcement, Apple, Desktop Mac, Hack, Mac, Malware, OS X, security, Software

target-javaIt’s a long held belief that unless you are using the Windows platform, you are more or less immune to the average virus, trojan, or hack that you might encounter out in the wilds of the internet. There is some truth to the notion that Windows is more vulnerable to attacks, but there really is no such thing as safe, only safer. Check out this article on How-To Geek for a historical perspective on Windows’ malware woes. While Linux and OS X have more inherent defenses against infection, there are still some avenues that hackers can take advantage of to breach them, one of them being Java.

(more…)

Tim Cook hints at possible mobile payment feature

Posted by:
Date: Tuesday, January 28th, 2014, 13:40
Category: App Store, Apple, Business, iOS, iPhone, iTunes, Retail Store, security

touch-id-iconApple’s earnings numbers weren’t the only thing that came out of Monday’s call. As is typical, analysts were given the chance to put some questions to CEO Tim Cook. Also typical, Apple’s answers were fairly vague. When asked about Apple’s plans for entering the mobile payment space and how Touch ID technology might be applied, Cook responded;

“[...] we’re seeing that people love being able to buy content—whether it’s music or movies or books, from their iPhone using Touch ID. It’s incredibly simple and easy, and elegant, and it’s clear that there’s a lot of opportunity there.

The mobile payments area in general is one that we’ve been intrigued with. That was one of the thoughts behind Touch ID, but we’re not limiting ourselves just to that. So I don’t have anything specific to announce today. But you can tell by looking at the demographics of our customers, and the amount of commerce that goes through iOS devices versus the competition that it’s a big opportunity on the platform.”

A number of reports have speculated that Apple plans to offer the ability to purchase online and physical items through a user’s iTunes account, which for most iPhone users already has their credit card information. Touch ID would be used as an added layer of security by not exposing the credit card info itself, simply passing off the transaction to iTunes. In the light of the recent hacking of Target’s customer credit card info, along with other similar incidents in the recent past, iPhone users may find mobile payments more appealing. Authorizing transactions with Touch ID then steps in to make payments quick with additional protection of a customer’s information. This could give Apple some leverage to increase the adoption of their iBeacon technology. If you’ve ever used the Apple Store app on your iPhone to buy something at their retail stores, you’ll have a pretty good idea of how it would all work together. Now the only thing you need to do is not feel oddly guilty when you grab a product, scan it with your iPhone, and walk out the door without talking to anyone.

Chrome bug captures your every word behind your back

Posted by:
Date: Thursday, January 23rd, 2014, 08:37
Category: Announcement, Google, Hack, Opinion, privacy, security, Software, Websites

googlelisten2As if people were not paranoid enough about the amount of data Google captures about them, a recently discovered bug in Google’s Chrome web browser can now capture everything you say in front of your computer without you even knowing about it. And here is the kicker…it’s probably not even Google who is after your voice, it’s random hackers taking advantage of the exploit. According to developer Tal Ater, who discovered the exploit, the bug allows a malicious web site to open another browser window (just like a pop-up ad) behind the main window which continues to record your voice -even after you’ve closed the original site window- and sends the recorded data first through Google for processing, and then on to wherever the hacker wants.

(more…)

Will the next NSA satellite have an Apple logo?

Posted by:
Date: Wednesday, January 1st, 2014, 08:24
Category: Apple, Consumer Electronics, iOS, iPhone, Legal, Mobile, Mobile Phone, News, privacy, security, Services, Software

geoeye-1-satellite-apple-460Well, perhaps that is a stretch, but Apple’s possible connection with the NSA was revealed in a report dating back to 2008. Reuters explains that the report outlined a system that the NSA was developing, called DROPOUTJEEP, which would be software implanted into an iPhone that allows infiltrators to push and pull and retrieve data from iPhones such as contact lists. The report didn’t actually specify any involvement by or with Apple, although the iPhone is referenced in the report.

(more…)

1Password for Mac updated to version 4.1 with new features

Posted by:
Date: Tuesday, December 10th, 2013, 09:18
Category: Announcement, App Store, Apple, Apps, iOS, iPad, iPhone, iPod Touch, Mac, Mavericks, privacy, security, Software

product-1password-4-for-macEveryone’s favorite password keeper (well mine anyway), 1Password, has been updated to version 4.1 and includes some great feature updates. The Agilebits blog introduces the update and gives a quick rundown of some of the key updates;

“1Password 4.1 for Mac is now available for our website customers, and it is waiting for review for Mac App Store customers. “4.1″ may look like a small update, but it packs some great big stuff [...]“

(more…)

Google opens Glass Mirror API

Posted by:
Date: Thursday, December 5th, 2013, 08:38
Category: Accessory, Consumer Electronics, Developer, Gadget, Google, News, Opinion, privacy, security, Wearables

google_glass_grey-580-90Last week, Google finally made the Glass API for Google Glass open to all developers. Previously, the API was only available to developers that actually shelled out the $1500 to own the Google Glass hardware and were added to a whitelist of approved owners. Now Google doesn’t care if you have the software or not. TechCrunch breaks down the methods for developers to write software for Google Glass.

(more…)

Apple retail to use iBeacon location technology

Posted by:
Date: Monday, November 18th, 2013, 09:08
Category: Apple, Developer, iOS, Mobile, News, privacy, Retail Store, security, Services, WWDC

ibeacon2Earlier this year at WWDC, Apple introduced iBeacon, a technology that would be introduced as part of iOS 7 and new Apple hardware. iBeacon utilizes BlueTooth LE (Low Energy) to provide very precise location data to your device, which can either provide detailed directions inside a building, like a mall, or give you information about a particular item on a shelf that you are standing in front of. Yes, it’s that precise. Since it has to take a location measurement very frequently to provide that level of precision, it uses the BlueTooth LE radio (separate from the regular one generally used), in order to prevent excessive battery drain on your device. This opens up a lot of opportunities for all retailers, not just Apple.

(more…)

Security firms weigh in on Adobe breach, cite 38 million+ user IDs stolen

Posted by:
Date: Wednesday, October 30th, 2013, 10:56
Category: Hack, News, security

adobelogo

You’re probably going to want to change your Adobe login and password.

Per Macworld and Krebs on Security, the security breach reported earlier this month at Adobe is turning out to be much more widespread than the company first let on. At least 38 million users have been affected by the early October incident.

When Adobe announced the breach on October 3, it said that attackers stole user names and encrypted passwords for an undisclosed numbers of users, along with encrypted credit or debit card numbers and expiration dates for 2.9 million customers. Krebs on Security has reported on the full extent of the attack, confirming the 38 million figure with Adobe.

The total damage could go beyond 38 million users. According to the article, the 3.8GB file includes more than 150 million usernames and hashed passwords, all taken from Adobe. The same file also apparently turned up on a server with the other stolen Adobe data.

Adobe says that 38 million active users users were affected, whereas the other usernames and passwords could include inactive IDs, test accounts and IDs with invalid passwords. However, Adobe is still investigating, and given the tendency of users to repeat the same usernames and passwords across multiple Web services, inactive account holders could still face a security risk. Adobe is trying to notify inactive users of the breach, and has already reset passwords for active users who were affected.

To make matters worse, Krebs on Security and Hold Security both claim that the hackers stole source code for flagship products such as Photoshop, Acrobat, and Reader. Adobe acknowledged that at least some Photoshop source code was stolen; the company is trying to get the data taken down.

In a blog post, Hold Security suggested that the source code theft could have far-reaching security implications. “While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data,” the firm wrote. “Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits.”

Active Adobe users affected by the breach should have received a notification from the company by now, prompting them to change passwords. As always, users can employ several strategies to keep their data safe, such as setting different passwords on each site or setting up a password manager.

Stay tuned for additional details as they become available.