Posts Tagged security
MyPermissions – Online Privacy Shield is a trust certification program for iOS developers, helping them build a level of trust between companies and its customers. The trust certification programs requires that developers agree to a list of standards to protect the personal information of their users. Those who complete the program are able to display a shield icon on their website, making their followers feel more at ease about giving up their information.
“Consumers are often unaware of the dangers associated with online privacy and are not cautious when sharing personal information,” said Olivier Amar, CEO and co-founder of MyPermissions, in a press release. “With the Trust Certification Program, we give developers the ability to provide a safe online environment for consumers when interacting with apps and websites. Developers who chose to participate in the program display a level of trustworthiness and accountability when it comes to protecting information.”
Think about all the important information and communication methods that you have available on your phone. Now think that it’s probably all unprotected if someone nabs your phone. Thankfully, it’s possible to set a passcode lock in order to help protect your device. Here’s how to do it and to keep it from being too much of a hassle to use your phone when you want to!
Go to Settings -> General -> Passcode Lock. Tap Turn Passcode On. You will then be presented with a keypad to input a 4-digit passcode. You will be prompted to enter it twice in order to verify that you have it correct.
If you want something a bit more complex, turn off the Simple Passcode option and you will have the ability to input a complex passcode using the iPhone keyboard. Only the default language one will be used, preventing a security hole where you could disable a necessary keyboard to unlock your phone!
There’s two advantages to protecting your phone. There’s the obvious one of not just allowing anyone access in to your phone if someone grabs hold of it. This also has the advantage of encrypting all the data on your phone, so if some nefarious person gets access to your device, it’ll be difficult to extract the data off of it.
You can also enable the Erase Data function, where ten wrong passcode entries will erase your phone. Make sure that you back your phone up regularly! As well, if you have Find My iPhone set up, you can make it so that you can reset your device remotely.
The obvious downside to protecting your phone is of course that it’s just a bit more inconvenient to unlock your phone when you pick it up, so it’s a tradeoff. But considering the amount of sensitive data that’s on your phone, it might just be worth it to do it. However, there are options for combining security and convenience. You can set the passcode lock to only enable after a certain amount of time, so that if you’re frequently using your phone, you won’t be inconvenienced. As well, you can leave message replying, Passbook tickets appearing on the lockscreen, and Siri access, without requiring the device to be unlocked.
If you decide that you want to not input a password any more, just tap Turn Passcode Off in the Passcode Lock settings. This will not encrypt your data any more, however.
While it can be a slightly-annoying additional hassle, setting a passcodelock is a great option to protect your device. How do you feel about using it? Let us know in the comments!
Apple is introducing a new way to protect the security of your iTunes account. It’s called two-step verification, and while it does involve an extra step to log in, it will help make logging in to your Apple ID more secure and make it harder to break into through the use of a trusted device and a secret passkey.
See, security questions are not entirely safe since it’s possible for someone who wants illicit access to your account to get things like your mother’s maiden name or first job. So instead, this presumes that a more capable form of security for your account is a physical device that you would have to own in order to get access to your account – this can be a trusted iOS device or any SMS-capable phone, though not a Google Voice account, along with a security key or one’s password. It’s unlikely that someone wanting access to your account from an untrusted source will have two of the three.
Go to Apple’s ID page, and log in with the Apple ID you want to set up two-step verification on. Go to the Password and Security section, and if it’s available, choose to set it up. You will need to wait 3 days before you can complete the setup of your account. So bookmark this page and come back in 3 days!
Welcome back, unless you stuck around to see what the steps are, then thanks for sticking around!
Now, follow the various dialogs that appear. Apple will warn that once two-step is enabled, it can’t be disabled, and that it will require at least two of the three necessary components.
Then, Apple will require you to verify your trusted devices. Every device you choose to verify will have a verification code pushed to it, and you can independently verify your iPhone’s phone number in case you change devices or switch to another OS. Not that you’d do such a thing.
Then, Apple will give you your security key. This is one of the other necessary components to get back in to your account. You will need to securely store a copy of this key, by either writing it down, or printing out a copy somewhere. Apple will then make you enter the security key they just gave you.
Apple will then give you one final warning before enabling two-step verification on your account.
Congratulations! You’ve enabled two-step verification on your account. This will make it harder for unauthorized access into your account. You can disable two-factor from the Apple ID settings if you find it too much of a hassle, however.
Popular password manager 1Password updated today to version 4.0.2, bringing iCloud and Dropbox support, a secure browser, and a Universal app. Purchase it for 50 percent off the normal price today, and install it on all your iOS devices to create and manage passwords, website browsing, and secure data.
Every day there are new passwords to remember. They are often forgotten. Using weak passwords or re-using them makes it easy to remember, but criminals love it when you do this. 1Password solves all these problems.
✓ Generate strong, unique passwords for every site
✓ Protect your data behind a single Master Password
✓ Secure with military grade 256-bit AES encryption
✓ Cryptographic operations use standard iOS libraries to ensure no security gaps or backdoors
✓ Auto-Lock keeps your data protected even if your device is lost or stolen
Life, for the most part, is quite safe, but for those moments where we could do with help, it’s useful to know that apps such as iHelpPlus exist.
iHelpPlus offers multiple useful features for those concerned about their safety. First of all, there’s a built-in flashlight facility and a place to store personal and medical information.
More importantly comes the alarm functionality that means users can send a distress message to an emergency contact along with their current location and a request to contact the local police. Both audible and silent alarms are possible, lending itself to different situations.
A delayed alarm feature is also provided enabling users to set up a custom alarm that is activated if they don’t enter a pass code in time, thereby offering an extra source of protection if something happens to them. In each case, if the alarm is activated, GPS monitoring kicks in and informs emergency contacts of the user’s location.
Additionally, users can add 4 quick contacts that are always accessible at the tap of a button.
A subscription service is required to fully use iHelpPlus after the first month of use which comes free with the $0.99 purchase of the app. $6.99 seems pretty cheap to me for peace of mind, however.
iHelpPlus is available now.
Released: 2012-08-07 :: Category: Lifestyle
A vulnerability has been found in iOS Safari after the new 5.1 update. The bug can be used to trick Safari into showing a URL in the address bar that’s different than the actual site being visited.
The problem has been tested and happens on the iPhone 4, iPhone 4S, iPad 2, and the new iPad when they’re running iOS 5.1. Apple acknowledged the bug on March 3, so I’m sure an update with a bug fix is imminent. But until then, keep these tips in mind when browsing on Safari:
- Don’t open links from sites you aren’t 100% sure are from a trusted site.
- If you aren’t sure about a link, hop on to a computer and check it out there. If it’s a spoofed address bar, the address bar will probably say “about:blank” but will say the name of a trusted site on your iOS device.
- Go to TheNextWeb and try out the demo offered by David Vierra-Kurz from MajorSecurity. He reproduced the bug. Firsthand knowledge is always useful in protecting against security exploits (in a controlled environment, of course, like this demo).
Sometimes it’s not always convenient to provide a real mobile phone number to someone. Say I’m going out on a first date with someone. What if it goes so badly that I want nothing to do with them ever again? I don’t mean in a cruel way but what if the date is a little creepy and clingy? It’d be a little unnerving to know that they can always get in touch and potentially pester me via SMS or phone call. A similar problem can occur when providing phone numbers to eBay sellers or buyers or people on Craigslist. Sometimes it’s just not convenient to provide a regular phone number. This is where RingShuffle can help.
It’s an app that provides temporary phone numbers that redirect to any mobile number. It’s then easy to delete this temporary number or ‘shuffle’ along to get a new one. Launched in beta this week to the first 10,000 users who register, there’s a lot of potential here.
Each RingShuffle number lasts for seven days with the option to manually extend this to 14 days. Calls are forwarded without the caller knowing what’s gone, thus narrowing the odds of causing offense. It’s an app that’s tailored to those looking for a short term solution for brief uses just like the first date or online transaction.
As the video below shows, RingShuffle is very easy to use with it taking mere seconds to register and choose a number. Area codes can be selected before a choice of Shuffle numbers appear for selection. Then all the user has to do is hand it out to the relevant person and no one need know that it’s not a permanent number.
For short term transactions, RingShuffle is an ideal app to sign up for in order to protect the user’s privacy.
Thanks to the internet, everything is very public nowadays. Privacy to an extent is dead for anyone who uses one of countless social networks. Tweet regularly and your life is out there. Even have a Facebook account that’s heavily restricted and there’s still the chance of it all coming out. Throw in a plethora of location aware social networks such as Foursquare and any random member of the public can have their life opened up as much as a major celebrity.
Not everyone wants that though. Sure it’s nice to be able to have a corner of the web to share with close friends, family or work colleagues but how to make sure that only the selected people can see anything? How about an app like Glassboard?
It’s an app that allows users to share things privately with groups of people, or boards as the app prefers to call them. Users can message a group of people quickly and easily in a format that looks like an SMS text message but it isn’t. Text isn’t the only restriction either with the ability to share photos and videos amongst this elite group. Even locations can be shared, potentially making it useful to arrange family gatherings. Suddenly, everyone can keep track of how far away people are from the meeting place. A notification system keeps everyone up to date on any situation whether it be a team meeting, social gathering or simply a work issue being discussed.
Security is tight here with only the board chairman or group leader able to invite people to the group. Users can’t even search for different boards ensuring there’s absolutely no chance of anyone stumbling across anything.
For the privacy conscious user, Glassboard is the ideal solution ensuring that they get a taste of social networking without the potential security issues.
Glassboard is out now and it’s free to download.
Apple released iOS 4.3.5 today, purportedly to fix a potential security hole in the just released iOS 4.3.4. Called the man-in-the-middle bug by security site, threatpost, the exploit might have allowed attackers to intercept SSL information – that’s the system for encrypting users’ confidential and identifying information.
The Apple advisory note about the latest update has the following to say:
“Description: A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.”
Notice the wording, “privileged network position.” This means that any potential hacker would need to already be in a position to interact with network traffic and data, further narrowing the potential for actual attack. Still, it’s nice to see Apple responding to such discoveries as they come to light, and that they take the security of our devices seriously, even this close to the planned release of iOS 5.
Being able to protect data is an increasingly important issue for iOS device owners. With a device that encourages its users to store photos, contact details and other useful notes, it’s just as important to be able to hide them away from unwanted eyes. While a passcode will protect the device on the whole, it’s useful to have an extra layer of protection. Something that MyLocker from Inspike can provide.
It’s an app that works much like a safe, requiring three number combinations to unlock the information within it. Users can store various contact details behind this lock, as well as photos and notes such as credit card information or anything else that’s considered important to the user.
MyLocker is a simple app to get to grips with and only takes a matter of seconds to set up. Multiple users can also be set up for devices used by more than one person. It’s just as easy to log into as well to retrieve the information.
MyLocker is a free app, although an in-app purchase of $0.99 is needed in order to be able to store photos behind the virtual safe.
It’s available now for all iOS devices.
When it comes to areas of our personal life that are sacred, I would consider my top three to be religion, relationship status and browser history. While I have never been one for perusing sites of ill repute, occasionally a twitter link may send me awry, not to mention a not-so-well thought out Google search for girls and teacups. These indiscretions aside, I have always been one for protecting myself against the prying eye of “big brother.” I swear, I’m not paranoid, but what if I told you that your iPhone may be revealing more about you than many thought possible?
If a new report authored by Bucknell University Assistant Director of Information Security and Networking, Eric Smith, is to be believed, you may be revealing far more about yourself than you realize.
“…Amazon’s application communicates the logged-in user’s real name in plain text, along with the UDID, permitting both Amazon.com and network eavesdroppers to easily match a phone’s UDID with the name of the phone’s owner. The CBS News application transmits both the UDID and the iPhone device’s user-assigned name, which frequently contains the owner’s real name” — VIA Smith’s Report
Sure, these may be isolated examples of only two different applications that are passing back your personal information, but when a poll was conducted of fifty-seven free applications on the App Store, sixty-eight percent passed along your UDID to their servers. When you combine that with cookies that have a twenty year expiration cycle, as noted by ArsTechnica’s formal report, this could be a serious cause for concern.
All it would take is a bit of social engineering for an industrious person to connect the dots and suddenly your secrets would be no more. This information isn’t typically shared amongst other sites, but this information is being logged and you better assume that some day these companies plan to cash in. I am calling it now, Skynet is coming — so be careful where you are surfing.
[ via ArsTechnica ]
LockBox Pro is a basic, “no-frills” data storage application that I’ve found to be adequate, reliable and easy to use. Its simplicity is what makes it attractive, but at the same time prevents it from performing those advanced features found in similar applications.
Read The Full Review »
1Password securely stores all of your sensitive data in an interface that's easy to navigate. It stores information through a hardware accelerated AES encryption that guarantees your protection. You can sync with the 1Password desktop application too, and never a lose a password.
Read The Full Review »
If you're on the Mac and perform lots of online financial transactions or manage websites with secure data, I believe 1Password can simplify your life while enhancing your security. Grab the free iphone app, the free desktop trial and give it a try.
Read The Full Review »
With Jetset: A Game For Airports, the author's intention was to create a game that air travelers could pick up and play while waiting at the airport for their flights. It makes good on its intentions by using location services that allow you to unlock location specific souvenirs, which can then be shared with friends via Facebook. The game definitely has broader appeal than just for travelers though, with fast paced game play that is humorous and interesting.
Read The Full Review »