In this three-part article in Macworld, Joe Kissell shares some valuable password advice: how to create stronger passwords, how to manage passwords, and how to remember passwords (with or without the help of software).

Security researcher Charlie Miller has discovered a way to attack and control an iPhone using only SMS messages. Don't worry, the details aren't public yet, and Apple should have a patch soon.

Next time you're about to buy an iTunes gift card on eBay or Craigslist you may want to think twice. There's a chance the card was purchased with a stolen credit card or hacked, and, as Macworld reports, Apple is cracking down on these fraudulent gift cards by permanently disabling user accounts that redeem them.

A letter signed by dozens of leading security researchers, including the R in RSA, urge Google to adopt secure Web connections for all services.

The new iPhone OS 3.0 software adds a feature that will thrill the hearts of the absentminded: Find My iPhone. The feature plots a handheld's position on a map in MobileMe, and allows remote sound and alerts - or wiping the phone's data completely.

Apple has released security updates for Java in Mac OS X 10.4 and Mac OS X 10.5 to deal with serious vulnerabilities discovered nine months ago and patched by Java developer Sun Microsystems six months ago.

Microsoft has updated Office 2008, Office 2004, and its Open XML File Format Converter by fixing two critical security vulnerabilities.

Ironically, after being detained due to anti-terrorist regulations, Jeff Porten reports from the Computers, Freedom, and Privacy 2009 conference.

By following these five recommendations, Apple can ensure that its products will remain safe in an increasingly dangerous computing world.

By day, TidBITS Security Editor Rich Mogull runs the Securosis site, which is hosting an article by the pseudonymous Macalope that dissects ComputerWorld's recent troll bait article about Mac security. Read it, it's funny.

Macs are vulnerable to a five-month-old vulnerability in Java that is being actively exploited on the Internet. Here's how to protect yourself.

TUAW is reporting on a phishing scam disguised as a renewal notification from MobileMe. The scam comes in the form of an email message claiming that the user's account's credit card information is incorrect and must be updated before renewal. Moral of the story? Never, ever, click a link or button in an email message asking for financial or personal information.

Apple has released Mac OS X 10.5.7, a bug and security fix update that touches on several areas of Leopard and Leopard Server. Also posted were updates to Safari and Security Update 2009-02 for Mac OS X 10.4 Tiger and Tiger Server.

Wired.com's Brian X. Chen reports on a potentially dangerous default Bluetooth setting found on Apple notebooks. The setting enables a Bluetooth device to wake a machine even if its lid is closed. For a user packing a MacBook and Bluetooth mouse into the same satchel, this default could result in an overheated disaster.

If you get a Facebook message from a friend suggesting that you visit fbaction.net or fbstarter.com, delete it, since it's a phishing attack that's trying to capture your login credentials.