Apple updates iTunes account security protocols, adds new security prompts for users

Posted by:
Date: Friday, April 13th, 2012, 07:41
Category: News, security, Software

blueituneslogo.jpg

This could make your iTunes account that much more secure.

Or it could make you want to put an axe through the screen as you just want to buy a cool 99 cent app.

Per Ars Technica, Apple has begun asking users to select and answer a series of questions associated with their Apple IDs to enhance security measures.

The security prompts began popping up on iOS devices on Wednesday, wherein users were met with a prompt that states “Security Info Required.”

After being shown the message, users are asked to select from a number of security questions and provide personal answers. Users are also prompted to provide a backup e-mail address in case the primary address associated with their Apple ID is compromised.

The changes are meant to curb fraud and phishing attempts that have been used for many years to hijack iTunes accounts. Because credit card information is tied to a user’s account, nefarious people will steal and resell accounts, allowing people to buy content like music, movies and applications on someone else’s dime.

This week’s changes are only the latest in a series of measures by Apple over the years to improve security associated with iTunes accounts. Some of the steps taken include requiring users to verify their account information when they log into new devices, and upgrading passwords to make them more complex with varying characters.

Some users have been confused by the new security prompts appearing this week, and have expressed concern on the Apple Support Communities website that the alerts could be bogus phishing attempts. However, the revised measures have been proven to be legitimate, and Apple has admitted they are part of an ongoing effort to bolster security.

If you’ve seen these prompts on your end, please let us know what you make of them in the comments.

Apple releases Java for Mac OS X 10.6 Update 8, Java for Mac OS X Lion 2012-003 updates, looks to remove Flashback malware

Posted by:
Date: Friday, April 13th, 2012, 06:25
Category: News, Software

applelogo_silver

Maybe this will settle it once and for all.

Late Thursday, Apple released Java for Mac OS X 10.6 Update 8, the update removing the most common variants of the Flashback malware. The 80.6 megabyte download requires Mac OS X 10.6.8 to install and run.

The company also released Java for Mac OS X Lion 2012-003, which also looks to remove the most common type of the now-infamous Flashback malware. The 63.8 megabyte download requires OS X 10.7 or later to install and run.

The updates, which can be located, downloaded and installed via Mac OS X’s Software Update feature. If you’ve tried the new versions and have any feedback to offer, please let us know in the comments.

Researchers estimate 600,000 Macs infected by “Flashback” trojan, offer removal/online safety advice

Posted by:
Date: Thursday, April 5th, 2012, 08:21
Category: News, security

Even if you’re a Mac user, you have to be careful out there.

According to Russian antivirus company Dr. Web, a trojan horse virus named “Flashback” that surfaced last year is believed to have created a botnet including more than 600,000 infected Macs around the world, with more than half of them in the U.S. alone.

The outfit issued a report on Wednesday noting that 550,000 computers running OS X had been infected by BackDoor.Flashback variants of the virus, as highlighted by ArsTechnica.

An analyst for the company later updated the figure to note that the size of the botnet had reached 600,00. He also pointed out that 274 bots are originating from Apple’s hometown of Cupertino, Calif.

According to a map released by the firm, 56.6 percent of infected computers are located in the United States. Canada was second with 19.8 percent, followed by the U.K. with 12.8 percent of cases.

Apple released a Java Security update on Tuesday to resolve the vulnerabilities that the virus is exploiting, but not before a number of Mac users had been hit with the malicious software. Oracle first issued a fix for the vulnerability in February.

Security firm Intego publicized the Flashback trojan last September. Some variants of the software were even discovered with the potential to disable anti-malware protections within OS X.

Researchers F-Secure have provided instructions on how to detect and remove the malware.

So, be sure to snag the Java update via Mac OS X’s built-in Software Update feature, be careful out there and if they do catch whoever wrote this thing, I’ll happily serve marshmallow ‘smores and free drinks to the angry mob that corners them with torches and pitchforks.

Apple releases Java for Mac OS X 10.6 Update 7, Java for Mac OS X Lion 2012-001 updates

Posted by:
Date: Wednesday, April 4th, 2012, 06:51
Category: News, Software

applelogo_silver

Have updates, will travel.

Late Tuesday, Apple released Java for Mac OS X 10.6 Update 7, providing “improved reliability, security and compatibility.” The 76 megabyte download requires Mac OS X 10.6.8 to install and run.

The company also released Java for Mac OS X Lion 2012-001, which claims to offer improved compatibility security and reliability. The download comes in at 63.8 megabytes and requires OS X 10.7 or later to install and run.

The updates, which can be located, downloaded and installed via Mac OS X’s Software Update feature, focus on multiple vulnerabilities that exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. If you’ve tried the new versions and have any feedback to offer, please let us know in the comments.

Flashback trojan changes tactics, can now install on your Mac without a password

Posted by:
Date: Monday, April 2nd, 2012, 15:43
Category: News, security, Software

Well, you’ve gotta admit, they’re persistent.

Per Macworld and F-Secure, the Flashback Mac trojan uncovered by security firm Intego last year can now infect your computer from little more than a visit to a website.

Originally, Flashback masqueraded as an installer for Adobe’s Flash Player. Since then, the malware has changed tacks at last once since then, instead pretending to be a Mac software update or a Java updater.

The latest variant, discovered by security researchers at F-Secure and dubbed OSX/Flashback.K, takes advantage of a weakness in Java SE6. That vulnerability, identified as CVE-2012-0507, allows the malware to install itself from a malicious website the user visits, without needing the user to enter an administrator’s password.

No fix is currently available for this vulnerability on the Mac, although the hole was patched in Java for Windows back in February. Unfortunately, Apple has long been criticized for lagging behind Windows when it comes to updating Java for security patches. However, given that Apple rolls out updates every few months, it seems likely that the company will distribute a patch in the not too distant future.

Until then, F-Secure suggests users deactivate Java on their Macs. The company has also given instructions for checking if your system is currently infected by the Flashback Trojan.

It’s also worth noting that the Java vulnerability has recently been included in the popular BlackHole exploit kit used by many attackers.

While there’s no need for widespread panic, the fact that this latest version of the malware can install itself without the user’s password is enough of a reason for concern that some precautions are necessary. Disabling Java is a good step, but the first line of defense is, as always, to be cognizant of the websites you visit and use common sense.

Stay tuned fora additional details as they become available.

Swedish security firm’s video demonstrates simplicity of bypassing iOS, Android passcodes, reaping data from stolen devices

Posted by:
Date: Wednesday, March 28th, 2012, 07:15
Category: iPad, iPhone, iPod, security

The goal isn’t to make you paranoid (which, according to the movie “End of Days”, is just reality on a finer scale), but to help show you what’s out there.

Per Forbes, Swedish security firm Micro Systemation has posted the following video as to how quickly both iOS and Android-based devices can be cracked, the firm’s XRY 6.2 software suite cracking the device’s passcode, dumping its data to a Windows PC, decrypting it and showing tender morsels of information such as the user’s GPS location, files, call logs, contacts, messages, even a log of its keystrokes.
The report said the firm uses the same kind of exploits that jailbreakers use to gain access to the phone. Once inside, they have access to just about everything.

Take a gander at the video and try to be careful out there:



As always, please let us know what’s on your mind via the comments.

VLC updated to 2.0.1

Posted by:
Date: Monday, March 19th, 2012, 07:18
Category: News, Software

vlclogo.jpg

Video Lan Client, the nigh-indispensable open source media player for multiple audio and video formats (MPEG, MPEG-2, MPEG-4, Divx, ogg, etc.), was updated to a release candidate version of 2.0.1. The new version, a 25.5 megabyte download, adds the following fixes and changes:

- Support for MxPEG files and streams.

- New features in the Mac OS X interface for more customization.

- Numerous fixes in the Qt, the Mac OS and the skins interfaces.

- Fixes for HTTP Live Streaming, CDDB, UDP/RTP support.

- Security issues SA-1201 and SA-1202.

- Limited support for Bluray discs menus.

- Numerous fixes for MKV support.

- Fix for splitted RAR files playback.

- Numerous fixes for more than 120 bugs.

- Codec and 3rd party libraries security updates.

VLC 2.0.1 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

Google Chrome updated to 17.0.963.78

Posted by:
Date: Thursday, March 8th, 2012, 11:58
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 17.0.963.78 for the Mac. The new version, a 35.4 megabyte download, offers the following changes:

- This release fixes issues with Flash games and videos, along with a security fix.

Google Chrome 17.0.963.78 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

New Flashback malware variant strain discovered, infection tactic changes approach

Posted by:
Date: Thursday, March 8th, 2012, 10:34
Category: News, security

When in doubt, try something new.

Per Macworld, a new variant of the password-stealing Flashback malware aimed at Macs has emerged, the new software attempting to install itself after a user visits an infected website, according to new research.

Flashback, discovered by security vendor Intego last September, is engineered to steal passwords for websites, including financial sites. Since its emergence, several variants have appeared showing its authors’ innovation.

The first version of Flashback tried to trick users into installing it by masquerading as Adobe’s Flash Player. Later versions checked to see if the Apple computer in question had an unpatched version of Java with two software vulnerabilities.

If the computer was running unpatched Java, Flashback automatically installed itself. If the Java attack didn’t work, Flashback then presented itself as an Apple update with a self-signed security certificate.

The latest “Flashback.N” version spotted by Intego tries to infect the computer after a person has visited an infected Web page. The tactic is often referred to as a drive-by download. Much of the drive-by download malware for Windows can infect a computer without any action by the user merely by visiting the tampered website.

Users get a bit more warning with Flashback.N. Upon hitting the infected website, Flashback.N shows a “Software Update” dialog box similar to the legitimate Apple one and asks for a user’s password.

On its blog, Intego described the installation procedure as “somewhat odd,” as the website, that has been rigged to deliver the malware, displays Apple’s multicolored spinning gear for a while before the dialog box appears. Flashback then injects itself into the Safari browser and starts sniffing data traffic for passwords.

Earlier this week, Intego found that Flashback was using Twitter as a command-and-control mechanism. Other botnets have also used Twitter to post commands or directions to new commands.

The Flashback malware queries Twitter for 12-character hashtag composed of seemingly random characters, according to an Intego blog post. The strings are actually generated using 128-bit RC4 encryption and are composed of four characters for the day, four for the month and four for the year.

As always, look before you leap in terms of the sites you visit, keep your Mac OS X operating system updated and whoever would like to contribute to a piranha-filled pool to hurl the Flashback malware creators into upon their discovery, we welcome your contributions.

Camino updated to 2.1.1

Posted by:
Date: Wednesday, February 22nd, 2012, 07:19
Category: News, Software

caminologo.jpg

Late Wednesday, the Camino Project released version 2.1.1 of Camino, its free, open source web browser.

The new version, an 18.5 megabyte download, adds the following fixes and changes:

- Upgraded to version 1.9.2.27 of the Mozilla Gecko rendering engine, which includes several critical security and stability fixes.

- Blocked versions of Adobe Flash Player 10 older than 10.3.183.15 and Flash Player 11 older than 11.1.102.62 on Intel Macs due to severe security issues.

- Tweaked the autocomplete algorithm to reduce the weight of visit count.
Added a hidden preference to allow turning off autocomplete’s use of page titles in matches.

- The location sheet once again shows an autocomplete window.

- It is now possible to clear the “Recently Closed Pages” menu with the “Clear History…” menu item even when history is disabled.

- Improved the appearance of the bookmark toolbar in background windows on Mac OS X 10.7.

- On Mac OS X 10.7, Camino now appears in the “Productivity” category when sorting Finder windows by category.

- Camino now correctly checks for the presence of a Java plug-in on Mac OS X 10.7.

- The “open location” AppleScript command now supports optional “referrer” and “loading in background” parameters.

- Camino will now display an error message when the “open location” command’s direct parameter is empty or missing.

- A new “reload” command allows AppleScripts to reload browser windows and tabs.

- The status of Camino’s offline mode is now available to AppleScript, and scripts can toggle offline mode on and off using the application object’s “online” property.

- The AppleScript “visit count” bookmark property once again works correctly.

- Pressing Escape will now cancel Tab Overview.

- “Fill Form” no longer fills disabled hidden form controls.

- The “Block Flash animations” checkbox is no longer enabled if Flash is not installed.

- Camino now correctly resolves Bonjour services that do not include an initial forward slash in their “path” information.

Camino 2.1.1 requires Mac OS X 10.4 or later to run.

If you’ve tried the new version of Camino and have any kind of feedback about it, let us know.