Apple has good privacy arguments, but critics aren't listening

Credit to Author: Jonny Evans| Date: Wed, 13 Apr 2022 09:41:00 -0700

Apple CEO Tim Cook this week warned that regulators are on the edge of making poor decisions that will impact our future during a passionate speech in defense of personal privacy and his company’s business models at the Global Privacy Summit in Washington DC.

Neither good nor evil

The thrust of Cook’s argument is that privacy and security are essential building blocks of trust for a technologically advanced society. But that huge potential is being constrained by surveillance and insecurity.

To read this article in full, please click here

Read more

Apple quietly stops meaningful auto-updates in iOS

Credit to Author: Evan Schuman| Date: Tue, 05 Apr 2022 09:14:00 -0700

In the mobile world pitting Apple’s iOS devices against Google’s Android devices, Apple has historically had one distinct advantage: patches and updates.

Given the fragmented nature of Android (hundreds of handset manufacturers versus just one for iOS), it is simply far easier for Apple to quickly and efficiently push out updates in a way that allows a large percentage of users get updates quickly. That has been true regardless of whether its new functionality or a critical security patch.

So what’s the problem? Craig Federighi, Apple’s senior vice president of software engineering, has quietly said that Apple has dramatically slowed down auto updates — by as much as a month.

To read this article in full, please click here

Read more

What are the best VPN services for conflict zones?

Credit to Author: Jonny Evans| Date: Mon, 14 Mar 2022 09:56:00 -0700

There has been a rapid spike in demand for VPN services in Russia and Ukraine since the invasion began almost three weeks ago. People in both nations seek online freedoms as offline misery intensifies, and want to see through the fog of conflict.

VPN services see rapid growth in Russia

A VPN (virtual private network) service creates an encrypted tunnel between users and the servers they interact with. This helps secure the traffic to protect people from being identified, tracked, and surveilled.

Simon Migliano, Head of Research at Top10VPN, explained that Russians began seeking out VPN services before the conflict began. But demand has accelerated as it continues and authorities become more repressive there.

To read this article in full, please click here

Read more

It's time to secure the Apple enterprise

Credit to Author: Jonny Evans| Date: Thu, 03 Mar 2022 09:35:00 -0800

It’s not unreasonable to assume that war in Ukraine will generate a wave of cyberattacks. That means every business or personal computer user should audit their existing security protections, particularly for companies that have embraced the hybrid workplace.

While larger enterprises usually employ Chief Information Security Officers (CISOs) and security consultants to manage such tasks, what follows is useful advice for Mac, iPad, and iPhone users seeking to start such an audit.  

To read this article in full, please click here

Read more

Behavioral Analytics is getting trickier

Credit to Author: Evan Schuman| Date: Mon, 28 Feb 2022 03:00:00 -0800

Behavioral analytics is one of the best authentication methods around — especially when it’s part of continuous authentication. Authentication as a “one-and-done” is something that simply shouldn’t happen anymore. Then again, I’ve argued the same thing about using unencrypted SMS as a form of multi-factor authentication and I sadly still see that being used by lots of Fortune 1000 firms.

Oh well.

Although most enterprise CISOs are fine with behavioral analytics on paper (on a whiteboard? As a message within Microsoft Teams/GoogleMeet/Zoom?), they’re resistant to rapid widespread deployment because it requires creating a profile for every user — including partners, distributors, suppliers, large customers and anyone else who needs system access. Those profiles can take more than a month to create to get an accurate, consistent picture of each person.

To read this article in full, please click here

Read more

Second Israeli firm accused of undermining iPhones, like NSO Group

Credit to Author: Jonny Evans| Date: Thu, 03 Feb 2022 09:08:00 -0800

As if recent revelations about NSO Group weren’t bad enough, yet another Israeli firm — QuaDream — has now been accused of using the same hack to undermine iPhone security.

QuaDream also used the hack, Reuters claims

A Reuters report has the details:

  • QuaDream made use of the same flaw to commit similar attacks against iPhones.
  • The company is smaller than NSO Group, but also sells smartphone hacking tools to governments.
  • Both companies used the same highly sophisticated “zero-click” ForcedEntry attack, which enabled them to remotely break into iPhones without an owner needing to click a malicious link.
  • Once deployed, attackers using the software could access messages, intercept calls, and use the device as a remote listening device. They also gained access to the camera and more.
  • Apple closed this vulnerability in September 2021.
  • It is believed NSO Group software was used to target the family of murdered Saudi journalist Jamal Khashoggi.

The news follows the revelation that the FBI also obtained NSO’s Pegasus spyware, but claims it did not use it. That  also follows another recent claim that NSO Group offered “bags of cash” in exchange for access to US cellular networks via the SS7 network.

To read this article in full, please click here

Read more