If you’ve updated to iOS 12.2 and/or macOS 14.4, you’ve probably seen a ‘Not Secure’ message in the Safari address bar. OSXDaily explains.
By seeing the ‘Not Secure” Safari message on an iPhone, iPad, or Mac you are simply being informed by Safari that the website or webpage being visited is using HTTP rather than HTTPS, or perhaps that HTTPS is misconfigured at some technical level.
Ironically, as the article points out OSXDaily is itself not secure.
If a website uses HTTPS, Safari will display a green padlock next to the domain in the address bar. But in some cases it could still be insecure.
In analysis of the web’s top 10,000 HTTPS sites—as ranked by Amazon-owned analytics company Alexa—the researchers found that 5.5 percent had potentially exploitable TLS vulnerabilities. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs (of which there are many) in TLS and its predecessor Secure Sockets Layer. But the worst thing about these flaws is they are subtle enough that the green padlock will still appear.
iOS 12.2 patches 51 security vulnerabilities, which is a huge incentive to update if nothing else announced yesterday was enticing.
The list of patches covers a wide variety of bugs an adversary could potentially manipulate to obtain effects like denial-of-service, privilege escalation, and information disclosure to gaining root privileges, overwriting arbitrary files, or executing code of the attacker’s choice.
More movies exclusive to iTunes have been leaked to pirate websites, providing stronger evidence for an iTunes DRM crack.
Microsoft announced that Windows Defender ATP—its built-in anti-malware tool—is coming to macOS.
Brian Krebs wrote a good article on how our phone numbers have become security and authentication tools, and thus closely tied to our identity. But there’s a problem with that.
Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.
Security expert Maik Morgenstern talks about iPhones and viruses and how in theory an iPhone could get one.
“In theory, yes,” Maik Morgenstern, chief technology officer for AV-Test, told Digital Trends. “However, the practical hurdles are quite high, and it is unlikely for a normal user to get affected. But vulnerabilities exist that can be exploited by attackers.”
Firefox Send is a free tool that lets you send encrypted files up to 1GB in size, or 2.5GB if you sign in with a Firefox account.
What sets Send apart is its ease of use. It works in any browser; just go to send.firefox.com. Upload or drag and drop files, and Send will generate a link that you can set to expire after a certain number of downloads—up to 100—or a certain amount of time, ranging from five minutes to seven days.
Being able to use any browser is probably the best part about this tool.
The United States might punish Germany if the country decides to use Huawei technology in its 5G infrastructure.
CLEAR, the company whose members we all enviously gaze upon at the airport as they breeze past those of us in the TSA Pre-Check lines, is expanding their identity verification technology to point of sale. Testing in some Seattle sports stadiums, CLEAR’s ability to use biometrics to confirm that you are definitively you is helpful for age verification for alcohol sales, but could also just make point of sale simpler, in general. Part of their mission all along, they figured if they could get approval for their tech to be used to confirm identity at airports, it was certainly going to work to add convenience to point-of-sale while also increasing the security of the transactions. Of course, Apple’s introduction Touch ID at point of sale with Apple Pay starting in 2014 has helped the masses understand the usefulness of this technology. That rising tide lifts all boats, including CLEAR’s. Look for CLEAR to roll out more instances of this tech in the coming year.
David Nield implores us to make sure we properly remove data from our devices before we get rid of them.
Your personal data—be it financial spreadsheets or web searches—is not something you want to be leaving behind for other people to find, and totally wiping your activity off devices or the web takes a few more steps than you might have realized. Don’t worry though, as we’re going to walk you through the process.
Special prototype iPhones called dev-fused iPhones help security researchers examine Apple’s code.
The RSA Conference is a series of computer security conferences. This year, security researcher Patrick Wardle announced a new tool for Macs called GamePlan.
…GamePlan, a tool that watches for potentially suspicious events on Macs and flags them for humans to investigate. The general concept sounds similar to other defense platforms, and it hooks into detection mechanisms—has a USB stick been inserted into a machine? has someone generated a screen capture? is a program accessing a webcam?—Apple already offers in macOS. But GamePlan, cleverly written with Apple’s GameplayKit framework, collects all of this data in a centralized stream and uses the videogame logic engine to process it.
I use a couple of Mr. Wardle’s security tools. I look forward to downloading GamePlan.
Researchers uncovered a GitHub code ring made up of 89 accounts promoting 73 repos that contain over 300 apps with backdoors.
The flaw lets a hacker make changes to a file without informing the operating system.
Huawei is suing the U.S. government because its products were banned from being used by federal agencies.
According to one of the people familiar with the matter, Huawei’s lawsuit is likely to argue that the provision is a “bill of attainder,” or a legislative act that singles out a person or group for punishment without trial. The Constitution forbids Congress from passing such bills.
Andrew Orr and Charlotte Henry join host Kelly Guimont to discuss the new Thunderbolt vulnerability and the latest in warrant canaries.
The Private Internet Access 2.8.0 update brings a network management tool. When you enable the feature PIA will automatically turn itself on when you connect to untrusted Wi-Fi networks. You can add networks you do trust to a whitelist, including your cellular network. If you set it not to trust cellular networks and you turn on the option to protect all networks, it means that the VPN will automatically turn itself on all the time.
The update also adds support for IKEv2. Internet Key Exchange (IKE) is part of the IPsec protocol suite, and it’s used to set up a security association. Jargon aside, IKEv2 is responsible for making a secure connection between you and the VPN server. It does this by authenticating you both and establishing which encryption methods will be used.
During the 2018 midterm elections U.S. Cyber Command blocked internet access to Russians seeking to interfere.
Zach Whittaker is tired of the same old line companies use, like when they suffer a data breach: “We take your privacy and security seriously.”
The truth is, most companies don’t care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen…About one-third of all 285 data breach notifications had some variation of the line. It doesn’t show that companies care about your data. It shows that they don’t know what to do next.
I’m betting there’s a template that public relations employees have that they copy and paste into official emails sent out in the wake of security stuff like this.
John Martellaro and Andrew Orr join Kelly Guimont to discuss webcams and security measures, as well as AI that freaks out even Elon Musk.
Dating app Coffee Meets Bagel announced today that it suffered a data breach on Monday.
Apple is requiring developers to secure their Apple ID with two-factor authentication.
Keiran Dennie tweeted an interesting chart that compares the security of various smartphone operating systems.
Wondering about Android and Apple phone security? Here’s an objective chart to help you decide.
It’s a well known fact of Android that people have to rely on their carrier to push out security updates. This can take weeks, months, and sometimes they don’t get released at all.
