Checklist 60: Safety in the App Store

Our lives are on our computers and our phones: there’s no getting around that fact. One day, we might look back on that and view it as a mistake, but for now, our finances, health records, communications, family photos, videos, and more all live on these devices. Keeping that information safe is important, and there are several layers of complexity to that challenge. From password practices to two-factor authentication and even to merely protecting your screen from prying eyes, we’ve covered a lot of these tactics on this show. …

Ransomware Attacks Target Apple Users Via iCloud

A recent rash of ransomware attacks has left some Apple users locked out of their Mac computers and iOS devices. The nature of the attacks led some users to wonder if Apple itself had suffered some kind of hack. The good news is that the situation does not appear to be an Apple hack. The bad news is that hackers have somehow managed to get their hands-on login credentials for some users.

Hackers are attacking users by logging into their iCloud accounts and enabling the “Find My iPhone” function. …

Apple Acknowledges U.S. Senate’s Request for Details about iPhone X Face ID...

As in previous years, Apple’s 2017 September keynote brought device announcements, new feature introductions, and other headline-worthy events. What’s different this year, though, is that it also prompted the United States Senate to contact Apple about security and privacy concerns.

Those concerns surrounded the announcement of Apple’s revolutionary iPhone X, the first iPhone ever to ditch the commonplace home button. Specifically, the Senate had questions about the new iPhone’s Face ID feature, which will replace Touch ID as the primary way to unlock the iPhone.

The letter, …

Checklist 59: Bitcoin and the Blockchain: Understanding Cryptocurrency and Its...

Today, we’ll be tackling a couple of buzzwords in the tech industry today: blockchains and Bitcoins. Not unlike HTTPS and botnets, blockchain and Bitcoin are terms that are starting to seep into everyday use. Before we all start using them, though, we should figure out what they mean and how they work! In fact, the blockchain concept has even begun to garner its own “buzzword” status in the security community regarding how secure it can be for storing and accessing information. So, for all our listeners who aren’t even …

Apple Reports Major Spike in Government Requests for Information

Who wants information about you? Digital security practices revolve in large part around restricting your data based on the answer to that question. We try to protect our systems so that only those with authorization can access sensitive personal information of all kinds. Most frequently, hackers are the ones we must worry about looking to learn something about us, whether it’s a password or a credit card number. However, it’s important to consider that requests from the government for user information occur on a frequent basis, and these can …

Beware the New iOS Phishing Attack

If you use iOS, you are used to the Apple popups that ask you to enter your Apple ID password. These popups are standard any time you go to download a new application from the App Store, login into iCloud, or buy a song on iTunes. Unfortunately, it looks like attackers could potentially use a similar popup strategy to gain access to a user’s Apple ID account.

So far, this style of attack hasn’t been seen out in the wild. App developer Felix Krause recently shared a proof-of-concept on …

Checklist 58: SecureMac Roundup: Even More Listener Questions Answered

This week on the Checklist, we take on some of your questions and comments. Topics include: – Scam pop-us – App specific password requirements – Issues with SS7 – Oddity around an email address.

Checklist 57: SecureMac Roundup: More Questions from Our Listeners

Part 1 of a 2 episode series where we go over various questions from our listeners!

WannaCrypt: An Overview of 2017’s Biggest Cybersecurity Threat

This past May, a malicious software attack known as WannaCrypt (or WannaCry, depending on your source) hit the computer systems at major organizations and businesses around the globe. WannaCrypt is a ransomware attack. Once it infects a machine or computer system, it encrypts all the data hosted on those machines. (Hence the name WannaCrypt.)

Once the files are encrypted, the attack prompts the owner of the machine or computer system to pay a ransom to unlock the data. The ransom offer has a time limit, giving users a …

Hacker Gains Access to iPhone 5 Secure Enclave Key, Opens Door for More

While the iPhone’s fingerprint scanner and its associated TouchID functionality provide a wealth of convenience to users, it also brings some unique security challenges. Biometric data is one of the most personally identifiable and irreplaceable types of information out there. While someone who steals your fingerprint data may not be able to unlock many doors right now, that doesn’t mean it will always be the case. As a result, Apple put serious effort into developing a method for securely handling the verification of fingerprint data. The result was the …

Checklist 56: Online Threats to Privacy

This week, we’re tackling threats to your online privacy as well as online threats to your physical privacy.

Popular Terminal App Patches Severe Bug That Leaked Tons of Data

For power users, nothing is quite as useful in the macOS ecosystem as the Terminal app. Whether you are working on a simple project or trying to create extensively customized functionality for your machine, it opens many doors for the savvy user. Those same users sometimes find the default Terminal app to be lacking, though, and thus alternatives, like the popular iTerm2 software, have sprung up over the years. With a recently issued security patch, however, the developer of iTerm2 acknowledged that the program had been leaking all kinds …

Elcomsoft Phone Breaker 8.0 with iOS 11 Support: What You Need to Know

Are you thinking about upgrading your iPhone this fall—either to the standard iPhone 8/8 Plus or the luxury model iPhone X? If so, you’re in luck: Elcomsoft has already updated its Phone Breaker software to support the new phones. Elcomsoft Phone Breaker 8.0 includes support for iOS 11 and will allow for backup data extraction from Apple’s iPhone 8 and iPhone X models.

Why Use Elcomsoft Phone Breaker?

Elcomsoft Phone Breaker has been a favorite tool among iOS users for a little while now. After all, the new incarnation …

iOS 11 Includes Patches for Several Vulnerabilities

September 19, 2017, marked the arrival of iOS 11, just in time for the release of the iPhone 8 and 8 Plus. The big annual update of Apple’s mobile operating system added a few new features into the mix for users, from a brand new Control Center to a keyboard made for one-handed texting.

However, amidst the new features, it turns out that iOS 11 is also an important security update. The updated operating system includes important patches for a variety of iOS vulnerabilities. Apple also patched bugs …

Collaborative Power: Security Teams Work Together to Destroy Botnet

Of all the major cyber security threats out there today, few are as frustrating and complicated to contend with as botnets. From the malware that spreads the infection from device to device, enslaving them to a remote command and control server, to the many malicious purposes hackers use them for, they’re a tough threat to combat. Recently, however, the security community got a firsthand look at the value of collaborating to take down threats to users. Six firms set aside the competitiveness of their industry to work together to …

Researchers Uncover Spambot With More Than 700 Million Emails

Does it seem like your spam folder fills up almost as soon as you empty it? That’s true for many of us, but where is all that spam coming from these days? The answer is that surprisingly few people are involved in the sending of most of the spam on the web. With anti-spam efforts growing stronger every year, new methods have risen to the forefront, and spam is deeply entangled with many of the other malicious efforts ongoing around the Web. Spambots — malware that gathers together data …

Checklist 55: Putting the “S” in HTTPS

The “S” in HTTPS stands for secure. But why? And how does it work? All you need to know about secure browsing.

What You Need to Know about Email Spam

If you feel like you’ve been getting more email spam than usual lately, you’re probably right. According to a recent report from Fortune, a sophisticated spambot called “Onliner” has figured out a way to bypass spam filters and has used that advantage to target some 711 million email addresses.

About the Onliner Spambot Attack

Onliner sends emails to users, disguised as stuff they would usually open—such as hotel reservation info, communications from the government, and more. Each email includes an attachment. If a user downloads the attachment, malware called Ursnif …

The Internet of Things: The Future of Tech or One Bridge Too Far?

For years, tech enthusiasts have been calling the Internet of Things “the future of technology.” But is it? On the one hand, there is some appeal to a world where everything is digitally connected. Being able to control your home’s lights, thermostat, irrigation system, security system, and a slew of other appliances and systems from your home is convenient and useful. Business enterprises can also use IoT solutions to collect data on everything from concrete strength to wastewater treatment.

Simply put, the Internet of Things is already making …

Apple Adds New Touch ID Option in iOS 11

Since the addition of the fingerprint reader to the iPhone, the convenience of Touch ID has been hard to deny. From unlocking our phones to instantly authorizing an in-app purchase, it’s a rapid and convenient way to authenticate yourself to your device. Now with iOS 11 just around the corner, Apple has been dropping many announcements about what will be a part of the new operating system. Meanwhile, developers have discussed what they’ve experienced in the beta builds. One of the most exciting recent developments is the news that …