Encrypting your iOS device is an excellent way to protect your data, but if you upgraded from iOS 3 to 4, encryption might not be enabled... even if you think it is. Here’s how to make sure you’re protected.
Adobe has issued a security advisory about a vulnerability in current and past versions of Adobe Flash Player for all platforms that could enable an attacker to take control of an affected system. The vulnerability is reportedly being exploited in the wild via a Flash (.swf) file embedded in a Microsoft Excel (.xls) document delivered as an email attachment. Adobe expects to release a fix next week, but until then, be very careful of Excel files in email.
Twitter has joined Facebook in adding a profile configuration to always use a secured HTTPS connection for routine tweeting and reading after you log in to the company’s Web site; the login was already secure. Using HTTPS protects you against sidejacking in a public location where someone with Firesheep or other software could hijack your identity by sniffing a Twitter token without needing to know your account name and password. Log in, click your name at the upper right, select Settings, and scroll down to enable the option.
Apple has been rightly criticized for not preventing inadvertent iOS in-app purchases by small children playing games. iOS 4.3 addresses that by requiring another password prompt for in-app purchases.
In which Jeff Porten realizes that he can turn an iPhone or iPod touch into a poor man’s hearing aid for two bucks, and then discovers that he can hear more than he bargained for.
An update to the recently released GadgetTrak iOS app adds push notifications, picture taking, and email reports.
MozyHome no longer offers unlimited online backup storage—and has raised prices, too.
Macworld’s mythical beast—the Macalope—likes Rich Mogull’s discussion of Mac security in TidBITS (see “Apple’s Security Past Defines Its Future,” 27 January 2011). We’re honored, but those two should just get a room.
Macs and iOS devices surely face security challenges in the future, but it’s highly unlikely they will resemble those historically faced by Windows users. Rich Mogull explains a little security history, and shows how it, and recent moves by Apple, help us predict our collective security future.
Facebook has added an always-on encrypted connection option to its settings. This enables you to use the Web site on public networks, like a coffeeshop Wi-Fi hotspot, without fear that your session could be hijacked after login. Simple software can be used to extract a Facebook session identifier, but a secure connection defeats that attack. The feature is rolling out to all users over the next couple of weeks.
This revelation from the New York Times is a bit outside our normal sphere of coverage, but it’s important because it shows that computer security is going to become even more important as governments move to electronic attacks on one another, potentially causing normal civilians to become unwitting transmission vectors to real-world targets.
Joe Kissell takes control of the changing backup landscape with the fifth edition of his comprehensive ebook that teaches readers how to create a reliable backup strategy.
The 99-cent GadgetTrak app now can provide regular updates of a device’s coordinates while the program isn’t frontmost. For theft recovery, and for finding an iPhone under a couch cushion, GadgetTrak is worth a look.
New firmware for the AirPort Extreme Base Station and Time Capsule is coupled with a minor update to the AirPort Utility.
The popular Xmarks bookmark synchronization service has been rescued from the abyss by LastPass, a password-management and form-filling service that uses a similar combination of online service and Web browser extension. Both are worth checking out.