security

By MacRumors Staff
Jump to How Tos Articles


security How Tos

How to Use Firefox Private Network to Encrypt Your Web Traffic

Thursday September 12, 2019 2:18 am PDT by
Mozilla this week began piloting its own browser-based VPN service, and if you're located in the U.S. you can start testing it for free right away. Called the Firefox Private Network, the service promises Firefox users a more secure, encrypted path to the web that prevents eavesdroppers from spying on your browsing activity and hides your location from websites and ad trackers. In that...

How to Encrypt a USB Flash Drive in macOS Mojave

Sunday December 16, 2018 8:56 am PST by
In macOS Mojave, you can choose to encrypt and decrypt disks on the fly right from the desktop. Using this convenient Finder option, we're going to show you how to encrypt a USB flash drive (or "thumb drive"), which is useful if you're traveling light and want to take sensitive data with you for use on another Mac. Finder uses XTS-AES encryption, the same encryption that FileVault 2 uses to...

How to Use Secure Code AutoFill in iOS 12 and macOS Mojave

Tuesday August 14, 2018 1:26 am PDT by
Most readers will have at some point received a two-factor authentication code delivered to them by SMS text message. Many apps and websites send the one-time codes to confirm that the person attempting to log in to an account is the legitimate account holder, and not just someone using a stolen password. Depending on how notifications are set up on your iPhone, receiving a code via text...

How to Secure Your Apple ID Using Two-Factor Authentication

Monday February 5, 2018 10:59 am PST by
Apple introduced two-factor authentication (2FA) in 2015 to provide an enhanced level of security when accessing Apple ID accounts. With 2FA enabled, you'll be the only person who can access your account, regardless of whether someone learns your password – as the result of a hack or a phishing scam, for example – so it's well worth taking the time to enable the feature. In this article,...

security Articles

LocationSmart Bug Provided Easy Access to Real-Time Location Data of Millions of Phones

Friday May 18, 2018 10:25 am PDT by
Robert Xiao, a computer science student at Carnegie Mellon, recently discovered a vulnerability in LocationSmart's website that made the real-time location of millions of phones readily available to anyone with the knowhow. For background, LocationSmart is a company that collects location data of mobile customers from major carriers, including Verizon, AT&T, Sprint, and T-Mobile in the...

Researchers Discover Vulnerabilities in PGP/GPG Email Encryption Plugins, Users Advised to Avoid for Now

Monday May 14, 2018 3:26 am PDT by
A warning has been issued by European security researchers about critical vulnerabilities discovered in PGP/GPG and S/MIME email encryption software that could reveal the plaintext of encrypted emails, including encrypted messages sent in the past. The alert was put out late on Sunday night by professor of computer security Sebastian Schinzel. A joint research paper, due to be published...

Russia Bans Access to Telegram Encrypted Messenger Service [Updated]

Friday April 13, 2018 3:29 am PDT by
A Russian law court has ordered that access to the Telegram encrypted messaging service should be blocked, according to Russian news agencies on Friday (via Reuters). The development follows last week's news that Russia's media regulator had filed legal proceedings to block the app in the country because the company refused to enable state security services to access users' messages. The...

'ProtonMail Bridge' Brings Encryption to Outlook, Thunderbird, and Apple Mail

Wednesday December 6, 2017 5:58 am PST by
Swiss-based encrypted email provider ProtonMail today announced Bridge, an app for premium account holders that aims to bring easy-to-use email encryption to desktop email clients like Outlook, Thunderbird, and Apple Mail. One of our goals has always been to bring easy-to-use encrypted email to desktop. The problem is formidable. Desktop systems encompass multiple operating systems with dozens ...

Signal Encrypted Messenger 2.19 Update Finally Available Following App Store Hiccup

Saturday December 2, 2017 3:43 am PST by
Encrypted messaging app Signal pushed out its v2.19 update late on Friday after a post-release 48-hour delay, owing to an App Store issue that Apple has now resolved. The update includes a number of new features and improvements, including full UI display support for iPhone X. After the update is applied, users will no longer see the "Load Earlier Messages" link within chat threads, because...

$199 Wink Lookout Home Security Pack Bundles All-Wink Products for the First Time

Wednesday October 25, 2017 3:24 am PDT by
Connected smart home company Wink on Tuesday announced its first home security bundle featuring all its own-brand products, rather than including compatible products made by other companies. The Wink Lookout set includes two open/close sensors for use on doors and windows, a motion sensor with pet sensitivity for placement anywhere in the home, a siren and chime alarm with built-in flashlight, ...

FBI Unable to Retrieve Encrypted Data From 6,900 Devices Over the Last 11 Months

Monday October 23, 2017 1:17 pm PDT by
The United States Federal Bureau of Investigation was unable to retrieve data from 6,900 mobile devices that it attempted to access over the course of the last 11 months, reports the Associated Press. FBI Director Christopher Wray shared the number at an annual conference for the International Association of Chiefs of Police on Sunday. During the first 11 months of the current fiscal year,...

Apple Says 'KRACK' Wi-Fi Vulnerabilities Are Already Patched in iOS, macOS, watchOS, and tvOS Betas

Monday October 16, 2017 11:46 am PDT by
Apple has already patched serious vulnerabilities in the WPA2 Wi-Fi standard that protects many modern Wi-Fi networks, the company told iMore's Rene Ritchie this morning. The exploits have been addressed in the iOS, tvOS, watchOS, and macOS betas that are currently available to developers and will be rolling out to consumers soon. A KRACK attack proof-of-concept from security researcher ...

Major Wi-Fi Vulnerabilities Uncovered Put Millions of Devices at Risk, Including Macs and iPhones

Monday October 16, 2017 6:54 am PDT by
Mathy Vanhoef, a postdoctoral researcher at Belgian university KU Leuven, has discovered and disclosed major vulnerabilities in the WPA2 protocol that secures all modern protected Wi-Fi networks. Vanhoef said an attacker within range of a victim can exploit these weaknesses using so-called KRACKs, or key reinstallation attacks, which can result in any data or information that the victim...

Study Finds Significant Number of Macs Running Out-of-Date Firmware Susceptible to Critical Exploits

Friday September 29, 2017 8:02 am PDT by
A new research paper from Duo Security, shared by Ars Technica, reveals that a significant number of Macs are running out-of-date EFI versions, leaving them susceptible to critical pre-boot firmware exploits. The security firm analyzed 73,324 Macs used in production environments and found that, on average, 4.2 percent of the systems were running the incorrect EFI version relative to the...

Apple's Latest Transparency Report Shows Jump in National Security Requests

Thursday September 28, 2017 12:03 pm PDT by
Apple this week released its latest transparency report [PDF] outlining government data requests received from January 1, 2017 to June 30, 2017. In the United States, Apple received 4,479 requests for 8,958 devices and provided data 80 percent of the time (in 3,565 cases). Worldwide, Apple received 30,814 requests for data from 233,052 devices and provided data 80 percent of the time (in...

macOS High Sierra Automatically Performs Security Check on EFI Firmware Each Week

Monday September 25, 2017 8:14 am PDT by
Mac users who upgrade to macOS High Sierra will benefit from a significant new security feature that works in the background. macOS High Sierra automatically checks a Mac's EFI firmware against Apple's database of "known good" data to ensure it hasn't been tampered with, according to a series of tweets from an Apple engineer. The tweets have since been deleted, but a summary remains...

Hacker Releases Firmware Decryption Key for Apple's Secure Enclave

Friday August 18, 2017 4:29 am PDT by
A hacker released what he claimed to be a firmware decryption key for Apple's Secure Enclave on Thursday, initially sparking fears that iOS security had been compromised. Apple's Secure Enclave Processor (SEP) handles all cryptographic operations for the Apple Watch Series 2, the A7 processor that powers the iPhone 5s, the iPad Air, the iPad mini 2 and 3, and subsequent A-series chips. The...

'Real People' Don't Need Encrypted Messaging Services, Claims U.K. Home Secretary

Tuesday August 1, 2017 3:46 am PDT by
The U.K. home secretary Amber Rudd has argued that "real people" do not want secure end-to-end encryption on messaging platforms and are more concerned with usability and features than unbreakable security (via Yahoo News). Rudd made her case in a newspaper article, published ahead of a meeting today with technology companies in San Francisco, where she will warn tech giants that their...

Encrypted Chat App Telegram to Remove Terrorist Content Following Ban Threat in Indonesia

Monday July 17, 2017 3:37 am PDT by
Telegram is to form a team of moderators to remove terrorist-related content from the encrypted messaging platform in Indonesia, after the country's government threatened to ban the app. Indonesia's Ministry of Communications and Information Technology has already blocked access to the web version of the chat platform, citing concerns that it was being used to spread "radical and terrorist...

Australia Proposes Law That Would Compel Tech Companies to Decrypt Messages

Friday July 14, 2017 2:37 am PDT by
Australia on Friday proposed new laws that would require companies like Apple to provide law enforcement authorities with access to encrypted communications (via Reuters). Australia's proposed legislation will compel companies to help security agencies intercept and read messages sent by suspects. It appears to take cues from the U.K.'s Investigatory Powers Bill, which includes provisions that ...

Popular Mobile VPN Services Shut Down in China

Monday July 3, 2017 4:41 am PDT by
A popular virtual private network service has been forced to close in China on orders from the government, it emerged on Monday. Bloomberg reported that GreenVPN sent a notice to its customers saying it would end the service from July 1 after "receiving a notice from regulatory departments". VPNs route and encrypt internet traffic to servers outside of the country, making them popular with...

Australia to Push for Greater Powers on Encrypted Messaging at 'Five Eyes' Meeting

Monday June 26, 2017 3:14 am PDT by
Australia is set to push for greater international powers to thwart the use of encrypted messaging services by terrorists and criminals, according to reports on Sunday (via Reuters). The topic will be addressed this week at a meeting of officials from the "Five Eyes" intelligence sharing network, which includes the U.S., the U.K, Canada, Australia, and New Zealand. Australia claimed the...

Russia Threatens to Ban Encrypted Messaging App Telegram

Friday June 23, 2017 3:58 am PDT by
Russia has threatened to block access to the Telegram messaging platform unless the company that runs the app provides more information about itself (via Sky News). The head of communications regulator Roskomnadzor, Alexander Zharov, said repeated efforts to obtain the information had been ignored by the company and warned that "time is running out" for the app. "There is one demand and it ...

Swiss Encrypted Email Provider Launches ProtonVPN With Free Subscription Tier

Tuesday June 20, 2017 4:49 am PDT by
Encrypted email provider ProtonMail today launched its own VPN service called ProtonVPN, which includes a free user tier in its pricing plan. The Swiss-based company said it had been testing its VPN service for four months with the help of over 10,000 members of the ProtonMail community, and the group was ready to make ProtonVPN available to everyone starting Tuesday. The Proton group...