Glenn Fleishman
Author Archives: Glenn Fleishman
- Home → Author's archive:
Glenn Fleishman
0
Ignore that call from “Apple” about an iCloud breach
Earlier on Monday, my wife let me know that “Apple Support” had called about iCloud security. She was dubious, and rightly so. “Apple” then called five more times (and counting). Suffice it to say, it wasn’t Apple, but fraudsters trying to piggyback on reports that a major breach of iCloud credentials could render hundreds of millions of accounts vulnerable.Apple says no such breach occurred, and security researchers, like Troy Hunt of HaveIBeenPwned.com, say the group trying to extort Apple likely has reused credentials from other sites’ password leaks. (We recommend turning on two-factor authentication at iCloud regardless.)To read this article in full or to leave a comment, please click here
0
Ignore that call from “Apple” about an iCloud breach
Earlier on Monday, my wife let me know that “Apple Support” had called about iCloud security. She was dubious, and rightly so. “Apple” then called five more times (and counting). Suffice it to say, it wasn’t Apple, but fraudsters trying to piggyback on reports that a major breach of iCloud credentials could render hundreds of millions of accounts vulnerable.Apple says no such breach occurred, and security researchers, like Troy Hunt of HaveIBeenPwned.com, say the group trying to extort Apple likely has reused credentials from other sites’ password leaks. (We recommend turning on two-factor authentication at iCloud regardless.)To read this article in full or to leave a comment, please click here
0
Protecting your data, protecting yourself: A first installment
Let's say—for whatever reason—you're concerned about keeping your communications safe from government prying. Assuming you aren't a high-profile target to warrant direct hacking (the United Arab Emirates allegedly tried to breach the digital defenses of human-rights activist Ahmed Mansoor on three occasions, for example), there are reasonable measures you can take to live a normal life and continue to have private thoughts and private conversations.Note that I'm not singling out any government or administration. Politics aside, we should all think like dissidents, because the tide ebbs and flows from freedom to dictatorship and from left to right all around the world. The common thread is taking smart measures.To read this article in full or to leave a comment, please click here
0
Protecting your data, protecting yourself: A first installment
Let's say—for whatever reason—you're concerned about keeping your communications safe from government prying. Assuming you aren't a high-profile target to warrant direct hacking (the United Arab Emirates allegedly tried to breach the digital defenses of human-rights activist Ahmed Mansoor on three occasions, for example), there are reasonable measures you can take to live a normal life and continue to have private thoughts and private conversations.Note that I'm not singling out any government or administration. Politics aside, we should all think like dissidents, because the tide ebbs and flows from freedom to dictatorship and from left to right all around the world. The common thread is taking smart measures.To read this article in full or to leave a comment, please click here
0
The best online backup service for securely encrypting your data
Many people resist backing up their data to an online backup service like MozyHome, Carbonite, or Backblaze because they worry their data will be poked through by company employees, hijacked by criminals, or provided to law enforcement or government agents without due process. The sanctity of your data boils down to whether the encryption key used to scramble your data can be recovered by anyone other than yourself. Below I outline the various methods and levels of encryption that can be employed by these services, and then evaluate six of the best options for home users. Several give subscribers full control of their encryption. If you’re already using a service, it’s possible you can even upgrade to take advantage of greater ownership options.To read this article in full or to leave a comment, please click here
0
AT&T Mobile Share Advantage mimics T-Mobile, dropping overages in favor of throttling
With AT&T’s Mobile Share Advantage, the telecom giant follows a new trend: Customers who switch to this new shared mobile plan (available August 21) will be spared bandwidth overage fees. Instead, the firm said, after available bandwidth is used up, its Mobile Share Advantage customers will be throttled to 128Kbps for the rest of the current billing cycle. The Mobile Share plans pool bandwith among devices that can include smartphones, feature phones, tablets, gaming devices, wearables, laptops, hotspots, and other hardware. A monthly charge per device is paired with a charge for a tier of bandwidth. Why this matters: AT&T joins T-Mobile and Sprint among the big four U.S. carriers in shifting to throttling instead of causing customers to rack up fees at $10 per gigabyte above plan totals. That’s good news for consumers, though it’ll be interesting to see whether they’ll tolerate throttling or break down and buy more bandwidth, sending more money to the carriers after all.To read this article in full or to leave a comment, please click here
0
Stagefright for iOS and OS X? Don’t lower the curtain yet
Earlier this year, Cisco’s Talos division reported significant image-processing bugs to Apple, one of which could allow attackers to inject malware or remotely execute code via “iMessages, malicious webpages, MMS messages, or other malicious file attachments opened by any application.” These flaws were patched in Apple’s current operating systems in its July 18 update. Some media outlets immediately dubbed this Apple’s “Stagefright,” referring to a severe Android flaw discovered a year ago that could access or hijack an Android phone via an MMS message. But the details don’t support this level of concern, despite the seeming severity of the flaws.To read this article in full or to leave a comment, please click here
0
Stagefright for iOS and OS X? Don’t lower the curtain yet
Earlier this year, Cisco’s Talos division reported significant image-processing bugs to Apple, one of which could allow attackers to inject malware or remotely execute code via “iMessages, malicious webpages, MMS messages, or other malicious file attachments opened by any application.” These flaws were patched in Apple’s current operating systems in its July 18 update. Some media outlets immediately dubbed this Apple’s “Stagefright,” referring to a severe Android flaw discovered a year ago that could access or hijack an Android phone via an MMS message. But the details don’t support this level of concern, despite the seeming severity of the flaws.To read this article in full or to leave a comment, please click here
0
Apple’s new two-factor authentication bumps up security and ease of use
Apple has a new, easier-to-use, and more robust system to protect your login if you’re running the latest major OS release and the latest iTunes on every device connected to the same iCloud account. But you may have to wait for it: the system started rolling out in testing this summer for early public beta testers and developers, and started its full rollout a few days ago with the release of El Capitan.The new two-factor authentication (2FA) system requires that whenever you log in to a new device or browser, you have to enter not just your password but a confirmation code from another piece of equipment you’ve established is under your control. A second factor prevents someone from stealing or guessing your password and gaining access to your account, which can be done remotely or through a security breach. In addition, they have to have a token that can only be generated by or sent to equipment under your control, which means they typically need physical access to a computer, mobile device, or SIM.To read this article in full or to leave a comment, please click here
0
Apple drops Recovery Key in new two-factor authentication for El Capitan and iOS 9
In early June, Apple said two-factor authentication would be tightly integrated into OS X 10.11 El Capitan and iOS 9, but provided little detail as to what that means. The current setup is scattered across sites and methods in order to deliver a second one-time use, time-limited code or other method of verification when a user logs in to an Apple site or on an Apple device with an Apple ID set up for it.Apple today posted a detailed explanation about how two-factor authentication works starting with the public betas of iOS 9 and El Capitan.6 simple tricks for protecting your passwords Among other changes, the Recovery Key option that has tripped up users in the past, and led in some cases to users having to abandon an Apple ID as permanently unavailable, has been removed, an Apple spokesperson confirmed. With the new system, Apple customer support will work through a detailed recovery process with users who lose access to all their trusted devices and phone numbers.To read this article in full or to leave a comment, please click here
0
How to find cellular access when traveling (without international roaming)
My wife, two kids, and I just took a three-day trip to Vancouver, British Columbia, from our home in Seattle. Joining us were three laptops, two iPod touches, three Kindles, and two iPhones. We remembered to bring clothes and sunscreen, too.Traveling to Canada is just like going to another country—they have different currency and units of measurement, they spell “center” as “centre,” and they have different telecommunications companies. The variety of potato chips almost makes up for it.MORE: 10 mobile startups to watch Before we left, I did my usual research into how we’d keep online. We knew the Airbnb rental to which we were going had Wi-Fi, and I assumed that the profusion of free Internet service I was used to in the States would be as abundant. We were staying near Stanley Park, and there are hundreds of shops, grocery stores, and restaurants within a few blocks.To read this article in full or to leave a comment, please click here
0
Wearable security: Two-factor authentication apps for Apple Watch
The Apple Watch could become our central hub in a wheel of identity, in which all spokes rotate around our wrist. Some early Watch apps already have a high degree of utility. But we’re only scratching the surface of what’s to come.MORE: 10 mobile startups to watch In this roundup, we look at six apps that offer varying forms of authentication on the Watch. Three allow a tap on the Watch to unlock something: an account, a login, a computer, or more. The other three handle the most common form of app-generated second-factor authentication codes.To read this article in full or to leave a comment, please click here
0
Why you shouldn’t beat yourself up when troubleshooting
I’ve made a decent to large part of my living for more than 20 years learning about how to fix problems and then trying to tell others how to follow suit. And this last week has been among my highest in terms of frustration in using computers in my entire life. But, per my modus operandi, I have truth born from a bloody fight to share with you.A few weeks ago, I tried to deal with the mystery of my 2011 Mac mini taking forever to start up and be ready to use by switching to an external SSD drive with both FireWire 800 and USB 3.0 built in. I documented that here, and people have a lot of good opinions about my choice. Some thought I should have cracked open the Mac mini and put in a new drive; others thought that I should’ve used Thunderbolt; and others that I should have bought a new computer.To read this article in full or to leave a comment, please click here