I have heard it said over and over again, buy a MAC and you won't have security issues. Well, time catches up and we are seeing hackers taking advantage of vulnerabilities in Apple software. Recently we were made aware that versions 4 and 5 of Apple's Safari browser have a critical vulnerability. It has to do with a form fill feature that can reveal personal information about the user. Last week Jeremiah Grossman wrote about this on his blog. There is a way to prevent your identity from being revealed. You can Go to Preferences > AutoFill > AutoFill web forms and uncheck “Using info from my Address Book card”.

Jeremiah Grossman addresses this in detail on his blog and offers a video on how to correct this issue.

Apple has not addressed this vulnerability to date.  Welcome to the real world Apple users.

One thing that we all tend to overlook is the fact of how much we are being tracked on the internet. Especially by Google. Did you ever look at their icon? What do you see? I see a giant eye looking at me. And essentially that's what they are doing, how they make their money, watching, observing what people search for and then monetizing it. Let's face it, they know their business, kudos to them.

However, you don't have to help them, and in effect, you might be better off if you don't. Alternative search engines exist, and one of the safest and most private that I have found to date is Startpage.com It does not record your IP address and is completely private with no data captured. In this day and age where so many people are involved with viewing our data, it makes ...

read more

Seems that Apple has some vulnerabilities that it has quietly gone ahead and taken care of. Mac OS X 10.6.4 includes limited protection against a trojan labeled OSXPinhead -B. this one has capabilities to allow a hacker to gain remote control for the purpose of identity theft.

I guess the days of MAC users professing how they never have to worry about viruses and trojans are officially over.

Apple secretly updates Mac malware protection, Sophos reveals

Okay Apple users, wanna comment on this one? It appears that the IPad has been hacked and 114,000 users e-mail and possibly other personal information has been exposed. Nice! Although it does appear that AT&T was also at fault. Apparently the hackers obtained the information from AT&T's website to harvest the data on the IPad users. Huge screw-up and doesn't do much for confidence in either the IPAD, or the AT&T network.

Full Story: 

Apple's Worst Security Breach: 114,000 iPad Owners Exposed

New research has proven that your cellphone is a walking ID billboard for hackers. Actually this isn't something that can be patched. It's built in to the network as features. I listened to Steve Gibson explain this this afternoon and was astonished at what he reported. You can listen to the explanation yourself here: Security Now his comments on the vulnerability start at the 14:17 

The story he refers to can be read here:

 

Researchers Hijack Cell Phone Data, GSM Locations

Here is a little excerpt:

"A lot of this isn't terribly secret, but it's not that well-known," Bailey said. "To find information on users, that was our goal. These pieces of information come from all over. The caller ID database provides a lot of information about people and companies. One thing we found is that we could go through the provider network in a ...

read more

You scanned your tax documents last year, maybe your birth certificate, or a copy of your health records all the confidential documentation that you do for your company or personal use. They all get stored on a hard drive in your copier. Did you know that? I didn't know until recently that there is a hard drive that stores copies that you make.

This is a very interesting story and one that everyone needs to know about. Read or watch this story:

 

Tony Lopez Investigates: Keeping Your Secrets

Network World has a new report on a report that hackers are breaking into a number of GMail accounts. If you didn't recieve the word yesterday, please make sure that you take the precaution and change your GMail password.

 

Drug-dealing spammers hit Gmail accounts

In light of recent information that is slowly being divulged regarding China's recent attack on google, I am advising people who own Gmail accounts to immediately change their password(s). there is a possibility that the information that was stolen who allow the perpetrators to have cracked Google's password code somehow. I'm not sure of exactly what goes on, but there is enough evidence to suggest that it would be wise for users to change their account passwords. Some of the comments in the article that was posted at the New York Times yesterday is enough evidence for me. Read it yourself:

 

Cyberattack on Google Said to Hit Password System

Seems like some less than desirable people in Japan have created a virus that infects people who use a popular P2P file sharing service called Winni. It is called Kenzero and installs itself after users have downloaded an illegal game called Hentai. It then asks for personal information to launch the game and grabs that info to post on a public website. Then it blackmails the user into paying to remove your name.

If this doesn't catches on with undesirables who go after porn users, it will be a miracle. Sounds like trouble brewing here.

The Full Story at the BBC:

 

Porn virus publishes web history of victims on the net

 

This morning while browsing my security newsletters I ran across a link to a very good guide on how to avoid some of the risks involved with Social Media sites. The most popular of course is facebook. These are guidelines on what to watch out for and should be taken into account especially if you have children or teenagers with Facebook profiles.

 

 

Social Media Risks: The Basics