Apple Security Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 12/29/2014 6:08:35 PM PST by Swordmaker
In 2015 it’s possible Apple’s biggest technology investments will be things you never see, as this will be the year security becomes the company’s key product.
You see, criminal coders and maverick malware makers now recognize that while Apple’s platforms don’t have the market share, they are still better targets – and the hackers at Europe’s Chaos Computer Club suggest Apple is under attack.
Where things stand
Think about it, Apple’s platforms are where the money is: from access to corporate and enterprise data on iOS to the resurgence of the Mac across every market to the huge and growing success of Apple Pay and iTunes. In comparison, other platforms are where the money isn’t. I can hear the platform evangelists shouting against that assertion. But professional cybercriminals don’t care about platforms, they care about cash.
Phishing season
Apple users will have noticed a wave of seasonal phishing attempts across the last week, as criminals target new and unwary Apple owners who just found their first ‘i’ product under the Christmas tree.
These phishing attempts are becoming increasingly convincing. This Naked Security blog offers great advice on how to recognize these attacks and what to do about them.
Fingerprint subversion?
European hacker group the Chaos Computer Club is in the news today with claims a member has managed to subvert fingerprint authentication systems using photographs of a person’s finger (in this case, German Defense Minister Ursula von der Leyen).
I don’t believe the claims, as I can’t accept that accurate prints were achievable from images captured at a distance and don’t think the claims will stand up to testing. But in a sense it doesn’t matter – that these claims are being made at all represents an intensification of interest in subverting Apple platform security.
(Excerpt) Read more at computerworld.com ...
TouchID reads the subcutaneous ridges in the finger BELOW the fingerprin
that is a rather astonishing development!
my kudos to Apple
If you want on or off the Mac Ping List, Freepmail me.
That's the reason why a copy of a fingerprint cannot be used to activate it by simply running one over the sensor like one can on other fingerprint sensors. . . and also why it requires a living finger. It is reading far more than just the fingerprint.
I love technology. Now for something easy: eliminate the MacKeeper ad that keeps popping up and slowing down my puter.
something I would not have thought..possible before reading it here.
“...Now for something easy: eliminate the MacKeeper ad that keeps popping up and slowing down my puter.”
*****************************************************************************************************
Yep, I’m for that also. If anyone knows how to prevent a MacKeeper ad from ever again popping up, post something to swordmaker and he can send it out to his ping list ... .... many who would greatly appreciate that knowledge.
Okay, so this is the year that Apple shows the world that they can do serious security in the face of serious attacks, or else they’ll lose major credibility.
This is the opportunity to finally put the last nail in the coffin of “the only reason there aren’t any Mac or iOS viruses is because they don’t have much market share”.
Apple better come out on top of every challenge. The tech whores are salivating at the prospect of headlines with “Apple” and “security breach” or “hack attack” or “data compromise”.
Should be an interesting year.
But, but, but . . . there was an almost identical themed article, with slightly different threats, published in December 2013. And 2012. And 2011. And 2010. . . . And on back. . .
There are several threads in the Apple support community about how to remove MacKeeper. Here is the link to just one of them, or type “mackeeper” in the search box there:
https://discussions.apple.com/thread/6496248?searchText=mackeeper
Anything is possible, but after using Macs for both business and personal life for over 30 years (yes, I go back to the Apple IIe), I feel pretty confident that Apple will stay on top of it.
I do not feel confident that our infrastructure will stay up, because so many of them are based in easily hackable older systems based on outdated ancient software. The dangers that frighten me are not Mac-based, but come from the competition’s failure to understand security.
I am now in my twilight years, and see the seniors around me struggling with PCs, depending on their grandchildren to troubleshoot their computers, and constantly frustrated by the problems they encounter.
Those of you who love to play with an open system need to understand that many “regular folks” on limited budgets do not have the time, expertise, or money to hire IT help in order to keep up with ever-changing technology and the accompanying woes from trojans, viruses, worms, and Microsoft’s constantly changing notions of an easy to use interface.
I know this isn’t a popular concept around here, but I see the Apple OS as “conservative”, and Microsoft’s as “liberal”. (Paying no attention to the political views of their founders, or to which political party they choose to support)
Thanks, Swordmaker, for keeping us older users informed about the facts regarding the spin, FUD, and tiresome efforts to manipulate public opinion. It really helps.
You need to get rid of all ads. There's a Safari extension that takes care of that irritating MacKeeper popunder and popup ads, as well as the ads that cover up content and block every ad that can appear on a webpage. It's called AdBlock. It is pay what you want ware. . . I paid $10 for it and it's worth every penny of that. It even blocks the ads that play at the start of YouTube videos! You can choose to allow ads on favorite websites or turn them on or off. This is not an ad for them, but an endorsement of what they do:
Thank you so much. I read there are a million solutions to this but never know what really works. Is this for Safari only or can it also be used on Firefox?
I downloaded it on Firefox. THANK YOU!
You are very welcome, PeggyBac. Enjoy ad free surfing.
I’m watching TV online WITH NO COMMERCIALS. Love it!
What do you say to those that say that dual- or multi-factor authentication is still necessary?
For the same reason the guy who succeeded in your link does. . . it is very complex to get a fake fingerprint that has sufficient underlying detail to work. . . and it still has to be on a living finger. It WILL NOT WORK with just a photo. He states it is a very complex procedure for it to work. . . he says:
The attack requires skill, patience, and a really good copy of someone’s fingerprint — any old smudge won’t work. Furthermore, the process to turn that print into a useable copy is sufficiently complex that it’s highly unlikely to be a threat for anything other than a targeted attack by a sophisticated individual.
Why I hacked TouchID (again) and still think it’s awesome
I posted about this hack back when it came out. . . and it was completely discussed on the forums. The amount of equipment necessary to get a good fake fingerprint, essentially requiring using a superglue vapor transfer technique to lift a fingerprint that will get the underlying ridge detail, makes this a non-starter hacking method. The equipment to do that costs in the multiple thousands of dollars.
Being able to steal someone's phone and then access their TouchID is NOT going to happen by using an easy to acquire fingerprint copy.
As it stands, TouchID remains an effective security control that is more than adequate for its primary purpose: unlocking your phone.
Even Apple's own Authentec multi-spectrum imaging technology is not used in the iPhone 6.
For access to non-critical data, the current technology is adequate. For valuable and sensitive data, such as access to bank and brokerage accounts, trade secrets and important confidential business information, additional security is necessary: either dual-factor biometric or, ideally, passwords, still the reining champion of security.
A decade or so ago it would have seemed expensive and cumbersome for thieves to rig grocery store credit card readers so that they could sit outside and pick up RF transmissions, yet that crime is now widespread.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.