Like liberty for all, privacy demands vigilance, and that’s why Apple users who care about those things are moving to DuckDuckGo for search.Why use DuckDuckGo?
Privacy is under attack.
It doesn’t take much effort to prove this truth. At time of writing, recent news is full of creeping privacy erosion:
- We’ve seen video conferencing solutions that surreptitiously install software on your Macs.
- A face-changing photography app perhaps implicated in the assembly of a vast database of faces.
- A household name in smart speakers has shared private conversations with people you don’t know, including chatter you didn’t know was recorded in the first place.
And then there’s Duck Duck Go.
If you travel frequently and use an iPhone or iPad, then you simply must familiarize yourself with these two tips – they’ll make it much easier to secure your device and its contents when you are on the move.In praise of Face ID
I’ve become very used to using Face ID. It’s seamless.
On the iPhone, I like that I can pay for groceries with a look and find it much easier to use in the dark than the Home button.
My iPad experience is similar, but I do get annoyed sometimes that I must raise the tablet slightly to get the face angle right – this isn’t always as intuitive as I would like.[ Related: Get to know Apple’s 11+ new privacy tools ]
All the same, given Apple’s claim that there is a 1 in 50,000 chance that someone else's fingerprint will unlock your iPhone and a 1 in 1,000,000 chance that it will be unlocked by another person’s face, I’ll always opt for the highly secure choice.
This government agency has cashiers’ stations for handling transactions with the public, and the treasurer’s office decides it needs new software to run those stations, according to a pilot fish in IT.
And there’s going to be one sign-on and password for all the stations, brag the higher-ups.
Bad idea, protest all the IT programmers and system administrators. For one thing, having a single user sign-on to the system will prevent tracking who is completing each transaction. They cite security, accountability and separation of duties, but their protests fall on deaf ears.
The vendor rep shows up one day, and he and the treasurer do a presentation for an audience that includes IT managers. The two sound excited, and a touch proud, when they tell everyone that the cashiers will sign on with the user ID “Cash.” They don’t share the top-secret password, though; that’s just for the cashiers to know.
Zoom released a patch this week to fix a security flaw in the Mac version of its desktop video chat app that could allow hackers to take control of a user’s webcam.
The vulnerability was discovered by security researcher Jonathan Leitschuh, who published information about it in a blog post Monday. The flaw potentially affected 750,000 companies and approximately 4 million individuals using Zoom, Leitschuh said.[ Related: 6 tips for scaling up team collaboration tools ]
Zoom said it’s seen “no indication” any users were affected. But concerns about the flaw and how it works raised questions about whether other similar apps could be equally vulnerable.
Back in October 2016, Microsoft divided the Win7 and 8.1 patching worlds into two parts.
Those who got their patches through Windows Update received so-called Monthly Rollups, which included security patches, bug fixes – and we frankly don’t know what else – rolled out in a cumulative stream.
The folks who were willing to download and manually install patches were also given the option of installing “security-only” patches, not cumulative; these were meant to address just the security holes.
Microsoft on Monday made good on a March pledge by announcing that its most sophisticated endpoint security service is now available for Macs.
Microsoft Defender ATP (Advanced Threat Protection) for Mac shifted to what the company calls "general availability" on June 28, wrote Helen Allas, a principal program manager on the enterprise security team, in a July 8 post to a company blog. Core components of Defender ATP, including the latest - "Threat & Vulnerability Management," which made it to general availability a week ago - now serve Macs.
Apple quite evidently plans many interesting improvements in its iCloud service this year. So, what’s going on?What we know so far
Apple at WWDC made several announcements that will be reliant on iCloud – these include obvious things like new services and support for new functions, and less evident topics around sync, data and AI.
Most recently, the company began beta-testing Touch ID and Face ID access to iCloud.com online, meaning that if you happen to be using an Apple device (Mac, iPad, iPhone) you can access your online iCloud services with the touch of a finger or a quick eye scan.
This may also be Apple’s way of testing the privacy-protecting Sign-in with Apple service it intends launching later this year.
While blockchain holds tremendous potential for creating new financial, supply chain and digital identity systems, it's often erroneously seen as a panacea for business problems.
The myriad of pilots and proofs of concept by large corporations and government agencies are showing real promise, but those projects don't always lead to obvious business cases that justify doing something differently. Sometimes a tried and true technology like a relational database can perform the task much more efficiently than a distributed ledger based on peer-to-peer technology that will require complex governance and rules.
This IT security pilot fish knows something about audits — and knows what he expects of auditors.
“I have more than 15 years of audit experience in IT,” fish says. “I have written and implemented policy and procedure, and developed incident response plans. I spent the better part of last year making sure that the external auditors could not find any inconsistencies in our control standards.”
Then the internal audit director decides to perform an audit of fish’s group — and sends a young auditor who thinks he knows everything IT.
After three weeks of research and testing, young auditor presents his results in a meeting with his boss the audit director and fish.
Ready for the mobile security news that IT doesn't want to hear about but needs to? When security firm Positive Technologies started pen-testing various mobile apps, security holes were rampant.
We'll plunge into the details momentarily, but here's the upshot: "High-risk vulnerabilities were found in 38 percent of mobile applications for iOS and in 43 percent of Android applications" and "most cases are caused by weaknesses in security mechanisms — 74 percent and 57 percent for iOS and Android apps, respectively, and 42 percent for server-side components — because such vulnerabilities creep in during the design stage, fixing them requires significant changes to code."
How many bugs could a WinPatcher patch, if a WinPatcher could patch bugs?
Ends up that June’s one of the buggiest patching months in recent memory – lots of pesky little critters, and the ones acknowledged by Microsoft led to even more patches later in the month.
In June, we saw eight single-purpose Windows patches whose sole mission is to fix bugs introduced in earlier Windows patches. I call them silver bullets – all they do is fix earlier screw-ups. If you install security patches only, these eight have to be installed manually to fix the bugs introduced earlier. It’s a congenital defect in the patching regimen – bugs introduced by security patches get fixed by non-security “optional” patches, while waiting for the next month’s cumulative updates to roll around.
Mozilla this week touted Firefox's anti-ad tracking talents by urging users of other browsers to load 100 tabs to trick those trackers into offering goods and services suitable for someone in the 1%, an end-times devotee and other archetypes.[ Related: Get serious about privacy with the Epic, Brave and Tor browsers ]
Tagged as "Track THIS," the only-semi-tongue-in-cheek project lets users select from four personas - including "hypebeast," "filthy rich," "doomsday prepper," and "influencer" - for illustrative purposes. Track THIS then opens 100 tabs "to fool trackers into thinking you're someone else."
Microsoft today announced changes to its OneDrive storage service that will let consumers protect some or even all of their cloud-stored documents with an additional layer of security.
The new feature - dubbed OneDrive Personal Vault - was trumpeted as a special protected partition of OneDrive where users could lock their "most sensitive and important files." They would access that area only after a second step of identity verification, ranging from a fingerprint or face scan to a self-made PIN, a one-time code texted to the user's smartphone or the use of the Microsoft Authenticator mobile app. (The process is often labeled as two-factor security to differentiate it from the username/password that typically secures an account.)
Apple is changing how its Find My Mac tool works in macOS Catalina and iOS – it will now use Bluetooth and should find your Mac even when it is asleep.How does ‘Find My’ Mac work?
Apple is combining two apps – Find My Friends and Find My iPhone into a new ‘Find My’ app.
The combined app offers what we are used to from each one of these individual apps, but introduces new tools based on Bluetooth.
The ideas is that it will use low energy Bluetooth signals to help bring people together with lost things.
Google this week asked for help in identifying suspicious websites, offering users of its Chrome browser an add-on that lets them rat out URLs.
The Suspicious Site Reporter, which can be added to desktop Chrome, places a new flag-style icon on the top bar of the browser. "By clicking the icon, you're now able to report unsafe sites to Safe Browsing for further evaluation," Emily Schechter, a Chrome product manager, wrote in a Tuesday post to a company blog.[ Related: How to protect Windows 10 PCs from ransomware ]
Safe Browsing is the name of the technology used by Google's search engine, Chrome, Mozilla's Firefox, Apple's Safari, and Android to steer users away from sites that host malicious or deceptive content. On the back end, Google uses robots to scan the web and build a list of websites that host malware, harmful downloads or deceptive ads and pages. Software developers can then plug into an API to integrate this list into their own applications, something rival browser makers have done for years.
A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.
Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and "high-end Android" devices.[ Further reading: The wireless road warrior’s essential guide ]
On the webpage describing the capabilities of its Universal Forensic Extraction Device (UFED) Physical Analyzer, Cellebrite said it can "determine locks and perform a full file- system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on many high-end Android devices, to get much more data than what is possible through logical extractions and other conventional means."