Skip to main content
Please wait...

All about the latest iPhone location privacy scare

2 hours 55 minutes ago

That story going around that claims iPhone 11 devices are secretly harvesting your location information – even though you’ve told them not to do so? You don’t need to worry about it. Here’s why.

What’s the story?  

The tale begins when a security researcher noticed the devices seemed to be sending out location data, even when Location Services were switched off. He thought this was weird, but Apple reassured him that this was “expected behavior” – and while the company took a little time to figure out what to say about this, it’s answer is convincing, once you know what it means.

What Apple said

The issue relates to iPhone 11’s U1 chip, which brings in an exciting (yet veteran) technology called Ultra Wideband (UWB). Speaking to TechCrunch, Apple described UWB as an industry standard that is also subject to some regulatory usage limitations, meaning it can’t operate all the time.

To read this article in full, please click here

Jonny Evans

All’s clear to install Microsoft’s November patches

1 day 2 hours ago

The November passel of patches didn’t include anything earth-shattering; there were no emergency security breaches storming the gates, but good patching hygiene dictates that you get your machine braced for the next round.

If you install patches manually one by one (“Group B,” which I don’t recommend for mere mortals), you need to make sure you have the proper Servicing Stack Updates in place. They’ve all changed in the past month.

To read this article in full, please click here

Woody Leonhard

Throwback Thursday: Bank error in your favor, collect $100,000

1 day 7 hours ago

It’s the late 1980s, and this pilot fish is working as a teller at small suburban bank with a few branches.

“Automation is catching on, but slowly,” says fish. “We have terminals to process deposits, withdrawals and money orders — but at the end of the day, the branch manager still takes our totals and enters them into a handwritten ledger.”

The terminals use a text-based menu for everything, but for some operations that require a manager’s approval — say, printing a cashier's check — the manager must walk over, hold down an override key and type in a password to let the teller access the check-printing menu.

Fish notices that the console beeps now and then during the password process. But it doesn’t happen every time, and there’s no pattern he can detect.

To read this article in full, please click here

Sharky

Microsoft Patch Alert: November patches behave themselves – with a few exceptions

2 days 23 hours ago

What a relief. The only major patching problem for November came from Office, not Windows. We had a handful of completely inscrutable patches – including two .NET non-security previews that apparently did nothing – but that’s the worst of it.

November saw the last security patch for Win10 version 1803. Win10 version 1909 got released, gently. We also had a much-hyped “exploited” zero-day security hole in Internet Explorer (again) that didn’t amount to a hill of beans (again).

To read this article in full, please click here

Woody Leonhard

How blockchain will kill fake news (and four other predictions for 2020)

4 days 7 hours ago

As blockchain's hype cycle continues to befuddle many about its potential beyond  cryptocurrencies, businesses and governments are moving ahead with projects involving everything from digital identities to voting and supply chain tracking.

Blockchain has slipped into the "Trough of Disillusionment" (see Gartner Hype Cycle), because it got ahead of its technical and operational maturity. As a result, interest has waned as most experiments and implementations failed to provide expected results.

To read this article in full, please click here

Lucas Mearian

Apple confirms HomeKit-secured CCTV and router systems

1 week 2 days ago

Apple has at last confirmed which routers and smart home security systems will support the HomeKit Secure Video and HomeKit-enabled routers systems it introduced in iOS 13.

Safe as houses?

HomeKit Secure Video and HomeKit-enabled routers patch two of the bigger gaps in smart home security coverage: they give users strong control over who can access video captured in your home and provide a welcome additional barrier against hackers and others attempting to break into home networks via the router.

To read this article in full, please click here

Jonny Evans

Android security: Analysis, advice, and next-level knowledge

1 week 4 days ago

It's tough to talk about Android security without venturing into sensational terrain.

A large part of that is due to the simple fact that the forces driving most Android security coverage are companies that make their money by selling Android security software — and thus companies with strong interests in pushing the narrative that every Android phone is on the perpetual brink of grave, unfathomable danger. Plus, let's face it: A headline about 70 gazillion Android phones being vulnerable to the MegaMonsterSkullCrusher Virus is far more enticing than one explaining the nuanced realities of Android security.

In actuality, though, Android security is a complex beast — one with multiple layers in place to protect you and one that almost never warrants an alarmist attitude. I've been covering Android security closely since the platform's earliest days, and I've busted more myths and called out more shameless publicity stunts than I can even count at this point.

To read this article in full, please click here

JR Raphael

Why isn't Apple (yet) supporting Tim Berners-Lee to 'save the web'?

1 week 4 days ago

Apple isn’t (yet) among the signatories for a global campaign to save the web launched by Tim Berners-Lee.

I hope this is something the company plans to change.

What’s the story?

Berners-Lee, inventor of the web, is concerned that the web is becoming a forum for political manipulation, fake news, privacy violations and other harms that he fears may plunge us all into what he calls “digital dystopia."

He’s launched a new global action plan and is asking governments, companies and individuals to commit to protecting the web and ensuring it benefits humanity.

“The power of the web to transform people’s lives, enrich society and reduce inequality is one of the defining opportunities of our time,” he said.

To read this article in full, please click here

Jonny Evans

The 5 true takeaways from Android's camera vulnerability circus

2 weeks 1 day ago

I don't know if you've read much news this week, but it seems the sky is falling and we're all terribly doomed.

No, I'm not talking about that news — as usual, that's another column for another publication — but rather the news that a security flaw in some Android camera apps could turn our phones into privacy-plundering spy portals and bring an end to human life as we know it.

I mean, have you seen some of these headlines?!

  • "Hundreds of millions of Android phone cameras can be hijacked by spyware"
  • "Android flaw lets rogue apps take photos, record video even if your phone is locked"
  • "An Android flaw lets apps secretly access people's cameras and upload the videos to an external server"

Holy hibiscus, Henry! Even I'm trembling from all of that, and I know it's a bunch of misguided, sensationalized hooey.

To read this article in full, please click here

JR Raphael

Throwback Thursday: See if you can wriggle out of this one

2 weeks 1 day ago

It’s several years ago during a major virus outbreak — if you know your history of computer viruses, you can narrow it down — and a user at a remote site calls this pilot fish to complain that her computer won’t let her get any work done.

“I asked her if she had called the local technician — who worked for me — and she replied that she had called him numerous times but he had not picked up his phone,” says fish. “I told her I would take care of it.”

Fish calls his tech, who says he has spoken to the user each time she called and explained to her that he’ll help her as soon as he can, but he’s finishing work in another area.

That satisfies fish, who goes back to his own work. And soon he gets a message from his tech, sent from the irate user’s email account, reporting that the tech checked the user’s PC, found a virus and removed it, and updated the PC’s virus definitions. Case closed.

To read this article in full, please click here

Sharky

Facebook's iOS 'bug' secretly filmed users. IT, take note.

2 weeks 2 days ago

News reports last week — subsequently confirmed by a Facebook executive's tweet — that the Facebook iOS app was videotaping users without notice should serve as a critical heads up to enterprise IT and security execs that mobile devices are every bit as risky as they feared. And a very different bug, planted by cyberthieves, presents even more frightening camera-spying issues with Android.

On the iOS issue, the confirmation tweet from Guy Rosen, who is Facebook's vice president of Integrity (go ahead and insert whatever joke you want about Facebook having a vice president of integrity; for me, it's way too easy a shot), said, "We recently discovered our iOS app incorrectly launched in landscape. In fixing that last week in v246, we inadvertently introduced a bug where the app partially navigates to the camera screen when a photo is tapped. We have no evidence of photos/videos uploaded due to this."

To read this article in full, please click here

Evan Schuman

Security lessons from a Mac-only fintech company

2 weeks 2 days ago

Apple remains a highly secure choice for enterprise professionals, but security threats remain and the environment requires sophisticated endpoint management tools, according to Build America Mutual (BAM) CTO David McIntyre.

The Mac only bank

BAM, one of the leading U.S. municipal bond insurers, has insured more than $65 billion since its launch in 2012. It also has the rare distinction of being a fintech firm that is completely based on Macs.

To read this article in full, please click here

Jonny Evans

Microsoft starts releasing fixes for Access bugs introduced in Office security patches this month

2 weeks 3 days ago

Although we’ve been promised no “C” or “D” week second cumulative updates for the rest of the year — at least for Windows — Microsoft has acknowledged a bug it created in last week’s Patch Tuesday Office patches, and now promises that it’ll update the bad fixes on most machines this week or next. Those are "C" week and "D" week, respectively.

The cause du jour: a bug in all of this month’s Office security patches that throws an error in Access saying, “Query xxxx is corrupt,” when in fact the query in question is just fine. Microsoft describes the erroneous error message on its Office Support site:

To read this article in full, please click here

Woody Leonhard

Mobile security perceptions don't approach reality. And that's a problem.

2 weeks 4 days ago

In general, security vendors love consumer surveys where consumers say that they would never, ever, ever do business with a retailer or a bank with poor security practices. But consumers have historically been terrible predictors of their own behavior, and they also tend to tell retailers and banks what they want to hear, rather than the truth.

And the truth, based on the public financial filings of plenty of companies that have suffered public data breaches, is that consumers — partially thanks to zero liability programs from the payment card companies — tend to not change retailers or banks when such data breaches happen. Why? Quite a few reasons. First, zero liability sees to it that they don't lose any money (it actually limits losses to $50, but almost no business enforces that, and they tend to simply eat all of the consumer losses). If consumers lost large amounts of money from breached retailers or banks, yes, they'd flee, but that doesn't happen.

To read this article in full, please click here

Evan Schuman

Balancing patient security with healthcare innovation | TECH(talk)

3 weeks ago
Healthcare organizations are one of the most targeted verticals when it comes to cyberattacks. While those organizations must work to secure patients' sensitive data, it can also be helpful to analyze that data to improve patient outcomes. Jason James, CIO of Net Health, joins Juliet to discuss why attackers target healthcare organizations, Google's Project Nightingale and what it means for a tech giant to have access to the medical data of millions of people.

Patch Tuesday arrives with Access error, 1909 in tow, and a promise of no more 'optional' patches this year

3 weeks 2 days ago

Editor's note: An earlier version of this story incorrectly included references to a re-released version of Windows 10 1809. That version of Windows has not been re-released.

The patches haven’t yet been out for 24 hours and already we’re seeing a lot of activity. Here’s where we stand with the initial wave of problems.

Malicious Software Removal Tool installation error 800B0109 

Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again. Poster IndyPilot80 says:

To read this article in full, please click here

Woody Leonhard
Checked
45 minutes 40 seconds ago
Computer World Security
Subscribe to Computer World Security feed

About SecurityFeeds

SecurityFeeds Logo

Tim Weil is a Security Architect/IT Security Manager with over twenty five years of IT management, consulting and engineering experience in the U.S. Government and Communications Industry.  Mr. Weil's technical areas of expertise include IT Security Management, Enterprise Security Architecture, FISMA Compliance, Identity Management, and Network Engineering. Mr. Weil is a Senior Member of the IEEE and has served in several IEEE positions.