Apple acquires security firm LegbaCore

Posted by:
Date: Wednesday, February 3rd, 2016, 08:10
Category: security, Uncategorized


When in doubt, buy one of the best security firms you can get your hands on.

Back in November of 2015, Apple quietly acquired security consultancy firm LegbaCore. The acquisition was initially revealed back in December by security researcher Trammell Hudson during a presentation at the 32C3 conference. The acquisition was further corroborated by a series of tweets from founder Xeno Kovah and the company’s website, which states that it is “not accepting any new customer engagements.”

The specific details are unclear, although Kovah and his partner Corey Kallenberg are working full-time at Apple, although their specific roles are unclear. Kovah only stated that he and Kallenbeg would be working on “low level security” at the company.


Apple releases iOS 9.2.1, OS X 10.11.3 updates

Posted by:
Date: Tuesday, January 19th, 2016, 16:53
Category: iOS, News, OS X, Software, Yosemite


They’re not huge updates according to Apple, but they could make a difference.

Apple on Tuesday released iOS 9.2.1 and OS X 10.11.3, the company stating that both updates contain security and bug fixes.

More specifically, iOS 9.2.1 contains a fix for an issue “that could prevent the completion of app installation when using an MDM server.”


Proposed bill in New York state could allow backdoor access for law enforcement, threatens fines for non-compliance

Posted by:
Date: Thursday, January 14th, 2016, 09:27
Category: Legal, News, security

Gay Marriage NY

Let the arguments begin.

A new bill proposed in New York could require that all phone manufacturers be required to implement a way for law enforcement agencies to access and decrypt user devices. This bill is somewhat similar to the Investigatory Powers Bill currently being debated in the UK, which Apple has voiced its opposition towards. Apple and Tim Cook have repeatedly stated that government agencies should not have any access to user devices or data, whether be through a built-in backdoor or other means.

The bill is currently making its way through the new York state assembly and specifically states that “any smartphone manufactured on or after January 1, 2016, and sold or leased in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider.” Failure to meet such a requirement would impose a $2,500 on each infringing device.


Apple CEO Tim Cook criticizes White House policies towards encryption

Posted by:
Date: Wednesday, January 13th, 2016, 10:21
Category: News, security


In spite of how well received last night’s State of the Union was, Apple CEO Tim Cook still had harsh words for the Obama administration regarding encryption last night.

Cook, who’s currently in favor of unbreakable encryption, offered the following statement:

“The White House should come out and say ‘no backdoors’ Cook said. That would mean overruling repeated requests from FBI Director James Comey and other administration officials that tech companies build some sort of special access for law enforcement into otherwise unbreakable encryption. Technologists agree that any such measure could be exploited by others.”


Security researcher examines MacKeeper, says sensitive data for more than 13 million accounts easily accessed

Posted by:
Date: Monday, December 14th, 2015, 08:34
Category: Hack, News, security, Software


And yet more reasons have surfaced as to why you’d want to punch the entire staff of MacKeeper in their heads.

A security researcher claims that extremely poor security has allowed him to access sensitive data for more than 13 million MacKeeper accounts.

White-hat researcher Chris Vickery, who has previously exposed data breaches at MLB, ATP, Slipknot and a network of K-12 charter schools in California, posted the following to Reddit:

I have recently downloaded over 13 million sensitive account details related to MacKeeper, Zeobit, and/or Kromtech […] stuff like names, email addresses, usernames, password hashes, computer name, ip address, software license and activation codes, type of hardware (ex: “macbook pro”), type of subscriptions, phone numbers and computer serial numbers.


Adobe renames “Flash Professional CC” to “Animate CC”, begins to veer away from Flash towards HTML5

Posted by:
Date: Wednesday, December 2nd, 2015, 05:24
Category: iOS, News, security, Software


One of Steve Jobs’ wishes finally came true as Adobe begins to veer away from Flash and adopt HTML5.

Adobe has announced plans to rebrand its Flash Professional CC software as Animate CC to acknowledge a growing shift away from Flash.

The company explained than a third of content created in Flash Pro CC uses HTML5, leading the company to rename the software to “accurately represent its position as the premier animation tool for the web and beyond.”

As such, the name of Flash Professional CC has been changed to Animate CC, which Adobe said will feature updates for the software, including improved drawing, illustration, and authoring support and integration with Adobe Stock and Creative Cloud Libraries.


Instagram changes APIs, feed access to third-party apps following discovery of malware

Posted by:
Date: Wednesday, November 18th, 2015, 07:45
Category: Developer, iOS, News, security, Software


In the wake of a security breach, you make changes.

Following the recent discovery of the InstaAgent malware, which was Instagram passwords from users, Instagram has instituted much stricter rules for accessing its API, effectively killing off a large number of apps that read Instagram feeds.

Over on its developer web site, Instagram explained that its API is changing, the way it distributes its feed is changing and the current API is being shut down. The company offered the following comment:

We’ve updated our Platform Policy to explicitly list the use cases we will support moving forward. These include apps and services that:

Help individuals share their own content with 3rd party apps, such as apps that let you print your photos and import an Instagram photo as a profile picture.

Help brands and advertisers understand and manage their audience, develop their content strategy, and get digital rights to media. Established apps in this space may apply for our newly announced Instagram Partner Program.

Help broadcasters and publishers discover content, get digital rights to media, and share media using web embeds.


Security firm FireEye reports updated XcodeGhost loose in the wild, possibly infecting genuine iOS apps with malware

Posted by:
Date: Wednesday, November 4th, 2015, 08:23
Category: iOS, News, security, Software


The XcodeGhost thing may have reared its ugly head again, this time in a different form.

Security firm FireEye stated via a blog post that a variant of the XcodeGhost code, which has been known to inject malware into genuine apps, is still out there. The firm stated that it has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.

The company offered the following statement:

XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.

We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.


Apple releases iOS 9 update

Posted by:
Date: Wednesday, September 16th, 2015, 12:53
Category: iOS, iPad, iPad Air, iPad mini, iPhone, iPod Touch, News, Software


You’ve been waiting for iOS 9.

And it’s here.

Apple released its iOS 9 operating system update today. The update, a 1 gigabyte download available over the air or through iTunes, adds the following fixes and changes:
– New multitasking features on iPad make you even more productive.

– Siri can do more than ever, and new proactive suggestions help you get things done before you ask.


Vulnerabilities noted for several models of Seagate external drives, patch offered

Posted by:
Date: Tuesday, September 8th, 2015, 07:51
Category: hard drive, Hardware, News, security


If you’re using a Seagate external hard drive, you may want to be aware of both the security risks present on the drive as well as the patch that was just released to fix the vulnerability.

A series of vulnerabilities primarily affect owners of Seagate Wireless Plus Mobile Storage, Seagate Wireless Mobile Storage, and LaCie Fuel devices purchased since October 2014.

Tangible Security, the firm that discovered the flaws, has stated that other Seagate products may be affected as well.

The worst flaw is thanks to a hard-coded username and password that gives an attacker access to an undocumented Telnet service. Telnet is a command line method of logging into one computer from another over the Internet or a local network.