O'Grady's PowerPage » security

Instagram changes APIs, feed access to third-party apps following discovery of malware

Posted by:
Date: Wednesday, November 18th, 2015, 07:45
Category: Developer, iOS, News, security, Software


In the wake of a security breach, you make changes.

Following the recent discovery of the InstaAgent malware, which was Instagram passwords from users, Instagram has instituted much stricter rules for accessing its API, effectively killing off a large number of apps that read Instagram feeds.

Over on its developer web site, Instagram explained that its API is changing, the way it distributes its feed is changing and the current API is being shut down. The company offered the following comment:

We’ve updated our Platform Policy to explicitly list the use cases we will support moving forward. These include apps and services that:

Help individuals share their own content with 3rd party apps, such as apps that let you print your photos and import an Instagram photo as a profile picture.

Help brands and advertisers understand and manage their audience, develop their content strategy, and get digital rights to media. Established apps in this space may apply for our newly announced Instagram Partner Program.

Help broadcasters and publishers discover content, get digital rights to media, and share media using web embeds.


Security firm FireEye reports updated XcodeGhost loose in the wild, possibly infecting genuine iOS apps with malware

Posted by:
Date: Wednesday, November 4th, 2015, 08:23
Category: iOS, News, security, Software


The XcodeGhost thing may have reared its ugly head again, this time in a different form.

Security firm FireEye stated via a blog post that a variant of the XcodeGhost code, which has been known to inject malware into genuine apps, is still out there. The firm stated that it has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.

The company offered the following statement:

XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.

We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.


Apple releases iOS 9 update

Posted by:
Date: Wednesday, September 16th, 2015, 12:53
Category: iOS, iPad, iPad Air, iPad mini, iPhone, iPod Touch, News, Software


You’ve been waiting for iOS 9.

And it’s here.

Apple released its iOS 9 operating system update today. The update, a 1 gigabyte download available over the air or through iTunes, adds the following fixes and changes:
– New multitasking features on iPad make you even more productive.

– Siri can do more than ever, and new proactive suggestions help you get things done before you ask.


Vulnerabilities noted for several models of Seagate external drives, patch offered

Posted by:
Date: Tuesday, September 8th, 2015, 07:51
Category: hard drive, Hardware, News, security


If you’re using a Seagate external hard drive, you may want to be aware of both the security risks present on the drive as well as the patch that was just released to fix the vulnerability.

A series of vulnerabilities primarily affect owners of Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie Fuel devices purchased since October 2014.

Tangible Security, the firm that discovered the flaws, has stated that other Seagate products may be affected as well.

The worst flaw is thanks to a hard-coded username and password that gives an attacker access to an undocumented Telnet service. Telnet is a command line method of logging into one computer from another over the Internet or a local network.


iPassword for iOS updated to 5.5, adds Apple Watch, Touch ID improvements

Posted by:
Date: Friday, August 21st, 2015, 08:58
Category: iOS, News, security, Software


This might be worth snagging.

1Password for iOS has been updated, version 5.5 allowing users access to a Touch ID button under the Master Password field so you can choose to sign in using your finger print even if you accidentally hit cancel on the first request. Tapping the fingerprint button prompts the system Touch ID unlock screen.

The new version also features an improvement to how the app can stay unlocked between uses in different apps. Previously 1Password’s extension in other apps required being unlocked by password, passcode, or Touch ID each time. Now, the 1Password extension and 1Password app share the same unlock time limits.


Researchers demonstrate proof of concept for firmware worm that can directly target Macs

Posted by:
Date: Monday, August 3rd, 2015, 16:00
Category: Hack, MacBook, MacBook Air, MacBook Pro, News, security, Software


It’s generally been accepted that Apple’s computers are much more secure than their Windows PC counterparts.

This isn’t entirely true, as a part of researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of Macs. The researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.


12-inch MacBook notebooks essentially chained to Apple Store tables, may make browsing difficult

Posted by:
Date: Tuesday, July 7th, 2015, 08:48
Category: MacBook, retail, security, Uncategorized


You know how people sometimes go to outlandish (and destructive) lengths to steal things from Apple Store locations?

This, combined with the new 12-inch MacBook’s light weight, may be why they’re literally chaining the new notebook to the display tables.

Apparently the new MacBook, which weighs all of 2.0 pounds, is essentially chained/cabled to the display tables as opposed to letting customers lift it off the table to test its weight, as Apple usually does with its other notebook models.


1Password for iOS updated to 5.4.3, includes bug fixes

Posted by:
Date: Wednesday, June 24th, 2015, 09:41
Category: iOS, News, security, Software


1Password’s proven fairly infallible so far and its updates have been useful.

On that note, AgileBits announced the release of 1Password 5.4.3 for iOS. The new version offers the following fixes and changes:



Adobe pushes Flash Player, cites security vulnerabilities in previous versions

Posted by:
Date: Wednesday, June 24th, 2015, 08:25
Category: News, security, Software


As useful as it may be, Adobe is still putting out fires with Flash Player.

The company issued a security update for its Flash Player on OS X, Windows, and Linux. In the bulletin, it cited that this update addresses a critical security vulnerability that could allow an attacker to gain control and take over an affected system.

While Adobe notes that hackers have most commonly taken advantage of this vulnerability with systems running Internet Explorer for Windows 7 and Firefox on Windows XP, the exploit affected all users. To combat the issue, the company has pushed the build of Flash Player and is urging all users to update immediately.


Yahoo slims down services, will require iOS 5.0 or later, Mac OS X 10.8 or later to access Yahoo Mail after June

Posted by:
Date: Friday, June 5th, 2015, 08:53
Category: iOS, News, security, Software, Uncategorized


Sometimes you’ve got no choice but to upgrade…

Yahoo announced that it will be ending support for Yahoo Mail and Yahoo Contacts will be discontinued for some older Apple devices as of June 15th.

In the case of Yahoo Mail, users with devices running iOS 4 or earlier will no longer be able to use their Yahoo accounts with iOS’ native Mail app. At the same time, Yahoo Contacts will stop syncing with Macs on OS X Lion or earlier.