21st Century Learning and Teaching

Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.

Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

"No iOS Zone" denial-of-service vulnerability could lead to your iPhone or iPad constantly crashing.

The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.

Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.

More details of the “No iOS Zone” flaw can be found in the slide deck of the presentation given at the RSA conference.

Bug forces millions of sites to use easily breakable key once thought to be dead.

Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=FREAK

Before you sync your iCloud or reinstall your apps, you need to lock down your iPhone or iPad. Here are seven important tweaks (and more) you can set to bolster your privacy.

Learn more:

- http://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

- http://gustmees.wordpress.com/2013/10/23/smartphone-pictures-pose-privacy-risks/

- http://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

The patch comes hours after the leaked photos emerged.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=iCloud

During his talk at HOPE/X Jonathan Zdziarski detailed several undocumented services (with names like 'lockdownd,' 'pcapd,' 'mobile.file_relay,' and 'house_arrest') that run in the background on over 600 million iOS devices.

Zdziarski's questions for Apple include:

• Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?
• Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?
• Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?
• Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?

... and his last slide (page 57 of the PDF) sums it up nicely: 

• Apple is dishing out a lot of data behind our backs
• It’s a violation of the customer’s trust and privacy to bypass backup encryption
• There is no valid excuse to leak personal data or allow packet sniffing without the user’s knowledge and permission.
• Much of this data simply should never come off the phone, even during a backup.
• Apple has added many conveniences for enterprises that make tasty attack points for .gov and criminals
• Overall, the otherwise great security of iOS has been compromised… by Apple… by design.

iPhones and iPads will be vulnerable until they get the iOS 7 update, which is scheduled for release later this year. Until then, you might want to avoid plugging into sleazy charging stations, tho...

Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Apple Security Update 2015-003 and apply the necessary updates.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Every vulnerability found may be good news ("it's been found!"), but it's also a failure of quality control and testing.

Are you surprised to see OS X and iOS top the chart?

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Is there any (Mac) OS X-specific malware around? Oh yes. But for some odd reason I haven't said anything interesting on this topic for quite a while… The last time was two and a half years ago. Yes...

So what can we deduce from these data?

First: cybercriminals find it easiest making money with mostly legal (well, almost legal) approaches. Persistent advertising also makes money, and coupled with large-scale infections – big money.

Second: OS X virus writers are a fairly rare but sophisticated species. Unlike the Windows virus scene, the OS X virus scene bypassed the childish stage of ‘viruses for fun’ and went straight to the grown-up – Mac OS – stuff with all the attendant hardcore malware tricks that are necessary for it. These are serious folks, folks! It’s very likely they honed their skills on the Windows platform first, and then went over to Mac to conquer new, uncharted territory in search of new untapped money-making possibilities. After all, the money’s there, and the users are relatively blasé about security, which means there are plenty of opportunities – for those blackhatters who are willing to put in the work.

Third: professional espionage groups have really taken to exploiting OS X. Many APT attacks in the last few years acquired Mac-modules, for example Careto, Icefog, and the targeted attacks against Uyghur activists. Yes, here we’re talking pinpointed –exclusive as opposed to mass – attacks, aimed at specially chosen victims; this is why they don’t figure in the top-20. Not that they are any less dangerous; especially if your data may be interesting to intelligence agencies.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Targeted attacks aim to steal sensitive data from Mac systems, says F-Secure

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Sometimes I wish the internet could just be a place to exchange wholesome information, such as cooking recipes and tips on Linux, but sadly, there is a dark side. There are deviant people lurking on the web doing all sorts of horrible things. Yesterday, a hacker leaked the private pictures and videos (nude and semi-nude) of many celebrities, and they have spread across the net. For these celebrities, who are real people, I am sure it has been a very trying time; their privacy has been destroyed and I offer my sympathies. For the many people (if they can be called that) viewing and spreading the pictures, the occasion has been dubbed

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=iCloud