The security mantra of Mac users revolves around the fact that it's not Windows. Look at the comment thread of almost any post online about a new vulnerability, or new malware attack impacting Windows, and inevitably you will find a Mac user gloating about how they don't have to deal with those issues.
While that is true, it is misguided to believe that the reason stems from Mac OS X just being too secure for attackers to breach. Not being the preferred target is nowhere near the same as being impervious. Just because Cadillac Escalades or Chevy Silverado pickups are stolen more than the Ferrari 458 Italia doesn't mean the Ferrari 458 Italia can't be stolen. It means that there are way more Cadillac Escalades and Chevy Silverados in the world.
Google made good on predictions that it would unveil an NFC mobile payment system at a media event today--sharing details of the new Google Wallet. The idea of completing purchases with a swipe of the smartphone is compelling, but it seems like using your smartphone as a wireless wallet is an invitation for having your credit card data compromised.
Google has partnered with Citibank to include native support for Citicard credit cards, but Google was smart enough not to paint Google Wallet into a corner with just one card. Google Wallet also include a Google payment option that can be pre-filled using funds from any credit card.
So, you put all of your credit card data into the Google Wallet one way or another, then you are all set. Leave your wallet at home. This is 2011 and now you can just make purchases with a tap of your smartphone.
Hotmail accounts were recently targeted by an attacking against a zero-day vulnerability in the Microsoft Webmail system. The attack is more insidious than some because it executes without user intervention when a malicious email is opened.
Most attacks require some additional action on the part of the user. Malware often comes in the form of a file attachment, or URL link embedded within an email. Those attack vectors are successful enough, but at least some users are conditioned enough at this point to know not to open file attachments or click on links. But, a threat like this one--that just works as soon as a message is viewed--can be a significantly bigger threat.
Researchers at Trend Micro detected the threat, and dug in to learn more about what makes it tick. According to a Trend Micro blog post, when a specially crafted message is viewed the malicious script executes automatically. The script then steals email messages and contact information from the Hotmail account.
I didn't expect to get a ticket to the rapture, but judging from the lack of abandoned vehicles it seems that the rumors of the end of the world were a bit exaggerated. However, even though the world did not come crashing to a halt today, don't let your guard down just yet. Now comes the rapture spam and apocalypse phishing attacks.
Following the revelation (pun intended) that the rapture has been unavoidably delayed, ESET's David Harley wrote a blog post assuring customers that ESET--or at least the less devout members of ESET that remain if the rapture does come--will maintain normal operations and keep an eye out for any potential threat--real or apocalyptic.
Harley explains, "We'll certainly continue to look out for the poisoned SEO (search engine optimization) that usually attaches itself to news-friendly (even sensational..) items like this, and the fake security software towards which it generally tries to lure its victims."
For a long time, one of the strongest points for using Apple computers in your business as opposed to a Windows-based PC has been the suggestion that the Mac platform is somehow inherently more secure
It's a talking point of Macolytes everywhere, and even Apple got into the game with its "Mac vs. PC" series of commercials. And for the most part, it's been supported by the ridiculously low number of malware attacks that Mac users have endured compared with Windows users.
This month Skype released a long awaited patch for a vulnerability that is extremely dangerous and could allow an attacker to remotely gain control of a system. Adobe released privacy controlls earlier this month, allowing you to control how much privacy you want. Microsoft also released a tiny Patch Tuesday.
Skype Publishes Updates For Skype For Mac Users
Last month Skype and Pure Hacking, a group of hackers in Australia, found a vulnerability in Skype for Mac 5.x which could cause Skype to crash when an attacker would send a specially crafted message. This vulnerability, according to Pure Hacking, can allow an attacker to remotely gain control of a shell, an interface feature for an application.
Dropbox has been making headlines this week, but not the kind of headlines that companies like to make. A complaint filed with the FTC accuses the cloud data storage provider of deceptive and misleading practices regarding just how secure customer data is. But, Dropbox takes exception to the claims and is speaking out to defend its security policies and terms of service (Tos). Dropbox readily admits that it has altered the terms of service, but it rejects the idea that the terms were changed to backpedal on security or move the line in the sand as it relates to Dropbox data protection.
No, according to a new Dropbox blog post, the ToS is not fundamentally different than that of any other online entity--Google, Skype, Twitter, etc.. Dropbox says the ToC was modified to clarify some points and make it easier for Dropbox customers to understand--especially when it comes to explaining the specific circumstances under which Dropbox might disclose information to law enforcement. "We felt our old TOS language was too broad, and gave Dropbox rights that we didn't even want."
Dropbox also stresses that customer data is not just handed over to law enforcement at the drop of a hat. First, there is only an average of one such request per month--out of 25 million customers. Second, Dropbox has a stringent vetting process to ensure that any such data request is legally sound, and in the event that a request doesn't stand up to legal scrutiny Dropbox will stand up for the rights of the customer and protect the data.