The domain name system is largely insecure, leaking information and subject to compromise. New services from Cloudflare and Quad9 could provide greater security and integrity than Google Public DNS, currently the best known public DNS service.
AgileBits has introduced 1Password Business, which extends the subscription-based password-management service to large organizations. New features include finely grained access control, custom roles, activity logs, and usage reporting.
Mark Jeftovic, the outspoken CEO of DNS provider easyDNS, has weighed in on the whole Facebook/Cambridge Analytica scandal with opinions that are simultaneously harsh and realistic. He starts by equating social media platforms to “The Spew,” a 1994 short story by Neal Stephenson in Wired, and lays out multiple condemnations of Facebook and Mark Zuckerberg. But then Jeftovic returns to the real question at hand: Should you delete your Facebook page? He recommends keeping business Facebook pages but not relying on them, and he says he’ll keep a personal Facebook page while assuming that anything he posts is completely public and will be used for targeting. But he votes against the mobile Facebook apps, which try their hardest to harvest your contact data.
A Wi-Fi security camera for $20? What’s the catch? Josh Centers shares his experiences with the unbelievably cheap WyzeCam. It’s well-built, has a decent app, works in the dark, and even provides limited cloud storage for free. There’s only one minor problem.
Apple has updated all of its operating systems — macOS 10.13 High Sierra, iOS 11, watchOS 4, and tvOS 11 — to fix yet another text-crashing bug. Here’s how to get the updates, and our advice on when you should install them.
Facebook is sending its two-factor authentication users text messages they don’t want. This situation provides yet another reason why you should use a dedicated app for generating two-factor authentication codes instead of SMS.
Facebook has added a Protect item to a screen in its iOS app that lists Facebook services. Tapping Protect takes you to an App Store page for a VPN called Onavo Protect that admits that it is owned by Facebook and “collects your mobile data traffic.” Worse, 12.5 million iOS users may already be using Onavo Protect.
Gizmodo’s Kashmir Hill and Surya Mattu teamed up to learn the extent to which home automation devices report back to their manufacturers and leak personal information. Hill filled her house with smart devices, including an Amazon Echo, lights, coffee maker, TV, and even a bed. Then she had Surya monitor how much data was sent out by the devices. The results may shock you. Perhaps unsurprisingly, the worst offender was the Amazon Echo, which contacted Amazon’s servers every few minutes, even when the “Alexa” wake word and the microphone were turned off.
The MacUpdate site was hacked on 1 February 2018, and the attackers slipped malicious code into updates for Firefox, OnyX, and Deeper that would use CPU cycles on infected machines to mine cryptocurrency. Malwarebytes has instructions for removing the malware. Although MacUpdate removed the offending updates quickly, the moral of the story is that it’s always best to update an app from inside the app itself or via the developer’s Web site.
Were you thinking about taking advantage of the 50 percent discount CrashPlan for Home users get when switching to Carbonite? Although those discount prices remain the same for the first year, the regular price you’ll pay later for Carbonite service has increased by 12 to 20 percent.
How’s this for an unintended consequence? The Strava fitness app, which brands itself as the “social network for athletes,” lets users map their workouts, which has led to a potentially deadly security breach. U.S. troops stationed abroad are using Strava to share their workouts, and a heat map released by the company reveals the locations of military bases and travel routes — some known, others not. The company responded by pointing out the app’s privacy settings, but this is likely a problem the military will have to solve with smarter policy.
A new piece of Mac malware is making the rounds. OSX/MaMi hijacks macOS’s DNS settings to intercept traffic by routing it through malicious servers. Additional capabilities, which didn’t seem to be active in the version that researcher Patrick Wardle analyzed, including taking screenshots, generating simulated mouse events, persisting as a launch item, downloading and uploading files, and executing commands. The motive, author, and how OSX/MaMi is spread are currently unknown, and when the Hacker News article was published, antivirus apps weren’t able to detect it. To see if you’re infected, check your DNS settings in System Preferences > Network, and look for the DNS servers 18.104.22.168 and 22.214.171.124. But unless you did something to bypass macOS’s Gatekeeper security, you likely have nothing to worry about since the malware’s executable isn’t signed by Apple.
Twitter user Abraham Masri has discovered a Web link that, when opened in the Messages app on iOS or macOS, causes freezing, crashing, battery issues, and other nasty behavior. This isn’t the first time that a rogue link or piece of text has broken one of Apple’s apps. Apple will likely release a fix soon.
The Wi-Fi Alliance has announced WPA3, a replacement for its current local network encryption options. WPA3 both fixes an exploit and increases security for those using open networks, all while reducing the burden on users. But don’t expect it to take over from WPA2 soon.
All Macs and iOS devices may be vulnerable to the Meltdown and Spectre vulnerabilities, but Apple is continuing to release updates that mitigate the problems. The moral of the story? Keep your devices up to date!