IT Security News has its own Android App

I have finally found the time to make the app I always wanted to have for the “IT Security News” service.   Here is the page on Google’s Play Store: And the screenshots of the app:       Right now it is available only on Android devices, soon it will be available in the Apple’s Appstore.   Help me spread the word about it so that I can have some downloads 😉 Thanks.

Phishing created for Apple’s mobile devices

I received last night an email pretending to come from Apple’s support. But, it is badly made if you see it in an email client. Dear Customer AppleID14028364ca Due to recent updates we are asking many of our customers to confirm their information this is nothing to worry about. We are making sure we have the correct information on file and that you are the rightful account holder. Failure to comply with this may result in your account being suspended. Once completed you may resume to use your account as normal and we would like to thank you for taking time out of your day to confirm your information. Verify Now > Wondering why you got this email? This email was sent automatically during routine security checks. We are not completely satisfied with your account information and require you to update your account to continue using our services uninterrupted. For more information, see our frequently asked questions. Thanks, Apple Customer Support TM and Copyright © 2015 Apple Inc. 31-33, rue Sainte Zithe, L-2763 Canada. All rights reserved / Keep Informed / Privacy Policy / My Apple ID   However, the email looks pretty different if you see it on a…

No Image

Massive security update for all Apple devices: iOS 8.3

39 fixes are supposed to be delivered via iOS 8.3. Areas like KeyStore, Drivers, Backup, Kernel, Certificate Trust Policy, Networking, Lock Screen, Safari and the WebKit,  and many more are being fixed. Apple doesn’t provide how critical the issues were, but from what I see there, at least a dozen or so made me raise my eyebrows.   This release includes improved performance, bug fixes, and a redesigned Emoji keyboard. Changes include improved performance for: App launch App responsiveness Messages Wi-Fi Control Center Safari tabs 3rd-party keyboards Keyboard shortcuts Simplified Chinese keyboard Please update … NOW.    

No Image

iOS 8 brings a lot of security updates

You must have heard of the brand new version of iOS which was release yesterday: iOS v8. While the media is still considering and reconsidering their recommendations for each device on whether or not you should upgrade, here are my reasons to update my iPad 3rd generation. I don’t have an iPhone anymore, I am an Android user now with my great Galaxy Note 3. Apple published, as usual, the security release notes in their KB The list of vulnerabilities fixed is too long to describe it here, but here is a summary: – a series of kernel flaws, – several WebKit bugs – vulnerabilities that allowed a user to install apps outside of the App Store Most critical: the way that the OS implemented 802.1x. For those who don’t know what that is, 802.1x is the protocol behind any wireless network. In some cases, the flaw could enable an attacker to steal a user’s WiFi credentials. Here is what Apple says: Impact: An attacker can obtain WiFi credentials Description: An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if…

No Image

The epic “goto fail” in Apple’s SSL implementation

Security and Privacy I wrote here about the SSL bug and what it could do for your security and privacy… There is a website which helps users checking if they are affected by this bug: Here are more details about the gotofail bug.  Here is a pretty good explanation about how this bug “works” (courtesy of Normal SSL/TLS: Client (browser): Hey server, let’s speak in private. Here is a list of ciphers I know that we could use. RealServer: Okay, we can speak in private, here is my identification paperwork. Client: Your paperwork looks good, lets continue. RealServer: Let’s use cipher XYZ. Please encrypt the conversation key you want to use to this public key. I have signed our conversation so far with the key from my identification paperwork to prove everything is legit. Client: Okay, your signature looks good, here’s the conversation key encrypted so only you can read it. I am switching to cipher XYZ with that key now. Client and RealServer converse privately. SSL/TLS with a vulnerable Apple product: Client (browser): Hey server, let’s speak in private. Here is a list of ciphers I know that we could use. FakeServer: Okay, we can speak in private, here…

No Image

5 Apple security myths

Five Apple Security Myths — and the Disturbing Truths Five hard lessons With that in mind, here are five Apple security myths — and the brutal truth behind each: Myth: I don’t need antivirus and spam protection because I work on a Mac. Truth: The Mac OS X operating system is targeted less frequently by malware only because it’s not as widespread as Windows. It’s no more secure than any other operating system, said Sorin Mustaca, data security expert at Germany-based Avira. As for phishing attacks, said Mustaca, “the biggest problem in this case is not the computer itself, but rather it’s the user.” Myth: I can’t be infected by any malicious software because I get my applications exclusively from the iTunes App Store. Truth: “We’ve seen a couple of times already that the App Store is not such a secure fortress as one might have hoped,” said Mustaca. “It is extremely difficult to check every single application that is inserted there.” Myth: Mac OS X is inherently more secure than Windows. Truth: Apple’s brand-new products are being hacked almost immediately upon arrival. For example, “jailbreaking” your iPhone is as easy as browsing to a specific website. “For a while,…

No Image

Quoted in USA Today Somewhere in the middle of the article: Apple’s problem is singular. The company has made a big deal about hiding technical details of iOS, allowing only approved Web apps to tie in. This tight control initially made it easier to keep iOS secure. But now Apple may have to share iOS coding with anti-virus firms, says Sorin Mustaca, development manager for anti-virus firm Avira. Windows, Google, Nokia and RIM share such coding to help anti-virus firms develop protections. “Apple does not allow this, making it challenging for anti-virus vendors to create third-party protection for iPhones and iPads,” Mustaca says.

%d bloggers like this: