Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals

Category: Security

Glenn Fleishman 5 comments

Cloudflare and Quad9 Aim to Improve DNS

The domain name system is largely insecure, leaking information and subject to compromise. New services from Cloudflare and Quad9 could provide greater security and integrity than Google Public DNS, currently the best known public DNS service.

Adam Engst No comments

AgileBits Introduces 1Password Business

AgileBits has introduced 1Password Business, which extends the subscription-based password-management service to large organizations. New features include finely grained access control, custom roles, activity logs, and usage reporting.

Adam Engst 2 comments

Should You Delete Your Facebook Page?

Mark Jeftovic, the outspoken CEO of DNS provider easyDNS, has weighed in on the whole Facebook/Cambridge Analytica scandal with opinions that are simultaneously harsh and realistic. He starts by equating social media platforms to “The Spew,” a 1994 short story by Neal Stephenson in Wired, and lays out multiple condemnations of Facebook and Mark Zuckerberg. But then Jeftovic returns to the real question at hand: Should you delete your Facebook page? He recommends keeping business Facebook pages but not relying on them, and he says he’ll keep a personal Facebook page while assuming that anything he posts is completely public and will be used for targeting. But he votes against the mobile Facebook apps, which try their hardest to harvest your contact data.

Josh Centers 11 comments

$20 WyzeCam Security Camera Is Almost Too Good to Be True

A Wi-Fi security camera for $20? What’s the catch? Josh Centers shares his experiences with the unbelievably cheap WyzeCam. It’s well-built, has a decent app, works in the dark, and even provides limited cloud storage for free. There’s only one minor problem.

Josh Centers 6 comments

Apple Updates Its Operating Systems to Address Telugu Bug

Apple has updated all of its operating systems — macOS 10.13 High Sierra, iOS 11, watchOS 4, and tvOS 11 — to fix yet another text-crashing bug. Here’s how to get the updates, and our advice on when you should install them.

Josh Centers 4 comments

Facebook Shows Why SMS Isn’t Ideal for Two-Factor Authentication

Facebook is sending its two-factor authentication users text messages they don’t want. This situation provides yet another reason why you should use a dedicated app for generating two-factor authentication codes instead of SMS.

Adam Engst 5 comments

Beware “Protect” In Facebook’s iOS App

Facebook has added a Protect item to a screen in its iOS app that lists Facebook services. Tapping Protect takes you to an App Store page for a VPN called Onavo Protect that admits that it is owned by Facebook and “collects your mobile data traffic.” Worse, 12.5 million iOS users may already be using Onavo Protect.

Josh Centers 1 comment

Your Smart Home Could Be Spying On You

Gizmodo’s Kashmir Hill and Surya Mattu teamed up to learn the extent to which home automation devices report back to their manufacturers and leak personal information. Hill filled her house with smart devices, including an Amazon Echo, lights, coffee maker, TV, and even a bed. Then she had Surya monitor how much data was sent out by the devices. The results may shock you. Perhaps unsurprisingly, the worst offender was the Amazon Echo, which contacted Amazon’s servers every few minutes, even when the “Alexa” wake word and the microphone were turned off.

Josh Centers 3 comments

Malicious Cryptominer Distributed by MacUpdate Hack

The MacUpdate site was hacked on 1 February 2018, and the attackers slipped malicious code into updates for Firefox, OnyX, and Deeper that would use CPU cycles on infected machines to mine cryptocurrency. Malwarebytes has instructions for removing the malware. Although MacUpdate removed the offending updates quickly, the moral of the story is that it’s always best to update an app from inside the app itself or via the developer’s Web site.

Adam Engst 6 comments

Carbonite Raises Online Backup Prices

Were you thinking about taking advantage of the 50 percent discount CrashPlan for Home users get when switching to Carbonite? Although those discount prices remain the same for the first year, the regular price you’ll pay later for Carbonite service has increased by 12 to 20 percent.

Josh Centers 2 comments

Strava Fitness Network Reveals Secret Military Sites

How’s this for an unintended consequence? The Strava fitness app, which brands itself as the “social network for athletes,” lets users map their workouts, which has led to a potentially deadly security breach. U.S. troops stationed abroad are using Strava to share their workouts, and a heat map released by the company reveals the locations of military bases and travel routes — some known, others not. The company responded by pointing out the app’s privacy settings, but this is likely a problem the military will have to solve with smarter policy.

Josh Centers 5 comments

Mysterious DNS Hijacking Malware Targets Mac Users

A new piece of Mac malware is making the rounds. OSX/MaMi hijacks macOS’s DNS settings to intercept traffic by routing it through malicious servers. Additional capabilities, which didn’t seem to be active in the version that researcher Patrick Wardle analyzed, including taking screenshots, generating simulated mouse events, persisting as a launch item, downloading and uploading files, and executing commands. The motive, author, and how OSX/MaMi is spread are currently unknown, and when the Hacker News article was published, antivirus apps weren’t able to detect it. To see if you’re infected, check your DNS settings in System Preferences > Network, and look for the DNS servers 82.163.143.135 and 82.163.142.137. But unless you did something to bypass macOS’s Gatekeeper security, you likely have nothing to worry about since the malware’s executable isn’t signed by Apple.

Josh Centers No comments

Messages App Plagued by Another Crashing Link Bug

Twitter user Abraham Masri has discovered a Web link that, when opened in the Messages app on iOS or macOS, causes freezing, crashing, battery issues, and other nasty behavior. This isn’t the first time that a rogue link or piece of text has broken one of Apple’s apps. Apple will likely release a fix soon.

Glenn Fleishman 3 comments

WPA3 Promises Better Wi-Fi Security with Less Effort

The Wi-Fi Alliance has announced WPA3, a replacement for its current local network encryption options. WPA3 both fixes an exploit and increases security for those using open networks, all while reducing the burden on users. But don’t expect it to take over from WPA2 soon.

Adam Engst 13 comments

Apple Releases Meltdown and Spectre Info and Updates

All Macs and iOS devices may be vulnerable to the Meltdown and Spectre vulnerabilities, but Apple is continuing to release updates that mitigate the problems. The moral of the story? Keep your devices up to date!