Security Archive

Apple Releases Shellshock Security Fix for OS X

OS X users now have a security patch available to address the Shellshock security flaw that was discovered in recent weeks.  The update, which is available on the Apple Support website, is available for OS X Mavericks, OS X Mountain Lion and OS X Lion.  It is presumed that the issue is already addressed in OS X Yosemite or will be updated in a patch during its current beta cycle.

If you aren’t familiar with what the Shellshock security flaw is exactly, Apple provided the following statement to MacRumors last week on it.

Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.

There are a couple of things to keep in mind on this flaw.  First, you likely aren’t impacted so no need to panic at the disco.  Second, even if you never use Terminal and the shell commands, you should update anyway.  Better to be safe than sorry later.

Lessons Learned From The iCloud Security Breach

Earlier this week you undoubtedly heard of the iCloud security breach that happened to some well know celebrities.  While Twitter and other places lit up with nudie pics of the like of Jennifer Lawerence, there were a lot of people at Apple frantically trying to find the source of the problem.  Was it a real breach?  Was there an inherent flaw in iCloud where anyone and everyone could be compromised?

The short answer is no.  This came down to, at the most basic level, a brute force attack against usernames and passwords. It was the latest in what seems to be a weekly announcement of someone having data security compromised by hackers.  The problem of course is that we all have digital data – digital footprints and fingerprints – all over the Internet.  From our Facebook account(s) to Twitter to our Banks.  Even our identification to remotely access our corporate networks.  Nobody is immune but you can protect yourself as best as possible.

Identification security is something we should all be vigilant about whether it is on our smartphones, our PCs or Macs.  Security breaches happen at the weakest point so the goal is to make it difficult to discourage but also no so difficult that you yourself are unable to access your data.  Here then are a few tips that you should consider when it comes to your personal data security.

Use Complex Passwords

The most basic thing you can do in personal data security is use complex passwords.  That is, use passwords with a mixture of:

  • Upper-Case Letters
  • Lower-Case Letters
  • Numbers
  • Special Character such as @£$%!
  • At least 8 characters long

Passwords should also not be associate with any personally identifying information such as:

  • Birthdays (yours, your spouses, your children, etc)
  • Your address
  • Your National Identification/Social Security Number

Complex passwords serve as a strong deterrent for those who would potentially try to gain access to your data.  While any password can be compromised with enough time, complex ones point hackers to easier targets.

TimeLock PRO: Secure photos, video and files vault hiding in a clock

The new TimeLock PRO app is the most effective and unique security app available right now. It is not only a timeless clock with an alarm function, but also a high security vault for your personal photos, notes and documents. The vault itself is completely invisible, hidden in the design of the clock. This is truly an ingenious way of hiding information in plain sight by using the latest security technologies TimeLock PRO keeps all pictures and videos militarily secure, because the entire contents of the vault is encrypted with the strong 256-bit AES (Advanced Encryption Standard) algorithm.

TimeLock Pro (Universal App) – SALE $1.99 (Reg. $4.99) – Download Now

TimeLock App Gives A Secure Vault for your Photos & Videos

Constantly worrying about the security of photo and video files in an iOS device is enough to drive people crazy, after all it is impossible to keep a constant close eye on all mobile devices to make sure it is not going in to the wrong hands. It is fair to say that almost every person has something in their iPhone, iPad or iPod touch that they would like to keep private, secure from other people. There has long been a need for an app that is not as obvious and effectively able to hide all the information that needs to remain hidden to be really secure.

The TimeLock app is the most effective and unique security app available right now. It is not only a timeless clock with an alarm function, but also a high security vault for your personal photos and videos. The vault itself is completely invisible, hidden in the design of the clock.

TimeLock (Universal App) – $2.99 – Download Now

How To Stay More Secure – Passwords and Passcodes

With the news on New Year’s Day 2014 that the popular social network SnapChat had been breached and some 4.6 million users information had been exposed, it highlights once again the importance of maintaining good security habits with your information and accounts online.  While we depend on companies who provide these services to be secure, we as users also have a responsibility of making sure we do our part.  In this How To we are going to cover how to stay more secure on the Internet by going over some of the basics that we all need to follow.

To start, let’s be pointblank:  Security online is a PITA (Pain In The Ass).  It’s not fun.  It’s not easy.  It certain is time consuming and on the surface there appears to be very little reward for doing it.  But the reward is there and it comes in the form of not losing control of your accounts by someone with less-than-admirable qualities.  Security breaches can and will happen and if your passwords and accounts are more secure than others, hackers will simply pass by your account to go to an easier one.

Create a Secure Password

The first and most important thing to do is create a properly secure password.  That means it is complex and dare I say not easy to remember.  Passwords should be complex, containing a mixture of alphanumeric, should be case sensitive (A and a for example) and have special characters such as !, $ or @. Last but not least, it should have 8 characters in it. For example, Atuxe87Ev1! (and no, that is not a password to anything of mine).  The general rule is the more complex you can make your passwords the better.  It should also not be based on a known word but be as random as possible.

But let’s be clear:  No password is 100%.  Hackers have tools out there that can hash out even the most complex of passwords.  The objective of the game here is to be difficult so they move along to the next person.

How then do you keep up with all these passwords that you can’t remember?  Use a wallet type application to keep track of all of them.  I personally use eWallet from Ilium Software as it syncs with my iPhone, iPad and Mac but there are others out there.  One nice thing about eWallet is it also has a password generator to create these complex passwords for you.

Don’t Use The Same Password Twice

So now that you’ve created a complex password, the temptation will be to use it for other sites.  Do. Not. Do. It.

Every site and every service you use should have it is own unique password.  It sounds straight forward but many people out there use the same password for everything online.  That means that once someone has your password once, they have access to everything.  Everything.

TimeLock App Secures Your Photos & Videos Uniquely

ProtectStar today released its new security app, TimeLock for iPhone and iPod touch. No one will have the idea that there is a highly secure and protected safe ingeniously hiding in an alarm clock. The TimeLock app allows iDevice owners to securely store photos and videos, inside a data vault, where all contents are encrypted using powerful 256-bit AES algorithms.

Constantly worrying about the security of photo and video files in an iOS device is enough to drive people crazy, after all it is impossible to keep a constant close eye on all mobile devices to make sure it is not going in to the wrong hands. It is fair to say that almost every person has something in their iPhone, iPad or iPod touch that they would like to keep private, secure from other people. There has long been a need for an app that is not as obvious and effectively able to hide all the information that needs to remain hidden to be really secure.

The new TimeLock app is the most effective and unique security app available right now. It is not only a timeless clock with an alarm function, but also a high security vault for your personal photos and videos. The vault itself is completely invisible, hidden in the design of the clock.

TimeLock (Universal App) – SALE FREE – Download Now

iPhone 5S Fingerprint Scanner Confirmed by WSJ

The Wall Street Journal has confirmed a long running rumour that the iPhone 5S, expected to be announced today by Apple, will indeed have a fingerprint scanner for added security.  The article from Danny Yadron states,

People familiar with the matter said last week that Apple will include a fingerprint scanner on the more expensive of two iPhones it is expected to unveil Tuesday at an event at its Cupertino, Calif., headquarters.

The article goes on to state that at least one Android powered phone is expected to have a fingerprint scanner this year but it was unclear where that device would be sold.

Fingerprint scanners are not new, even on mobile devices, but the technology is a quantum leap ahead of where it was just a few years ago.  It is far more reliable and accurate and it provides a very high barrier for entry into a stolen device.  Passwords, especially 4 digit PINs are not highly secure and can be cracked quite easily (see our How To on creating a more complex passcode on your iPhone).  Having a fingerprint scanner as a security method should dramatically improve device security.

The once concern we at AlliOSNews have brought up with the idea of a fingerprint scanner in the iPhone 5S is the need for a PIN entry for those who are physically challenged.  There are many iPhone users who have to use a stylus or cannot extend their fingers in order for a fingerprint scanner to work.  Hopefully Apple will indeed have made the biometric security optional for those who need it.

Ilium Software Updates eWallet for iOS With Big Improvements

Ilium Software has released a nice update to their eWallet for iOS app in the App Store today.  The update, version 7.5 for those keeping score, brings a significant number of improvements that are aimed at making the user experience better on their iPhone or iPad.

If you aren’t familiar with eWallet for iOS, it is a password and other important information “wallet” but also has a built-in

eWallet for iOS

eWallet for iOS

password generator and leverages iCloud for syncing of your wallet across all your devices.  It’s my personal favourite wallet application and I’ve been using eWallet since way, way, way back in my Windows Mobile days.

The biggest change in this update comes in the form of AutoPass.  This feature will automatically insert user names and passwords on websites when they are launched from eWallet.  It’s a great feature that Ilium has had as part of eWallet for Mac for some time now.  Having on your iPhone or iPad – where the majority of do our web surfing anyway – just makes sense and it is a welcome addition.  eWallet for iOS also has improved the card editing screens for faster and easier entry of data on new cards and a whole new screen for an easier adding of a card to your wallet.

Ilium spent a fair amount of time in this release to also educate new users.  There is a while new introduction for new users to explain the app and its use as well as an improved sample wallet for users to understand how their eWallet is built and structured.  Kudos to Ilium for giving new users some information to help them along.  Too many developers simply assume that you know how their app works.  That’s not always the case.

eWallet for iOS is a Universal app for iPhone & iPad and is $9.99 in the App Store.  This update is free to existing eWallet users.  Right now eWallet for Mac is on sale in the Mac App Store for $9.99 where it is normally $19.99.  Having the app on your Mac allows you to synchronise your wallet file between your devices and Mac.

eWallet (Universal App) – $9.99 – Download Now

eWallet for Mac – SALE $9.99 (Normally $19.99) – Download Now

Network Toolbox Released for iPhone & iPad

Marcus Roskosch, independent software developer and founder of Creating Your App, just released his new iOS app Network Toolbox for iPhone, iPod and iPad.

Despite of rumors about the NSA Prism scandal or Chinese Hackers attacking networks and servers around the world, there is something that each of us can do to increase cyber security.

Network Toolbox helps to identify security issues or wrong configurations of your local or public networks that often

Network Toolbox for iPhone

Network Toolbox for iPhone

makes it too easy for cyber attackers to break into your systems.

Even for an inexperienced user, it will now be easier than ever to check your home network for ports that are unintentionally left open to the web. By using this Network Toolbox app, such a security scan can be performed within seconds by following the included Guides and How-To’s. An included Glossary also explains terms from A like “Access control” to Z like “Zero day”.

For deeper security analysis, Network toolbox offers various tools to connect and inspect your networks. Regular Network tools like Browsers, Mail or FTP clients usually hide information about the connected server from the user. Network toolbox on the other hand can visualize such information as this information is often the first starting point for a cyber-attack. Cyber criminals can use this information to learn about your network and to find vulnerable devices.

By using this app, you will be able to identify such issues and once they are identified, they can often easily be solved.

“Don’t trust the evil,” Marcus said on his website. Don’t trust what suppliers of NAS Servers, Web-Cameras, Backup devices or Network router tells you. Often those devices are shipped poorly pre-configured and just claim to be secure. Be your own Hacker and try to compromise your own network to locate those devices and protect your data.

Network Toolbox 2.01.01 is $5.99 USD (or equivalent amount in other currencies) and available worldwide exclusively through the App Store in the Productivity category.

Network Toolbox (Universal App) – $5.99 – Download Now

TechMom Tuesday: What the heck is my password? [Review]

You’re lucky this post exists. Because of what I’m reviewing, I was able to actually log into WordPress to post.

**********

It was déjà vu all over again when the blinky red indicator lit up my email inbox declaring that my password was about to expire.

“Your Network Password will expire in 8 days. In order to avoid disruption with your account please take a moment and reset your password.”

(They leave out the part about how no matter what you do, you’re going to manage to lock yourself out of the system anyway. Also, you can’t repeat passwords. And the system knows!)

We’ve all heard the stories. A giant database gets hacked so your account (and thereby your identity) is at risk.

We’ve all heard the warnings. Don’t use 12345 or Password. And even if you have a super stealth security code comprising letters, numbers, symbols, wizarding runes and a strand of your DNA, for all that is holy don’t use it for multiple sites.

I’ll be honest with you. My brain is now full. I no longer remember my own phone number, much less continuous strings of essentially random typos. What’s that? You also want me to remember what account all those nonsensical numeric are associated with?

Not happening. Alas, there’s only so many times you can click the “Forgot my password” link on a site before it completely shuts down on you.

mSecure of Mac

mSecure of Mac

And then I was introduced to mSecure Password Manager.

I was initially skeptical. Write down all my passwords in one place? DANGER WILL ROBINSON!

But then I realized that I have over 101 accounts and web logins that I use regularly enough to need to actually know how to decode the html cipher and retrieve my info. Let’s face it – it’s far easier for a hacker to access thousands of accounts than for me to remember if I’m TechMom, Tech Mom or techmummy with a password of 1f-U#ack_M3,Ple@$e.S#are!nfo

mSecure is available across all my Apple devices. But to calm the paranoid conspiracy theorist within, your account can only be synched across devices when you are simultaneously logged in on a single Wi-Fi network and, more importantly, only when you explicitly tell it to do so.

Organize your passwords into categories in mSecure

Organize your passwords into categories in mSecure

Adding a new item in mSecure for iPhone

Adding a new item in mSecure for iPhone

With a single master password, you can store a plethora of tricky data – I use it mostly to record Web login information. It is also a great digital wallet that allows categorization for grouping personal, work and family account information. For example when one of our four medical record login credentials is inevitably forgotten by a family member (namely, me).

The layout is simple and easy to read. It’s not meant to be fancy, it’s meant to restore sanity when you really need to reschedule a doctor follow up visit but cannot for the life of you remember what your toddler’s login information is for Kaiser.

For each entry, input a description, username, password, URL and applicable notes. You are in complete control of the data though, so if you’re uncomfortable having the actual password stored, simply enter a reminder in the Password field – it’s a lot easier than trusting a site’s ability to remember you’re the school your mother’s maiden name went to with their favorite pet in the first car owned.

However if you’re fresh out of ideas, mSecure also enables you to auto-generate a secure password.

Creating a password in mSecure

Creating a password in mSecure

It’s not free. You can download it for your iPhone, iPad in the App Store for $9.99.   It is $19.99 for the Mac version, also in the Mac App store.  But it’s totally paid for itself in time saved and meltdowns avoided.  BTW, synchronization happens between the platforms when the devices are on the same WiFi network.

mSecure (Universal App) – $9.99 – Download Now

mSecure for Mac – $19.99 – Download Now