Intego Mac Podcast
Join the Intego Mac security experts for the latest Apple news, industry opinions, and a splash of security advice in our easy-to-digest, entertaining, and informative podcast series. Hosted by Kirk McElhearn and Josh Long.
Mon, 05 Jun 2023 16:29:23 -0000
Episode 294: WWDC, RomCom, PyPI, Hot Pixels, and More
Apple's Worldwide Developer Conferences launches on Monday, and we discuss what to expect. We also talk about RomCom malware, PyPI 2FA, Hot Pixels (which may not be so hot) and other malware and vulnerabilities. Show Notes:
- Apple WWDC
- macOS Names that Apple has Registered but Not Used Yet
- US govt banned NSO’s Pegasus, but said to buy rival spyware Paragon Graphite
- RomCom malware spread via Google Ads for ChatGPT, GIMP, more
- Legit app in Google Play turns malicious and sends mic recordings every 15 minutes
- PyPI announces mandatory use of 2FA for all software publishers
- Hot Pixels attack checks CPU temp, power changes to steal data
- Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
- Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains
- Maryland License Plates Now Inadvertently Advertising Filipino Online Casino
- Episode transcript
Thu, 01 Jun 2023 04:00:00 -0400
Episode 293: When Does Your iPhone Become Unsafe to Use?
A new hacking tool, BrutePrint, can unlock lots of smartphones, including some iPhones with Touch ID. Router infections can be hard to remove, and we discuss why Apple might have gotten out of the Wi-Fi business. And we take a close look at whether it's safe to use an iPhone, if it can no longer run the latest version of iOS. Show Notes:
- Typing “rash” in Safari may cause a crash
- Urgent Patches: macOS Ventura 13.4, iOS 16.5 fix 3 actively exploited vulns
- Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones
- Hackers infect TP-Link router firmware to attack EU entities
- Malware turns home routers into proxies for Chinese state-sponsored hackers
- There’s finally an official OpenAI ChatGPT app for iPhone
- Almost 9 million Android phones sold pre-infected with malware
- Kindle E-Reader Device Software Security Updates
- When does an old iPhone become unsafe to use?
- Episode transcript
Thu, 25 May 2023 04:00:00 -0400
Episode 292: New Top-Level Domains, .Zip and .Mov; Geacon Malware; and Google to Delete Dormant Accounts
New top-level domains use common file extensions, and this could lead to confusion, and dangerous downloads. Apple announces a new personal voice modeling feature. And Google warns dormant users: log in, or get shut out. Show Notes:
- New ZIP [and MOV] domains spark debate among cybersecurity experts
- CVE-2023-26818 - Bypass TCC with Telegram in macOS
- Apple introduces new features for cognitive accessibility, along with Live Speech, Personal Voice, and Point and Speak in Magnifier
- ChatGPT & AI Risks – Intego Mac Podcast Episode 278
- ElevenLabs
- AI cannot be stopped, says Steve Wozniak; we must prepare for more convincing scams
- Open-source Cobalt Strike port 'Geacon' used in macOS attacks
- google: Updating our inactive account policies
- Google Chrome Dropping Lock Icon from URL Box
- Google's Dark Web Monitoring Feature Now Available for All US Gmail Users
- App Store stopped more than $2 billion in fraudulent transactions in 2022
- Transcript of this episode
Thu, 18 May 2023 04:00:00 -0400
Episode 291: Snake Malware, Lockdown Mode, and Apple App Subscriptions
The FBI has shut down servers for Snake malware, which we wrote about back in 2017. Apple's lockdown mode has been found to prevent some serious malware attacks. And Apple is testing the water with app subscriptions for two of its pro apps on the iPad. Show Notes:
- Snake Malware Ported from Windows to Mac (Intego 2017 article)
- U.S. and Allies Identify and Expose Russian Intelligence-Gathering “Snake” Malware
- Hunting Russian Intelligence “Snake” Malware
- Apple’s high security mode blocked NSO spyware, researchers say
- QuaDream spyware hacked iPhone victims with rogue calendar invites
- Apple's Safari Again Overtakes Microsoft Edge as Second Most Popular Desktop Browser
- Selling an older iPhone SE for $199 in emerging markets would be a smart move
- Apple brings Final Cut Pro and Logic Pro to iPad
Thu, 11 May 2023 04:00:00 -0400
Episode 290: Apple's First Rapid Security Response, New Mac Malware, and Insecure Google Authenticator Sync
Apple has issued the first of a new type of updates to its operating systems: Rapid Security Response. We discuss several new types of Mac malware, and we look at how Google's cloud sync for its Authenticator app is insecure. Show Notes:
- RSA Conference
- Apple issues first Rapid Security Response for macOS, iOS, iPadOS
- Google adds account sync for Authenticator, without E2EE
- What are Passkeys, and how do they work?
- AI Malware, Copilot, & Passkeys – Intego Mac Podcast Episode 284
- New Atomic macOS info-stealing malware targets 50 crypto wallets
- RustBucket: Hackers are using a fake PDF viewer to infect Macs with malware — how to stay safe
- “The Dark Side of the Mac App Store” Part 1
- “The Dark Side of the Mac App Store” Part 2
- So long passwords, thanks for all the phish
- IBM plans to replace 7,800 jobs with AI over time, pauses hiring certain positions
Thu, 04 May 2023 05:00:00 -0400
Episode 289: AI Is Everywhere, and How to Set Up an Old Mac as a Server
AI is coming to an app near you. We discuss how these features will affect work, and the potential security implications of AI tools snarfing up files in businesses. We also discuss how to set up an old - or new - Mac as a home server. It's a useful tool if you have multiple Macs. Show Notes:
- The Three Laws of Robotics
- ChatGPT banned in Italy over privacy concerns
- Malicious Keylogger Malware “BlackMamba” Made Using ChatGPT
- AI cracks passwords this fast, how to protect yourself
- Meet PassGAN, the supposedly “terrifying” AI password cracker that’s mostly hype
- AI-Based Chat is Coming for Your Privacy: Should We Pause Development of Large Language Models?
- Google is adding AI to its work apps; Here’s what that means
- MacWhisper
- How to set up your own Mac server (with an old or new Mac)
Thu, 27 Apr 2023 03:00:00 -0400
Episode 288: Sideloading on iOS, Lockbit Ransomware on Mac, and Zero-Day Chrome Vulnerabilities
Lockbit ransomware is starting to target Macs, two zero-day Chrome vulnerabilities require urgent updates, and sideloading - installing apps not from Apple's App Store - is coming to iOS soon; at least in the EU. Show Notes:
- Urgent Update: Chrome, Edge, Brave, Vivaldi browsers patch zero-day vulnerability
- Urgent: 2nd Chrome zero-day vulnerability patched in 5 days
- The LockBit ransomware (kinda) comes for macOS
- Fake “Geek Squad” emails: Call center scam leverages Intuit QuickBooks servers
- Sideloading may be coming to iOS 17 for the EU in early 2024
- The Digital Markets Act: ensuring fair and open digital markets
Thu, 20 Apr 2023 04:00:00 -0400
Episode 287: Juice Jacking, Best Buy Phishing, and Garage Doors Redux
The FBI warns people not to use public charging stations; we warned about this five years ago. An interesting phishing attack leverages QuickBooks accounting software to send fake invoices to people. And what does a company do if its smart garage doors are hacked? Disable them. Show Notes:
- Urgent Patches: macOS Ventura 13.3.1, iOS 16.4.1 fix 2 actively exploited vulns (UPDATED)
- Smart Garage Company Fixes Vulnerability by Breaking Customers' Devices
- FBI warns against using public charging stations
- iOS trustjacking: How attackers can hijack your iPhone (2018)
- Beware of Juice-Jacking - Krebs on Security (2011)
- Plenty of juice-jacking scare stories, but precious little juice-jacking
- What are Passkeys, and how do they work?
- Fake “Geek Squad” emails: Call center scam leverages Intuit QuickBooks servers
- IRS-Authorized Tax Service eFile Contains Malicious Link
- There’s a new form of keyless car theft that works in under 2 minutes
Thu, 13 Apr 2023 04:00:00 -0400
Episode 286: Supply Chain Attacks, Garage Doors, and Exploding USB Drives
We look at new malware that uses a supply chain attack; we explain what this is, and why it is not uncommon. We discuss how hackers can open a certain company's garage doors from anywhere, and how a journalist got injured by a malicious USB drive that exploded. Show Notes:
- Apple’s Worldwide Developers Conference returns June 5, 2023
- Gordon E. Moore, Intel co-founder (and of “Moore’s Law” fame) dies at age 94
- How to securely dispose of old hard drives and SSDs
- SmoothOperator: 3CX VoIP app spreads Mac malware by Lazarus Group APT
- 3CX knew its app was flagged as malicious but took no action for 7 days
- North Korean hackers target security researchers with a new backdoor
- Journalist plugs in unknown USB drive mailed to him—it exploded in his face
- Open garage doors anywhere in the world by exploiting this “smart” device
- If your Netgear Orbi router isn’t patched, you’ll want to change that pronto
- You will not be jailed for 20 years if you use TikTok after its banned—despite internet fear-mongering
- Why is TikTok banned from government phones — and should the rest of us be worried?
- UK Joins U.S., Canada, Others in Banning TikTok From Government Devices
- Complete transcript of this episode
Thu, 06 Apr 2023 05:00:00 -0400
Episode 285: New Mac Malware, and Stolen Session Cookies
New Mac malware can exfiltrate various types of data from your Mac, and a Chrome extension can steal Facebook session cookies. We discuss how stolen session cookies can give attackers easy access to your accounts, and potential ways to thwart this. Show Notes:
- Apple releases macOS Ventura 13.3, iOS 16.4, and more, with security updates
- Apple Reveals How Many iPhones and iPads Are Running iOS 16 and iPadOS 16
- MacStealer: Mac Trojan malware steals passwords, wallets, and files
- FakeGPT: Trojanized ChatGPT Chrome extensions hijack Facebook accounts
- AmIUnique - My browser fingerprint
- What3Words
- Complete transcript of this episode
Thu, 30 Mar 2023 04:00:00 -0400
Episode 284: AI Malware, Copilot, & Passkeys
Can malware use AI to modify itself after it's been installed on a computer? Can AI help you in daily productivity tasks? And will passkeys replace passwords? Show Notes:
- Microsoft Copilot: A whole new way to work
- The Age of AI has begun
- GPT-4
- People are Paying $17 for Hundreds of AI-Generated Headshots
- What Are Passkeys and How Do They Work?
Thu, 23 Mar 2023 06:00:00 -0400
Episode 283: Phishing Hackers Defeat 2FA via Man-in-the-Middle Attacks
Apple has finally stopped selling the Apple Watch Series 3, which can no longer get security updates. The FBI shuts down 11-year old malware. And a $300 hacking tool enables phishers to defeat two-factor authentication using automated man-in-the-middle attacks. Show Notes:
- Apple stops selling Watch Series 3 — eight months after its last security update
- GarageBand Security Update Details Finally Released
- Microsoft Announces Outlook for Mac is Now Free to Use
- FBI shuts down 11-year-old NetWire RAT malware
- An Analysis of the Cross-Platform Backdoor OSX/NetWeirdRC
- Mac malware on the rise again; several new threats found: Netwire, Mokes, LoudMiner, NewTab
- Ransomware Group Claims Hack of Amazon's Ring
- Using authenticator apps for MFA? Software for sale can hack you anyway
- Josh's 2010–2011 blog posts mentioning Firesheep
- Firesheep (Wikipedia)
Thu, 16 Mar 2023 05:00:00 -0400
Episode 282: ScamBots and ScAmazon
ChatGPT is helping scammers create phishing emails that don't sound phony, and Amazon sells plenty of items that are scams. Scammers are using AI-generated voices to scam elderly people, and the EU wants messaging apps - including Apple's iMessage - to be interoperable. Show Notes:
- Apple adds banana-yellow color to iPhone 14 and iPhone 14 Plus lineup
- The Complete Guide to Apple Watch Bands
- GarageBand for Mac Updated With Important Security Fixes
- EU's Digital Markets Act will require Apple to open iMessage
- They thought loved ones were calling for help. It was an AI scam
- Darktrace warns of rise in AI-enhanced scams since ChatGPT release
- Amazon... more like SCAMazon
Thu, 09 Mar 2023 06:00:00 -0500
Episode 281: Pirated Mac Apps Contain Malware, and iMessage Support on Windows (Sort of)
Mac malware is again found in pirated applications, LastPass was hacked via an employee's home computer running Plex, and hackers may be able to get into a bank account with an AI-generated voice. Microsoft makes a step toward supporting iMessage on Windows, and we look at a new Nokia phone that is easily repairable. Show Notes:
- Evasive cryptojacking malware targeting macOS found lurking in pirated applications
- Report: 10% of American Adults Viewed Content Illegally in 2022
- LastPass says employee’s home computer was hacked via Plex; corporate vault taken
- Streaming service Plex unaware ‘of any unpatched vulnerabilities’ following LastPass report
- LastPass password manager suffers massive data breach
- Episode 273: LastPass, TikTok, Phishing, and the Year in Apple Security and Privacy
- How I Broke Into a Bank Account With an AI-Generated Voice
- Hackers use ChatGPT phishing websites to infect users with malware
- Microsoft Announces iMessage Support on Windows (With Several Limitations)
- HMD’s latest Nokia phone is designed to be repaired in minutes
Thu, 02 Mar 2023 05:00:00 -0500
Episode 280: Twitter and Two-Factor Authentication
With SMS-based two-factor authentication no longer free on Twitter, we discuss the more secure and free way of protecting your account using an authenticator app. We also look at new details about Apple's latest security updates, Windows on M-series Macs, and a WhatsApp warning about reused phone numbers. Show Notes:
- Update Now: Urgent fix for macOS Ventura 13.2.1, iOS 16.3.1 resolves major vulnerability
- Microsoft officially blesses Parallels as a way to run Windows on M1, M2 Macs
- How to Run Windows 11 for Free on an M1 or M2 Mac
- Accidental WhatsApp account takeovers? It's a thing
- An update on two-factor authentication using SMS on Twitter
- How to Set Up Two-Factor Authentication on Twitter
- Scam Authenticator App Steals QR Codes
Thu, 23 Feb 2023 05:00:00 -0500
Episode 279: Apple Zero-Day Update, the Kia Challenge, and How to Factory Reset Apple Devices
Apple has issued an update for a zero-day, in the wild, WebKit vulnerability. The Kia Challenge has shown that you can start some cars with a USB cable. And sometimes you need to factory reset Apple devices; we explain how. Show Notes:
- Apple issues macOS Ventura 13.2.1, iOS 16.3.1 to fix zero-day vulnerability
- Microsoft will forcibly remove Internet Explorer from most Windows 10 PCs today
- Hyundai and Kia forced to update software on millions of vehicles because of viral TikTok challenge
- Newly discovered Mac malware on Valentine’s Day is actually 5 years old
- NYC Officials Encourage Switching Off Face ID Before Entering the Bar
- How to Factory Reset any Mac, iPhone, iPad, iPod touch, or Apple Watch
- How to Factory Reset any Apple TV, HomePod, AirTag, AirPods, or Beats Headphones
Thu, 16 Feb 2023 05:00:00 -0500
Episode 278: ChatGPT & AI Risks
AI has reached an inflection point; we discuss ChatGPT and other AI tools and their potential security and privacy risks. We also have an ears-on report about the new HomePod; it sounds better than expected. Show Notes:
- The New HomePod Brings a New Sound and More Home Smarts
- The Next Track
- Until further notice, think twice before using Google to download software
- Fake App Store pages are the new fake Flash Player alerts
- Hackers are using this new trick to deliver their phishing attacks
- Otter
- ElevenLabs
- AI and the Future of Audiobooks, featuring Simon Vance
Thu, 09 Feb 2023 03:00:00 -0500
Episode 277: Credential Stuffing, Pig Butchering, Security Keys for Your Apple Account, and the New Mac mini
This week's threats involve credential stuffing and pig butchering, and we examine whether you should use security keys to protect your Apple ID account, and why the new Mac mini is a maxi computer. Show Notes:
- Apple Maps privacy bug may have allowed apps to collect location data without permission
- PayPal Data Breach in December Affected 35,000 Customers
- Norton’s LifeLock Password Manager Faces Breach
- KeePass vulnerability allows local attacker (or malware) to export passwords
- Crypto scam apps infiltrate Apple App Store and Google Play
- OpenCore Legacy Patcher now supports Macs all the way back to 2008 (and mid-2007 iMacs like Josh’s)
- Netflix Unveils First Details of New Anti-Password Sharing Measures
- How to protect your Apple ID account with Security Keys on iPhone, iPad, or Mac
- Apple’s 2023 Mac mini is a Mini Mac Studio
Thu, 02 Feb 2023 04:00:00 -0500
Episode 276: The Year in Mac Malware 2022
Apple has updated all its operating systems again, and even issued a security update for iOS 12. We discuss new features in the HomePod software, and we look back at the notable Mac malware of 2022. Show Notes:
- Apple releases Ventura 13.2, iOS 16.3, surprise iOS 12.5.7; neglects still-sold Apple Watch Series 3
- How to protect your Apple ID account with Security Keys on iPhone, iPad, or Mac
- HomePod software update 16.3 now rolling out, here’s everything new
- Signal’s desktop app doesn’t securely store, handle, or validate cached attachments
- Microsoft’s new AI can simulate anyone’s voice with 3 seconds of audio
- The Capture - BBC
- The Capture - Peacock
- The top 20 most notable Mac malware threats of 2022
- About the Web Browser Pop-up Alert Scam
Thu, 26 Jan 2023 06:00:00 -0500
Episode 275: M2 Chip Boost, New Macs, and the Return of the HomePod
Apple has introduced the latest versions of its M2 chips, and updated three Mac models. They also surprised everyone with a new, full-sized HomePod. We also look at brand-based phishing, Google's AirTag clones, and a trifecta of stories about instant messaging apps. Show Notes:
- FBI: Cyber Criminals Impersonating Brands Using Search Engine Ad Services to Defraud Users
- Google plans AirTag clone, will track devices with 3 billion Android phones
- iPhones and iPads Now Require a Passcode on Every Backup/Sync
- iOS Backup Passcode Prompt
- CVE-2022-32929 - Bypass iOS backup's TCC protection
- U.S. Supreme Court Allows WhatsApp to Sue NSO Group
- Facebook sues NSO Group for WhatsApp spyware attack (2019)
- Researchers allege that Threema is riddled with theoretical vulnerabilities
- Statement on ETH Findings
- Rogue Telegram insider allegedly offers server access to Dark Web customers
- Apple Announces M2 Pro & M2 Max Chips, New MacBook Pros, New Mac mini, and New HomePod
- How to choose the right Mac for your use case in 2023
Thu, 19 Jan 2023 04:00:00 -0500
Episode 274: Safari at 20, Apple Crash Detection False Positives, and ChatGPT AI for Hackers
We discuss the 20th anniversary of Apple's Safari web browser, look at more false positives on roller coasters and ski slopes with Apple's crash detection, then finish looking at our Apple security and privacy roundup for 2022. Show Notes:
- Apple’s Safari browser is 20 years old
- Camino Canceled: Mac Browser Calls It Quits
- Dridex banking malware modified to spread using macOS
- ChatGPT is enabling script kiddies to write functional malware
- iPhone 14's Car Crash Detection Still Triggering False 911 Calls, Forcing Dispatchers to Reallocate Resources Away From Real Emergencies
- First responders ask iPhone users to disable Emergency SOS
- iPhone 14's Car Crash Detection Still Triggering False 911 Calls, Forcing Dispatchers to Reallocate Resources Away From Real Emergencies
- The Year in Apple Security & Privacy 2022
Thu, 12 Jan 2023 05:00:00 -0500
Episode 273: LastPass, TikTok, Phishing, and the Year in Apple Security and Privacy
Password manager LastPass had a data breach, and users' vaults are at risk; TikTok spied on US journalists; and two new phishing attempts showing how complex techniques are used to try to fool people. And we begin our look at the year in Apple security and privacy. Show Notes:
- LastPass password manager suffers massive data breach
- TikTok Spied On Forbes Journalists
- TikTok is now banned on mobile devices issued by U.S. House of Representatives
- Warning: Advanced phishing attack. Got a pop up on both my iPhone & Apple Watch about password reset. I didn’t take action. Then received call from 1-800-MY-APPLE. Here’s what ensued
- Apple Security and Privacy 2022: The Year in Review
Thu, 05 Jan 2023 05:00:00 -0500
Episode 272: Top 10 Security and Privacy Tips for Apple Users
There are some basic tips that can help you enhance the security and privacy of your Apple devices. We go over a list of ten top tips that you might want to look into as a New Year's resolution. Show Notes: Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 29 Dec 2022 04:00:00 -0500
Episode 271: Stalkerware, Gatekeeper Vulnerabilities, and No Mac Pro for Christmas
Commercial stalkerware can record everything on a victim's iPhone; yet another Gatekeeper bypass shows that even Lockdown Mode isn't impermeable; and Apple hasn't transitioned all its Macs to its own processors: the Mac Pro still hasn't made the change. Show Notes:
- Microsoft discovers new Gatekeeper bypass; Apple updates past security advisories
- Apple also patched a zero-day vulnerability last week (that was previously patched for iOS only)
- Xnspy stalkerware spied on thousands of iPhones and Android devices
- Microsoft digital certificates have once again been abused to sign malware
- Apple Considering Dropping Requirement for iPhone Web Browsers to Use WebKit
- Apple Expands Do-It-Yourself Repair Program to Desktop Macs With M1 Chips and Studio Display
- It might be time for Apple to throw in the towel on the Mac Pro
- Apple Pushing to Launch Search Engine to Rival Google
- Safari Search & Privacy
- Anker’s Eufy deleted these 10 privacy promises instead of answering our questions
- Swatters used Ring cameras to livestream attacks, taunt police, prosecutors say
- Apple Home security camera and doorbell compatibility
Thu, 22 Dec 2022 05:00:00 -0500
Episode 270: Apple’s Advanced Data Protection
Apple has released a slew of updates and new features for most of its operating systems. We'll take a look at some of the highlights including Apple's Advanced Data Protection. Show Notes:
- Apple releases macOS Ventura 13.1, iOS 16.2, and more; fixes zero-day vuln
- Apple to Allow Outside App Stores in Overhaul Spurred by EU Laws
- Apple Freeform Lets You Brainstorm and Collaborate on Mac, iPad, and iPhone
- Apple’s Advanced Data Protection and Other Features Harden Security
- How to turn on Advanced Data Protection for iCloud
- How to Use a Security Key to Protect Sensitive Online Accounts
Thu, 15 Dec 2022 05:00:00 -0500
Episode 269: Find My Finds More
We discuss several stories about Apple's Find My app: when it goes terribly wrong, how stalkers are using it, and how you can now ping an AirTag from your Mac. We also warn about prolific new email scams, discuss Apple's new karaoke feature, and more. Show Notes:
- Scam E-mails Pose As Retail Store Rewards Programs
- Find My misfire leads to SWAT raid on grandmother
- Stalkers’ “chilling” use of AirTags spurs class-action suit against Apple
- Latest macOS Beta Lets You Chime Your AirTags From Your Mac
- Apple Announces App Store Changes, Including Expanded Pricing Up to $10,000
- Apple Self Service Repair launches in UK, Germany, and six other countries
- Apple Music Karaoke Experience Coming to These Supported Devices
- Samsung’s Android app-signing key has leaked, is being used to sign malware
Thu, 08 Dec 2022 05:00:00 -0500
Episode 268: The “Secret” Apple Tax - Intego Mac Podcast Episode 268
There's more news about Twitter, as Elon Musk has called out the "secret" Apple tax of 30% that large developers pay, that wasn't so secret. We also look at the various types of drives that you can use to back up your Mac: hard drives, SSDs, and NASs. Show Notes:
- Phil Schiller deleted his Twitter account; no, Apple has not removed its tweets
- Elon Musk's alternate phone
- “Apple has also threatened to withhold Twitter from the App Store, but won’t tell us why”
- The secret 30% tax
- Elon Musk says Apple threatened to remove Twitter from App Store
- Tumblr was removed from Apple’s App Store over child pornography issues
- Elon Musk implies Apple hates free speech after ‘mostly stopped’ advertising on Twitter
- How to Choose the Best Hard Drive or SSD to Back Up Your Mac
Thu, 01 Dec 2022 05:00:00 -0500
Episode 267: AirPods as Trackers, Hacking Hackers, and Apple Tracking
In this week's security news, a stalker used AirPods to track a woman, since they don't sent alerts like AirTags; Australia is hacking hackers in a sort of precrime operation; Apple is tracking a lot of user data; and we give a few tips for the annual Black Friday shopathon. Show Notes:
- Apple Tracks Alarming Amount of Data Even When Device Analytics is Turned Off
- Apple's App Store analytics may be able to identify users
- Apple's iCloud Private Relay being abused in $65M ad fraud
- My creepy date slipped his AirPods into my bag — here's the scary reason why
- Is 5G worth it? Consumer hype is over, and carriers worried, says report
- It’s not your imagination: Shopping on Amazon has gotten worse
- Thinking about taking your computer to the repair shop? Be very afraid
- Australia to hack the hackers
- Network-crashing leap seconds to be abandoned by 2035, for at least a century
- How to Rip DVDs or Blu-rays and Add Them to Your Apple TV Library
Thu, 24 Nov 2022 09:00:00 -0500
Episode 266: Twitter, AirDrop, and Continuity Camera
The situation at Twitter is changing daily, and we have some security tips for staying safe with Twitter’s new verification system. We look at some changes that Apple is making to AirDrop in China, which would be good for everyone. And we discuss the new Continuity Camera feature of macOS Ventura.  Show Notes:
- Market capitalization of Eli Lilly
- Twitter Working on End-to-End Encryption for Direct Messages
- Mastodon Safety: How To Protect Against Security and Privacy Risks
- Apple Launches Revamped iCloud.com Website With All-New Design
- Apple to restrict Everyone option in AirDrop in China
- Apple plans to expand AirDrop time limit to customers worldwide
- Southwest Airlines passenger AirDrops nude photo to other fliers
- How to use AirDrop on your iPhone or iPad
- How to Use AirDrop to Securely Share or Transfer Files
- How to Use Your iPhone as a Webcam with Continuity Camera in macOS Ventura
Thu, 17 Nov 2022 04:00:00 -0500
Episode 265: Extreme Security and Privacy on the iPhone
Apple's new Lockdown Mode provides extreme security and privacy on the iPhone, iPad, and Mac. We discuss how it works, and what the downsides are of using this feature. We also talk about how TikTok's new privacy policy states that staff can access user data, how Zoom mandates new client updates every 90 days, and how the U.S. is planning "nutrition labels" for IoT devices. Show Notes:
- New TikTok privacy policy allows staff to access user data
- TikTok Parent ByteDance Planned To Monitor Locations of Specific U.S. Citizens
- 31 arrested in EU for stealing cars by hacking keyless tech
- Zoom now mandates client updates every ninety days
- U.S. Planning on IoT “Nutrition Labels” for Spring 2023
- Apple's Lockdown Mode
- GrapheneOS - Android, but designed for security first
Thu, 10 Nov 2022 04:00:00 -0500
Episode 264: The Dangers of Verified Accounts on Social Networks
We discuss this week's Apple security updates, explain why some apps have issues with full disk access in macOS Ventura, and we discuss the dangers of verified accounts on social networks, such as Twitter. We also take a close look at one of the biggest changes in macOS Ventura, the System Settings app. Show Notes:
- macOS Ventura 13.1 will resolve the Full Disk Access issue
- SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
- OpenCore Legacy Patcher added Ventura support for 2013 “black trash can” Mac Pro
- Elon Musk Settles SEC Fraud Charges; Tesla Charged With and Resolves Securities Law Charge
- Get to Know the System Settings App on macOS Ventura
Thu, 03 Nov 2022 04:00:00 -0400
Episode 263: What's New in macOS Ventura
We take a look at some of the new features in macOS Ventura, and we also discuss the more than 100 vulnerabilities patched in this week's operating system updates. And we discuss Apple's surprising foray into ads for gambling apps in the iOS / iPadOS App Store. Show Notes:
- OpenCore Legacy Patcher added Ventura support for 2012 and later Mac models on Tuesday
- Apple confirms the iPhone is getting USB-C
- Apple raises prices of Apple Music, Apple TV+, Apple One
- New App Store ad slots heavily promote gambling apps
- What’s New in macOS Ventura
- Stage Manager offers new way to work with windows in macOS Ventura and iPadOS 16
- New Features in Mail and Messages in macOS Ventura, iOS 16, and iPadOS 16
Thu, 27 Oct 2022 05:00:00 -0400
Episode 262: Apple's Confusing New iPad Line
Apple announced new iPads this week, and now the iPad line is confusing. We look at what this means for people who want to buy a new iPad. We also discuss the new Apple TV, and its Thread support, DuckDuckGo's new "secure" browser, and we have an update on the Lufthansa AirTag kerfuffle. Show Notes:
- Are AirTags Safe on Airlines? – Intego Mac Podcast Episode 261
- Malware Attack Framework "Alchimist" Designed to Exploit Macs
- DuckDuckGo Mac browser
- Which Is Better: Apple’s Hide My Email or DuckDuckGo Email Protection?
- iOS VPN apps have another flaw, shows new research: excluding many Apple apps
- Android leaks some traffic even when 'Always-on VPN' is enabled
- How to Use Thread HomeKit Devices with Apple TV and HomePod mini
- Which iPad Is Best for You in 2022?
- About Touch ID advanced security technology
Thu, 20 Oct 2022 05:00:00 -0400
Episode 261: Are AirTags Safe on Airlines?
Apple's new crash detection feature in iPhones is creating false positives on roller coasters. Researchers have found a way to use thermal tracking to figure out the password you've just typed. And are AirTags safe on airlines? Lufthansa isn't quite sure. Show Notes:
- A full history of macOS (OS X) release dates and rates
- ‘The Owner of This iPhone Was in a Severe Car Crash’—or Just on a Roller Coaster
- AI-driven ‘thermal attack’ system reveals passwords in seconds
- Are airlines banning Apple AirTags? Here’s the complete story
Thu, 13 Oct 2022 04:00:00 -0400
Episode 260: The EU Mandates USB-C Ports
The European Union is mandating a common charging port on portable electronic devices. Is forcing manufacturers to use USB-C a good thing, or are there downsides? Show Notes:
- The Pixel 4 hits end of life after three years of service
- EU Parliament approves common charging cable from 2024
- Inductive charging (Wikipedia)
Thu, 06 Oct 2022 04:00:00 -0400
Episode 259: The Dangers of Expired Domains and Old Email Addresses
When domain names expire, anyone can take them over, and not only confuse people used to a company name, but also access any emails sent to that domain. Show Notes:
- Expired Domain Dumpster Diving
- Have I Been Pwned
- Plain Text Offenders
- Reused domain: Kagi.com
- Zombie brand RadioShack is launching a crypto market for ‘the older generation’
- gail.com
Thu, 29 Sep 2022 04:00:00 -0400
Episode 258: Apple’s New iPhone 14 and Apple Watch Series 8
Josh and Kirk each got a new iPhone 14 Pro, and discuss the new features in the phone. They also look at some bugs in iOS 16, and new malware that may affect the Mac. Show Notes:
- VMware, Microsoft warn of widespread Chromeloader malware attacks
- Apple confirms frequent ‘allow paste?’ prompts in iOS 16 are a bug
- Bug in iPhone 14 Pro Max causes camera to physically fail, users say
- Apple Watch 8 Review – Why Change What Works?
- iPhone 14 Pro Review – An Amazing New Camera, Safety Features, and an Always-On Display
- How to put a cute little cat (or other creature) above your Dynamic Island
- PhotoActive podcast, Episode 83: Raw and ProRAW on the iPhone
Thu, 22 Sep 2022 04:00:00 -0400
Episode 257: Hello, iOS 16!
iOS 16 and watchOS 9 are here, and we give you some tips on prepping your devices for upgrade. We also discuss which older operating systems will continue to get security updates, and what's up with that standalone Safari update for macOS? And we talk about a new Mac App Store lookalike web page scam that you should be aware of. Show Notes:
- Apple releases macOS Monterey 12.6, iOS 15.7, and more; fixes zero-day vulns
- iOS 16 and watchOS 9 are here; are your devices ready?
- Ring doorbell security gets boost as company expands end-to-end encryption
- Amazon ‘cutewashes’ surveillance with its new “Ring Nation” doorbell cam TV show
- Academics find tiny crack in Apple’s Private Relay
- Fake App Store pages are the new fake Flash Player alerts
- Cybercriminals target games popular with kids to distribute malware
Thu, 15 Sep 2022 04:00:00 -0400
Episode 256: Apple's Far Out Event
Apple has introduced this year's models of the new iPhone, iPhone Pro, and also unveiled a new, rugged Apple Watch, and 2nd generation AirPods Pro. We discuss the new features in these devices. Show Notes:
- Apple Releases iOS 12.5.6 for Old iPhone, iPad, iPod touch Models to Fix Actively Exploited Vulnerability
- Apple Introduces iPhone 14, Apple Watch 8, and New AirPods
Thu, 08 Sep 2022 06:00:00 -0400
Episode 255: Email Privacy: Apple Hide My Email and DuckDuckGo Email Protection
We take a deep dive into two email privacy protection features, from Apple and DuckDuckGo. We also give a few predictions for Apple's Far Out event next week, look at cases where two-factor authentication isn't enough, and discuss how macOS is actively scanning for malware; at least for 13 types of malware. Show Notes:
- What Apple’s ‘Far Out’ Event Invitation Tells Us About Sept. 7 iPhone Plans
- Cybersecurity researchers detail a BEC scam targeting high-level Microsoft Office 365 accounts, even if they're protected with MFA
- Websites Can Identify If You’re Using iPhone’s New ‘Lockdown’ Mode
- macOS now scans for certain specific malware whenever it gets a chance
- Apple Releases iOS 12.5.6 for Old iPhone, iPad, iPod touch Models to Fix Actively Exploited
- Which Is Better: Apple’s Hide My Email or DuckDuckGo Email Protection?
Thu, 01 Sep 2022 04:00:00 -0400
Episode 254: Which Is More Secure: Face ID, Touch ID, or a Passcode?
Apple has announced the date for its iPhone event; it's on September 7, and we discuss what we could see. We also look at more mobile apps that inject JavaScript in web pages in their in-app browsers; are they doing this to collect data? And we look at Face ID, Touch ID, and passcodes to determine which is more secure. Show Notes:
- Apple Announces 'Far Out' September 7 Event: iPhone 14, Apple Watch Series 8, More
- How to Install macOS Monterey on Unsupported Macs, for Security Improvements
- Apple delivers iPadOS 16.1 beta ahead of iOS 16 fall release
- iOS 16.1 to let users delete Wallet app amid antitrust concerns over Apple Pay
- TikTok also injecting code into websites to track its users, research says
- InAppBrowser.com: see what JavaScript gets injected through an in-app browser
- Plex password reset
- Apple updates Boot Camp for Intel Macs with WPA3 Wi-Fi support
- A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.
- Apple Patches Two Actively Exploited Vulns in Monterey 12.5.1, iOS and iPadOS 15.6.1
- Old laptop hard drives will allegedly crash when exposed to Janet Jackson music
- Which Is More Secure: Face ID, Touch ID, or a Passcode?
Thu, 25 Aug 2022 04:00:00 -0400
Episode 253: Car Hacks, Facebook Tracks, and Windows on Macs
We look at another car hack, this time when a security researcher found the private key for Hyundai updates through a Google search. We also explain how Facebook tracks you, even when you don't allow it, and another, even easier way to run Windows on a Mac -- at a cost. Finally, we look at how a security journalist got fooled by a phishing scam. Show Notes:
- Meta injecting code into websites to track its users, research says
- Man jailed for stalking ex-girlfriend with an AirTag
- Blogger finds private key to sign Hyundai car software updates… by Googling it
- DHS warns Emergency Alert System is potentially vulnerable to hacking
- Sounding the Alarm on Emergency Alert System Flaws
- Install Windows on a Mac with Apple M-series chip in Parallels Desktop
- How to Run Windows 11 for Free on an M1 or M2 Mac
- I’m a security reporter and got fooled by a blatant phish
- Apple Patches Two Actively Exploited Vulns in Monterey 12.5.1, iOS and iPadOS 15.6.1
Thu, 18 Aug 2022 05:00:00 -0400
Episode 252: Google Begs Apple to Replace iMessage with RCS
Google has launched a campaign to try to pressure Apple to adopt a messaging standard that is more amenable to Android users, but this is far more self-serving than it first appears. Also, we look at how Amazon wants to map your home with Roomba robot vacuum cleaners. Show Notes:
- UPDATE: Investigation report about the abuse of the Mac Appstore - Apple removed all 7 developers' accounts mentioned in the article.
- With iRobot acquisition, Amazon wants to scan every inch of your home
- “It’s time for Apple to fix texting.” - Google campaign site
- New Google site begs Apple for mercy in messaging war
- Helping you connect around the world with Messages
- Turn on chat features in Messages - Google support document
Thu, 11 Aug 2022 04:00:00 -0400
Episode 251: Tom Cruise and the Leap Second
Tom Cruise is showing up everywhere: landing his helicopter in an English family's garden; interrupting hikers and leaping off a cliff; and even in deepfake videos. We also look at crypto apps on Apple's App Store, and we discuss the leap second, and how taking away one second in time could wreak havoc on computers. Show Notes:
- 'Tom Cruise is in my Warwickshire garden'
- Tom Cruise apologizes for interrupting couple’s hike before jumping off cliff
- How to spot a deepfake video - featuring Tom Cruise as Iron Man
- Apple's App Store Comes Under the Spotlight for How It Handles Fake Crypto Apps
- Investigation report about the abuse of the Mac App Store
- Apple blasts Android malware in fierce pushback against iOS sideloading
- Nokia Threat Intelligence Report 2021
- Google pushes back deadline for killing off third-party cookies in Chrome (again) to H2 2024
- Over 3,200 apps leak Twitter API keys, some allowing account hijacks
- Earth is spinning faster than usual and had its shortest day ever
- Leap Seconds List - IETF
- Why One Critical Second Can Wreak Havoc on the Internet
- It’s time to leave the leap second in the past
- The Inside Story of the Extra Second That Crashed the Web
- Year 2038 problem
Thu, 04 Aug 2022 05:00:00 -0400
Episode 250: Is Your Car the Next Security Risk?
Cars are the next target for hackers; we look at vulnerabilities in standalone GPS devices, and we also discuss how Honda shrugged when presented with security vulnerabilities. We also go over the recent Apple operating system updates, and look at how Content Caching on a Mac may prevent security updates from being installed automatically. Show Notes:
- CVE-2022-32839 - remote code execution
- How can you tell whether your Mac is up to date?
- How to Use Content Caching on macOS to Save Bandwidth
- macOS Monterey 12.5 isn’t yet safe for all OpenCore Legacy Patcher patched Macs
- Hardcoded password in Confluence app has been leaked on Twitter
- Security flaws in a popular GPS module could allow hackers to track vehicles
- The Rolling Pwn - Security Now #879 show notes
- Zoom brings end-to-end encryption to its cloud phone service
- This Is the Code the FBI Used to Wiretap the World
- Drobo Files for Bankruptcy
Thu, 28 Jul 2022 07:00:00 -0400
Episode 249: Apple's New M2 MacBook Air
Apple's new M2 MacBook Air is the first change in the popular laptop's form factor since its introduction in 2008. We also look at a change in Facebook's tracking URLs, and how running ChromeOS could bring an old Mac back to life. Show Notes:
- Facebook has started to encrypt links to counter privacy-improving URL Stripping
- Spending on Apps Overtakes Games on Apple’s Platform for the First Time Ever
- ChromeOS Flex launches to turn your old Mac or PC into a Chromebook
- Hackers could use your Mac to exploit Microsoft Word security flaws
- M2 MacBook Air Review – New Form Factor for Apple’s Most Popular Mac
Thu, 21 Jul 2022 03:00:00 -0400
Episode 248: Lockdown Mode
Apple has announced a new extra-protection security feature called Lockdown Mode, which will protect those at high risk from hackers. We explain why this is a great bundle of security features that you can enable with a single click. Show Notes:
- New working speculative execution attack “Retbleed” sends Intel and AMD scrambling
- Microsoft makes course reversal, allows Office to run untrusted macros (for now)
- Now everyone can ‘unmention’ themselves from Twitter threads
- Apple Public Betas
- Install macOS Betas on Your Mac in a New APFS Volume
- Install macOS Ventura Beta in a Virtual Machine on an M1 or M2 Mac with UTM
- Lockdown Mode
Thu, 14 Jul 2022 04:00:00 -0400
Episode 247: Prime Day Shopping Safety Tips
Amazon Prime Day is next week, and we offer some tips on buying securely. We also explain how you can run Windows 11 on your Mac for free. Show Notes:
- Target, Walmart, and more stores will run alternative Prime Day sales in July. Here's a rundown of what to expect
- CamelCamelCamel
- PricePulse
- Caution! These Black Friday “deals” may be bad for your security
- Apple’s Planned Obsolescence: iOS 16, macOS Ventura Drop Support for Many Models
- How to Run Windows 11 for Free on an M1 or M2 Mac
Thu, 07 Jul 2022 03:00:00 -0400
Episode 246: The iPhone at 15
We look at this week's security news, then we reminisce about 15 years of the iPhone, which went on sale on June 29, 2007. It's been an interesting ride so far. Show Notes:
- A wide range of routers are under attack by new, unusually sophisticated malware ZuoRAT
- Hertzbleed: A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
- OpenSSL 3.0.5 awaits release to fix potential worse-than-Heartbleed flaw
- FCC commissioner calls for Apple & Google to ban TikTok
- Attackers hit iOS and Android devices with spyware in Italy and Kazakhstan
- 15 Years Ago Today, the iPhone Went On Sale
Thu, 30 Jun 2022 04:00:00 -0400
Episode 245: Everything You Can Do with iCloud
We also talk about a new phishing scam, how the Strava fitness app is causing problems for the Israeli military, some new Windows feature that copy Apple, and the end of captchas. Then we take a deep dive into iCloud, looking at the many features available with your iCloud account. Show Notes:
- iOS 16 Will Let iPhone Users Bypass CAPTCHAs in Supported Apps and Websites
- Firefox's Total Cookie Protection Now Available to All Users by Default
- This new Windows 11 privacy feature shows when apps access your microphone, camera or location
- These fake voicemail phishing emails want to steal your passwords
- Shadowy Strava users spy on Israeli military with fake routes in bases
- We discussed an earlier Strava story in February 2018
- Volkswagen CEO Skeptical About Apple Car, Believes in CarPlay-Only Approach
- Everything You Can Do with iCloud – The Complete Guide
- Apple AirTags: The Complete Guide to How to They Work, What to Track with Them, and More
Thu, 23 Jun 2022 04:30:00 -0400
Episode 244: Apple's Planned Obsolescence
We look at how Apple's planned obsolescence means that many devices won't be compatible with this fall's new operating systems; even devices that are being sold right now. Show Notes:
- EU Reaches Agreement to Force iPhone and AirPods to Adopt USB-C by Fall 2024
- USB-C and Thunderbolt: Understanding Ports and Cables for Macs and iPads
- Germany launches antitrust investigation over App Tracking Transparency
- Apple Pay Later will use Apple IDs to help detect fraud
- Apple’s Planned Obsolescence: iOS 16, macOS Ventura Drop Support for Many Models
- Stage Manager controversy won’t go away, and Apple can still fix it
- Some iOS 16 features require an iPhone XS or newer; here they are
Thu, 16 Jun 2022 04:00:00 -0400
Episode 243: Apple's New Operating Systems: macOS Ventura, iOS 16, & iPadOS 16
Apple presented this year's operating systems at the Worldwide Developer Conference. We take a look at the key features, and especially at the security and privacy features that will be available this fall, and discuss the two new Apple laptops that are coming next month. Show Notes:
- Apple Presents macOS Ventura, iOS 16, iPadOS 16, and New Macs
- New Security and Privacy Features in macOS Ventura, iOS 16, and iPadOS 16
Thu, 09 Jun 2022 04:00:00 -0400
Episode 242: Waiting for WWDC
As we await next week's Worldwide Developer Conference, we discuss what Apple may present. We also look at a clever method hackers are using to steal WhatsApp accounts, remind users to update Zoom, and examine why Apple has earned the third-highest gaming revenue in 2021. Show Notes:
- iCloud Time Machine for Mac & new AirPort routers pop out of rumor mill - but hurdles abound
- Why Apple Is Missing the Boat on Home Wi-fi
- Gurman: Apple Preparing to Debut Enhanced Lock Screen, Windowing in iPadOS, Redesigned Mac Apps, and More at WWDC
- 'realityOS' Trademark Filing Hints at Possible WWDC Announcement
- Hackers steal WhatsApp accounts using call forwarding trick
- Messages Sent Through Zoom Can Expose People to Cyber-Attack
- Apple earned the third-most gaming revenue in 2021, outpacing Microsoft & Nintendo
- Apple injects ads into “ad-free” Apple Music playlists
Thu, 02 Jun 2022 05:00:00 -0400
Episode 241: Ellie’s Data Auction
Apple's recent iPhone privacy ad features an auction of Ellie's data. We look at the ad and discuss the points Apple makes, and explains how they matter, and when they aren't enough. We also talk about Apple's home repair program, new app subscription rules, and an Instagram account hack. Show Notes:
- Apple Shipped Me A 79-Pound iPhone Repair Kit To Fix A 1.1-Ounce Battery
- Apple will let your subscription apps charge you more money without asking
- How to manage iTunes Store and App Store Subscriptions
- Update to subscription notifications
- My Instagram account was hacked and two-factor authentication didn't help
- Privacy on iPhone - Data Auction
Thu, 26 May 2022 04:00:00 -0400
Episode 240: The Pros and Cons of Sideloading Apps on iOS
Apple claims that they need the App Store to ensure that iOS devices are safe. The company claims that sideloading, or installing apps from other sources, is dangerous. Yet this is what we have always done on the Mac. We take a deep dive into the pros and cons of sideloading on iPhones and iPads. Show Notes:
- We need app store competition, not Apple’s 1960s-style paternalistic monopoly
- Apple would be forced to allow sideloading and third-party app stores under new EU law
- Building a Trusted Ecosystem for Millions of Apps: A threat analysis of sideloading (Apple white paper)
Thu, 19 May 2022 05:00:00 -0400
Episode 239: Requiem for the iPod
Apple has discontinued the last iPod, the iPod touch. We discuss some of the history of the iPod, and look at 17 reasons who you should use an iPod touch. We also look at the new FIDO initiative, which allows your phone to replace passwords, and we discuss AirTag false alarms. Show Notes:
- AirTags are sending a new kind of false alarm, report says
- Google lines up with Apple and Microsoft to nix passwords in favor of nearby-device authentication
- Apple discontinues the last iPod model
- 17 Reasons Why You Should Use an iPod touch in 2022 (published 8 days earlier)
- The iPod at 20 – How the Portable Music Player Laid the Foundation for Today’s Apple
- iPod (Wikipedia); this article shows all the iPod models
Thu, 12 May 2022 05:00:00 -0400
Episode 238: Apple AirTags: One Year On
Apple has provided some clarification to its plan to remove old and in the way apps from the App Store. Microsoft has been working on a VPN that isn't a VPN it works a little differently from Apple's VPN that isn't a VPN. And it's been a year since Apple released AirTags... It hasn't exactly been smooth sailing, but if third-party accessories are an indication, AirTags are doing pretty well. Show Notes:
- Clarifying criteria & new timing extension for App Store Improvements process
- Apple Silicon chip vulnerability ‘Augury’ surfaces, but researchers aren’t worried yet
- Cellebrite iPhone cracking: Here’s which models the kit can unlock and access, and how to protect your data
- Use the Microsoft Edge Secure Network to protect your browsing
- Is Apple’s iCloud Private Relay a VPN? Not Even Close—Here’s Why
- AirTag tracking alert hits teenager’s phone at Disney World – without locating tracker
- Apple says it will make unknown AirTags alert you sooner
- What’s new in firmware updates for AirTag
- Apple’s AirTags: One Year On
Thu, 05 May 2022 04:00:00 -0400
Episode 237: Get Ready to Repair Your Own iPhone!
Apple is making the tools and documents needed for iPhone repairs available to users in the US. Are you ready to repair your own iPhone? Removing outdated apps is now a trend as Apple joins Google and begins removing older software from the app store. Apple may be forced by EU regulators to open up iMessage. And we'll discuss understanding USB-C and Thunderbolt ports and cables for Macs and iPads. Show Notes:
- Intego Mac Podcast Episode 236
- Apple’s Self Service Repair now available
- Here's the Massive Kit Apple Will Send to Your House So You Can Fix Your iPhone
- iFixit Says Apple's Self Service Repair Program is Great Step, But Has a Catch
- How to Install macOS Monterey on Unsupported Macs, for Security Improvements
- Apple App Store appears to be widely removing outdated apps
- Google Launches Privacy Labels for Google Play Apps
- Critical bug in Apple codec could have let hackers commandeer millions of Android devices
- Impending EU Regulation to Force Apple to Allow Third-Party App Stores and Open Up iMessage
- Tech Giants Duped Into Giving Up Data Used to Sexually Extort Minors
- USB-C and Thunderbolt: Understanding Ports and Cables for Macs and iPads
Thu, 28 Apr 2022 04:00:00 -0400
Episode 236: Install macOS Monterey on a 15-Year Old Mac
Josh has a 15-year old iMac that he wanted to be up to date with security updates, but it doesn't support macOS Monterey. So he found a way to finagle the operating system on his old Mac. We also discuss how sharing your Netflix account might be dangerous, and how fake reviews will soon be illegal in the UK, and whether it can be enforced. Show Notes:
- Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina
- Apple’s Security Approach Endangers Users of macOS Big Sur & Catalina – Intego Mac Podcast Episode 234
- Netflix shares fall more than 35% after streamer loses over 200,000 subscribers
- How an Apple iCloud Exploit Lost a Crypto Trader Over $650K
- Fake reviews to be illegal under new rules
- How to Install macOS Monterey on Unsupported Macs, for Security Improvements
Thu, 21 Apr 2022 04:00:00 -0400
Episode 235: Everything About Your Apple ID
DuckDuckGo is beta testing a privacy-focused browser; Google is deprecating old apps in its Play Store; activation-locked AirPods are wreaking havoc on refurb companies. And we take a deep dive into managing your Apple ID, the key to all Apple services. Show Notes:
- Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina
- Introducing DuckDuckGo for Mac: A Private, Fast, and Secure Browsing App
- Thousands of Apple AirPods returned through Walmart and other retailers are being stockpiled due to an apparent security issue
- Google makes outdated apps less accessible on Play Store
- Why quickly patching your iPhones and Macs is more important than ever
- Microsoft's huge Patch Tuesday includes fix for bug under attack
- Critical vulnerabilities uncovered in hospital robots
- How to Manage and Use Your Apple ID – The Complete Guide
Thu, 14 Apr 2022 04:00:00 -0400
Episode 234: Apple’s Security Approach Endangers Users of macOS Big Sur & Catalina
Apple has issued new updates, but hasn't patched two serious vulnerability for Big Sur and Catalina. We also look at a serious MailChimp data breach, and how AirTags are being used more for stalking. Show Notes:
- Apple’s Worldwide Developers Conference returns in its all-online format
- Apple releases macOS 12.3.1, iOS 15.4.1, watchOS 8.5.1 and more
- PowerBook 500 (could use two batteries)
- Police Records Show Women Are Being Stalked With Apple AirTags Across the Country
- Watch out for phishing emails from genuine mailing lists, following Mailchimp hack
- Behold, a password phishing site that can trick even savvy users
- Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina
- iOS adoption
- StatCounter
- Can your Mac run Monterey?
Thu, 07 Apr 2022 05:00:00 -0400
Episode 233: Universal Control Comes to macOS Monterey
New malware, a new Chrome zero-day vulnerability, and why iOS auto-updates take so long to update. We discuss Apple's potential iPhone hardware subscriptions and discuss the new Universal Control feature in macOS Monterey. Show Notes:
- New Variant of Chinese Gimmick Malware Targeting macOS Users
- Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
- Apple's Craig Federighi Explains Why iOS Auto-Updates Often Arrive Several Weeks Late
- My own phone number is now spam texting me
- Apple Is Working on a Hardware Subscription Service for iPhones
- Apple solidifies its transition to a services company
- How to Set Up and Use Universal Control with macOS Monterey
Thu, 31 Mar 2022 05:00:00 -0400
Episode 232: The Jargon Episode, Part II
We follow up on our recent episode explaining the jargon used in cybersecurity, explaining hacking and cracking, black hats and white hats, and more. Show Notes: Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 24 Mar 2022 05:00:00 -0400
Episode 231: Apple Peek Performance Review
Plenty of Apple software updates came out last week and we have the run-down. Look up in the sky, it's a bird, it's a plane... it's a QR code? And, of course, we'll have our take on the latest gear announced at Apple's most recent Peek Performance Event. Show Notes:
- CaddyWiper: New wiper malware discovered in Ukraine
- Halo Invades SXSW With a ‘Swarm’ of 400 Drones
- Apple Releases Mac Studio, Studio Display, and Updates iPhone SE and iPad Air
- Apple’s 2022 iPad Air elbows M1 into the lineup
- MacTracker
Thu, 17 Mar 2022 05:45:00 -0400
Episode 230: The Jargon Episode
Do you know your bot from your zombie, your evil maid from your man in the middle? Computer security, like any technical field, has lots of jargon, and in this episode, we explain the terms you hear us use often when talking about malware and security issues. Show Notes: Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 10 Mar 2022 04:00:00 -0500
Episode 229: Apple Peek Performance Prognostics
Russia has deployed malware against Ukraine in the lead up to its invasion; we have details on the cyber weapons they used. Third-party web browsers for the iPhone and iPad are forced to use WebKit, but want to be free from this requirement. And Apple's Spring Event is next week. We have a preview of what we hope is coming, along with some Peek Performance Prognostics. Show Notes:
- HermeticWiper malware targeting orgs in Ukraine; here’s how to stay safe
- IsaacWiper
- Russian Invasion of Ukraine Impacts Apple World
- Apple pauses all product sales in Russia, stops exports and limits Apple Pay
- Russian hackers infect network devices with new botnet malware: Cyclops Blink
- Web Developers Form Advocacy Group to Allow Other Browser Engines on iOS
- Apple event, March 8
Thu, 03 Mar 2022 05:00:00 -0500
Episode 228: Apple T2 Security Vulnerability, New Gmail Spam Rules, and How Thread Makes Your Home Smarter
The Mac's T2 security chip has been hacked and your Mac's passwords can be cracked. What you should know about a potentially serious vulnerability. You should probably check your Gmail spam folder? And we've got a look at the wireless mesh system you might already have running in your home. Show Notes:
- New Gmail Spam Filtering Rules: Check Your Spam Mailbox
- T2 Mac security vulnerability: Passwords can now be cracked
- Missouri governor’s wild claims about journalist debunked in police report
- Never, Ever, Ever Use Pixelation for Redacting Text
- Securely Redact Text in PDFs with Apple Preview on Mac
- Opera browser now allows emoji-only web addresses
- How to Use Thread HomeKit Devices with Apple TV and HomePod mini
Thu, 24 Feb 2022 05:00:00 -0500
Episode 227: Apple Vulns, Macro Viruses, and How Encryption Protects You
Apple has issued a mixed assortment of security updates, Microsoft is changing the way they warn about macros in Word and Excel documents, and we take a deep dive into end-to-end encryption, explaining why your security and privacy online depend on it. Show Notes:
- Apple fixes active zero-day vuln with macOS 12.2.1, iOS 15.3.1, Safari 15.3
- CISA orders federal agencies to update iPhones, Macs until Feb 25th
- Apple releases mystery security updates for macOS Big Sur, Catalina
- Apple Announces AirTag Updates to Address Unwanted Tracking
- 25 years on, Microsoft makes another stab at stopping macro virus malware
- 10 Ways End-to-Encryption Protects Your Data, Your Privacy, and Your Bank Balance
- Three Free Secure Email Providers That Protect Your Data and Privacy
Thu, 17 Feb 2022 04:00:00 -0500
Episode 226: Breaking Up Is Hard To Do
A bug has turned up that allowed Siri to record user interactions without permission; Facebook predicts Apple's strict privacy and tracking features will hurt its bottom line; and third parties are selling AirTags that have been hacked to make them less detectable and easier to use for stalking. And, break ups happen: we've got some advice for how to un-share devices, services and personal data with your ex, just in time for Valentine's Day. Show Notes:
- The evolution of a Mac trojan: UpdateAgent’s progression
- iOS 15.4 Beta 2 Fixes Bug That Caused Some iPhones to Record Siri Interactions Even When Users Opted Out
- Apple's Privacy Measures to Cost Facebook $10 Billion in 2022
- AirTags with deactivated speakers being sold on eBay and Etsy; seller claims not for stalking
- Domestic abuser busted in the act of putting an AirTag on a car
- Reddit and Twitter users face age checks under UK porn law plans
- Bad Breakup? How To Stop Sharing Data with Your Ex on iPhone and iPad
Thu, 10 Feb 2022 05:00:00 -0500
Episode 225: Face ID with a Mask; Barcodes with Stamps; and Problems with OneDrive
We look at some Face ID tricks for you, your iPhone, and your mask. OneDrive and Dropbox run into a kernel extension issue and things may be kind of haywire for their syncing capabilities. The App Store announces support for unlisted apps for private distribution. And the UK's Royal Mail starts including barcodes with stamps, and fun may ensue. Show Notes:
- iOS 15.4 enables Face ID support while wearing a mask, no Apple Watch required
- Royal Mail adds barcodes to stamps offering digital extras
- GDPR enforcer rules that IAB Europe’s consent popups are unlawful
- App Store Now Supports Unlisted Apps Discoverable Only With a Direct Link
- macOS 12.3 to remove Python 2.7
- OneDrive Mac Users Unhappy With Buggy Update That Removes Ability to Keep Local Copies of Synced Files
- Inside the new Files On-Demand Experience on macOS
- Pennsylvania could become first state to pass law targeting AirTag abuse
Thu, 03 Feb 2022 04:00:00 -0500
Episode 224: The Enemy in Your Pocket
We take a close look at the new DazzleSpy malware that targets Macs. There's quite a bit of money to be made from Apple's bug bounty program; one recipient blabs on the payout. Time for procrastinators to update to iOS 15 as security updates dry up for earlier systems. Scammers are preying on prayers; prayer apps that is. And we've got another AirTags to the rescue adventure. Also, Apple released a whole slew of security updates right after we finished recording the podcast; check the link in the show notes for full info. Show Notes:
- DazzleSpy Mac Malware Used in Targeted Attacks
- Apple paid bug bounty of $100K for Mac webcam hijack & more
- iOS 15 Features
- iOS 14 updates are no longer being offered
- Apple says iOS 15 adoption is lower than usual, but here's why
- iOS 15.3 and macOS 12.2 (with Safari history leak fix) sill aren’t out yet
- Apple releases macOS 12.2, iOS 15.3, watchOS 8.4 and more
- Nothing Sacred: These Apps Reserve The Right To Sell Your Prayers
- iCloud sync is randomly breaking
- Woman put AirTag in one of her boxes and caught her mover lying about his location
- 24 Things You Can Track with Apple’s New AirTags
Thu, 27 Jan 2022 05:00:00 -0500
Episode 223: How to Run Windows on an M1 Mac
A new Safari vulnerability can leak your browser history, 5G can interfere with airplane altimeters, Google Analytics is being targeted by EU courts, and we take a deep dive into running Windows on an M1 Mac. Show Notes:
- Safari 15 IndexedDB Leaks
- Exploiting IndexedDB API information leaks in Safari
- Google Analytics declared illegal in the EU (well, not exactly)
- "Google Analytics may soon be banned," warns Dutch agency (Heise Online, via Google Translate)
- Mobile firms agree another 5G delay at US airports
- US radio spectrum chart
- How to Run Windows on an Intel or M1 Mac
Thu, 20 Jan 2022 05:00:00 -0500
Episode 222: SysJoker Malware and Scams in the App Store
New SysJoker malware attacks Mac, Windows, and Linux computers. Apple has difficulty managing scams and copycat apps in its App Stores. And iCloud Private Relay is provoking ire among phone carriers. Show Notes:
- New SysJoker Backdoor Targets Windows, Linux, and macOS
- How to make $13 million on the App Store with scam apps (Twitter thread)
- Wordle clone maker blatantly ripped off the original game, name and all
- The Wordle clones have disappeared from the App Store
- European carriers seek to block iPhone Private Relay feature
- How to Use iCloud Private Relay
- T-Mobile begins blocking iPhone users from enabling iCloud Private Relay in the US
- After our recording, Apple issued a statement saying that there are no bugs in iOS 15.2 that could disable iCloud Private Relay
- Wireless network provider support and features for iPhone
- Class action lawsuit filed in California alleging Google is paying Apple to stay out of the search engine business
- Bernstein says Google’s FY21 payments to Apple might reach nearly $15B
- Use private browsing to maintain your privacy on the web
- How to switch search engines in Safari and other browsers on macOS and iOS (and why you should)
Thu, 13 Jan 2022 05:00:00 -0500
Episode 221: Look-Alike Letters Lead Users to Lose Moola
Attackers can simulate an iPhone restart to keep malware alive, and an interesting HomeKit vulnerability could brick your device. We discuss malicious QR codes, and we take a deep dive into Apple's two-factor authentication, which more and more users need to use Apple devices. Show Notes:
- Microsoft fixes harebrained Y2K22 Exchange bug that disrupted email worldwide
- “NoReboot” attack: Threat actors can simulate iPhone reboots and keep iOS malware on a device
- Doorlock
- Tweet by Austin, TX, police
- Josh's tweet
- How to Use Two-Factor Authentication for Your Apple ID and iCloud Account
- How to Set iCloud Account Recovery Contacts, Legacy Contacts, and Trusted Phone Numbers
Thu, 06 Jan 2022 05:00:00 -0500
Episode 220: The Challenge with Alexa
Amazon Alexa gave a dangerous answer to a child asking for a challenge; how much can we trust AI to provide safe, reliable information? We also look at the new RedLine malware, and discuss some iCloud settings to help you get back into your account if you've forgotten your password, and one that lets you set up a legacy contact. Show Notes:
- RedLine malware shows why passwords shouldn't be saved in browsers
- This USB ‘kill cord’ can instantly wipe your laptop if snatched or stolen
- Alexa encourages dangerous penny challenge
- Alexa Answers
- The Penny (1p) Challenge
- How to Set iCloud Account Recovery Contacts, Legacy Contacts, and Trusted Phone Numbers
- How to Prepare Your Digital Legacy
Thu, 30 Dec 2021 04:00:00 -0500
Episode 219: $1,139 of Gelato
A four-year old child, using his father's phone, ordered $1,139 worth of gelato. We discuss the risks of lending your iPhone or iPad to a child, and we look at the new App Privacy Report, in iOS and iPad OS 15.2, which tells you what apps are doing behind your back. Show Notes:
- Four-year-old Sydney child orders $1,139 of gelato delivered to his father’s work
- How to Keep Kids from Making Purchases on Your iPhone or iPad
- Why iOS needs multiple user accounts for iPad
- A Parent’s Guide to In-App Purchases on iOS, iPadOS, and macOS
- Understanding iOS and iPadOS App Privacy Report
Thu, 23 Dec 2021 02:00:00 -0500
Episode 218: Does the Log4j Vulnerability Affect You?
The Log4j vulnerability is making the news, and we discuss what it is and who should worry. We look at Apple's new feature to detect nude photos in children's messages, and we discuss the potential demise of the NSO Group. Show Notes:
- Apple releases macOS 12.1, iOS 15.2, watchOS 8.3 and more
- Apple: About communication safety in Messages
- Apple Removes All References to Controversial CSAM Scanning Feature From Its Child Safety Webpage
- Apple Releases 'Tracker Detect' App to Prevent Android Users From Being Tracked by AirTags
- U.S. lawmakers call for sanctions against Israel's NSO, spyware firms
- After US ban and Apple action, Pegasus spyware maker NSO running out of cash
- ‘The Internet Is on Fire’ - A vulnerability in the Log4j logging framework has security teams scrambling to put in a fix.
- CISA tells federal agencies to patch Log4Shell before Christmas
- “Exploits of a Mom” (Little Bobby Tables) XKCD comic
- Apple patches Log4Shell iCloud vulnerability, described as most critical in a decade
Thu, 16 Dec 2021 04:00:00 -0500
Episode 217: New Scam Emails Purport to Come from NSO Group Hacker
Amazon's AWS outage causes havoc with the internet; a simple mistake can lock you out of your Google account for 48 hours; and we discuss a new scam email purporting to come from an NSO Group hacker. Show Notes:
- How to Use a Security Key to Protect Sensitive Online Accounts
- Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works
- "I am hacker NSO Group," New Email Scam Leverages Controversial Pegasus Malware
- Apple’s AirTags Can Enable Stalkers and Abusers
- I Mailed an AirTag and Tracked Its Progress; Here’s What Happened
- U.S. State Department phones hacked with Israeli company spyware
- Pegasus detection - iMazing
- Mozilla Ending Support for Firefox Lockwise Password Manager in December
- How to Choose the Right Password Manager for You
- Microsoft says its own Edge browser is more trustworthy than "so 2008" Google Chrome
Thu, 09 Dec 2021 05:00:00 -0500
Episode 216: The Problem with Default Passwords
The UK is mulling a bill to prohibit default passwords; the admin/admin that is often set by default on internet-connected devices. This would be a good thing, but there are drawbacks. We also discuss how Apple takes the lead in smartphone sales in China, and an upgrade program for Mac laptops. Show Notes:
- Josh speaking at AVAR 2021 Virtual on Thursday, December 2 (7:05 PM Pacific)
- Apple Becomes Largest Smartphone Brand in China, First Time Since Dec 2015
- Apple Introduces New MacBook Upgrade Program for Business Partners
- Apple Fined $11 Million in Italy for Employing 'Aggressive Methods' in Commercial Use of Private Data
- Apple alerted Polish prosecutor that her iPhone has likely been compromised by NSO
- Tweet from Polish prosecutor
- New malware is capable of evading almost all antivirus products
- UK *Considers Banning* Default Passwords and We Should Too
Thu, 02 Dec 2021 03:00:00 -0500
Episode 215: Apple Sues NSO Group for Pegasus Spyware
Apple has filed a lawsuit against NSO Group, the creator of Pegasus spyware, that has targeted politicians, journalists, and activists. We discuss this surprising lawsuit and what it means for Apple users and security. Show Notes:
- Dave Eggars, The Every
- Apple sues NSO Group to curb the abuse of state-sponsored spyware
- Apple's complaint
- The Pegasus Project, Washington Post
- About Apple threat notifications and protecting against state-sponsored attacks
- Detect Pegasus and Other Spyware on iPhone and iPad - iMazing
Thu, 25 Nov 2021 05:00:00 -0500
Episode 214: Shop Safely on Black Friday and Cyber Monday
We had to check our calendars when Apple announced a new self-service repair program for iPhones. We look at some new Mac malware, and we discuss how to shop safely and securely online this Black Friday and Cyber Monday. Show Notes:
- Apple announces Self Service Repair
- iPhone 12 and 12 Pro Screen Replacement
- iFixit battery replacement
- Caution! These Black Friday “deals” may be bad for your security
- 7 essential tips to stay safe shopping online, Cyber Week and all year
- How to Spot Fake Product Reviews
Thu, 18 Nov 2021 04:00:00 -0500
Episode 213: Is Apple Planning to Lock Down the Mac?
There is still new malware pretending to be Flash Player updates, even though Flash is dead; Facebook said they were ditching their facial recognition program, but has done an about face; and we discuss whether Apple is on a path to lock down the Mac to only allow apps to be installed from the Mac App Store. (Math correction: at one point I said $200 million; the correct number is $2 billion.) Show Notes:
- Highlights of Recent Mac Malware
- Meta [Facebook] will continue to use of facial recognition technology after all
- Meta will continue to use facial recognition technology, actually
- moe.: Meat
- Apple Business Essentials
- Apple's Craig Federighi Says Sideloading on iPhone Would Open the Floodgates to Malware
- Apple CEO Tim Cook: “If you want to sideload, you can buy an Android phone.”
- GIMP
- Audio Hijack
Thu, 11 Nov 2021 05:00:00 -0500
Episode 212: Apple’s Poor Patching Policies
We look at how Apple's inconsistent patching policies for fixing security threats puts users at risk. We also discuss Facebook's decision to shut down their facial recognition program, and an interesting "Trojan source" attack that could allow malware to be inserted into source code using invisible characters. Show Notes:
- Apple's Privacy Features Have Cost Social Media Companies Nearly $10 Billion in Revenue
- Facebook Shuttering Facial Recognition System, Will Delete Data From Over a Billion Users
- NSO Group (creator of Pegasus spyware) placed on U.S. government blacklist
- 'Trojan Source' attack method can hide bugs into open-source code
- CISA creates catalog of known exploited vulnerabilities, orders agencies to patch
- CISA Known Exploited Vulnerabilities Catalog
- Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious
Thu, 04 Nov 2021 06:00:00 -0400
Episode 211: Say Hey to macOS Monterey
Apple releases macOS Monterey, the company's newest desktop operating system, along with a number of security updates. We discuss Apple's new M1 Pro and M1 Max MacBook Pro models, which may be too powerful for most users. And if you're getting a new Mac, we discuss which is better: migrating your old system, or doing a clean installation. Show Notes:
- A full history of macOS (OS X) release dates and rates
- Apple releases macOS 12 Monterey, iOS 15.1, watchOS 8.1, and more
- How to keep older Macs secure: a geeky approach (run Catalina on unsupported Macs)
- Josh's tweet showing macOS updates by version
- UK phone networks to [attempt to] block scam calls from abroad
- M1 Pro vs. M1 Max: Why the fastest MacBook ever might be overkill
- Intel CEO: My job is to win Apple back
- Pre-release Intel 12th-gen Alder Lake chip allegedly beats Apple’s M1 Max
- How to choose the right Mac for your use case
- Setting Up a New Mac: Should You Migrate or Do a Clean Installation?
Thu, 28 Oct 2021 03:00:00 -0400
Episode 210: Apple’s New MacBook Pros, Really for Pros
Google removes FTP from Chrome; a journalist looks at a state website's source code and the governor brands him a "hacker"; Facebook is in trouble, and plans to change its name, sort of; and we look at Apple's new MacBook Pros, that really are for pros. Show Notes:
- Governor wants to prosecute journalist who clicked View Source
- Hacker definitions
- Google finally removed FTP from Chrome 95 browser
- Facebook is planning to rebrand the company with new name
- Facebook CEO Mark Zuckerberg added to D.C. privacy lawsuit
- Apple Watch Series 7 Review: A Larger Display, but No Essential Changes
- Juli Clover's Apple Watch photo
- Apple Goes Pro in Second Homegrown Silicon Salvo
Thu, 21 Oct 2021 04:00:00 -0400
Episode 209: What the heck is Apple doing??
Apple has released a security update for an actively exploited vulnerability, but only for iOS 15, not iOS 14? What are they doing? We also discuss how Apple sometimes offers security updates for older versions of macOS, but not always. Show Notes:
- How to Use Focus to Limit Notifications in iOS 15 and macOS Monterey
- iOS 15.0.2 fixes new “actively exploited” vulnerability
- Tweet by Denis Tokarev
- Researcher discloses several zero-day iOS, iPadOS vulnerabilities
- NSO Pegasus spyware can no longer target UK phone numbers
- Josh’s Objective by the Sea talk: n-1 and n-2: Should we really trust in you? An examination of macOS security updates
Thu, 14 Oct 2021 05:00:00 -0400
Episode 208: iPad mini 6, Facebook's Time-Out, and a Contactless iPhone Rip-Off
Facebook's downtime shows how risky it is to use social media services to log into other services. An interesting proof of concept can steal money from Visa cards on iPhones. And we discuss the new iPad mini 6, and the Apple Watch Series 7 that goes on sale Friday. Show Notes:
- Apple Watch Series 7
- Squircle
- Understanding How Facebook Disappeared from the Internet
- OpenID
- Company That Routes Billions of Text Messages Quietly Says It Was Hacked
- App Store Report a Problem link is back to help fight scams, with two significant improvements
- Lost Apple AirTag Can Lead Finder to Malicious Website
- Researchers find Apple Pay, Visa contactless hack
- Use Express Transit with Apple Pay
- Review: iPad mini 2021 – in spite of the increased price, it’s still a great device
Thu, 07 Oct 2021 04:00:00 -0400
Episode 207: iOS 12 Security Updates, Zero-Day iOS Vulnerabilities, and the iPhone 13
Apple issues a security update for iOS 12, zero-day vulnerabilities target iOS and iPadOS, and we look at the iPhone 13 Pro. Show Notes:
- iOS 12 is still getting security updates for in-the-wild issues
- Pegasus spyware found on 5 French cabinet members’ phones
- Remotely exploitable "inetloc" zero-day vulnerability hits the Mac
- Researcher discloses several zero-day iOS, iPadOS vulnerabilities
- Commission proposes a common charger for electronic devices
- Full EU text for chargers
- iPhone 13 Pro Review: The Camera’s the Star, but the Battery Life Is the Best New Feature
- Wireless Charging Is a Disaster Waiting to Happen
Thu, 30 Sep 2021 04:00:00 -0400
Episode 206: Why Doesn't Apple Want People to Upgrade to iOS 15?
There's new Mac malware hiding in a terminal emulator app, an interesting Finder vulnerability, and Apple launches iCloud+. We also wonder why Apple isn't prompting iOS users to upgrade to iOS 15 Show Notes:
- OSX/ZuRu Mac malware spread through Trojan apps
- Remotely exploitable "inetloc" zero-day vulnerability hits the Mac
- Why doesn’t Apple want people to upgrade to iOS 15?
- Netgear fixes dangerous code execution bug in multiple routers
- How to Use iCloud+, with Additional Security and Privacy Features, and More
- iOS 15 Adoption Lower Than iOS 14 Over First Two Days, Says Mixpanel
Thu, 23 Sep 2021 05:00:00 -0400
Episode 205: Apple’s Consistent Iteration
Apple has patched two in-the-wild vulnerabilities, and you should update your devices right away. We look at the dangers of "corrupt my file" websites. And we discuss Apple's new product announcements. Show Notes:
- Apple patches two in-the-wild vulnerabilities for macOS, iOS, iPadOS, watchOS
- Pegasus Spyware Hacks iPhones of Prominent Individuals
- Are “corrupt my file” sites safe? Here’s why to avoid corrupt-a-file services
- Meet Meris, the new 250,000-strong DDoS botnet terrorizing the internet
- Apple Introduces the iPhone 13, Apple Watch Series 7, and New iPads
- Hands On with Apple’s New M1 iMac and M1 iPad Pro (Center Stage video)
Thu, 16 Sep 2021 03:00:00 -0400
Episode 204: CSAM, GDPR, and Android Updates
Apple pauses their new CSAM image scanning rollout, WhatsApp gets slapped with a big GDPR fine in Ireland, and Germany is mandating seven years of updates for all mobile phones. We also discuss new Mac malware, and Intego's 100% virus detection rating. Show Notes:
- Apple Event, September 14
- Michael K. Williams
- OSX/Adload: Mac Malware Apple Missed for Many Months
- Intego Earns 100% Detection in AV-Comparatives 2021 Independent Testing
- Apple delays rollout of CSAM detection system and child safety features
- Facebook confirms ProPublica report based on a misunderstanding (Original title: WhatsApp Messages are Not End-to-End Encrypted)
- Ireland watchdog fines WhatsApp record sum for flouting EU data rules
- ProtonMail logged IP address of French activist after order by Swiss authorities
- Three Free Secure Email Providers That Protect Your Data and Privacy
- Intego Privacy Protection
- Germany wants phone makers to offer 7 years of security updates
- Samsung Takes Galaxy Security to the Next Level by Extending Updates
- Android One
- Samsung security updates: “minimum of four” years
- Google Chrome OS Device Auto Update Policy
Thu, 09 Sep 2021 04:00:00 -0400
Episode 203: Zero Click, Russian Fines, and Apple Wallet
A new zero-click exploit targets the iPhone, Russia fines internet companies for not storing user data in the country, and you'll soon be able to put a driver's license in Apple Wallet, but should you? Show Notes:
- Bahraini activists targeted with new iOS zero-click exploit
- WhatsApp, Facebook, and Twitter fined for not storing user data inside Russia
- Firefox follows Chrome and prepares to block insecure downloads
- Tom Cruise surprises starstruck British family by landing helicopter in garden
- Hundreds of thousands of Realtek-based devices under attack from IoT botnet
- Apple and Google must allow developers to use other in-app payment systems, per new South Korean law
- A Parent’s Guide to In-App Purchases on iOS, iPadOS, and macOS
- Daring Fireball on the South Korean in-app payment law
- Apple adds driver's licenses, state IDs to Apple Wallet
- Tweet from Nilay Patel
- This phishing attack is using a sneaky trick to steal your passwords, warns Microsoft
Thu, 02 Sep 2021 05:00:00 -0400
Episode 202: How We've Changed Our Approach to Security and Privacy
Josh and Kirk look at some new iCloud features, and talk about how they've changed their security and privacy practices over the 200+ episodes of the Intego Mac Podcast. Show Notes:
- Apple already scans iCloud Mail for CSAM, but not iCloud Photos
- iCloud+ custom email domains now available in beta
- California man admits to stealing nude photos from iCloud
Thu, 26 Aug 2021 05:00:00 -0400
Episode 201: Apple's New Child Protection Features
Apple has announced Expanded Protections for Children, designed to help limit the spread of child sexual abuse material. However, these features scan photos on iPhones and iPads, and many privacy advocates are concerned by their potential for misuse. Show Notes:
- Apple Announces Expanded Protections for Children
- Expanded Protections for Children: Frequently Asked Questions
Thu, 19 Aug 2021 05:00:00 -0400
Episode 200: Tales from the Hackin’ Shack with Patrick Wardle
For the 200th episode of the Intego Mac Podcast, we welcome independent security researcher Patrick Wardle, who shares tales of finding bugs and vulnerabilities on the iPhone and Mac. Show Notes: Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 12 Aug 2021 04:00:00 -0400
Episode 199: Understanding iCloud Private Relay
The Apple watch has been updated to cover a recent security vulnerability that has been patched on other Apple operating systems. Zoom pays users for lying, Apple brings back the Store tab on its website, and we look at how the forthcoming iCloud Private Relay works. Show Notes:
- Zoom to pay $85M for lying about encryption and sending data to Facebook and Google
- Apple reverts back to having a Store tab (it’s about time)
- With help from Google, impersonated Brave.com website pushes malware
- Lookalike domains are spreading malware; here's how to stay safe
- How to Use iCloud Private Relay
- What3Words
Thu, 05 Aug 2021 05:00:00 -0400
Buying and Selling Computer Vulnerabilities
A new Apple update is released for a zero-day vulnerability exploited in the wild, we discuss how vulnerability brokers buy and sell computer bugs, and we look at three free secure email services. Show Notes:
- Speculation that yesterday’s iOS security fix was for NSO exploit
- Twitter Account Security report
- Three Free Secure Email Hosts That Protect Your Data
Thu, 29 Jul 2021 04:00:00 -0400
Episode 197: Prepare for the End of 3G Networks
Apple has released security updates for all its operating systems. We discuss the new disclosures about Pegasus spyware, and Apple's response. And we look at what will happen when mobile phone carriers shut down their 3G networks; you may have 3G devices that you don't think about. And Josh has a new laptop; finally. (When we recorded the podcast, only some had been released, but shortly after the recording, Apple released the remaining updates.) Show Notes:
- Apple releases iOS 14.7, watchOS 7.6, macOS 11.5, and more
- Latest iOS 14.7 Beta Patches Bug That Disables iPhone's Ability to Connect to Wi-Fi
- Pegasus Project - The Guardian
- Why Apple’s walled garden is no match for Pegasus spyware
- Twitter thread about OS updates - Reed Albergotti
- 3G Networks Are Shutting Down; What Will Happen to Your Older Devices?
- What is 5G, how does it work, and how fast is it really?
Thu, 22 Jul 2021 05:00:00 -0400
Episode 196: Screenshots and Shortcuts
Apple is fixing a bug that could disable network access on devices connecting to wi-fi networks containing weird characters, and Ring rolls out end-to-end encryption for doorbells. We take a close look at how to shoot screenshots on the Mac, and we discuss the new Shortcuts coming to macOS Monterey Show Notes:
- Latest iOS 14.7 Beta Patches Bug That Disables iPhone's Ability to Connect to Wi-Fi
- Ring Launches Video End-to-End Encryption
- Ring: End-to-End Encryption
- MagSafe power adaptors
- The Complete Guide to Taking Screenshots and Screen Recordings on Mac, iPhone, iPad, and Apple Watch
- Shortcuts Are Coming to macOS – What Does This Mean, and How Secure Are They?
Thu, 15 Jul 2021 05:00:00 -0400
Episode 195: The Danger of Internet-Connected Devices
We take another look at Windows 11 system requirements, we discuss another strange wi-fi network name that can break iPhones, and we look closely at the issue of Western Digital network storage devices that have had data deleted by hackers. Show Notes:
- Update on Windows 11 minimum system requirements
- This serious Wi-Fi bug can break your iPhone, but here's how to protect yourself
- Thinking about selling your Echo Dot—or any IoT device? Read this first
- Got a WD My Book Live device? Your data is at risk—here’s what to do
- Backblase Hard Drive Data and Stats Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 08 Jul 2021 05:00:00 -0400
Episode 194: iCloud Calendar Spam, In-App Purchases, and Windows 11
Owners of WD MyCloud Drives have found all their data remotely wiped by hackers. iCloud Calendar spam is problem again, and we explain why, and how to fix it. We also discuss managing in-app purchases and app subscriptions, and we even discuss the forthcoming Windows 11. Show Notes:
- Microsoft Unveils Windows 11
- Windows 11 enables security by design from the chip to the cloud
- Google is working on an HTTPS-Only Mode for Chrome
- Google to require 2FA and a physical address from Android app devs
- Carrier injects 'SMS ad' into Google verification code
- Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices
- How to Stop iCloud Calendar Spam
- A Parent’s Guide to In-App Purchases on iOS, iPadOS, and macOS
Thu, 01 Jul 2021 05:00:00 -0400
Episode 193: Secure Password Recipes
One way of creating secure passwords is to use a number of memorable words; how secure are this type of password? We also look at a network bug that can disable wi-fi on iPhones, the new Brave privacy-protecting search engine, and an EU investigation of Google's FLoC technology. Show Notes:
- iPhone bug breaks WiFi when you join hotspot with unusual name
- Building a Trusted Ecosystem for Millions of Apps
- Brave Search Now Available in Beta as Privacy-Protecting Search Engine Alternative to Google
- EU launches antitrust probe into Google banning third-party cookies in Chrome
- Itadakimasu
- Password Strength (XKCD)
Thu, 24 Jun 2021 04:00:00 -0400
Episode 192: New Features Coming in macOS Monterey, iOS 15, and iPadOS 15
Apple issued a security update for iOS 12, and we wonder why. Google backtracks on a Chrome address bar change. New stats show an increasing in phishing sites. And we discuss the new features in Apple's next operating systems, due out in the fall. Show Notes:
- Apple releases iOS 12.5.4 for old models of iPhone, iPad, and iPod touch
- Google abandons experiment to show simplified domain URLs in Chrome
- Phishing sites reached all-time high in January 2021
- Apple Announces New Features in iOS 15, iPadOS 15, and macOS Monterey
- Manage and Secure Notifications on Your iPhone, iPad, and Mac
Thu, 17 Jun 2021 05:00:00 -0400
Episode 191: New Privacy Features in iOS 15 and macOS Monterey
Apple introduced its new operating systems this week, and there are plenty of privacy features to help users better control their data. We discuss these new features, and especially a number of important features that Apple didn't discuss at the keynote. Show Notes: Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 10 Jun 2021 03:15:00 -0400
Episode 190: Amazon Sidewalk and the Forever Mac
Facebook and Intel try to diss Apple, but score own goals. Amazon Sidewalk launches, and we tell you what it means, and how to opt out. And we discuss whether Apple's new processors, and extensions to AppleCare, suggest that we may have forever Macs. Show Notes:
- Facebook-Sponsored Research Paper Lambasts Apple's iOS 14.5 Privacy
- Intel versus Apple: Chipmaker's latest attack scores own goal
- “I have now identified *multiple* apps from *multiple* developer accounts with this type of ratings meta-manipulation.”
- No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw
- Amazon Sidewalk Wants to Share Your Wi-Fi: Here's How to Disable It
- Fon
- Are We Heading Towards a Forever Mac?
- How to keep older Macs secure: a geeky approach (run Catalina on unsupported Macs)
- Obtaining service for your Apple product after an expired warranty
Thu, 03 Jun 2021 05:00:00 -0400
Episode 189: M1s Everywhere
Apple updates everything again, and their new privacy add provides a clear explanation of app tracking. We discuss an iOS app scam, where an app won't let you do anything unless you give it a good rating first. And we look at Apple's new M1 iMac and iPad Pro. Show Notes:
- Apple Releases iOS 14.6, watchOS 7.5, macOS 11.4 and More, with Many Security Fixes
- macOS Big Sur 11.4 Addresses Vulnerability That Could Let Attackers Take Secret Screenshots
- Apple’s new privacy ad
- Episode 185: AirTags, AirDrop, and App Tracking
- Facebook Still ‘Secretly’ Tracks Your iPhone—This Is How To Stop It
- How to remove GPS location data from photos on iPhone or Mac
- Asahi Linux Dev Reveals ‘M1RACLES’ Flaw in Apple M1, Pokes Fun at Similar Flaws
- App Store Scam App Required a Good Review to Function at All
- Hands On with Apple's New M1 iMac and M1 iPad Pro
- iMac M1 24" Teardown
- A Week with the New Apple M1 MacBook Air
Thu, 27 May 2021 04:00:00 -0400
Episode 188: How Much Abuse Can Apple's AirTags Take?
We stress tested Apple AirTags and discuss how tough they are, but we also look at how AirTags can enable stalkers. And there's news about Apple touting its App Store enforcement, the accommodations the company makes with China, and a Find My app exploit. Show Notes:
- App Store stopped over $1.5 billion in suspect transactions in 2020
- XcodeGhost Malware Infected 100+ Million iOS Users and Apple Said Nothing
- Apple prevented 1 million risky/vulnerable apps from entering App Store in 2020
- Inside Apple’s Compromises in China: A Times Investigation
- Find My Network Exploited to Send Messages
- Apple TV Color Balance Feature May Make Image Quality and Colors Worse
- Delivery text scams: the nasty new fraud wave sweeping the UK
- Amazon’s Ring is the largest civilian surveillance network the US has ever seen
- How Tough are AirTags? We Froze, Washed and Dried, Ran Over, and Put Them in the Hot Sun
- Apple's AirTags Can Enable Stalkers and Abusers
Thu, 20 May 2021 04:00:00 -0400
Episode 187: Pipeline Ransomware, Users Don’t Want Apps to Track Them, and Mailing AirTags
Ransomware has interrupted a major US gasoline pipeline, Apple didn't tell more than 100 million people their iOS devices had malware, wi-fi design flaws found that could affect everyone, and we sent an Apple AirTag through the mail and followed it. Show Notes:
- F.B.I. Identifies Group Behind Pipeline Hack
- Watch hackers break into the US power grid
- Analytics Suggest 96% of Users Leave App Tracking Off in iOS 14.5
- WhatsApp to restrict features if you refuse Facebook data sharing
- XcodeGhost Malware Infected 100+ Million iOS Users and Apple Said Nothing
- WiFi devices going back to 1997 vulnerable to new Frag Attacks
- Florida man tried to track his robbery victim by attaching an iPhone to his car, police say
- Tile to Leverage Amazon Echo and Ring Devices to Better Compete With AirTags
- Opting In and Out of Sidewalk
- I Mailed an AirTag and Tracked Its Progress; Here's What Happened
Thu, 13 May 2021 05:00:00 -0400
Episode 186: Facebook and Instagram Beg Users to Be Allowed to Track Them
Apple issued emergency security updates to its operating systems to protect against vulnerabilities exploited in the wild. Facebook and Instagram plead to be allowed to track users. And we discuss how QR codes can be switched and could pose risks to users. Show Notes:
- Apple releases iOS 14.5.1 (and iOS 12.5.3), watchOS 7.4.1, macOS Big Sur 11.3.1
- A full history of macOS (OS X) release dates and rates
- How to Use Content Caching on macOS to Save Bandwidth
- Arrest after man replaces official COVID-19 check-in signs with anti-vaxxer QR code
- Josh’s 2018 tweet showing an iOS 11 vulnerability: irs.gov or Rickroll?
- Microsoft reveals final plan to remove Flash Player in Windows 10
- How to Tell Apps Not to Track You in iOS 14.5
- Facebook and Instagram use iOS notices to sell you on app tracking
- The Instagram ads Facebook won't show you (Signal)
- Boris Johnson’s phone number ‘listed online for last 15 years’
- Episode 119: iPhones Hacked and Cracked
- New Spectre attack once again sends Intel and AMD scrambling for a fix
Thu, 06 May 2021 04:00:00 -0400
Episode 185: AirTags, AirDrop, and App Tracking
Lots of updates for Apple operating systems, an AirDrop vulnerability that can lean phone numbers and email addresses, and hands on with the new Apple TV color calibration feature. We also discuss the many things you may want to track with Apple's new AirTags. Show Notes:
- Apple releases iOS 14.5, watchOS 7.4, macOS 11.3 and more
- A software bug let malware bypass macOS’ security defenses
- All Your Macs Are Belong To Us (Patrick Wardle on the Gatekeeper bypass and malware)
- How to Color Calibrate Your Mac’s Display
- Hands On with Apple's AirTags: Find Lost Keys, Bags, and More
- Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it
- Mighty is a Chromium Mac browser streamed from the cloud
- Puffin cloud browser
- Cloudflare browser isolation
- 23 Things You Can Track with Apple's New AirTags (Kirk's article)
- Moment AirTags accessories
Thu, 29 Apr 2021 06:00:00 -0400
Episode 184: The Acme of Thinness
More bad news about Facebook, more browsers just saying no to FLoC, and we look at Apple's Spring Loaded product announcements. Show Notes:
- Coding error allowed attackers to delete Facebook live video
- Facebook plans to decline to make statements regarding “scraping incidents” in the future
- WordPress may auto-disable Google FLoC, citing “security concern”
- Am I FLoCed?
- Apple is Updating Old Apps With Latest Signing Certificate Ahead of iOS 14.5
- Apple Announces New iMacs, iPads, AirTags, and More
Thu, 22 Apr 2021 04:00:00 -0400
Episode 183: 500 Million More Reasons to Talk About Facebook
Scammers have a new technique for delivering malware: using online contact forms. A couple of browsers are nixing Google's FLoC ad tracking technology. The FBI has been playing white hat hacker. And e talk about Facebook, and especially the "off-Facebook activity" that tracks you across the internet. Show Notes:
- Criminals spread malware using website contact forms with Google URLs
- Brave browser disables Google's FLoC tracking system
- 'FLoC off!' Vivaldi declares as it says no to Google's tracking system
- Vivaldi
- FBI operation removed web shells from hacked Exchange servers across the US
- There's Another Facebook Phone Number Database Online
- Ireland opens GDPR investigation into Facebook leak
- How to view and edit your Off-Facebook Activity
- A helpful reminder about just how much Facebook stalks you on the internet
Thu, 15 Apr 2021 03:00:00 -0400
Episode 182: Facebook, Google, and Stolen iPhones
Facebook leaks 500 million user records, Google is testing a new replacement for cookies to track users, and we explain how to check if that used iPhone you want to buy is stolen. Show Notes:
- Apple security updates
- GarageBand music lessons actually begin in 2009
- Apple Discontinuing iTunes U at the End of 2021
- Facebook breach: over 500 million records leaked, including phone numbers
- Facebook says a breach that hit 533m is old news. Experts disagree
- ';--have i been pwned?
- Google Is Testing Its Controversial New Ad Targeting Tech in Millions of Browsers
- Malware uses underground call centers to trick users into infecting themselves
- Deliveroo April Fool's joke backfires in France
- Want to Buy a Secondhand iPhone? Here’s How to Check if it was Stolen
Thu, 08 Apr 2021 05:00:00 -0400
No April Fool's Jokes Here, and Other News
We talk about new malware targeting iOS developers, fleeceware in the App Store, 5G vulnerabilities that can leak your location, and discuss private browsing windows, with a Safari tip that is useful for anyone who uses this feature. And we have no April Fool's jokes. Show Notes:
- Google Gets the Message, Launches Gmail
- 1.1.1.1
- Apple WWDC21
- Apple releases emergency update for iPhones, iPads, and Apple Watch
- 1Password
- Bear
- 1Blocker
- How to manage iTunes Store and App Store Subscriptions
- He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.
- New 5G protocol vulnerabilities allow location tracking
- Closing web browser windows doesn't close connections
- Why Unsubscribing from Spam Emails Is Not the Safest
- Episode 158: 5G Is Here: What Does This Mean for You?
Thu, 01 Apr 2021 04:00:00 -0400
10 Mac security and privacy features to set up right away
We discuss our checklist of the 10 security and privacy features that you should set up right away on your new Mac. Show Notes: Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 25 Mar 2021 01:00:00 -0400
Google, iOS Security Updates, and the End of the Original HomePod
Google is sued for its incognito browsing mode. iOS security updates may be delivered more frequently. We look at how easy it is to take over someone's SMS messages. And we discuss the demise of the original HomePod. Show Notes:
- Scammers Targeting COVID Relief Checks, Tax Refunds
- Google Must Face Suit Over Snooping on ‘Incognito’ Browsing
- A Hacker Got All My Texts for $16
- It’s time to stop using SMS for anything
- Fintech Giant Fiserv Used Unclaimed Domain
- example.com
- Apple app privacy label page
- iOS security fixes could soon be delivered separately from other updates, beta code suggests
- Opinion: Apple Discontinues the HomePod; Is That the End for Apple and Home Audio?
Thu, 18 Mar 2021 06:00:00 -0400
Everything You Need to Know About Batteries
The iMac Pro is at the end of its life, and we discuss future iMacs. We look at a change in terminology Apple will be introducing in podcasting. And we look at everything you need to know about the batteries in your Apple devices. Show Notes:
- "Follow our podcast": Apple Podcasts to stop using "subscribe"
- iMac Pro
- iCloud user locked out for six months over coding bug related to her last name, “True”
- xkcd: Exploits of a Mom
- Glitch in iTunes Deletes Drives
- Apple Releases iOS and iPadOS 14.4.1 With Security Fixes
- Apple Planning Switch to Randomized Serial Numbers for Future Products Starting 'Early 2021'
- Episode 117: The Year in Apple Security 2019
- Everything You Need to Know About Batteries in Your iPhone, iPad, and Mac
Thu, 11 Mar 2021 05:00:00 -0500
All About Cookies
Could Apple's Rosetta emulation environment not be available in every country? We examine claims that it will be deleted in certain regions. Chrome changes the way it works to try HTTPS by default. And we discuss cookies: how Google will stop using them to track users, and how you can manage and delete them on your Mac or iOS device. Show Notes:
- Rosetta May Be Removed From M1 Macs in Some Regions on macOS 11.3
- Chrome will soon try HTTPS first when you type an incomplete URL
- Let's Encrypt
- Defining a Custom URL Scheme for Your App | Apple Developer Document
- Google to Stop Selling Ads Based on Your Specific Web Browsing
- Hackers are finding ways to hide inside Apple’s walled garden
- How to Manage and Remove Browser Cookies on Mac and iOS
Thu, 04 Mar 2021 05:00:00 -0500
Silver Sparrow Malware Targets Apple’s New M1 Macs
Silver Sparrow malware has been found targeting Macs, including Apple's new M1 models, but we don't know what the malware is trying to do. Apple has started going after App Store subscription scams, patches an iCloud website vulnerability, will make "zero-click" attacks harder to carry out in iOS. And, yes, we have some good news for Android users. Show Notes:
- Galaxy products launched since 2019, including the Z, S, Note, A, M, XCover and Tab series, will now receive at least four years of security updates
- New browser-tracking hack works even when you flush caches or go incognito
- Firefox 86 Introduces Total Cookie Protection
- Apple cracks down on apps with ‘irrationally high prices’ as App Store scams are exposed
- How to manage iTunes Store and App Store Subscriptions
- Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks
- Stored XSS bug in Apple iCloud domain disclosed by bug bounty hunter
- Silver Sparrow: 40,000 Macs Infected by Mysterious M1-native Malware
- Shakuhachi
Thu, 25 Feb 2021 05:00:00 -0500
A New Amazon Phishing Scam, Malvertizing, and Apple Activation Lock Removal
A new Amazon phishing scam doesn't include links to click, but rather a telephone number to call: beware! Malvertizing takes advantage of a zero-day WebKit vulnerability to display deceptive ads, and serve malware. And Apple has set up a website for people to request the removal of activation lock on devices they own. Show Notes:
- Fraudulent Website Warning gets privacy boost in iOS 14.5
- Hash function (Wikipedia)
- Apple fixes bug that let users begin macOS Big Sur installation without enough space available
- Apple iBook Commercial circa 2000 (YouTube)
- Malvertiser abused WebKit zero-day to redirect iOS & macOS users to shady sites
- Spy pixels in emails have become endemic
- Gmail will now display images by default (2013)
- Apple Launches Self-Serve Portal for Initiating Activation Lock Removal Requests
- Microsoft to add 'Kids Mode' to Chromium-based Edge browser
Thu, 18 Feb 2021 05:00:00 -0500
Software Updates, Scam iPhone Apps, and Using Safari Browser Extensions
There were a number of important security updates to key software this week: macOS, Chrome, Edge, and even Plex. We discuss how upgrading a Mac to Big Sur without enough space can cause data loss, we look at scam apps on the iOS app store, and we talk about using Safari browser extensions on the Mac Show Notes:
- macOS 11.2.1 update
- Latest Chrome 88 Update Includes Important Fix for Zero-Day Vulnerability
- Plex Media servers are being abused for DDoS attacks
- Big Sur Upgrade not Enough Free Space = Serious Issue & Possible Data Loss!
- Scam iOS Apps Still Raking in Millions in Revenue on App Store
- A Spyware Vendor Seemingly Made a Fake WhatsApp to Hack Targets
- How to Use Safari Extensions to Enhance Your Browser
Thu, 11 Feb 2021 05:00:00 -0500
Face ID with Masks, a sudo vulnerability, and Apple's Privacy Labels
Apple is testing a new feature allowing users with Face ID iPhones to unlock them with their Apple Watch, if they're wearing masks. There's a vulnerability with the sudo command in various Unix distributions, including macOS. And we discuss how Apple's privacy labels have been abused already by developers. Show Notes:
- iOS 14.5 adds support for unlocking your iPhone with Apple Watch while wearing a face mask
- About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
- 10-year-old Sudo bug lets Linux users gain root-level access
- Recent root-giving Sudo bug also impacts macOS
- I checked Apple’s new privacy ‘nutrition labels.’ Many were false.
- Episode 166: Understanding Apple’s App Privacy Information
- Facebook prompt will encourage ad tracking opt-in ahead of Apple’s privacy push
- Google apps will stop using tracking ID that would require upcoming iOS 14 permission prompt
Thu, 04 Feb 2021 05:00:00 -0500
Apple Updates, Web Browsers, and Ergonomics
Apple updated most of its operating system, and these updates are important because they patch vulnerabilities that are exploited in the wild. We talk about some web browsers and Flash, and we discuss ergonomics and how you can make your workstation healthier. Show Notes:
- iOS 14.4 Patches Vulnerabilities That May Have Been Actively Exploited
- Race Condition
- Apple Seeds Second Release Candidate Version of macOS Big Sur 11.2 to Developers
- The blink tag
- Firefox 85 removes Flash and adds protection against supercookies
- South African government releases its own browser just to re-enable Flash support
- Chrome is Bad
- Google Chrome might be bad, but it’s not slowing down your Mac
- 10 Steps to Improve Your Computer Ergonomics
- Erg (Wikipedia)
Thu, 28 Jan 2021 06:00:00 -0500
DNS, Lost Bitcoin, and the new Big Sur Control Center
DNS is in the news, following a warning from the NSA and new malware. We discuss how common it is for law enforcement to crack smartphones, and how this should prompt you to choose a more secure passcode for your device. We look another bitcoin owner who's lost millions. And we discuss the new Control Center in macOS Big Sur. Show Notes:
- Brave becomes first browser to add native support for the IPFS protocol
- InterPlanetary File System
- The NSA warns enterprises to beware of third-party DNS resolver
- DNSpooq lets attackers poison DNS cache records
- 1.1.1.1
- Quad9
- OpenDNS
- Private Internet Access
- How law enforcement gets around your smartphone’s encryption
- If Hackers Crack a Six-Digit iPhone Passcode, They Can Get All Your Passwords
- Android One
- Man offers Newport council £50m if it helps find bitcoins in landfill
- How to Configure and Use Control Center in macOS Big Sur
- Bartender
- Control Strip
Thu, 21 Jan 2021 05:00:00 -0500
How iTunes Changed Apple
iTunes is 20 years old. Even if, on the Mac, that name has been eclipsed, the iTunes brand still exists, and iTunes is one of the reasons that Apple is such a strong services company. We also look at some new AppleScript malware, how some millionaires are losing Bitcoin because they forgot their passwords, and discuss "brushing," a new semi-scam where people received Amazon deliveries they never ordered. Show Notes:
- macOS malware used run-only AppleScripts to avoid detection for five years
- How to Uninstall Flash Player
- Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes
- Mysterious Packages Showing Up on Doorsteps
- How to Spot Fake Product Reviews
- Getting unordered seeds and stuff in the mail?
- iTunes at 20: How One App Changed Apple’s Course
Thu, 14 Jan 2021 05:00:00 -0500
New Year’s Resolution: Cull Your Notifications
There's new malware attacking cryptocurrency apps, WhatsApp warns users about data it is sharing with Facebook, and Apple loses a copyright fight with a company that virtualizes iOS so security researchers can look for vulnerabilities. We also look at how you can manage and secure notifications on your devices, so you don't get too distracted, and also so personal information isn't visible when your devices are locks. Show Notes:
- Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets
- Patrick Wardle’s ElectroRAT write-up
- Mandatory WhatsApp Privacy Policy Update Allows User Data to be Shared With Facebook
- Apple loses copyright battle against security start-up Corellium
- Apple begins shipping ‘rooted’ iPhones to members of the Security Research Device Program
- Manage and Secure Notifications on Your iPhone, iPad, and Mac
Thu, 07 Jan 2021 05:00:00 -0500
A Brief History of Adobe Flash Player: From Multimedia to Malware
On December 31, 2020, Adobe Flash Player is officially dead. This browser plugin, which provided multimedia content for the early internet, has been plagued by security issues, and became the most exploited vector for malware on the Mac. We look back on 25 years of Flash. Show Notes:
- The History of Adobe Flash Player: From Multimedia to Malware
- Articles about Flash on the Intego Mac Security Blog
Thu, 31 Dec 2020 06:00:00 -0500
Looking Back on the Year in Apple Security
As the year ends, we look back on the security issues that arose in 2020, including malware that bypassed Apple's checks, Flash Player malware, and malware that specifically targeted Mac developers. Show Notes: Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
Thu, 24 Dec 2020 02:00:00 -0500
Understanding Apple’s App Privacy Information
Apple has introduced new app privacy information on its app stores, explaining how developers collect data. We also look at this week's Apple updates, including one for iOS 12, and even iCloud for Windows. And we discuss how Google is manipulating links in emails, ostensibly to protect users. Show Notes:
- Apple releases iOS 12.5 for older iPhones with support for COVID-19 exposure notifications
- Gmail Click-time Link Protections
- PayPal introduces new fee for dormant accounts
- App privacy details on the App Store
- Understanding Apple’s New App Privacy Information
Thu, 17 Dec 2020 06:00:00 -0500
What Do You Want for Christmas?
Apple announces new over-the-ear headphones, AirPods Max, and we discuss whether these meet the needs of our hosts. Apple doubles down on anti-tracking rules, and WhatsApps complains about Apple's coming "nutrition labels" about data collection in apps. And Apple and Cloudflare have come up with a new way of sending DNS requests that protects privacy. Show Notes:
- Apple AirPods Max
- Apple Could Ban Apps That Don't Follow iOS 14 Anti-Tracking Rules, Says Software Chief Craig Federighi
- U.S. and States Say Facebook Illegally Crushed Competition
- WhatsApp Protests Apple's App Store Privacy Requirements
- After we recorded this episode, Apple announced that they will publish privacy labels for preinstalled iOS apps, which was one of the complaints that WhatsApp had. Apple to Publish Privacy Labels for Preinstalled iOS Apps on Website
- Unpacking WhatsApp’s privacy label in the Apple App Store
- Apple and Cloudflare Develop New Privacy-Focused Internet Protocol
- Domain Name System (Wikipedia)
- Telephone exchange names (Wikipedia)
- 867-5309
Thu, 10 Dec 2020 05:00:00 -0500
A Week with the New MacBook Air
We discuss how new security features in macOS Big Sur can make it difficult to install certain apps. We talk about Amazon Sidewalk, a feature that will share your bandwidth from Amazon devices. We look at an astounding remote wi-fi exploit that could have let hackers access your iPhone. And Kirk discusses his first week with the new MacBook Air, which has surprised him. Show Notes:
- Black Friday; Securely Dispose of Your Old Mac; The HomePod mini – Intego Mac Podcast Episode 163
- Protecting data at multiple layers (Apple developer document)
- Installing ACE on M chip-based Macs (Audio Hijack)
- Amazon Sidewalk will be enabled by default on Echo devices
- iOS Wi-Fi Exploit Could Have Let Hackers Remotely Access Nearby iPhones
- A Week with the New Apple M1 MacBook Air
Thu, 03 Dec 2020 06:00:00 -0500
Black Friday; Securely Dispose of Your Old Mac; The HomePod mini
With Black Friday and Cyber Monday coming up, we give some tips on buying older devices that may be insecure. We discuss how to audit your subscriptions with Apple, so you don't pay for what you're no longer using. We look at how to securely dispose of a Mac when you're selling or giving it away. And we talk about the new HomePod mini: is it the right smart speaker for you? Show Notes:
- Caution! These Black Friday “deals” may be bad for your security
- Identify your iPad model
- How to manage iTunes Store and App Store Subscriptions
- How to Securely Dispose of Your Old Mac
- How to securely dispose of old hard drives and SSDs
- Apple HomePod mini Review: Siri in a Compact Speaker
Thu, 26 Nov 2020 03:30:00 -0500
How To Prepare Your Mac for macOS Big Sur
Apple released macOS Big Sur last week. On release day, there were a number of issues, including problems launching apps on Macs. We discuss what happened, and how Apple is changing its Gatekeeper security check. We also talk about when you should upgrade to Big Sur and how you should prepare your Mac for the big upgrade. Show Notes:
- MacBook Pro 2013 and 2014 may get bricked — wait until Apple fixes this
- Mac users couldn’t launch apps this afternoon after Apple verification server issue
- Safely open apps on your Mac
- Does Apple really log every app you run? A technical look
- How to Prepare Your Mac to Upgrade to macOS Big Sur: the Ultimate Guide
Thu, 19 Nov 2020 05:15:00 -0500
Apple Launches New Macs, and Big Sur Arrives
Apple announced three new Macs with its own processors, the first of a transition of the complete line of Macs to Apple silicon that should be complete in about two years. At the same time, macOS Big Sur is released. We discuss the new Macs, Apple's M1 "system on a chip", and a two-year old Apple bug that still hasn't been fixed. Show Notes:
- Apple neglects to fix “fake headlines” bug usable for election interference
- Apple Announces First Macs with Apple Silicon
- Apple unleashes M1
Thu, 12 Nov 2020 06:00:00 -0500
What to do if you think you have malware on your Mac
Sometimes when things start going wrong on your Mac, you may think you have malware. In this episode, Josh and Kirk discuss the possible signs of a malware attack, and the steps to take if you think that you've been infection. In the introduction, we said we didn't think there would be much Apple-related news this week, but we learned that Apple will be announcing new Macs, and the release date for macOS Big Sur, on November 10, so we'll be covering that in the next episode. Show Notes:
- What to Do if You Think You Have Malware on Your Mac
- Kernel panic (Wikipedia)
- Backblaze Hard Drive Data and Stats
- Data Backup Plan: How to Implement the 3-2-1 Backup Strategy
- How to Verify Your Backups are Working Properly
- 4 Types of Backup Hard Drives for Mac
- Episode 6: Passwords Are Hard (correcthorsebatterystaple)
- correcthorsebatterystaple (XKCD)
- Intego support
Thu, 05 Nov 2020 00:00:00 -0500
Will Quantum Computing Change Computer Security?
Quantum computing is just around the corner, and it will affect the way computer security works. Strong passwords and encryption will be cracked, and we'll need new ways to secure our data and identity. We also discuss complaints against Apple's coming anti-tracking protection in iOS, and we revisit the suggestions that Apple may build its own search engine. Show Notes:
- iOS 14's Upcoming Anti-Tracking Prompt Sparks Antitrust Complaint in France
- Apple, Google and a Deal That Controls the Internet
- Episode 152: What if Apple Built a Search Engine?
- Report: Apple 'Stepping Up Efforts' to Develop Alternative to Google Search
- How Quantum Computing Will Affect Computer Security and Passwords
Thu, 29 Oct 2020 06:00:00 -0400
5G Is Here: What Does This Mean for You?
Josh and Kirk discuss 5G: what it is, how it works, and how fast it is. Is it worth getting a new iPhone 12 for 5G? Also, we look at another case of Apple notarizing malware, and a new RAT that started out on Windows and is now threatening the Mac. Show Notes:
- Apple notarizes new Mac malware… again
- Apple notarizes dozens of Mac malware samples (August, 2020)
- GravityRAT moves from Windows to target Mac and Android
- GravityRAT: The spy returns
- IPStorm botnet expands from Windows to Android, Mac, and Linux
- Apple Event to Unveil First Apple Silicon Macs Could Happen on November 17
- What Is 5G, How Does It Work, and How Fast Is It?
- Apple event 5G supercut
- Everything You Need to Know About 5G (IEEE)
- The iPhone 12 and iPhone 12 Pro (Daring Fireball)
Thu, 22 Oct 2020 03:00:00 -0400
Apple's New iPhone 12 and HomePod mini
Josh and Kirk talk about Apple's announcement of the iPhone 12, and whether they plan to upgrade. They explain the point of the HomePod mini, and discuss what Siri can do with this new home device from Apple. We also look at the new MagSafe charging system on the iPhone 12. Show Notes:
- Apple Announces iPhone 12 and HomePod mini
- Apple HomePod Review: Superior Sound, but Limited by Siri
- Apple HomePod compared to Sonos One
- Everything you can do with the Apple HomePod
- About HomePod theater mode
Thu, 15 Oct 2020 05:00:00 -0400
Three Years! And What's Next for Apple?
Josh and Kirk celebrate three years of the Intego Mac Podcast, and we discuss what Apple is likely to announce next week. We also look at a useful tip to keep thieves from using a stolen iPhone, a problematic macOS update that Apple had to pull, and serious, unmatchable issues with the T2 security chip in recent Macs. And yet another reminder that Flash is dead. Show Notes:
- “Protect your iPhone from being stolen!” (TikTok video)
- Apple Pulls Problematic Safari 14 and Security Updates for macOS Mojave
- Apple’s T2 security chip makes Macs unsecure
- UK NCSC: Don't disable updates so you can continue using Adobe Flash past its EOL
- Apple Announces Digital-Only Event to Be Held on October 13: iPhone 12 Expected
Thu, 08 Oct 2020 04:00:00 -0400
Who Is Tracking You?
Apple's Safari web browser has a new feature that prevents trackers from profiling you; we discuss how this works to protect you on the Mac and on iOS. We also talk about the new Series 6 Apple watch, and the solo loop band. And we take a detour to look at how a security researcher put ransomware on a coffee machine. Show Notes:
- Review: Apple Watch Series 6 & Solo Loop Band
- When coffee makers are demanding a ransom, you know IoT is screwed
- Understanding Safari’s New Privacy Report
Thu, 01 Oct 2020 06:00:00 -0400
Beware Drive-By Downloads in Safari
The popular fitness tracking app Strava can assist stalkers; Facebook is irked about European regulators; a new Bluetooth vulnerability takes a new tack on attacks; and we look at some disturbing drive-by downloads that are coming from rogue Google ads. Show Notes:
- Strava and stalkers
- Facebook Says it Will Stop Operating in Europe If Regulators Don’t Back Down
- Shortly after we recorded, Facebook said they have "no desire" to pull out of Europe
- Facebook user statistics by country
- BLESA Bluetooth vulnerability
- Firefox Send has been discontinued
- How to Send Files Securely
- Websites asking you to allow downloads? Here’s the solution…
- Save Safari settings for websites you visit often
Thu, 24 Sep 2020 04:00:00 -0400
New, New, New from Apple!
Apple announced new Apple Watch models, updated iPads, a new fitness subscription service, and a subscription bundle, Apple One. While iOS 14 and iPadOS 14 were released this week, there's still no news on macOS. Josh and Kirk look at all the new stuff, and try to figure out what's best for most users. Show Notes:
- Apple Introduces New Apple Watch, iPad Air, and AppleOne Services Bundle
- Which iPad Is Best for You?
- Everything you can do with the Apple Pencil and Logitech Crayon on Your iPad
- Apple releases iOS 14, watchOS 7 and more with security updates
- Change Activity Goals on the Apple Watch in watchOS 7
Fri, 18 Sep 2020 04:00:00 -0400
What if Apple Built a Search Engine?
With Apple holding a new product event next week, we discuss recent speculation that Apple might be building a search engine. The discuss the implications of this, especially if Apple's own search engine replaced Google as the default search engine on macOS and iOS. Show Notes:
- Could an Apple VPN or search engine be launching soon?
- How to switch search engines on macOS and iOS (and why you should)
- About Applebot
Fri, 11 Sep 2020 03:00:00 -0400
Apple Authorized Mac Malware
iOS 13.7 is out, with support for COVID-19 exposure notifications. Apple's clever new privacy ad highlights the way people give up personal data. Criminals are using Ring doorbells to know when the cops are coming. And Apple approved, through their "notarization" system, dozens of malicious apps. Show Notes:
- iOS 13.7 Now Available With Support for Exposure Notifications Express
- Apple Shares Humorous Privacy-Focused iPhone Ad Where People Overshare Personal Info With Strangers
- Web browsing histories are private personal data - now what
- Doorbell Cameras Like Ring Give Early Warning Of Police Searches, FBI Warned
- The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer
- Stealing Local Files Using Safari Web Share API
- Apple notarizes dozens of Mac malware samples
- Notarizing macOS Software Before Distribution
- OSX/Shlayer: New Mac malware comes out of its shell
Fri, 04 Sep 2020 05:00:00 -0400
A Six-Digit Passcode Isn’t Strong Enough
A Lightroom update has wiped user photos, and there's no way to get them back; malicious Chinese code in 1,200 iOS apps is collecting data and simulating clicks to make money; and a chilling story shows why a six-digit passcode isn't enough to protect your data on an iOS device. Show Notes:
- Lightroom App Update Wipes Users’ Photos and Presets, Adobe Says they are ‘Not Recoverable’
- Malicious Chinese SDK In 1,200 iOS Apps With Billions Of Installs Causing ‘Major Privacy Concerns To Hundreds Of Millions Of Consumers’
- “Meitu” Mobile App Has Privacy Risks
- Can Thieves Crack 6-Digit iPhone Passcodes?
- If Hackers Crack a Six-Digit iPhone Passcode, They Can Get All Your Passwords
- Twitter thread describing the passcode hack and its consequences
- How to ensure your Mac and iOS devices are secure
- How to Steal an iPhone’s Passcode (from up to 150 feet away!)
Fri, 28 Aug 2020 07:00:00 -0400
Back That Mac Up
New Mac malware targets the Xcode development environment, and Apple has know about it for more than a month, but didn't share the information with security specialists. Epic vs. Apple: who will win the Fortnite battle royale? And we discuss backing up your Mac using Time Machine, Intego Personal Backup, and using a NAS for backups and other file storage. Show Notes:
- What if Apple was forced to allow app sales outside of the iOS store?
- Epic used its playbook for Fortnite events against Apple and Google
- How Fortnite’s epic battle with Apple could reshape the antitrust fight
- Epic Games v. Apple - Wikipedia
- How to Back Up Your Mac’s Data with Time Machine
- How to back up your Mac to a NAS
- Intego Personal Backup Compared with Apple’s Time Machine
Fri, 21 Aug 2020 05:00:00 -0400
How to Send Files Securely, and Why You Shouldn’t Use Tor
Apple is planning on offering a bundle of services called Apple One, and we discuss how useful it might be. We mention new iOS and macOS updates, talk about the Have I Been Pwned website going open source, look into an Amazon Alexa abomination, and explain why Tor isn't as safe as you might have thought. We then take a look at the many ways you can send files securely to someone; and explain how sending files by email can be secure. Show Notes:
- Apple releases iOS 13.6.1
- Apple releases macOS Catalina 10.15.6 Supplemental Update
- Accounting rules change could end iPod touch update fee
- Apple Readies ‘Apple One’ Subscription Bundles to Boost Services
- Have I Been Pwned is going open source (eventually)
- Malicious party hijacks 24% of Tor network
- Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon’s Alexa
- How to Send Files Securely
Fri, 14 Aug 2020 10:45:00 -0400
A New iMac, a Google Gotcha, and a Zoom Zinger
Apple updated the 27" iMac this week, and it may be the last new desktop Mac running Intel processors, but should you buy this one or wait for Apple's own chips? Google accidentally enabled some of its speakers to listen in on sounds in people's homes, and we update recent stories about Garmin getting hit by ransomware, and the Great Twitter Hack of 2020. Show Notes:
- New 27" iMac
- Garmin reportedly paid the $10 million ransom to obtain the decryption key
- 3 young men age 17–22 charged with July 15 Twitter hack
- Accused Twitter hacker’s first court appearance Zoombombed by Bitcoin pranksters
- Google accidentally enables Home smart speakers to listen in to everyday house sounds
- A Day Without Business
- iOS 14 adds domain-bound codes to make SMS one-time passcodes more secure
- New ‘unpatchable’ exploit allegedly found on Apple’s Secure Enclave chip, here’s what it could mean
Fri, 07 Aug 2020 06:00:00 -0400
How computer security is depicted in movies
We talk about an update on the Great Twitter Hack of 2020, discuss a ransomware attack on Garmin that shut down the company's services, and even its assembly lines, and warn listeners about some Netgear devices that have vulnerabilities and can't be updated. We then discuss the often ridiculous way hacking is portrayed in movies and TV. Show Notes:
- More than 1,000 people at Twitter had ability to aid hack of accounts
- Garmin services and production go down after ransomware attack
- Garmin staggers back online after ransomware attack
- If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code
- Surprise! Fujitsu Releases 64-Bit ScanSnap Manager for Older Scanners
- How computer security is depicted in movies
Fri, 31 Jul 2020 04:00:00 -0400
Are smart locks really that smart?
We follow up on the great Twitter hack of 2020, we discuss how a Cloudflare outage brought down many major websites, and Kirk tells a story of a suspicious email from his local government. We then examine whether smart locks are really safe. Show Notes:
- Cloudflare had a (non-security) outage
- IsItDownRightNow?
- Hackers Tell the Story of the Twitter Attack From the Inside
- Twitter Hacking for Profit and the LoLs
- Zoom to Sell 27-Inch Dedicated Appliance for $600
- Are smart locks really that smart?
Fri, 24 Jul 2020 11:00:00 -0400
The Great Twitter Hack of 2020
Apple issues another round of updates, hackers target organizations involved in coronavirus vaccine development, and there was a big Twitter hack where CEOs and politicians had their accounts compromised. Tweets were posted for a cryptocurrency scam, but were there other reasons for the hack? Show Notes:
- Apple releases macOS Catalina 10.15.6, iOS 13.6, and more
- UK and allies expose Russian attacks on coronavirus vaccine development
- Hackers Convinced Twitter Employee to Help Them Hijack Accounts
Fri, 17 Jul 2020 06:00:00 -0400
An actual Mac virus, and 1 in 142 passwords is "123456"
While there is plenty of malware that affects the Mac, actual viruses are rare; but new malware has been found that does meet that description. We talk about how 1 in 142 passwords is "123456," and we have a special announcement about new Intego software. Show Notes:
- Announcing Intego Antivirus for Windows
- Download a FREE trial of Intego Antivirus for Windows
- Buy Intego Antivirus for Windows at a Special Discount
- Update on EvilQuest (ThiefQuest)
- EvilQuest file decryptor - free utility
- Reddit to Release Fix for iOS App to Remove Clipboard Copying Behavior
- LinkedIn Says iOS App Reading Clipboard With Every Keystroke is a Bug, Fix Coming
- Intel Announces Thunderbolt 4 for PC's and Macs this Fall Supporting Two 4K Displays or one 8K Display for Pros
- Apple promises to support Thunderbolt on its new ARM Macs
- One out of every 142 passwords is '123456'
Fri, 10 Jul 2020 02:00:00 -0400
New Mac Ransomware-wiper-spyware ThiefQuest discovered
New malware targeting the Mac was discovered this week; it's a hybrid ransomware-wiper-spyware, but you don't need to worry if you don't download pirated software. We also discuss how a journalist's iPhone was hacked by him visiting a website, look at issues with the TikTok app on iOS, and look at how Google is now auto-deleting new user history after 18 months. Show Notes:
- Journalist’s phone hacked by new ‘invisible’ technique: All he had to do was visit one website. Any website.
- Safari 14 Doesn’t Block Google Analytics
- Google to Auto-Delete User History After 18 Months
- How to Manage Gmail and Google Security and Privacy Settings
- TikTok to stop reading user clipboards after being exposed by iOS 14 privacy feature
- Warning—Apple Suddenly Catches TikTok Secretly Spying On Millions Of iPhone Users
- Twitter thread showing the type of data collected by TikTok
- New Mac ransomware-spyware ThiefQuest in the wild
- Understanding Blockchain and Cryptocurrency
- OSX.EvilQuest Uncovered
- ThiefQuest ransomware is a file-stealing Mac wiper in disguise
- New Mac Ransomware Is Even More Sinister Than It Appears
Fri, 03 Jul 2020 06:00:00 -0400
What’s Coming in macOS Big Sur and iOS 14
This week, Apple announced the new features for its coming operating system updates: macOS Big Sur, and iOS 14. They also announced a big change to Mac hardware. Josh and Kirk discuss the changes coming, and take a close look at security and privacy features in these operating systems. Show Notes:
- Apple’s New Plans for the iPhone, iPad, and Mac Unveiled at WWDC 2020
- Universal App Quick Start Program (developers only)
- Apple's transition from PowerPC to Intel processors (Wikipedia)
- macOS 11 and iOS 14 – New security and privacy features
- Switch default apps on iPhone or iPad for better security and privacy
Fri, 26 Jun 2020 04:00:00 -0400
We Can’t Be Safe without a Faraday Cage
Intego has discovered new malware that propagates through poisoned Google search results. Zoom does a couple more u-turns. An App Store controversy is causing people to question Apple's policies. And spies can eavesdrop by watching the variations in light bulbs. Show Notes:
- Serious Cryptography - A Practical Introduction to Modern Encryption by Jean-Philippe Aumasson
- Applied Cryptography: Protocols, Algorithms and Source Code in C by Bruce Schneier
- Cryptography: A Very Short Introduction, by Fred Piper and Sean Murphy
- ROT13
- Zoom does 180 on encryption plans, will bring it to all users including free accounts in July
- Improving Our Policies as We Continue to Enable Global Collaboration
- Spies Can Eavesdrop by Watching a Light Bulb's Vibrations
- Basecamp’s New App, Hey, Flagged In App Store Limbo For Not Using In-app Purchase
- The Pros and Cons of Apple’s iOS App Store
- New Mac malware reveals Google searches can be unsafe
- VirusTotal
Fri, 19 Jun 2020 07:00:00 -0400
What Could Apple Switching to ARM Processors on Macs Mean for You?
Apple has been making its own chips for iOS devices for a while now, and it seems likely that the company will announce a move to the same ARM-based processors for Macs at the coming WorldWide Developer Conference. We discuss how Apple has changed processor architecture twice in the past, and cover some news about Dropbox, Zoom, the Brave web browser, and smart home devices. Show Notes:
- Smart appliances may not be worth money in long run, warns Which?
- Dropbox password manager uses zero-knowledge encryption
- SQRL
- Apple releases new open source ‘Password Manager Resources’ project for developers
- Daring Fireball: 'What It’s Like to Get Doxed for Taking a Bike Ride'
- Privacy browser Brave busted for autocompleting URLs to versions it profits from
- Zoom closed account of U.S.-based Chinese activist “to comply with local law”
- Apple Plans to Announce Move to Its Own Mac Chips at WWDC
- ARM architecture
- Meltdown and Spectre: What Apple users need to know
- New iMac With 'iPad Pro Design Language' and Thin Bezels Reportedly Coming at WWDC
Fri, 12 Jun 2020 05:00:00 -0400
Polymorphic Viruses
We begin by learning how Josh got interesting in computer security. We then discuss Apple patches and flaws, end-to-end encryption, coronavirus scams, a Google lawsuit, and a photo that can crash Android phones. Show Notes:
- Computer Viruses, Artificial Life and Evolution by Mark Ludwig
- Zero-day in Sign in with Apple
- Turn off Face ID on your iPhone
- BBC World Service Director calls for trusted news access to chat apps
- Zoom’s Pledge to Work with Law Enforcement Spurs Online Blowback
- NHS contact tracing undermined by hackers sending fraudulent warnings to public
- NHS Contact Tracing website
- Google faces $5 billion lawsuit in U.S. for tracking 'private' internet use
- Android: Why this photo is bricking some phones
Fri, 05 Jun 2020 05:00:00 -0400
Apple operating system updates, iPhone & iPad storage, and shooting video on an iPhone
Apple updated all its operating systems again this week, but a jailbreak vulnerability was found quickly. We discuss the new contact tracing feature in iOS, how to free up storage on an iOS device, and give some tips on shooting video on an iPhone. Show Notes:
- You’re saying it wrong: How to say oft-mispronounced tech terms
- Jailbreak Tool 'unc0ver' 5.0 Released With iOS 13.5 Compatibility
- The FBI is mad because it keeps getting into locked iPhones without Apple’s help
- YubiKey
- Free up space on your iPhone or iPad by offloading apps
- How to Shoot Video with an iPhone
Fri, 29 May 2020 06:00:00 -0400
Tips for using your Mac, iPad, and Apple Watch
We look at some practical tips for getting more out of your Mac, iPad, and Apple Watch. We take a close look at System Preferences, discuss using the iPad as a second screen for your Mac; and a handful of tips for making the Apple Watch more efficient. Also, Josh and Kirk disagree about Microsoft's choice to flag two spaces after a period in Word as an error. Show Notes:
- Microsoft Word now flags double spaces as errors, ending the great space debate
- History of sentence spacing
- Techniques for data hiding (1996)
- Microsoft now blocks reply-all email storms to end our inbox nightmares
- Get to Know Your Mac's System Preferences
- Use Your iPad as Your Mac’s Second Screen with Sidecar
- Apple Watch Tips: 8 Things You Didn’t Know It Could Do
Fri, 22 May 2020 06:00:00 -0400
iCloud, Thunderbolt, WWDC, and North Korean Malware
The date for this year's WWDC has been set (June 22). Many users don't know that the government can access some of your iCloud data (with a warrant). We look at a new Thunderbolt vulnerability that affects Macs made since 2011 (but you don't need to worry). And we discuss contact tracing apps and new North Korean malware. Show Notes:
- Apple’s Worldwide Developers Conference 2020 kicks off in June with an all-new online format
- FBI serves warrant on senator in investigation of stock sales linked to coronavirus
- Legal Process Guidelines - Government & Law Enforcement within the United States
- Apple and Google privacy rules hamper COVID-19 tracking
- North Korean Lazarus group implants malware in 2FA app
- Two-factor authentication apps for iOS
- Thunderbolt security flaws found, affect 2011-2020 Macs
Fri, 15 May 2020 05:00:00 -0400
It’s World Password Day; Why do we still use passwords?
Passwords are easy to implement, but keeping them secure is not that simple. On World Password Day, Josh and Kirk discuss how passwords might be replaced by other means of authentication. And they discuss the UK's covid-19 contact tracing app which raises privacy concerns, a Facebook bug that caused lots of apps to fail, why you should always check that auto-completed email address, and more. Show Notes:
- UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal
- Facebook fixes bug that crashed major iOS apps like TikTok, Spotify, and Tinder
- Justice Dept. scrutinizes White House-connected doctor linked to disputed coronavirus treatment
- Manage Your Previous Recipients in Apple’s Mail
- Psychic Paper
- Zoom Admins Can Now Disable PMIs; Additional Security Updates for Basic Accounts Coming May 9
- Zoom Acquires Keybase and Announces Goal of Developing the Most Broadly Used Enterprise End-to-End Encryption Offering
- The History of Clarus the Dogcow
Fri, 08 May 2020 05:00:00 -0400
Don’t Share Your Apple ID (so a Friend Can Watch Apple TV+)
Getting a text message on an iOS device can crash your iPhone or iPad; but it can't do any more harm than that. Apple has released a beta version of iOS with its coronavirus notification API, but Americans don't trust tech companies. And we talk about Apple TV+, and how you should never share your Apple ID so friends can watch shows with your account. Show Notes:
- A viral text string with an Italian flag and Sindhi characters will crash your iPhone
- Apple Finds No Evidence Hackers Exploited IPhone, IPad Mail Flaw
- Apple releases iOS 13.5 beta with first version of its COVID-19 exposure notification API
- Americans are wary of the coronavirus tracking apps being produced by big tech
- Financial Times reporter accessed private calls at Independent and Evening Standard
- Zoom admits it doesn’t have 300 million users, corrects misleading claims
- Apple TV+ faces coronavirus crunch as Disney+ moves theatrical releases
Fri, 01 May 2020 07:00:00 -0400
Zero Day, Compromised Ad Servers, and the New iPad Magic Keyboard
Every day is zero day in the security world. Researchers have found some serious vulnerabilities in iOS that affect the Mail app, and a fix is coming. Compromised ad servers allow cybercriminals to serve malware on respected websites. And we discuss the new Magic Keyboard for iPad, which turns the iPad into a new computing device. Show Notes:
- Researchers Say They Caught an iPhone Zero-Day Hack in the Wild
- You’ve Got (0-click) Mail!
- Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox
- Zoom Hits Milestone on 90-Day Security Plan, Releases Zoom 5.0
- Comment: Why hasn’t Apple released a dedicated app for iCloud Keychain?
- Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works
- Hackers have breached 60 ad servers to load their own malicious ads
- Ad-Blockers: The Good, the Bad, the Ethics
- The Magic Keyboard Turns the iPad into a New Computing Device
- Everything you can do with the Apple Pencil
Fri, 24 Apr 2020 06:00:00 -0400
Contact Tracing, Phishing, and a New iPhone
Apple has announced a new iPhone SE, a low-priced phone that's really the iPhone for everyone. Google and Apple are working on a contract tracing app, to help stem the spread of the coronavirus. And Apple users are among those most targeted by phishing. And we inaugurate our new segment, Zoom Zinger, where we highlight security and privacy issues with the Zoom videoconferencing software. (Sorry about the audio; Josh's recording software crashed, and we had to fall back on our backup Skype recording.) Show Notes:
- iPhone SE
- Magic Keyboard for iPad Pro
- Apple and Google Partner for Privacy-Preserving COVID-19 Contact Tracing and Notification
- Apple responds to the U.S. government re: COVID-19 tracking app
- Protecting Lives & Liberty: How Contact Tracing Can Foil COVID-19 & Big Brother (comic)
- Over 500,000 Zoom accounts sold on the Dark Web
- Apple is Most Imitated Brand for Phishing in Q1 2020
- Cleaning your iPhone
Fri, 17 Apr 2020 05:45:00 -0400
How Not to Get Phone Scammed
A good friend of Kirk's, a very tech savvy guy, got scammed on the phone by someone pretending to be from his bank. We discuss how this happened, and all the red flags you need to be aware of. We also discuss how Apple is helping health care workers, and we look at the latest Zoom security and privacy issues. Show Notes:
- Tim Cook's tweet about masks and face shields
- Apple face shield instructions
- Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots
- Facebook Wanted NSO Spyware to Monitor Users, NSO CEO Claims
- iOS Vulnerability Prevents VPNs From Encrypting All Traffic
- New attack on home routers sends users to spoofed sites that push malware
- ‘War Dialing’ Tool Exposes Zoom’s Password Problems
- Thousands of Zoom video calls have been exposed online, highlighting the privacy risks
- Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings
- Security and Privacy Implications of Zoom
- How I lost control of our bank accounts to a phone scammer
- TEXT
Fri, 10 Apr 2020 06:00:00 -0400
Zoom Is a Security and Privacy Nightmare (Zoomenfreude)
Lots of people have turned to Zoom to stay in touch with friends and family, and to work from home, but this software has had a huge number of security issues. We discuss these and how this trend shows poor attention to security and privacy in this software. Show Notes:
- Episode 92: Zoom Zero-Day, and Unmasking Mac Malware Makers
- Apple pushed a silent MRT update to remove hidden Zoom web server
- “Zoom Stock” Confusion Causes Investors to Put Stock in Wrong Company
- Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account
- Zoom Updates iOS App to Stop Sending Data to Facebook
- Zoom Removes Code That Sends Data to Facebook
- Zoom Meetings Do Not Support End-to-End Encryption
- Zoom is Leaking Peoples' Email Addresses and Photos to Strangers
- Intruders are hijacking Zoom calls with noise and gross images — here’s how to avoid becoming a victim of ‘zoombombing’
- The 'S' in Zoom, Stands for Security: uncovering (local) security flaws in Zoom's latest macOS client
- Ex-NSA hacker drops new zero-day doom for Zoom
- Ex-NSA hacker finds new Zoom flaws to takeover Macs again, including webcam, mic, and root access
- Zoom announces 90-day feature freeze to fix privacy and security issues
- A Message to Our Users
Fri, 03 Apr 2020 05:00:00 -0400
Medical ID, Apple Updates, Intel Vulnerabilities, and More
Josh and Kirk discuss how to set up a medical ID on an iPhone and Apple Watch, we cover this week's Apple updates, we look at a new Intel CPU bug, and more. Show Notes:
- How to Set Up Medical ID on Your iPhone and Apple Watch
- Cybercriminals are preying on coronavirus fears
- Safari will now block third-party cookies by default, delete a site's local storage after seven days
- How to Manage and Remove Browser Cookies on Mac and iOS
- Legacy System Extension Message
- Deprecated Kernel Extensions and System Extension Alternatives
- Firefox Browser releases 'Facebook Container' for those who like it but don't trust it
- Intel CSME bug is worse than previously thought
- Apple T2 Security Chip Security Overview
- Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data
Fri, 27 Mar 2020 04:00:00 -0400
How to Adapt to Working From Home
Many people are required to work from home for the foreseeable future, so Josh and Kirk have decided to give some tips about working from home, something they both do. Show Notes:
- Objective by the Sea
- Take Control of Working from Home Temporarily
- Dyson air purifier
- Netatmo weather station
- Is Conference Room Air Making You Dumber?
- Pomodoro Technique (Wikipedia)
- MultiTimer (iOS and Apple Watch)
- Episode 92: Zoom Zero-Day, and Unmasking Mac Malware Makers
- Episode 15: What's a VPN, and Why Should You Use One?
- The Next Track
- Grammar Girl
- Cats and Dominos
Fri, 20 Mar 2020 06:00:00 -0400
The History of Apple Malware, with Guest John McAfee
Malware has affected Apple computers since even before the release of the Macintosh. In fact, the very first computer virus that spread in the wild affected the Apple II. We discus the history of Apple malware, and we talk with John McAfee, creator of the first commercial antivirus, about how he created the software. Show Notes:
- Key Moments in the History of Mac Malware
- John McAfee
- Elk Cloner
- Apple DOS (Wikipedia)
- nVIR (Wikipedia)
- John McAfee (Wikipedia)
- HyperCard
- A Silly Noisy House
- Disinfectant
- Frequently asked questions about Word macro viruses
- Mac OS X (Wikipedia)
- Renepo/Opener
- Leap.A / Oompa-Loompa
- WireLurker Malware Infects Macs, Attacks Non-Jailbroken iPhones
- How Flashback Malware Infects Macs
- MAC Defender Fake Antivirus Program Targets Mac Users
- OSX/Shlayer: New Mac malware comes out of its shell
- Episode 28: Beware of Trustjacking (discussion of Shlayer)
- OSX/Linker: New Mac malware attempts zero-day Gatekeeper bypass
- Episode 88: Flash, Incognito Mode, Porn, and a Malware Extravaganza (discussion of Linker)
- OSX/CrescentCore: Mac malware designed to evade antivirus
- Episode 89: New Mac Malware, Apple Public Betas, and More (discussion of CrescentCore)
- Objective by the Sea v3.0
Fri, 13 Mar 2020 06:00:00 -0400
RSA Conference 2020 Highlights
Josh attended this year's RSA Conference, one of the big meet-ups about computer security, and discusses what he learned there. We also cover news about smart speakers listening to your conversations (again), a copy/paste issue that Apple says isn't a big deal, and a new limitation by Safari for HTTPS certificates, that will affect some websites. Show Notes:
- Your smart speaker could be listening in on your conversations by accident
- Mister Mxyzptlk (Wikipedia)
- Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months
- Precise Location Information Leaking Through System Pasteboard
- How to remove GPS location data from photos on iPhone or Mac
- RSA Conference
- Speakers and panels
- RSA Conference videos
- Repurposed Malware: A Dark Side of Recycling
- Complete transcript of episode 125
Fri, 06 Mar 2020 05:00:00 -0500
10 Things You Shouldn’t Do on Your Work Computer or Phone
Your work computer or phone doesn't belong to you, and you should be careful about what you do on these devices. Your employer can track you and all your activity, and record what you do, and even, perhaps, what you type. Show Notes:
- RSA Conference 2020
- 10 Things You Shouldn’t Do on Your Work Computer (or Phone)
- BadUSB (Wikipedia) (discussed from 20:47 to 22:02)
- O.MG Cable (discussed from 20:47 to 22:02)
- Next episode, #125: RSA Conference 2020 Highlights
Fri, 28 Feb 2020 00:15:00 -0500
Switching Default Apps on the iPhone and iPad
Your iPhone or iPad comes with 36 default apps, including Mail, Safari, and Messages. You may want to use other apps for email, for browsing, and for messaging, in part to enhance your security and privacy. While you can't set other apps to replace the defaults, as you can on macOS, you can switch. We explain how. Show Notes:
- Apple Weighs Letting Users Switch Default iPhone Apps to Rivals
- Switch Some Default Apps on Your iPhone or iPad for Increased Security and Privacy
- Apple’s Default iPhone Apps Give It Growing Edge Over App Store Rivals
- Is Safari the most private browser for iPhone and iPad?
- Lynx web browser
- Tutanota
- Threema
- Signal
- Telegram
Fri, 21 Feb 2020 05:00:00 -0500
Understanding Blockchain and Cryptocurrency
A child spends a fortune on in-app purchases, the CIA has been running a fake company providing encryption services, and beware of public lockers. We then take a deep dive into blockchain technology and cryptocurrency; if you've been wondering what Bitcoin is, we explain (almost) everything. Show Notes:
- 8-year-old spends $1,875 on Roblox in-app purchases by adding her fingerprint to TouchID
- Beware of public lockers
- The intelligence coup of the century
- Cryptocurrency 101 – Part 1: Blockchain and basic concepts
Fri, 14 Feb 2020 04:00:00 -0500
How Security Analysts Work
We explain how to delete "off-Facebook activity," discuss a Google Photos data leak, a Twitter phone number issue, and a man who created a traffic jam with a wagon full of smartphones. We then explain how security analysts work, discussing a developer who wanted to know why his Wacom drawing tablet had a privacy policy, and worked out what data the device was sending to a server. Show Notes:
- How to View and Edit Your Off-Facebook Activity
- Episode 31: Delete Your Social Media History (discussion of EFAIL)
- Google Admits Some Private Videos in Google Photos Were Sent to Strangers
- An Incident Impacting your Account Identity
- WhatsApp on Mac: update to stop attackers accessing files
- This Man Created Traffic Jams on Google Maps Using a Red Wagon Full of Phones
- Wacom drawing tablets track the name of every application that you open
- What type of data does Amazon collect from Kindles?
Fri, 07 Feb 2020 05:00:00 -0500
If It’s Free, You’re the Product
Apple updates everything, the Ring doorbell has trackers in its app, and the Shlayer malware has infected lots of Macs. We then discussed a number of issues where free services you use monetize data collected about you and your activities. Show Notes:
- Apple releases macOS Catalina 10.15.3, iOS 13.3.1, and more
- Apple Security Updates
- Ring Doorbell App Packed with Third-Party Trackers
- Leaked Documents Expose the Secretive Market for Your Web Browsing Data
- VirusBarrier Scanner
- Facebook agrees to pay $550 million to end facial recognition tech lawsuit
- Adobe Flash Player is dead, yet 10% of Macs infected with fake Flash malware
Fri, 31 Jan 2020 05:00:00 -0500
iPhones Hacked and Cracked
The world's richest man's iPhone was hacked when he clicked on a video in WhatsApp. Police and the FBI are cracking iPhones to get evidence. Should we worry? Tom Cruise would know what to do. Show Notes:
- Apple Reportedly Dropped Plans for End-to-End Encrypted iCloud Backups After FBI Objected
- iCloud security overview
- 2016 WSJ Story on Apple's Plans for E2E Encryption for iCloud Data
- iforgot.apple.com
- Reminder that SMS 2FA is better than no 2FA at all
- Apple Likely to Drop Adobe Flash Support in Next Version of Safari
- Police officer in Brazil shows off entire facade ATM skimmer
- Sonos Makes It Clear: You No Longer Own The Things You Buy
- The Next Track podcast
- How Jeff Bezos’ iPhone X Was Hacked
- Amazon boss Jeff Bezos's phone 'hacked by Saudi crown prince'
- Analysis of the Evidence of Surveillance of Mr. Bezos’ personal phone
- Inside the $10 million cyber lab trying to break Apple’s iPhone
- House Democrats Used Cellebrite to Publish Lev Parnas iPhone Messages
- FBI Took Two Months to Crack Lev Parnas’s IPhone 11, U.S. Says
- Police Scotland confirms roll-out of cyber kiosk technology
Fri, 24 Jan 2020 05:00:00 -0500
Your Photos Can Tell People Where You Live
Photos you shoot with your iPhone, and with some cameras, store location data. Sharing these photos on social media may pinpoint your location: where you live, or where you work. It's easy to remove this data. In the news, we talk about listening in on Skype audio, another Apple - FBI spat about accessing data on an iPhone, Google getting rid of cookies, and more. Show Notes:
- New rack-mounted Mac Pro available
- FBI asks Apple for help cracking Pensacola gunman’s iPhones
- IPhone Hacking Firm Updates Tool in Midst of Apple-FBI Spat
- Shooting at Naval Air Station Pensacola Called ‘Act of Terrorism’ (FBI)
- Skype audio graded by workers in China with 'no security measures'
- You can now use iPhones as Google security keys for 2FA
- Chromium Blog: Building a more private web: A path towards making third party cookies obsolete
- How to Post to Instagram from Safari on a Mac
- Cable Haunt
- How to remove GPS location data from photos on iPhone or Mac
- ImageOptim
Fri, 17 Jan 2020 06:00:00 -0500
The Year in Apple Security 2019
We look back at the eventful year 2019 in Apple security. In the news, Apple is switching to randomized serial numbers for its products, Apple sues a company over jailbreaking, Firefox has critical vulnerabilities, and more. Show Notes:
- Apple Plans to Switch to Randomized Serial Numbers for Future Products Starting in Late 2020
- Corellium Accuses Apple of Using Lawsuit to 'Crack Down on Jailbreaking'
- Apple Is Bullying a Security Company with a Dangerous DMCA Lawsuit
- Critical Security Vulnerabilities fixed in Firefox 72.0.1 and Firefox ESR 68.4.1
- Windows 7 support will end on January 14, 2020
- Sunsetting Python 2
- The Year in Apple Security – 2019
- Episode 13: Is My Computer's CPU Secure?
Fri, 10 Jan 2020 05:00:00 -0500
9 Security and Privacy Settings to Activate on Your New iPhone or iPad
We cover some security news, such as a password breach at Zynga, a user database breach at Waze, and a new Apple patent for under-display biometric sensors. Then we discuss essential settings to keep your iPhone, iPad, and iPod touch secure. Show Notes:
- 170m passwords stolen in Zynga hack, monitor says
- Zynga (Wikipedia)
- have i been pwned?
- Wyze security camera user DB was breached
- Apple Wins Patent for Optical Imaging Sensors that could be used for Under-the-Display Biometrics in Future iPhones and Beyond
- 9 Security and Privacy Settings to Activate on Your New iPhone or iPad
Fri, 03 Jan 2020 05:00:00 -0500
8 Steps to Ensure the Security and Privacy of Your New Mac
If you got a new Mac for the holidays, there are a number of settings you can adjust to enhance its security and privacy. We discuss eight tips to make your Mac stronger. We also look at some news, with Ring's reaction to the claims that they were compromised, Apple pulling an app from the App Store for spying on users, and Apple's new bug bounty program. Show Notes:
- Boxing Day (Wikipedia)
- Ring’s Services Have Not Been Compromised – Here’s What You Need to Know
- haveibeenpwned.com
- Top websites keep letting people use weak passwords like 111111, and it’s a major security risk
- Hash function (Wikipedia)
- Apple Pulls Emirati Chat App 'ToTok' From App Store for Allegedly Spying on Users
- Apple officially launches Apple Security Bounty program
- Apple Platform Security guide - Fall 2019
- 8 Mac security and privacy features to set up right away
- How to Encrypt and Password Protect Files on Your Mac
- Data Backup Plan: How to Implement the 3-2-1 Backup Strategy
- How to Lock Your Mac Screen and Protect It from Prying Eyes
- Open a Mac app from an unidentified developer
Fri, 27 Dec 2019 05:30:00 -0500
Apple HomeKit and the Smart Home
We take a close look at smart home technology and Apple's HomeKit, and also discuss why Vladimir Putin is still using Windows XP, another Ring camera issue, some password problems, and a new Intel vulnerability called Plundervolt. Show Notes:
- Vladimir Putin 'still uses obsolete Windows XP' despite hacking risk
- She installed a Ring camera in her children’s room for ‘peace of mind.’ A hacker accessed it and harassed her 8-year-old daughter.
- Thousands of students in Germany queue for email access
- Plundervolt – newly found Intel vulnerability stealing secrets by starving your computer of voltage
- CPUSetter
- Amazon, Apple, Google, Zigbee Alliance and board members form working group to develop open standard for smart home devices
- Use Apple HomeKit to Automate Your Home and Keep It Secure (Kirk's article)
- IFTTT
- NetAtmo Weather Station
- Dyson Pure Cool fan and air purifier
- NetGear Arlo Pro cameras
- Philips Hue lights
- Casper Glow lights
- The chain of trust in Apple’s devices
- Use HomeKit Secure Video
Fri, 20 Dec 2019 06:00:00 -0500
Mac Pro costs the same as Tesla Cybertruck
Apple has released the new Mac Pro, along with updates for all its operating systems this week. Google Chrome gets a serious update, Google Maps gets incognito mode, and the Ring doorbell leaks some location data allowing journalists to create heat maps of Ring-protected homes. Plus an AirDrop vulnerability, a tweet with an iPhone decryption key, and more. Show Notes:
- Here are all the big new features & changes in iOS 13.3 & iPadOS 13.3
- Apple Fixes ‘AirDoS’ Bug That Cripples Nearby iPhones, iPads
- Apple’s most expensive Mac Pro costs $52,599
- Apple’s Intelligent Tracking Protection enabled tracking, Google finds; fixed in latest Safari
- Google Chrome 79 Brings Enhanced Security and Anti-Phishing Features
- Now-Fixed AirDrop Bug Let Anyone Lock-Up Nearby iPhones With Flood of Files
- Incognito mode in Google Maps for iOS is rolling out now
- Ring's Neighbors Data Let Us Map Amazon's Home Surveillance Network
- Apple Used the DMCA to Take Down a Tweet Containing an iPhone Encryption Key
Fri, 13 Dec 2019 05:00:00 -0500
Twitter Trickery, Charging Insecurity, Cryptocurrency Malware, and More
We follow up on our Black Friday purchases, then talk about some Twitter trickery, some Russian rigidity, some charging insecurity, some location confusion, and some new Mac cryptocurrency malware. Show Notes:
- Tories pretend to be factchecking service during leaders' debate
- The iPhone 11 Pro’s Location Data Puzzler — Krebs on Security - Since we recorded this episode, Apple issued an explanation as to why this is happening, and said that there will be a toggle for this in a future iOS update.
- It’s Apple Vs Putin, As Russia’s New Smartphone Ban Approaches
- Los Angeles authorities warn travelers of charging-station hackers
- Juice Jacking (Wikipedia)
- FBI issues security warning for smart TVs before you buy
- New Lazarus malware variant
Fri, 06 Dec 2019 05:00:00 -0500
The Chain of Trust
Apple's two-factor authentication system sets up a chain of trust from one device to another. By ensuring your identity on one device, that device can then authenticate you on another device, and provide you with enhanced features, such as an Apple Watch unlocking a Mac, or an iPhone authorizing Apple Pay on a Mac. Understanding this chain of trust helps you better understand how Apple protects you. Show Notes:
- The Chain of Trust in Apple Devices (The Mac Security Blog)
- Chain of trust (Wikipedia)
- Episode 52: Was the Big Hack Really Big?
- Certificate authority (Wikipedia)
- Use Your Apple Watch to Unlock Your Mac and Authenticate
- About the Apple T2 Security Chip
Fri, 29 Nov 2019 03:00:00 -0500
Black Friday Safe Shopping Advice
It's Black Friday again, either the day we release this episode if you're in Europe, or next week, if you're in the US. It's the day when you can get some good deals on things you need, discounts on things you don't need, and, if you're not careful, you could get scammed. We discuss some best practices for buying new and used on Black Friday, and warn you about buying a used iPhone. Show Notes:
- Wirecutter
- Caution! These Black Friday “deals” may be bad for your security
- 6 Cyber Security Tips for Holiday Shopping Online
- 6 Essential Tips to Stay Safe Shopping Online
- Black Friday 2019 Security Threat: U.S. Government Advises Consumers To Stay Vigilant
- The Shop at KonMari
Fri, 22 Nov 2019 05:00:00 -0500
Vice President of Integrity
We discuss Apple's new 16" MacBook Pro with a redesigned keyboard; two new entrants in the video streaming market, Apple TV+ and Disney+; a bug in Facebook's app; Google's Pixel 4's face unlock; and more. Show Notes:
- Apple's new 16" MacBook Pro
- Apple TV+
- Bug in Facebook App Accesses the Camera in the Background
- Facebook fixes bug that caused iOS app to use the camera in the background
- No one should buy the Facebook Portal TV
- Amazon Ring doorbells exposed home Wi-Fi passwords to hackers
- How did Google get Pixel 4 face unlock this wrong?
Fri, 15 Nov 2019 05:00:00 -0500
iPad vs. MacBook: is iPadOS a game changer?
With the release of iPadOS, the iPad has become a serious competitor to a laptop. While you can't do everything on an iPad that you can on a laptop, the gulf between the two is getting slimmer. We talk with Ian Schray, a dedicated iPad user, about replacing a laptop with an iPad. Show Notes:
- The Committed
- Researchers use lasers to hack Siri, Alexa, Google assistants
- Apple updates its privacy page with sleek new look
- iPad vs. MacBook: is iPadOS a game changer?
Fri, 08 Nov 2019 05:00:00 -0500
admin / admin
Apple has released a whole slew of security updates this week, stretching back quite far, and we discuss some of the changes, and also Apple's problematic HomePod update. Equifax is sued for using admin as user name and password to protect sensitive data. (Duh.) And we take a close look at the many security alerts and dialogs you see with macOS Catalina. Show Notes:
- Apple AirPods Pro
- New 13.2 Update Bricking Some HomePods
- Facebook sues NSO Group, accusing them of exploiting WhatsApp last May
- Equifax used 'admin' as username and password for sensitive data: lawsuit
- What Are All Those macOS Catalina Security Alerts?
- Get a Mac - Vista Vs Mac
Fri, 01 Nov 2019 06:00:00 -0400
Depending on Your Threat Model...
Samsung is foiled by screen protectors, users are spoofed by a clever two-factor authentication con, Firefox offers social tracking protection, and a stalker found his idol by analyzing reflections in her eyes in photos. And Google announces a quantum computing breakthrough that may mean that we need to use reeeeeeaaaaaallllllyyyyy long passwords in the future. Show Notes:
- Apple Sending User Data to Chinese Company for Fraudulent Website Warnings in Safari
- Attacker Used Eye Reflections in Pop Star's Photos to Locate Her Home
- 2FA scam reported: "My pass code was accidentally sent to your phone, as I mistyped my phone number which is similar to yours."
- Firefox 70 for Mac Brings Social Tracking Protection
- Google Claims a Quantum Breakthrough That Could Change Computing
Fri, 25 Oct 2019 05:00:00 -0400
Developing a Security Mindset
After a couple of news items, about Apple sending browsing data to Tencent in China, and a Google exec warning people to be wary of its smart home devices, we discuss Josh's talk at the MacTech conference about developing a security mindset. Show Notes:
- Apple Sending User Data to Chinese Company for Fraudulent Website Warnings in Safari
- Apple Clarifies Tencent's Role in Fraudulent Website Warnings, Says No URL Data is Shared and Checks are Limited to Mainland China
- Hash (Wikipedia)
- Google exec says Nest owners should warn guests that their conversations might be recorded
- Josh's MacTech Conference 2019 presentation slides
Fri, 18 Oct 2019 05:00:00 -0400
Getting Ready for Catalina
Josh and Kirk celebrate the two-year anniversary of the podcast, and discuss getting ready to upgrade to Catalina, with tips on how to ensure that your upgrade will be smooth, and the most efficient way to upgrade your Mac. Show Notes:
- How to Prepare Your Mac to Upgrade to macOS Catalina
- What Are 32-Bit and 64-Bit Apps, and Why Do They Matter?
- Setting Up a New Mac: Should You Migrate or Do a Clean Installation?
- After iTunes: macOS Catalina and the New Media Apps
- How to Manage Media Files with Apple’s New Music, TV, Podcasts, and Books Apps
- Use Live Listen with AirPods and Powerbeats Pro
Fri, 11 Oct 2019 02:00:00 -0400
Updates, Legit-Looking Lightning Cables, Malspam, and Touch ID
Josh and Kirk discuss the many updates to iOS 13, how legit-looking lightning cables that can hack your devices will soon be on sale, how malspam mostly tries to trick people with bogus links, a Touch ID issue, and much more. Show Notes:
- Here’s why so many apps are asking to use Bluetooth on iOS 13
- Developer of Checkm8 explains why iDevice jailbreak exploit is a game changer
- Correct Horse Battery Staple
- Researchers Find New Hack to Read Content Of Password Protected PDF Files
- Legit-Looking iPhone Lightning Cables That Hack You Will Be Mass Produced and Sold
- Most malspam contains a malicious URL these days, not file attachments
- Cannot log in to your banking apps on the iPhone? iOS 13 Touch ID bug may be the reason
- This new Google tool protects you against dangerous passwords
Fri, 04 Oct 2019 05:00:00 -0400
iOS Updates, New Amazon Hardware, an Apple Security Advisory, and New Apple Gear
It hasn't been long, but Apple has already released iOS 13.1, and iPad OS 13.1, both initially scheduled for next week. Josh and Kirk discuss these updates, an Apple security advisory about third-party iOS keyboard apps, and some other security news, then chat about the new Apple Watches and iPhones. Show Notes:
- Apple issues iOS 13.1.1 and security updates for every OS, even iOS 12
- Apple Security Update Info
- About an issue that impacts third-party keyboard apps in iOS 13 and iPadOS
- Firefox and Chrome rolling out DNS over HTTPS (DoH) feature
- The biggest announcements from Amazon’s fall 2019 hardware event
- Amazon Echo Loop demo
- Remote-access flaws found in 13 SOHO routers and NAS devices
- 600,000 GPS trackers for people and pets are using 123456 as a password
- 15,000 private webcams left open to snooping, no password required
- Facebook’s Suspension of ‘Tens of Thousands’ of Apps Reveals Wider Privacy Issues
- Google Keystone Update Damages File System on SIP-Disabled Macs
- Apple Watch Series 5 Review: incremental changes for a solid device
- Apple Watch Meyer Lemon Leather Loop Band Review
- Review: iPhone 11, the iPhone for everyone
Fri, 27 Sep 2019 04:00:00 -0400
New Features in iOS, Smart TVs Spying on You, and More
As iOS 13 is out, Josh and Kirk discuss its new features and what you can look forward to. They also discuss how smart TVs spy on you and send data about everything you watch, as well as a new SIM card flaw and an iOS 13 lock screen bypass. One note: we mentioned that iOS 13.1 was due to be released on September 30. After we recorded the podcast, Apple announced that iOS 13.1 would be released early, on September 24. Show Notes:
- Should You Back Up Your iOS Device to iCloud or iTunes?
- Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak
- You watch TV. Your TV watches back.
- New SIM card flaw lets hackers hijack any phone just by sending SMS
- NetCAT: new attack lets hackers remotely steal data from (specific) Intel (Xeon) CPUs
- iOS 13 lockscreen bypass
- What's New in iOS 13 and iPadOS 13
Fri, 20 Sep 2019 05:00:00 -0400
Apple's New iPhone, and More
Josh and Kirk celebrate episode 100 of the Intego Mac Podcast with special guest Dave Hamilton and discuss Apple's new iPhone, Apple Watch, iPad, Apple Arcade, and Apple TV+. And we discuss changes to Apple's AppleCare extended warranty and insurance plan. Guest: Show Notes:
- Apple updates iPhone, Apple Watch, and iPad; gives info on Apple Arcade and Apple TV+
- AppleCare+ Plans Lasting Service Life of Product Arrive Quietly
- How to keep older Macs secure: a geeky approach (run Mojave on unsupported Macs)
- Apple TV+
- New 10.2" iPad
- Apple Watch Series 5
- iPhone 11
- macOS Catalina: Available in October
Fri, 13 Sep 2019 03:00:00 -0400
Twitter and Deepfakes
Twitter's boss had his Twitter account hacked, and Twitter has disabled a feature from its earliest days, which let you tweet via SMS. Firefox's new update blocks trackers and crypto miners. And we take a look at audio and video deepfakes.
- Firefox 69 blocks third-party tracking cookies and cryptomining by default
- Hackers Tweeted Racial Slurs From Twitter CEO Jack Dorsey’s Account
- Chloë Grace Moretz's Twitter Hacked, Apparently by Same Group That Took Over Jack Dorsey's
- The frighteningly simple technique that hijacked Jack Dorsey’s Twitter account
- The Twitter CEO's Twitter Was Hacked
- How to use Twitter via SMS
- Hundreds of Millions of Phone Numbers From Facebook Accounts Leaked Online
- WordPress plug-in exploits — Critical 'Backdoor Attack' Warning Issued For 60 Million WordPress Users
- Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years
- Scammer Successfully Deepfaked CEO's Voice To Fool Underling Into Transferring $243,000
- Another convincing deepfake app goes viral prompting immediate privacy backlash
Fri, 06 Sep 2019 04:00:00 -0400
Everyone Is Listening!
There's a recurring theme in security and privacy news lately, and that is the fact that everyone is listening. If you use Alexa, OK Google, or Siri, the companies behind these services listen to some of your requests (and sometimes when you don't explicitly ask their devices anything). There's news this week about companies listening and watching, along with some Apple updates, clickjacking scripts on websites, and all the stuff that Facebook knows about you. And we answer a couple of listener questions.
- SWAPGS Spectre Side-Channel Vulnerability
- Is My Computer's CPU Secure? (Discussion of Spectre and Meltdown vulnerabilities)
- If You Lose Your iPhone, You Can’t Pay Your Apple Card Bill On The Web
- CPUSetter
- SnowHaze
- Apple Accidentally Unpatches Vulnerability, Leading to New iOS 12.4 Jailbreak
- Apple releases iOS 13.1 beta before iOS 13 is even out
- The Many Possibilities of CVE-2019-8646
- Apple apologises for allowing workers to listen to Siri recordings
- Microsoft Contractors Listened to Xbox Owners in Their Homes
- Doorbell-camera firm Ring has partnered with 400 police forces, extending surveillance reach
- Clickjacking scripts found on 613 popular sites
- You Can Finally See All Of The Info Facebook Collected About You From Other Websites
Fri, 30 Aug 2019 06:00:00 -0400
Do Macs need an antivirus?
There's a question we get asked often: do Macs really need an antivirus? Many people think that Macs are immune to malware, or that security software companies even create malware to sell their products. We give a balanced answer to the question of whether you need to protect your Mac with an antivirus.
- Apple locked me out of its walled garden. It was a nightmare
- If You Lose Your iPhone, You Can’t Pay Your Apple Card Bill On The Web
- Josh’s 28-minute Objective by the Sea v2.0 talk “Fun with Mac Malware Attribution”
- Do Macs need antivirus software?
Fri, 23 Aug 2019 03:00:00 -0400
Hacker Conventions
Summer is when hackers get together to present and discuss malware, vulnerabilities, and exploits. Two big hacker conventions - Black Hat and DEF CON - were held recently, and we discuss some of the Mac-related discoveries. We also look at some interesting news, including certain Macs being banned by the FCC, and answer a listener question about ransomware and files on a Mac.
- Facebook admits to reviewing Messenger app audio with ‘hundreds of contractors’
- The FAA has banned recalled MacBook Pros from all flights — like any other bad battery
- How a 'Null' License Plate Landed One Hacker in Ticket Hell
- Four major dating apps expose precise locations of 10 million users
- The full version of Josh’s 28-minute Objective by the Sea v2.0 talk “Fun with Mac Malware Attribution” is now available to watch online
- HT201222 (Apple's security updates page)
- CUPS (Common UNIX Printing System)
- These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer
- Apple expands its bug bounty, increases maximum payout to $1M
- Patrick Wardle's talk about “Harnessing Weapons of Mac Destruction”
- Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons
- McDonald's restaurant turns to opera to drive out loitering teenagers
- NCC Group Uncovers Dozens of Vulnerabilities in Six Leading Enterprise Printers
Fri, 16 Aug 2019 05:00:00 -0400
Who’s Listening to Your Private Conversations?
Last week, we discussed how Apple was listening to some of your Siri requests. The company changed its policy, and Amazon and Google followed suit, but what else does Apple listen to? We also discuss Apple's new bug bounty program, how AT&T workers unlocked phones for profit, and how cryptojacking isn't financially viable any more.
- Apple suspends Siri response grading in response to privacy concerns
- IBM ViaVoice (Wikipedia)
- Microsoft Says It 'Listens' to Conversations Only With Permission
- Apple faces new Class Action for unlawful and intentional recording of individuals’ confidential communications on Siri without their consent
- Apple Hands Hackers Secret iPhones In A Bid To Boost Security, Sources Say
- Apple expands its bug bounty, increases maximum payout to $1M
- AT&T workers bribed to install malware on company network and unlock iPhones
- Three ads generate 5.5 times more revenue than a web-based cryptojacking script
Fri, 09 Aug 2019 05:00:00 -0400
Preparing for macOS Catalina
We discuss some ways to check that your apps are all compatible with macOS Catilana. We also talk about Apple contractors listening to Siri recordings (but Kirk also adds a last minute update about Apple's change of heart), how the Facebook "Like" button can be a privacy problem, and how Google has discovered some new iOS vulnerabilities.
- Apple contractors 'regularly hear confidential details' on Siri recordings
- Apple responds to Guardian report about contractors hearing private conversations while ‘grading’ Siri
- Apple suspends Siri response grading in response to privacy concerns
- Companies using Facebook 'Like' button liable for data: EU court
- Six serious ‘zero interaction’ vulnerabilities found in iOS; one not yet fixed
- List of 235 apps incompatible with macOS Catalina 10.15
- What Are 32-Bit and 64-Bit Apps, and Why Do They Matter?
- Episode 43: Should You Be Concerned About Porn Blackmail Emails? (Discussion of 32- and 64-bit apps)
Fri, 02 Aug 2019 04:00:00 -0400
Hacking humans: How to avoid social engineering scams
Kirk and Josh take a close look at how you can be scammed by social engineering techniques. They also discuss Apple's recent updates to iOS 9 and 10, a report about the increase in malware targeting Macs, and some good and bad news about Google.
- Update your iPhone or iPad software to avoid issues with location, date, and time
- The GPS Week Number Rollover: what you need to know
- “The sample numbers of new malware for macOS nearly tripled”
- MacVoices #19189: Josh Long of Intego On Malware, Security, Privacy, and Safety Online
- Google employees are eavesdropping, even in your living room
- Google Chrome Update Will Close 'Loophole' That Tipped Sites Off to Your Incognito Mode
- Phishing Dangers in Business and How to Avoid Getting Hooked
- How Apple and Amazon Security Flaws Led to My Epic Hacking
- The Honeymooners - Swanee River (YouTube)
- Turns Out Wearing a Hi-Vis Vest Gets You Into Everything for Free
Fri, 26 Jul 2019 03:00:00 -0400
Zoom Zero-Day, and Unmasking Mac Malware Makers
An app named Zoom may sound like a good thing, but this app opened the Macs of users who had it installed - including Kirk - to a serious security vulnerability. This led Apple to take the rare action of pushing out a silent security update to Macs. And Josh tells us all about how you find out who creates malware.
- Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
- Apple has pushed a silent Mac update to remove hidden Zoom web server
- SilentKnight
- Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping
Fri, 19 Jul 2019 03:00:00 -0400
Browser Fingerprinting, Hyper-Threading, Firefox, VPN, and More
We discuss a number of issues in the news, such as a 17-year old Firefox vulnerability, the threat to end-to-end encryption, and whether Apple should offer a VPN. We also answer listening questions about browser fingerprinting - what is it? we explain - and turning off hyper-threading (we explain that too). AmIUnique Episode 83: Epic disasters: ZombieLoad, WhatsApp, Google 2FA Keys, and Microsoft RDP CPUSetter U.S. officials consider end-to-end encryption crackdown 17-Year-Old Weakness in Firefox Let HTML File Steal Other Files From Device Here’s the next big step Apple should take to protect our privacy Episode 57: The Advantages of Using a VPN, with CyberGhost Amazon confirms Alexa customer voice recordings are kept forever Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com. First-time buyers can save 40% by using coupon code PODCAST19 at checkout.
Fri, 12 Jul 2019 02:00:00 -0400
Browser Wars: Which Web Browser Is Best for Privacy?
Everyone uses a web browser, on their Mac and their iOS device. But there are many web browsers, and some are better designed to protect your privacy. We take a deep dive into web browsers and discuss the pros and cons of Safari, Chrome, Firefox, and a number of alternatives. Safari, Chrome, Firefox: Which is the most private browser for Mac? (https://www.intego.com/mac-security-blog/safari-chrome-firefox-which-is-the-most-private-browser-for-mac/) — Intego's comparison of macOS browsers Is Safari the most private browser for iPhone and iPad? (https://www.intego.com/mac-security-blog/is-safari-the-most-private-browser-for-iphone-and-ipad/) — Intego's comparison of iOS browsers Goodbye, Chrome: Google’s web browser has become spy software (https://www.washingtonpost.com/technology/2019/06/21/google-chrome-has-become-surveillance-software-its-time-switch/) Breezometer (https://breezometer.com) The Waste Land (https://apps.apple.com/app/the-waste-land/id427434046) Google Chrome (https://www.google.com/chrome/) Mozilla Firefox (https://www.mozilla.org/en-US/firefox/new/) Firefox Focus (https://apps.apple.com/app/firefox-focus-privacy-browser/id1055677337) Chrome Canary (https://www.google.com/chrome/canary/) Brave (https://brave.com) Opera (https://www.opera.com) Opera Touch (https://apps.apple.com/us/app/opera-touch-web-browser/id1411869974) Waterfox (https://www.waterfox.net) Puffin (https://www.puffin.com) Microsoft Edge (https://www.microsoftedgeinsider.com/en-us/) Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com. First-time buyers can save 40% by using coupon code PODCAST19 at checkout.
Fri, 05 Jul 2019 02:00:00 -0400
New Mac Malware, Apple Public Betas, and More
There's been a lot of Mac malware appearing lately, and Intego has been discovering many serious new threats. We look at some of these malware, discuss an interesting new OneDrive feature, then talk about installing and using Apple's public betas for macOS, iOS, iPadOS, tvOS, and watchOS. Paprika Recipe Manager (https://apps.apple.com/us/app/paprika-recipe-manager-3/id1303222628?mt=12) OSX/NewTab (and other new Mac malware) OSX/CrescentCore (was originally named OSX/Adspartam) Tweet showing a postal phishing letter (https://twitter.com/MatKendrick/status/1143970477880295424) Microsoft’s new OneDrive Personal Vault protects a folder with 2FA (https://www.theverge.com/2019/6/25/18744045/microsoft-onedrive-personal-fault-secure-folder-storage-2fa) Installing macOS on a separate APFS volume (https://support.apple.com/en-us/HT208891) No, Apple isn’t killing off iTunes Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com. First-time buyers can save 40% by using coupon code PODCAST19 at checkout.
Fri, 28 Jun 2019 05:00:00 -0400
Flash, Incognito Mode, Porn, and a Malware Extravaganza
This week, as we are at Midsummer's Day, we look at the final nail in Adobe Flash's coffin, a new Chrome incognito mode feature, the UK's porn block, and a bunch of new malware. Google Chrome 76 beta makes it harder to use Flash, easier to dodge paywalls (https://www.theverge.com/2019/6/13/18678388/google-chrome-76-beta-dark-mode-incognito-flash-paywall) homestarrunner.com (http://homestarrunner.com) Apple restricts online Apple Store access to newer versions of Safari and macOS (https://appleinsider.com/articles/19/06/14/apple-restricts-online-apple-store-access-to-newer-versions-of-safari-and-macos) Josh misstated the NetMarketshare statistics (https://netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Trend%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platformVersion%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsDesktopVersions%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222018-06%22%2C%22dateEnd%22%3A%222019-05%22%2C%22segments%22%3A%22-1000%22%7D). By default, they show the market share over the course of a year, so given that macOS Mojave hasn't yet been out a year, the results are skewed. With updated statistics - from April to May of this year (https://netmarketshare.com/operating-system-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Custom%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22platformVersion%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22platformsDesktopVersions%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222019-04%22%2C%22dateEnd%22%3A%222019-05%22%2C%22segments%22%3A%22-1000%22%7D) - macOS 10.14 usage is 250% of that of macOS 10.13. Cellebrite Now Says It Can Unlock Any iPhone for Cops (https://www.wired.com/story/cellebrite-ufed-ios-12-iphone-hack-android/) Forbes: UK Porn Block Is Just The Privacy Risk You'd Expect (http://www.forbes.com/sites/emmawoollacott/2019/06/14/uk-porn-block-is-just-the-privacy-risk-youd-expect/) In-the-wild security vulnerability fixed in Firefox 67.0.3 & Firefox ESR 60.7.1 (https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/) OSX/Linker malware found in the wild exploiting recently exposed zero-day Mac vulnerability LoudMiner, aka Bird Miner: Cross-platform cryptocurrency mining malware in cracked VST software Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com. First-time buyers can save 40% by using coupon code PODCAST19 at checkout.
Fri, 21 Jun 2019 07:00:00 -0400
Privacy Policies Can Be as Complicated as Kant's Critique of Pure Reason
We discuss running iOS and macOS betas, the new iPod touch, Firefox's coming subscription service, Safari auto-submitting user names and passwords, and how some companies' private policies can be as complicated as Kant's Critique of Pure Reason. iPod touch (https://www.apple.com/ipod-touch/) Mozilla says paid subscription service is coming to Firefox (https://www.theverge.com/2019/6/10/18660344/firefox-subscription-paid-service-vpn-cloud-storage-release-date) Episode 57: The Advantages of Using a VPN We Read 150 Privacy Policies. They Were an Incomprehensible Disaster (https://www.nytimes.com/interactive/2019/06/12/opinion/facebook-google-privacy-policies.html) Safari Auto-Submitting AutoFilled Passwords (https://mjtsai.com/blog/2019/04/17/safari-auto-submitting-autofilled-passwords/) Everyone hates passwords. Good news: They’re about to die (https://www.fastcompany.com/90344117/everyone-hates-passwords-good-news-theyre-about-to-die) Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com. First-time buyers can save 40% by using coupon code PODCAST19 at checkout.
Fri, 14 Jun 2019 05:00:00 -0400
New Security and Privacy Features in macOS Catalina and iOS 13
Apple announced their new operating systems early this week, and we take a close look at the many interesting and useful new security privacy features that will soon be available on your Mac and iOS devices. Trypophobia (Wikipedia) (https://en.wikipedia.org/wiki/Trypophobia) Why some people are freaking out over Apple’s new Mac Pro (https://www.cleveland.com/entertainment/2019/06/why-some-people-are-freaking-out-over-apples-new-mac-pro.html) New Security and Privacy Features in macOS Catalina and iOS 13 Three Key Points about Apple’s WWDC Announcements Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com. First-time buyers can save 40% by using coupon code PODCAST19 at checkout.
Fri, 07 Jun 2019 03:00:00 -0400
Deep Dive: Software Updates on Mac and iOS
It's essential that you update your software, both to have improved features, squashed bugs, and security fixes. But should you update your software automatically, or should you wait? How can you best manage software updates on the Mac and on iOS? What every Apple user should know about software updates VirusBarrier Scanner (Mac App Store) Sparkle (https://sparkle-project.org) Safari Technology Preview (https://developer.apple.com/safari/technology-preview/) Get 40% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 31 May 2019 03:00:00 -0400
Oh, Google...
We've called out Facebook many times recently for their security issues, and now it's time to look at a couple of problems with Google. We also discuss the Huawei situation, and how it may affect Apple, and more. Google stored some passwords in plain text for fourteen years (https://www.theverge.com/2019/5/21/18634842/google-passwords-plain-text-g-suite-fourteen-years) Google has been tracking nearly everything you buy online—see for yourself with this tool (https://www.theverge.com/2019/5/17/18629789/google-purchase-history-gmail-email-receipts) G Suite (Wikipedia) (https://en.wikipedia.org/wiki/G_Suite) G Suite security and trust (https://gsuite.google.co.uk/intl/en_uk/security/?secure-by-design_activeEl=data-centers) Google pulls Huawei’s Android license, forcing it to use open source version (https://www.theverge.com/2019/5/19/18631558/google-huawei-android-suspension) Apple’s China Business Faces Another Blow From Trump’s Huawei Ban (https://www.bloomberg.com/news/articles/2019-05-22/apple-s-china-business-faces-another-blow-from-trump-huawei-ban) In Price and Value, Chinese Phone Makers Outpace Apple in Much of the World (https://www.nytimes.com/2019/01/04/technology/china-smartphones-iphone.html) Bloomberg **** the Bed Again on Cybersecurity (https://daringfireball.net/2019/05/bloomberg_shits_the_bed_again_on_cybersecurity) ROT13 (Wikipedia) (https://en.wikipedia.org/wiki/ROT13) Apple is trying to make web ads truly private (https://www.engadget.com/2019/05/22/apple-privacy-protecting-web-ads/) Privacy Preserving Ad Click Attribution For the Web (https://webkit.org/blog/8943/privacy-preserving-ad-click-attribution-for-the-web/) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 24 May 2019 08:00:00 -0400
Epic disasters: ZombieLoad, WhatsApp, Google 2FA Keys, and Microsoft RDP
It's been a busy week for security vulnerabilities. ZombieLoad affects all recent Intel processors, and Apple has issued a fix for it. A serious WhatsApp vulnerability made the evening news because it was so dangerous. And Google and Microsoft had a few issues as well. WhatsApp exploit let attackers install government-grade spyware on phones (https://techcrunch.com/2019/05/13/whatsapp-exploit-let-attackers-install-government-grade-spyware-on-phones/) Facebook's brief explanation of the WhatsApp vulnerability (https://www.facebook.com/security/advisories/cve-2019-3568) You probably weren’t a target of the WhatsApp surveillance hack (https://techcrunch.com/2019/05/14/whatsapp-vulnerability-risk/) Buffer overflow (Wikipedia) (https://en.wikipedia.org/wiki/Buffer_overflow) Remote code execution, or arbitrary code execution (Wikipedia) (https://en.wikipedia.org/wiki/Arbitrary_code_execution) Secure Real-time Transport Protocol (Wikipedia) (https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol) Microsoft Issues Urgent Fix For Windows In First XP Patch Since WannaCry (https://www.forbes.com/sites/kateoflahertyuk/2019/05/15/microsoft-issues-urgent-fix-for-windows-in-first-xp-patch-since-wannacry/) Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered (https://www.theregister.co.uk/2019/05/15/google_titan_bluetooth_key_security_flaw/) Apple security updates (https://support.apple.com/en-us/HT201222) Episode 13: Is My Computer's CPU Secure? (discussion of Meltdown and Spectre) Additional mitigations for speculative execution vulnerabilities in Intel CPUs (https://support.apple.com/en-gb/HT210107) How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities (https://support.apple.com/en-gb/HT210108) SGX enclaves (https://software.intel.com/en-us/blogs/2016/06/06/overview-of-intel-software-guard-extension-enclave) CPUSetter (https://www.whatroute.net/cpusetter.html) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 17 May 2019 05:00:00 -0400
How We Use Facebook
We look at an issue that caused Firefox add-ons to not work for a while, and discuss a suggestion about making Apple's AirDrop more secure. Then we discuss how we use Facebook, and why we don't use it much any more (and perhaps why you should rethink how you use the service). Firefox disabled all add-ons because a certificate expired (https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/) The feature Apple needs to change in AirDrop (https://finance.yahoo.com/news/apple-airdrop-privacy-174359769.html) How to Use AirDrop to Securely Share or Transfer Files AirDrop hardware requirements (https://support.apple.com/en-gb/HT203106) (at the end of this article) Facebook sponsored posts selling access to hacked PayPal accounts (https://www.grahamcluley.com/facebook-sponsored-posts-selling-access-to-hacked-paypal-accounts/) It’s Time to Break Up Facebook (https://www.nytimes.com/2019/05/09/opinion/sunday/chris-hughes-facebook-zuckerberg.html) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 10 May 2019 03:00:00 -0400
Should you worry about MDM software?
Apple has updated XProtect; what is this? Facebook bans quizzes and useless apps; finally. And we take a close look at MDM software, and how Apple has taken measures against apps that use this technology. Gatekeeper and opening apps from unknown developers (https://support.apple.com/en-gb/HT202491) Apple updates XProtect to combat ‘Windows’ exploits on Mac machines (https://www.zdnet.com/article/apple-updates-xprotect-to-combat-windows-exploits-on-mac-machines/) Facebook bans personality quizzes and other similar apps (https://www.slashgear.com/facebook-bans-personality-quizzes-and-other-similar-apps-25574797/) How to Choose and Answer Security Questions (with the clip from the movie Now You See Me that was mentioned in the podcast) How Nest, designed to keep intruders out of people’s homes, effectively allowed hackers to get in (https://www.washingtonpost.com/technology/2019/04/23/how-nest-designed-keep-intruders-out-peoples-homes-effectively-allowed-hackers-get/) Apple Cracks Down on Apps That Fight iPhone Addiction (https://www.nytimes.com/2019/04/27/technology/apple-screen-time-trackers.html) The facts about parental control apps (Apple) (https://www.apple.com/newsroom/2019/04/the-facts-about-parental-control-apps/) How to Use Screen Time in iOS 12 to Track Your Device Usage Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 03 May 2019 06:00:00 -0400
When should you upgrade your Mac?
Macs last a long time, but whatever your needs, you’ll need to upgrade your Macs eventually. Whether you buy new or used, there comes a time when you need more power, RAM, storage, or all of the above. You don’t necessarily have to upgrade your entire Mac. We discuss the different variations of upgrading your Apple hardware. Episode 27: How to Securely Sell Your Old Mac, iPhone or iPad How to Keep Older Macs Secure: A Geeky Approach WebKit (https://webkit.org) Mac mini (Mid 2011) (https://support.apple.com/kb/sp632?locale=en_US) Hackintosh.com (https://hackintosh.com) iMac Intel 20" EMC 2133 and 2210 CPU Replacement (iFixit) (https://www.ifixit.com/Guide/iMac+Intel+20-Inch+EMC+2133+and+2210+CPU+Replacement/28763) The “cheese grater” Mac Pro (https://512pixels.net/2017/04/the-cheese-grater-mac-pro/) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 26 Apr 2019 02:00:00 -0400
Solving a problem that isn’t there
Breaking news: folding phones are out, and they’re breaking. Is this a solution to a problem that doesn’t exist? We also discuss the possibility of Apple creating a Find My Everything app, and we look at advertising identifiers on iOS device, and Mozilla’s campaign to get Apple to change them every month. Apple revamping Find My Friends & Find My iPhone in unified app, developing Tile-like personal item tracking (https://9to5mac.com/2019/04/17/find-my-iphone-revamp/) The Bug in Apple’s Latest Marketing Campaign - The Mozilla Blog (https://foundation.mozilla.org/en/campaigns/privacy-thats-iphone-but-is-it/) Netscape (Wikipedia) (https://en.wikipedia.org/wiki/Netscape_(web_browser)) How to Reset the Advertising Identifier on your Mac, iOS Device, or Apple TV My Samsung Galaxy Fold screen broke after just a day (https://www.theverge.com/2019/4/17/18411510/samsung-galaxy-fold-broken-screen-debris-dust-hinge-flexible-bulge) Review: The iPad mini (2019) Is Still a Great iPad Apple HomePod Review: Superior Sound, but Limited by Siri Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 19 Apr 2019 08:00:00 -0400
Is Apple Breaking Up iTunes?
Rumors abound of Apple breaking up iTunes, and we look at what this might entail. We also discuss how Amazon employees are listening in on Alexa devices, and we relate the story of an Apple employee whose confidential Apple devices were subject to searches when he tried to cross the border. The Most Lamentable Tragedie of Sirius Unresponsivus Amazon Workers Are Listening to What You Tell Alexa (https://www.bloomberg.com/news/articles/2019-04-10/is-anyone-listening-to-you-on-alexa-a-global-team-reviews-audio) Apple employee detained by U.S. customs agents after declining to unlock phone, laptop (https://www.washingtonpost.com/technology/2019/04/03/apple-employee-detained-by-us-customs-agents-after-declining-unlock-phone-laptop/) Hide a user account in macOS (https://support.apple.com/HT203998) Next major macOS version will include standalone Music, Podcasts, and TV apps, Books app gets major redesign (https://9to5mac.com/2019/04/10/macos-10-15-itunes-standalone-apps/) The Next Track: Episode #136 - Breaking Up with iTunes? Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 12 Apr 2019 06:00:00 -0400
The One About the iPad
We discuss the iPad: how it can replace a computer for some people, how the new iPad mini is a great little device, and how there are some elements of iOS that could be improved to make the iPad even better. iA Writer (https://ia.net/writer) TypeIt4Me (https://www.ettoresoftware.com/mac-apps/typeit4me/) Review: The iPad mini (2019) Is Still a Great iPad Why iOS Needs Multiple User Accounts for iPad How to Use Split Screen and Slide Over to Do Multitasking on iPad Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 05 Apr 2019 07:00:00 -0400
Apple's New Services, with Chuck Joiner
Mac podcaster Chuck Joiner joins us to discuss Apple's new services that were announced this week: news, games, TV, and even a credit card. MacVoices Podcast At Your Service: The Full Lowdown on Apple TV+, Apple News+, Apple Card, and Apple Arcade Steve Jobs introduces the iPod - 2001 (https://www.youtube.com/watch?v=Mc_FiHTITHE) Apple Solidifies Its Transition to a Services Company How Apple Is Changing from a Hardware Company to a Services and Media Company Backgammon NJ HD (https://apps.apple.com/gb/app/backgammon-nj-hd/id371380665?mt=8) Apple Releases iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2 with Critical Security Updates Problems Logging into Google Account in Apple Mail for Mac, After macOS 10.4.4 Update Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 29 Mar 2019 03:00:00 -0400
This Is a Brain Hack
We take a deep dive into spam: how it works, and how you can manage it. We also discuss another Facebook blunder, some thoughts on preventing facial recognition software from spotting you, and a new porn blackmail scam allegedly from the CIA. Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years (https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/) Facebook's response: Keeping Passwords Secure (https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/) Facebook Lite (https://www.howtogeek.com/348076/what’s-the-difference-between-facebook-and-facebook-lite/) How to hack your face to dodge the rise of facial recognition tech (https://www.wired.co.uk/article/avoid-facial-recognition-software) CIA Porn Accusation Emails: Here’s What Mac Users Need to Know Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 22 Mar 2019 03:00:00 -0400
Spoiler Alert
Josh tells us about the RSA security conference, and there are some new vulnerabilities that affect processors; one even has its own website. We also bring you some news about Facebook using phone numbers when they said they wouldn't, and Firefox's new secure file-transfer service. RSA Conference (https://www.rsaconference.com) Josh's article, RSA Conference 2019 Highlights: A Mac Perspective "I Am Root": A Retrospective on a Severe Mac Vulnerability If you want online privacy, change your phone number immediately (https://www.wired.co.uk/article/change-your-phone-number-online-privacy) Two-Factor Authorization Apps for iOS Mozilla launches its free, encrypted file-sharing service, Firefox Send (https://techcrunch.com/2019/03/12/mozilla-launches-its-free-encrypted-file-sharing-service-firefox-send/) Apple's Mail Drop (sorry, I said AirDrop in the podcast) (https://support.apple.com/kb/ph2629?locale=en_US) You. Shall. Not. Pass... word: Soon, you may be logging into websites using just your phone, face, fingerprint or token (https://www.theregister.co.uk/2019/03/05/web_authentication/) Why 'ji32k7au4a83' Is a Remarkably Common Password (https://gizmodo.com/why-ji32k7au4a83-is-a-remarkably-common-password-1833045282) Thunderclap (https://thunderclap.io) Thunderbolt 3 'Thunderclap' vulnerabilities let malicious peripherals attack a Mac's memory (https://appleinsider.com/articles/19/02/27/thunderbolt-3-thunderclap-vulnerabilities-let-malicious-peripherals-attack-a-macs-memory) SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability (https://www.theregister.co.uk/2019/03/05/spoiler_intel_processor_flaw/) All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix (https://www.zdnet.com/article/all-intel-chips-open-to-new-spoiler-non-spectre-attack-dont-expect-a-quick-fix/) SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks (PDF) (https://arxiv.org/pdf/1903.00446.pdf) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 15 Mar 2019 04:00:00 -0400
Maintain Your Privacy When Browsing the Web
All modern web browsers provide the capability to use "private browsing," a way of maintaining your privacy when using the web. We discuss how to use this feature, as well as some browser extensions that will also mask some of your personal information. HTTPS Everywhere (https://www.eff.org/https-everywhere) uBlock Origin: for Chrome (https://chrome.google.com/webstore/detail/ublock-origin/), Safari (https://safari-extensions.apple.com/details/?id=com.el1t.uBlock-3NU33NW2M3), Firefox (https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/) Ghostery (https://www.ghostery.com) Use Private Browsing to Maintain Your Privacy on the Web Brave web browser (https://brave.com) ProtonMail (https://protonmail.com/) Google Cloud Security and Compliance Whitepaper (https://static.googleusercontent.com/media/gsuite.google.com/en//files/google-apps-security-and-compliance-whitepaper.pdf) The Advantages of Using a VPN, with CyberGhost Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 08 Mar 2019 03:00:00 -0500
Marzipan and the iOSification of macOS
After some news about Facebook and user data (again), and a look at Apple's plan for securely managing health records, we look at Marzipan, Apple's framework for allowing iOS apps to easily run on macOS. What will the future look like? Will macOS become similar to iOS? And will we see touch-screen Macs in the future? Some iOS Apps Sending an Alarming Amount of Data to Facebook and Most Users Are Unaware (https://www.macrumors.com/2019/02/22/ios-apps-sending-private-data-to-facebook/) Meitu (https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-january-2017/) Tim Cook on Health Records Privacy: "People Will Look at This and Feel That They Can Trust Apple" (https://www.macrumors.com/2019/02/27/tim-cook-health-records-privacy/) Marzipan (http://www.hrwiki.org/wiki/Marzipan) Apple Plans on Combining iPhone, iPad, Mac Apps by 2021 (https://www.bloomberg.com/news/articles/2019-02-20/apple-is-said-to-target-combining-iphone-ipad-mac-apps-by-2021) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 01 Mar 2019 04:00:00 -0500
How to Securely Dispose of Hard Drives
A Messages prank, Google getting caught with a hidden mic, and password managers have flaws. And we discuss destroying hard drives creatively. iOS Safari Flaw Allows Deceptive Web Page Previews in Messages Google backtracks on Chrome modifications that would have crippled ad blockers (https://www.zdnet.com/article/google-backtracks-on-chrome-modifications-that-would-have-crippled-ad-blockers/) Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret' (https://www.businessinsider.com/nest-microphone-was-never-supposed-to-be-a-secret-2019-2?r=US&IR=T) Password managers have a security flaw. But you should still use one. (https://www.washingtonpost.com/technology/2019/02/19/password-managers-have-security-flaw-you-should-still-use-one/) How Apple Is Changing from a Hardware Company to a Services and Media Company Apple, Goldman Sachs Team Up on Credit Card Paired With iPhone (https://www.wsj.com/articles/apple-goldman-sachs-team-up-on-credit-card-paired-with-iphone-11550750400) How to Securely Dispose of Old Hard Drives and SSDs iFixit Pro Tech Toolkit (https://www.ifixit.com/Store/Tools/Pro-Tech-Toolkit/IF145-307) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 22 Feb 2019 13:00:00 -0500
How to Avoid Getting Hacked After Data Breaches
Data breaches are common, and when this happens, and your data is included, you need to know what to do to protect yourself. We take a deep dive into data breaches and the things you can do to keep yourself safe. The biggest ever data dump just hit a colossal 2.2 billion accounts (https://www.wired.co.uk/article/collection-data-breach-dump-leak) HaveIBeenPwned (https://haveibeenpwned.com) HaveIBeenPwned password check (https://haveibeenpwned.com/Passwords) 1Password Watchtower (https://support.1password.com/watchtower/) Password Checkup (https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno) Hasso-Platner Institut (https://sec.hpi.de/ilc/search) How to Avoid Getting Hacked After Data Breaches 8 Things to Do Right Now if You’ve Been Hacked Two-Factor Authorization Apps for iOS Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 15 Feb 2019 06:00:00 -0500
Why Doesn't Apple Have a Mac Bug Bounty Program?
We discuss a new macOS Keychain vulnerability, which raises the question of why Apple still doesn't have a Mac bug bounty program. We also discuss shortcomings of two-factor authentication, the removal of the Do Not Track feature from Safari, whether or not Google Chrome's lookalike URL warnings are actually a good thing, and more (including why Apple still hadn't fixed the Group FaceTime spying bug; they finally did after we recorded the episode). Apple Patches Group FaceTime, Shortcuts Vulnerabilities Apple's bug bounty program, launched in 2016 (https://securosis.com/blog/thoughts-on-apples-bug-bounty-program) Apple might pay teenager who found Group FaceTime surveillance bug (https://appleinsider.com/articles/19/02/04/apple-might-pay-teenager-who-found-group-facetime-surveillance-bug) Apple to Remove “Do Not Track” Feature from Safari Google Chrome to get warnings for 'lookalike URLs' (https://www.zdnet.com/article/google-chrome-to-get-warnings-for-lookalike-urls/) Typosquatting (Wikipedia) (https://en.wikipedia.org/wiki/Typosquatting) Josh's tweet from 2012 about AdBlock Plus Chrome Canary (https://www.google.com/chrome/canary/) Security researcher demos macOS exploit to access Keychain passwords, but won’t share details with Apple out of protest (https://9to5mac.com/2019/02/06/mac-keychain-exploit/) Mr. Steal Yo Keychain (Patrick Wardle's keychain discovery of 2017) (https://www.patreon.com/posts/mr-steal-yo-14556409) Market for zero-day exploits (Wikipedia) (https://en.wikipedia.org/wiki/Market_for_zero-day_exploits) Two-Factor Authentication Might Not Keep You Safe (https://www.nytimes.com/2019/01/27/opinion/2fa-cyberattacks-security.html) Two-Factor Authorization Apps for iOS Kevin Mitnick (Wikipedia) (https://en.wikipedia.org/wiki/Kevin_Mitnick) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 08 Feb 2019 05:00:00 -0500
FaceTime, Facebook, Google, Shortcuts, Steganography, and More
Apple had a mean FaceTime bug; then they slapped down Facebook, and Google, for some underhanded app distribution. There are security risks using iOS Shortcuts, and there's new malware using steganography. VeryMal Mac Attack Hides Data Within a Picture Steganography (Wikipedia) (https://en.wikipedia.org/wiki/Steganography) Are iOS Shortcuts Safe? Reports of Risks Surface Use iOS Shortcuts to Automate Tasks on Your iPhone or iPad Everything You Need To Know About the FaceTime Spying Bug Apple faces lawsuit over FaceTime bug as lawyer says someone eavesdropped on a sworn testimony (https://9to5mac.com/2019/01/29/apple-facetime-eavesdropping-lawsuit/) Facebook, Google Caught Deploying Invasive Apps; Apple Shuts Them Down (After we recorded this episode on Thursday, Apple revoked Google's enterprise certificate. Apple later said that the company had reinstated Facebook's certificate, and was working with Google to reinstate the certificate.) Google disables app that monitored iPhone usage in violation of Apple’s rules (https://www.theverge.com/2019/1/30/18204350/google-screenwise-app-ios-apple-violation) Apple just became the tech industry's de facto privacy cop (https://www.washingtonpost.com/news/powerpost/paloma/the-technology-202/2019/01/31/the-technology-202-apple-just-became-the-tech-industry-s-de-facto-privacy-cop/) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.
Fri, 01 Feb 2019 04:00:00 -0500
The Biggest Data Breach Ever; Is Your Data Included?
Google is blocking ad blockers, but not their own ads. Apple has released a slew of updates. And the biggest data breach ever has been discovered, with 2.7 billion records. Is your data included? Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently (https://www.theregister.co.uk/2019/01/22/google_chrome_browser_ad_content_block_change/) uBlock Origin (https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en) NoScript (https://noscript.net) Apple Releases iOS 12.1.3, macOS Mojave 10.14.3, and More Security Updates Wrest control from a snooping smart speaker with this teachable "parasite" (https://techcrunch.com/2019/01/16/wrest-control-from-a-snooping-smart-speaker-with-this-teachable-parasite/) Raspberry Pi (https://www.raspberrypi.org) You Deserve Privacy Online. Here's How You Could Actually Get It (http://time.com/collection/davos-2019/5502591/tim-cook-data-privacy/) Steve Jobs: Thoughts on Music (https://www.wsj.com/articles/SB117079254216799934) (2007, not 2004 as said in the podcast) Steve Jobs: Thoughts on Flash (https://www.apple.com/hotnews/thoughts-on-flash/) (2010) Did Australia Hurt Phone Security Around the World? (https://www.nytimes.com/2019/01/22/technology/australia-cellphone-encryption-security.html) Collection #1 (And #2–5) Are the Latest Massive Password Dumps How to Avoid Getting Hacked After Data Breaches have i been pwned? (https://haveibeenpwned.com) How to Choose and Answer Security Questions Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 25 Jan 2019 05:00:00 -0500
Routers, Tweets, Bugs, and More
This week we focus on a wide range of security news. From router vulnerabilities to tweets storing precise location data; from $2 million bug bounties to Face ID issues; and lots more. Cyber researcher pulls public talk on hacking Apple's Face ID (https://www.reuters.com/article/us-apple-cyber-conference/cyber-researcher-pulls-public-talk-on-hacking-apples-face-id-idUSKCN1OX1TA) Face ID Fooled By Hackers… and a 10-Year-Old Boy? Google Chrome’s ad-blocking feature will roll out worldwide in July (https://thenextweb.com/google/2019/01/10/google-chromes-ad-blocking-feature-will-roll-out-worldwide-in-july/) Your Old Tweets Give Away More Location Data Than You Think (https://www.wired.com/story/twitter-location-data-gps-privacy/) How to Easily Remove Old Tweets and Facebook Posts NetGear Orbi mesh wifi system GoDaddy removes JavaScript injection which tracks website performance, but might break it too (https://www.zdnet.com/article/godaddy-javascript-injection-tracks-website-performance-but-might-break-it-too/) Zerodium's Exploit Acquisition Program (https://zerodium.com/program.html#changelog) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 18 Jan 2019 04:00:00 -0500
It's the Ecosystem, Stupid
We discuss Apple's trolling of other companies at the Consumer Electronics Show this week, a delivery tracking app that sends and receives data in a strange way, and we then look at how Apple's ecosystem may be "under-appreciated," according to Tim Cook. Ahead of CES, Apple touts ‘what happens on your iPhone, stays on your iPhone’ with privacy billboard in Las Vegas (https://9to5mac.com/2019/01/05/apple-privacy-billboard-vegas-ces/) Package tracking app turns users’ devices into a bot farm, violates user privacy (https://9to5mac.com/2019/01/07/package-tracking-app-turns-users-devices-into-a-bot-farm-violates-user-privacy/) Deliveries (https://junecloud.com/software/iphone/deliveries.html) Security researchers find over a dozen iPhone apps linked to Golduck malware (https://techcrunch.com/2019/01/05/dozen-iphone-apps-linked-to-golduck-malware/) Tim Cook interview on CNBC (https://www.cnbc.com/video/2019/01/08/apple-ceo-tim-cook-talks-china-wall-street-negativity-and-innovation.html) It’s the Ecosystem, Stupid* How Apple Is Changing from a Hardware Company to a Services and Media Company The iPhone Is No Longer “Magical” Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 11 Jan 2019 05:00:00 -0500
New Year's Resolutions to Secure Your Mac and iOS Devices
As the new year rolls in, we look at some New Year's resolutions to secure your Mac and iOS devices. These are simple tips that you can apply immediately to make your devices more secure. Episode #6: Passwords Are Hard New Year’s Resolutions to Check that Your Mac and iOS Devices Are Secure Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 04 Jan 2019 06:00:00 -0500
The Year in Mac and iOS Security
We look at the biggest stories of 2018, and we discuss the impressive rise in the amount of malware that targets the Mac. Mac malware: - The Year of the RAT - MaMi - Shlayer - CreativeUpdater - Unwanted cryptocurrency miner in App Store - Dummy - Calisto (fake Intego software) - Lazarus (advanced persistent threat) - SearchPageInjector - RealtimeSpy - Meltdown, Spectre, and speculative execution flaws - Cellebrite and GrayKey can reportedly unlock any iOS device - Apple introduced USB restricted mode Other news: Is Your Smart Speaker Spying on You? Fake Alexa setup app is topping Apple's App Store charts (https://www.engadget.com/2018/12/27/fake-alexa-app-topping-apple-app-store-charts/) How to Easily Remove Old Tweets and Facebook Posts Protect Your Kids on iOS Devices with Parental Controls How to Use Screen Time in iOS 12 to Track Your Device Usage New Security and Privacy Features in iOS 12 New Security Features in macOS Mojave Google Authenticator (https://apps.apple.com/gb/app/google-authenticator/id388497605?mt=8) Authy (https://authy.com) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 28 Dec 2018 05:00:00 -0500
How Mobile Apps Track Your Location
New iPad Pros bend, but Apple says it's okay. Android's Face Unlock is much less secure than Apple's Face ID, and can be fooled with a 3D-printed head. And we look at a bank's password blunder. Then we look at how mobile apps track your location, and sell that data. Apple confirms some iPad Pros ship slightly bent, but says it’s normal (https://www.theverge.com/2018/12/19/18148957/apple-ipad-bend-pro-2018-shipping-manufacturing-confirmed) We Broke Into A Bunch Of Android Phones With A 3D-Printed Head (https://www.forbes.com/sites/thomasbrewster/2018/12/13/we-broke-into-a-bunch-of-android-phones-with-a-3d-printed-head/) HSBC password issue (Twitter) (https://twitter.com/BradleyAllen512/status/1073544852363714561) iTunes Store Authentication Vulnerability (2011) Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret (https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html) Are iOS Apps Spying On Your Location? Intego Mac Podcast Episode 17 Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 21 Dec 2018 05:00:00 -0500
How to Set Up a New Mac
There's a lot of security news this week, and we look at how facial recognition has been used at concerts, and at doorbells, a security vulnerability in software for headsets, and the most popular passwords of the year. Then we discuss the best way to set up a new Mac. Expediting changes to Google+ (https://www.blog.google/technology/safety-security/expediting-changes-google-plus/) Taylor Swift used facial recognition software to detect stalkers at LA concert (https://www.theguardian.com/music/2018/dec/13/taylor-swift-facial-recognition-stalkers-rose-bowl-concert) Amazon’s Disturbing Plan to Add Face Surveillance to Your Front Door (https://www.aclu.org/blog/privacy-technology/surveillance-technologies/amazons-disturbing-plan-add-face-surveillance-yo-0) Sennheiser’s flawed headphone software opened PCs and Macs to HTTPS site spoofing (https://techcrunch.com/2018/11/29/sennheiser-headphone-software-broke-https-pc-mac/) Sennheiser HeadSetup software update info (https://en-uk.sennheiser.com/headset-software-pc) The 25 Most Popular Passwords of 2018 Will Make You Feel Like a Security Genius (https://gizmodo.com/the-25-most-popular-passwords-of-2018-will-make-you-fee-1831052705) Chrome Canary (https://www.google.com/chrome/canary/) Waterfox (https://www.waterfoxproject.org/en-US/waterfox/) Setting Up a New Mac: Should You Migrate or Do a Clean Installation? 5 Must-Have Mac Utilities to Boost Your Productivity How to Securely Set Up Your New Mac Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 14 Dec 2018 06:00:00 -0500
How to Choose the Mac You Need
We discuss how to choose a new Mac among the broad line-up of Apple's products. We also look at some recent security issues, including a clever Touch ID scam, some new Mac Spyware, and more. And, Tom Cruise is in the news. Scammy iOS apps used Touch ID to push users toward $99 payouts (https://www.theverge.com/2018/12/3/18123644/ios-app-scam-fitness-tracking-touch-id-trick-payments) iTunes Doesn't Encrypt Downloads — on Purpose (https://www.wired.com/story/itunes-downloads-https-encryption/) Tom Cruise on motion smoothing (Twitter) (https://twitter.com/TomCruise/status/1070071781757616128) Privacy Exodus: Spam Delivers Mac Spyware Apple HomePod Compared to Sonos One How to Choose the Right Mac for Your Use Case Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 07 Dec 2018 06:00:00 -0500
Is Apple Changing from a Hardware Company to a Service Company?
This week's news include info about an Instagram data breach, an Amazon data breach, a new class-action lawsuit against Apple, and an expensive way to get access to your iPhone if you get locked out. Then we discuss whether Apple is morphing from a hardware company to a service company. Kirk's Hackintosh project (http://www.macworld.com/article/3196994/macs/how-to-build-a-hackintosh.html) and his Hackintosh parts list Kirk wrote about how much dust the Mac Pro collected back in 2014 Instagram accidentally reveals plaintext passwords in URLs (https://nakedsecurity.sophos.com/2018/11/20/instagram-accidentally-reveals-plaintext-passwords-in-urls/) Apple Facing Class Action Lawsuit Over Lack of Filters in MacBooks and iMacs Causing Trapped Dust (https://www.macrumors.com/2018/11/28/apple-macbook-imac-dust-filter-lawsuit/) DriveSavers Lets Consumers Retrieve Data From Locked iOS Devices for $3,900 (https://www.macrumors.com/2018/11/27/drivesavers-ios-passcode-recovery-service/) Amazon warns customers it leaked their names and email addresses (https://www.grahamcluley.com/amazon-warns-customers-it-leaked-their-names-and-email-addresses/) Technical foul: Amazon suffers data snafu days before Black Friday, emails world+dog (https://www.theregister.co.uk/2018/11/21/amazon_data_breach/) How Apple Is Changing from a Hardware Company to a Services and Media Company Google Fi (https://fi.google.com/about/) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 30 Nov 2018 04:00:00 -0500
New Security Features in iOS 12 and macOS Mojave
We take a close look at the great new security features in iOS 12 and macOS Mojave. We also answer a few reader questions, about the Activity Monitor app, about when to upgrade hardware, and whether "free" media sites are safe. How to use Activity Monitor on your Mac (Apple) (https://support.apple.com/en-gb/HT201464) New Security and Privacy Features in iOS 12 New Security Features in macOS Mojave Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 23 Nov 2018 03:00:00 -0500
The Advantages of Using a VPN, with CyberGhost
We've often stressed how important it is to use a VPN. Today we welcome Andra Zaharia from Intego's partner company CyberGhost to discuss why we all need a VPN at times. CyberGhost VPN Episode 15: What's a VPN, and Why Should You Use One? Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 16 Nov 2018 04:00:00 -0500
How to Shop Securely (and Save Money) on Black Friday
After some brief security news about the Mac, we discuss how you can be sure to shop securely on Black Friday; and we give you some tips to save money too! WebKit (Wikipedia) (https://en.wikipedia.org/wiki/WebKit) Apple security doc touts T2 chip benefits, including hardware prevention of microphone eavesdropping (https://9to5mac.com/2018/10/30/t2-security-chip-benefits/) 6 Cyber Security Tips for Holiday Shopping Online 6 Essential Tips to Stay Safe Shopping Online Caution! These Black Friday “Deals” May Be Bad for Your Security How to Spot Fake Product Reviews Episode 15: What's a VPN, and Why Should You Use One? CamelCamelCamel.com (https://camelcamelcamel.com) Wirecutter (https://thewirecutter.com) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 09 Nov 2018 05:00:00 -0500
Apple Brings Out New Macs and iPads
Apple released new Macs and iPads this week, and Josh and Kirk talk about the new MacBook Air, the Mac mini, and the iPod Pro. We also cover some security news, such as new Mac malware, Apple security updates, and more. Use Group FaceTime on your iPhone, iPad, and iPod touch (https://support.apple.com/en-gb/HT209022) Apple security updates (https://support.apple.com/en-gb/HT201222) Apple Releases macOS 10.14.1 With Group FaceTime and New Emoji (https://www.macrumors.com/2018/10/30/apple-releases-macos-10-14-1/) Apple Releases iOS 12.1 With eSIM Support, Real-Time Depth Control, Group FaceTime, New Emoji and More (https://www.macrumors.com/2018/10/30/apple-releases-ios-12-1/) iOS 12 is Now Installed on 63% of Active Devices From the Last Four Years (https://www.macrumors.com/2018/10/31/ios-12-installed-on-63-percent-of-devices/) Download macOS Mojave 10.14.1 Update (standalone updater) (https://support.apple.com/kb/DL1981?locale=en_GB) How to Access iCloud via a Web Browser iOS 12 compatibility (scroll to the bottom of the page to see the list) (https://www.apple.com/uk/ios/ios-12/) Mac malware intercepts encrypted web traffic for ad injection (https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/) Mac cryptocurrency ticker app installs backdoors (https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/) Apple is killing off MagSafe, one of the MacBook’s best features (2016) (https://www.theverge.com/2016/10/27/13441150/rip-magsafe-apple-macbook-pro-charging-cable-usb-c) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 02 Nov 2018 07:00:00 -0400
How to Spot Fake Online Product Reviews
The holiday shopping season is here, and we all look at online product reviews, right? But many of them are fake. How can you tell which are reliable? We discuss that, cover more revelations about the "big hack" story that Bloomberg published recently, and more. The Big Hack (Bloomberg) (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies) Apple CEO Tim Cook Calls on Bloomberg to Retract Supply Chain Hack Story: 'There's No Truth to This' (https://www.macrumors.com/2018/10/19/tim-cook-calls-for-bloomberg-hack-story-retraction/) Supermicro CEO Joins Cook in Calling for Bloomberg to Retract Supply Chain Hack Story (https://www.macrumors.com/2018/10/22/supermicro-calls-for-hack-story-retraction/) A mysterious grey-hat is patching people's outdated MikroTik routers (https://www.zdnet.com/article/a-mysterious-grey-hat-is-patching-peoples-outdated-mikrotik-routers/) Apple stops maintaining its printer compatibility list (https://eclecticlight.co/2018/10/14/apple-stops-maintaining-its-printer-compatibility-list/) How to Spot Fake Product Reviews Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 26 Oct 2018 08:00:00 -0400
Security Deep Dive: Digital Certificates
We take a close look at how digital certificates work, and how they don't. We also discuss the latest Facebook data breach, Apple's new data download feature, and more. Apple Customers in the US, Canada, Australia, and New Zealand Can Download a Copy of Their Data Starting Today (https://www.macrumors.com/2018/10/17/apple-customer-data-downloads-to-us-ca-au-nz/) Apple's Data and Privacy website (https://privacy.apple.com) How to Download All Your Apple Data (https://tidbits.com/2018/05/31/how-to-download-all-your-apple-data/) An Update on the Security Issue (https://newsroom.fb.com/news/2018/10/update-on-security-issue/) Facebook may have knowingly inflated its video metrics for over a year (https://www.theverge.com/2018/10/17/17989712/facebook-inaccurate-video-metrics-inflation-lawsuit) Cops Told ‘Don’t Look’ at New iPhones to Avoid Face ID Lock-Out (https://motherboard.vice.com/en_us/article/5984jq/cops-dont-look-iphonex-face-id-unlock-elcomsoft) Face Off (https://www.imdb.com/title/tt0119094/) The PhotoActive podcast (https://www.photoactive.co/) Extended validation certificate (Wikipedia) (https://en.wikipedia.org/wiki/Extended_Validation_Certificate) Apple Corps v Apple Computer (Wikipedia) (https://en.wikipedia.org/wiki/Apple_Corps_v_Apple_Computer) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 19 Oct 2018 05:00:00 -0400
Was the Big Hack Really Big? And We Celebrate Our One-Year Anniversary
Was it really a big hack? Bloomberg claims that a Chinese hardware hack affected Apple, Amazon, and others, but the companies deny this accusation. And we look back on the first year of the podcast. Episode #6: Passwords Are Hard (correcthorsebatterystaple) Episode #5: Two-Factor Authentication; Should You Be Worried about Bitcoin? Episode #15: What's a VPN, and Why Should You Use One? Episode #7: Tom Cruise Is in the Row Behind You Episode #51: Facebook Blunders, Sloppy Russian Hackers, and More Episode #30: What Is a Firewall, and How Does it Work? Episode #31: Delete Your Social Media History Episode #36: Lock Down and Secure Your Router The Intego Mac Podcast Google Shuttering Google+ for Consumers After Undisclosed Data Breach (https://www.macrumors.com/2018/10/08/google-plus-shutting-down-data-breach/) The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies) Bloomberg’s spy chip story reveals the murky world of national security reporting (https://techcrunch.com/2018/10/04/bloomberg-spy-chip-murky-world-national-security-reporting/) Tampered Chinese Ethernet port used to hack ‘major US telecom,’ says Bloomberg report (https://www.theverge.com/2018/10/9/17955848/supermicro-telecom-server-hack-apple-amazon) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 12 Oct 2018 04:00:00 -0400
Facebook Blunders, Sloppy Russian Hackers, and More
Two major blunders have led a lot of people to question the security and privacy of Facebook. Some Russian hackers were caught trying to access a wi-fi network in the Netherlands. And law enforcement forced someone to open their iPhone X using Face ID. Russia accused of cyber-attack on chemical weapons watchdog (https://www.theguardian.com/world/2018/oct/04/netherlands-halted-russian-cyber-attack-on-chemical-weapons-body) UK accuses Kremlin of ordering series of 'reckless' cyber-attacks (https://www.theguardian.com/technology/2018/oct/04/uk-accuses-kremlin-of-ordering-series-of-reckless-cyber-attacks) Wi-Fi Alliance Simplifies Wi-Fi Naming Scheme With Upcoming 'Wi-Fi 6' Release (https://www.macrumors.com/2018/10/03/wifi-naming-simplified-with-wifi-6-launch/) FBI forces suspect to unlock iPhone X with Face ID (https://www.engadget.com/2018/10/01/fbi-face-unlock-suspect-iphone/) Apple refurbished iMac Pro 15% off (https://www.apple.com/shop/browse/home/specialdeals/mac/imac_pro) The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies) The Facebook Security Meltdown Exposes Way More Sites Than Facebook (https://www.wired.com/story/facebook-security-breach-third-party-sites/) Two reasons to reconsider your Facebook membership (https://www.grahamcluley.com/two-reasons-to-reconsider-your-facebook-membership/) How to Easily Remove Old Tweets and Facebook Posts Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 05 Oct 2018 06:00:00 -0400
macOS Mojave Is Here
macOS Mojave has been released this week, and we discuss the main features that users will like (or not). We also look at Apple's recent security updates to all its operating systems, and some recent security threats, including a way to get access to any iPhone with only its phone number (don't worry, you probably won't be targeted). Apple security updates (https://support.apple.com/en-us/HT201222) WebKit (https://webkit.org) They Got 'Everything': Inside a Demo of NSO Group's Powerful iPhone Malware (https://motherboard.vice.com/en_us/article/qvakb3/inside-nso-group-spyware-demo) Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files (https://www.macrumors.com/2018/09/24/macos-mojave-bypass-vulnerability/) 7-Year-Old Hacks Apple's Screen Time Restrictions (https://www.tomsguide.com/us/ios-screen-time-hack-kid,news-28177.html) macOS Mojave Brings Refinements and Interface Changes How to Use Dark Mode in macOS Mojave Send us a thoughtful, useful question for Josh and Kirk and you'll have a chance to win a one-year subscription to Intego Mac Internet Security bundle. Send the email to podcast@intego.com (mailto:podcast@intego.com). Deadline: October 3, midnight (California time). Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 28 Sep 2018 06:00:00 -0400
What iOS 12 Means for You
We take a look at some of the new features in iOS 12, released early this week. We also talk about some issues with Safari 12 and extensions, and follow up on a story we reported about malware in Mac App Store apps from Trend Micro. What’s New in Safari 12 (https://developer.apple.com/safari/whats-new/) Ad industry “deeply concerned” about Safari’s new ad-tracking restrictions (https://arstechnica.com/tech-policy/2017/09/ad-industry-deeply-concerned-about-safaris-new-ad-tracking-restrictions/) iOS 12 Brings New Features, Improves Performance How to Use Screen Time in iOS 12 to Track Your Device Usage Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 21 Sep 2018 08:00:00 -0400
Is the Mac App Store Really Safe?
We used to think that apps from the Mac App Store were safe, but some recently discovered issues where apps purchased at the Mac App Store have been sending user data to servers have made us reconsider that. Apple Introduces New iPhones and Apple Watches How to Tell If an Online Article is Real, Fake or a Scam How Safe Is the Mac App Store? Privacy-Violating Apps Uncovered Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 14 Sep 2018 05:00:00 -0400
Coming Soon from Apple
We discuss the new products that Apple might (or is likely to) announcement next week. We also cover some privacy news about Twitter and Apple's App Store. Josh's Twitter discussion with product manager Sarah Haider (https://twitter.com/pandemona/status/1036840559137050624) All New and Updated App Store Apps Required to Have a Privacy Policy Starting October (https://www.macrumors.com/2018/08/31/all-app-store-apps-to-require-privacy-policy/) iPhone 8 Logic Board Replacement Program (https://www.apple.com/support/iphone-8-logic-board-replacement-program/) As iOS 12 Launch Approaches, iOS 11 Adoption Hits 85 Percent (https://www.macrumors.com/2018/09/04/ios-11-adoption-85-percent/) 42mm Apple Watch Series 4 to Feature Resolution of 384x480 (https://www.macrumors.com/2018/09/05/42mm-apple-watch-series-4-resolution/) Exclusive: Apple Watch Series 4 revealed — massive display, dense watch face, more (https://9to5mac.com/2018/08/30/exclusive-apple-watch-series-4/) Computer Audiophile (https://www.computeraudiophile.com) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 07 Sep 2018 05:00:00 -0400
Advanced Persistent Threats by Nation-State Caliber Threat Actors
We start by looking at a couple of small but interesting updates to Apple hardware, then we discuss two advanced persistent threats. Do you know what this means? Listen to find out. Apple Releases Firmware Update for AirPort Express With AirPlay 2 Support (https://www.macrumors.com/2018/08/28/airport-express-firmware-airplay-2/) Apple Says Latest macOS Supplemental Update Addresses Audio and Kernel Panic Issues on 2018 MacBook Pro (https://www.macrumors.com/2018/08/29/macos-high-sierra-supplemental-update-2-details/) Kernel panic (Wikipedia) (https://en.wikipedia.org/wiki/Kernel_panic) Prepare your institution for iOS 12 or macOS Mojave (https://support.apple.com/en-us/HT209028) Clone your finger - bypassing TouchID (https://wojciechregula.blog/clone-you-finger-bypassing-touchid/) Operation AppleJeus and OSX/Lazarus: Rise of a Mac APT (https://www.intego.com/mac-security-blog/operation-applejeus-and-osxlazarus-rise-of-a-mac-apt/) Remote Mac Exploitation Via Custom URL Schemes (https://objective-see.com/blog/blog_0x38.html) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 31 Aug 2018 07:00:00 -0400
Can You Prevent Google from Tracking Your Movements?
Google tracks your movement even when you tell its apps not to. We discuss this, and tell you how to turn off this "feature." We also discuss the latest Apple and security news. Apple Is Planning a New Low-Cost MacBook, Pro-Focused Mac Mini (https://www.bloomberg.com/news/articles/2018-08-20/apple-is-said-to-plan-revamped-low-cost-macs-to-reignite-sales) Apple Alerting Customers to Upcoming Discontinuation of Back to My Mac in macOS Mojave (https://www.macrumors.com/2018/08/21/apple-back-to-my-mac-discontinued-macos-mojave/) USBHarpoon Is a BadUSB Attack with A Twist (https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/) Google Tracks Your Movements — Can You Stop It? myaccount.google.com (https://myaccount.google.com) Month in Review: Apple Security in January 2017 (Meitu app) Add Analytics to Your iOS App (https://developers.google.com/analytics/devguides/collection/ios/v3/) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 24 Aug 2018 04:00:00 -0400
What's a Botnet, and How Do They Work?
We mention the term "botnet" from time to time, but what exactly is a botnet? How does it work? Is it self-aware? Can botnets be taken down? We look into this, and discuss the week's security news. Fire & Ice: Making and Breaking macOS Firewalls (https://www.blackhat.com/us-18/briefings.html#fire-and-ice-making-and-breaking-macos-firewalls) 'Synthetic Click' attack re-emerges in macOS High Sierra at Defcon (https://appleinsider.com/articles/18/08/13/synthetic-click-attack-re-emerges-in-macos-high-sierra-at-defcon) Fax Machines Are Still Everywhere, and Wildly Insecure (https://www.wired.com/story/fax-machine-vulnerabilities/) Intego exclusive: HP Leaves Mac Users Vulnerable to Fax Hacks HP Ink Printers Remote Code Execution (https://support.hp.com/us-en/document/c06097712) Denial-of-service attack (Wikipedia) (https://en.wikipedia.org/wiki/Denial-of-service_attack) Steganography (Wikipedia) (https://en.wikipedia.org/wiki/Steganography) Homeland, Episode 9 recap (contains spoilers) (https://tvline.com/2018/04/08/homeland-recap-season-7-episode-9-useful-idiot-carrie-franny-car/) iWorm Botnet Uses Reddit and Command and Control Center Flashback Botnet is Adrift Why the Flashback Botnet is a Threat Viruses, Worms and Spyware--Yikes! A Look at Malware Terminology Intego Security Memo: Trojan Horse OSX/Koobface.A Affects Mac OS X Mac – Koobface Variant Spreads via Facebook, Twitter and More Should You Worry About People Hacking Toilets? Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 17 Aug 2018 06:00:00 -0400
Should You Be Concerned About Porn Blackmail Emails?
Lots of people having been receiving blackmail emails claiming that they've been filmed watching porn. We explain how this scam works. We also talk about the difference between 32-bit and 64-bit apps, Firefox's new DNS scheme, and more. What Are 32-Bit and 64-Bit Apps, and Why Do They Matter? Josh's Invisibility Toggler app Apple responds to Congress' letter on data security and privacy (https://www.cnet.com/news/apple-responds-to-letter-from-congress-on-data-security-and-privacy/) Apple Response to July 9 Letter (https://www.scribd.com/document/385682086/Apple-Response-to-July-9-Letter#from_embed) Improving DNS Privacy in Firefox (https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/) Mozilla's new DNS resolution is dangerous (https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/) Porn Blackmail Scam Rattles Mac Users: What You Need to Know ';--have i been pwned? (https://haveibeenpwned.com) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 10 Aug 2018 05:00:00 -0400
Security Software Deep Dive: How Intego NetBarrier Firewall Works
We take a close look at how Intego's NetBarrier firewall works. We explain how its multi-pronged defense keeps you safe, and discuss how best to set it up. Intego NetBarrier Intego NetBarrier X9 Compared to macOS High Sierra’s Firewall Why You Need an Outbound Firewall What’s the Difference Between Incoming and Outgoing Firewall Protection? Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 03 Aug 2018 04:00:00 -0400
Episode 41: Malware Masquerades as an Intego Software Installer
Some malware was found recently that pretends to be an Intego VirusBarrier installer. We also talk about Google's choice to suggest that HTTP websites are insecure, and a recent story showing that security keys can prevent phishing. Google Chrome users met with ‘Not secure’ warnings when visiting HTTP sites (https://www.grahamcluley.com/google-chrome-website-not-secure/) Kirkville Google: Security Keys Neutralized Employee Phishing (https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing/) Google Advanced Protection Program (https://landing.google.com/advancedprotection/) OSX/Calisto Mac Malware Masquerades as Intego Software Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 27 Jul 2018 05:00:00 -0400
How to Protect Your Digital Legacy
We discuss how you can protect your digital legacy and ensure that your data doesn't get lost if something happens to you, and we discuss the many elements of your data that are accessible from the lock screen of your iPhone or iPad. How to Prepare Your Digital Legacy Anti-Hack Feature Comes to iOS 11.4.1… But Is It Good Enough? (USB restricted mode) iOS Lock Screen: Guide to Keep Data off Your iPhone Lock Screen Apple's Quick Look Reveals Your Darkest Secrets Episode #28: Beware of Trustjacking (discussion of GrayKey in this episode) Episode #39: Security Software Deep Dive: How Antivirus Works (discussion of USB restricted mode, and comment mentioned in the show) How to Encrypt Disk Images with Disk Utility to Protect Sensitive Files SQRL (https://www.grc.com/sqrl/sqrl.htm) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 20 Jul 2018 06:00:00 -0400
Security Software Deep Dive: How Antivirus Works
After a tale of an Apple ID getting blocked for a strange reason, and some security news, we take a close look at how antivirus software works. Updating macOS in VMware Fusion Leads to Apple ID Reset Apple's lates security updates (https://support.apple.com/en-us/ht201222) WebKit (Wikipedia) (https://en.wikipedia.org/wiki/WebKit) This $39 Device Can Defeat iOS USB Restricted Mode (https://blog.elcomsoft.com/2018/07/this-9-device-can-defeat-ios-usb-restricted-mode/) About the security content of Wi-Fi Update for Boot Camp 6.4.0 (KRACK vulnerability) (https://support.apple.com/en-gb/HT208847) Intego VirusBarrier What Does Your Antivirus Scanner Do Under the Hood? Don’t Believe in Antivirus? Malware is Only One Tool in a Cybercriminal’s Arsenal Submit Malware to Intego Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 13 Jul 2018 04:00:00 -0400
How to Make Sure Your Mac’s Software Is Working Smoothly
We discuss some ways to check your Mac's software and ensure that it is running smoothly. And we bring the latest Mac security news. Apple's First MacBook Pro With Retina Display is Now 'Vintage' (https://www.macrumors.com/2018/07/04/2012-retina-macbook-pro-vintage/) Usb Restricted Mode and Forensics – Is There a Workaround? (https://www.drivesaversdatarecovery.com/2018/06/28/usb-restricted-mode-and-forensics-is-there-a-workaround/) Crypto community target of MacOS malware Episode 37: How to Make Sure Your Mac’s Hardware Is Working Properly How to Verify Your Mac’s Software Is Running Smoothly How to Back Up Your Mac to Multiple Time Machine Disks Conflict Catcher (Wikipedia) (https://en.wikipedia.org/wiki/Conflict_Catcher) 5 Must-Have Mac Utilities to Boost Your Productivity DiskWarrior (https://www.alsoft.com/DiskWarrior/) (NOTE: DiskWarrior 5.2 does not support APFS) iStat Menus (https://bjango.com/mac/istatmenus/) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 06 Jul 2018 04:00:00 -0400
How to Make Sure Your Mac’s Hardware Is Working Properly
We discuss some ways to check your Mac's hardware to make sure everything is working correctly, and we discussed some recent security issues, and a new way that wi-fi will be protected in the future. Episode 13: Is My Computer's CPU Secure? Black Hat Conference (https://www.blackhat.com/us-18/) Hyper-threading (Wikipedia) (https://en.wikipedia.org/wiki/Hyper-threading) TLBleed is latest Intel CPU flaw to surface: But don't expect it to be fixed (https://www.zdnet.com/article/tlbleed-is-latest-intel-cpu-flaw-to-surface-but-dont-expect-it-to-be-fixed/) Wi-Fi security is starting to get its biggest upgrade in over a decade (https://www.theverge.com/circuitbreaker/2018/6/26/17501594/wpa3-wifi-security-certification) Apple to Prevent iTunes Payment Info Changes on Very Old Versions of iOS, OS X, and Apple TV Software (https://www.macrumors.com/2018/06/28/apple-itunes-payment-info-email/) macOS 'Quick Look' Bug Can Leak Encrypted Data Through Thumbnail Caches (https://www.macrumors.com/2018/06/18/macos-quick-look-encrypted-data-bug/) How to Verify Your Mac’s Hardware Is Working Properly Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 29 Jun 2018 06:00:00 -0400
Lock Down and Secure Your Router
We look at your home router and explain the many steps you can take to make sure it is secure. How to Secure Your Home Router Episode #33: Cryptojacking, Russian Router Malware, and Parental Controls How to Remove Wi-Fi Networks from Your Mac and iOS Device SSID and Wireless Networking (https://www.lifewire.com/definition-of-service-set-identifier-816547) Universal Plug and Play (Wikipedia) (https://en.wikipedia.org/wiki/Universal_Plug_and_Play) MAC address (Wikipedia) (https://en.wikipedia.org/wiki/MAC_address) NetGear Orbi mesh wi-fi system Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 22 Jun 2018 03:00:00 -0400
Where's the Best Place to Buy Mac Apps?
Some new security threats arise, and we discuss code signing and Apple's Gatekeeper technology. We then look at the pros and cons of buying Mac apps from the Mac App Store or directly from developers. VMware Fusion (https://www.vmware.com/products/fusion.html) Parallels Desktop (https://www.parallels.com/products/desktop/) Third-Party macOS Security Tools Vulnerable to Malware Code-Signing Bypasses for Years (https://www.macrumors.com/2018/06/12/macos-security-apps-malware-bypass/) How to Allow Apps from Anywhere in macOS Sierra Gatekeeper (http://osxdaily.com/2016/09/27/allow-apps-from-anywhere-macos-gatekeeper/) OS X Security: Under the Hood Features That Protect Your Mac How to Use Your Web Browser’s Fraudulent Site Protection Feature Intego VirusBarrier Scanner Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 15 Jun 2018 04:00:00 -0400
iOS 12, macOS Mojave, Features and Security & Privacy Enhancements
We cover Apple's new operating system announcements, looking at the new features in iOS 12 and macOS Mojave. And we take a close look at the security and privacy features in these operating systems. Why do the iPhone X’s Animoji work after covering Face ID’s sensors? (https://thenextweb.com/apple/2017/11/15/the-iphone-x-doesnt-actually-need-face-id-for-animoji-apparently/) Augmented reality (Apple) (https://www.apple.com/ios/augmented-reality/) iOS 12 Screen Time App Will Help Reduce iPhone Addiction macOS Mojave: What’s New in Security and Privacy Features Why iOS 12 Is Huge for Security and Privacy Apple CEO Tim Cook: "Privacy is a Fundamental Human Right" (https://www.macrumors.com/2018/06/04/tim-cook-cnn-interview-privacy/) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 08 Jun 2018 04:00:00 -0400
Cryptojacking, Russian Router Malware, and Parental Controls
We discuss Apple's recent operating system updates - and the one they didn't update - cover some new malware, and then take a close look at using parental controls on the Mac and on iOS. iCloud security overview (for Messages in the Cloud) (https://support.apple.com/en-us/HT202303) AirPlay 2 (https://www.apple.com/airplay/) Apple HomePod Review: Superior Sound, but Limited by Siri How to Choose the Right Hard Disk for Your Mac 4 Types of Backup Hard Drives for Mac Russian hackers mass-exploit routers in homes, govs, and infrastructure (https://arstechnica.com/tech-policy/2018/04/russian-hackers-mass-exploit-routers-in-homes-govs-and-infrastructure/) Hackers infect 500,000 consumer routers all over the world with malware (https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/) FBI tells router users to reboot now to kill malware infecting 500k devices (https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/) Cryptominer ‘mshelper’ Targets macOS: What You Need to Know Episode #30: What Is a Firewall, and How Does it Work? Tit (Wikipedia) (https://en.wikipedia.org/wiki/Tit_(bird)) What’s the Difference Between macOS Parental Controls and Intego ContentBarrier? Intego ContentBarrier X9 Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 01 Jun 2018 06:00:00 -0400
Browser Cookies & Private Browsing
We talk about all those GDPR emails you've been receiving, mention a new Spectre-type vulnerability, and then take a deep dive into browser cookies and private browsing. Episode 13: Is My Computer's CPU Secure? How to Request a Copy of Your Apple ID Account Data (https://www.macrumors.com/how-to/get-a-copy-of-your-apple-account-data/) Blob - Binary large object (Wikipedia) (https://en.wikipedia.org/wiki/Binary_large_object) How to Manage and Remove Browser Cookies on Mac and iOS Firesheep (Wikipedia) (https://en.wikipedia.org/wiki/Firesheep); see also Josh's past blog articles about Firesheep Episode 7: Tom Cruise Is in the Row Behind You (physical access) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 25 May 2018 07:00:00 -0400
Delete Your Social Media History
We discuss the new EFAIL issue affecting encrypted email; discuss a new class-action suit against Apple; and then explain how you can delete your history on Facebook and Twitter. It's not easy, but it's possible. Sponsor: Have an old Mac, iPhone, or iPad you want to sell? Get a $10 bonus today via SellYourMac.com/Intego. PGP and EFAIL: Frequently Asked Questions (https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questions) EFAIL FAQ (https://efail.de) S/MIME (Wikipedia) (https://en.wikipedia.org/wiki/S/MIME) Pretty Good Privacy (Wikipedia) (https://en.wikipedia.org/wiki/Pretty_Good_Privacy) Episode 30: What Is a Firewall, and How Does it Work? How to Encrypt Email with Any Email Provider What to Look for in a Private and Secure Email Service Provider How to Encrypt Disk Images with Disk Utility to Protect Sensitive Files Scissor vs butterfly keyboard (https://theengineerscafe.com/butterfly-keyboard/) Apple faces class action lawsuit over failing MacBook butterfly keyboards (https://9to5mac.com/2018/05/12/apple-keyboard-lawsuit/) Facebook closed 583m fake accounts in first three months of 2018 (https://www.theguardian.com/technology/2018/may/15/facebook-closed-583m-fake-accounts-in-first-three-months-of-2018) How to Easily Remove Old Tweets and Facebook Posts Cardigan gocardigan.com (update: the service was discontinued in August 2019, so we removed the link) Social Book Post Manager (https://chrome.google.com/webstore/detail/social-book-post-manager/ljfidlkcmdmmibngdfikhffffdmphjae) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 18 May 2018 04:00:00 -0400
What Is a Firewall, and How Does it Work?
After some news about an interesting new iOS security feature, some potential malware, and a surprising move by Microsoft, we delve into firewalls. What is a firewall? How does it work? Why do you need one? Sponsor: Have an old Mac, iPhone, or iPad you want to sell? Get a $10 bonus today via SellYourMac.com/Intego. iOS 11.4 Disables Lightning Connector After 7 Days, Limiting Law Enforcement Access (https://www.macrumors.com/2018/05/08/ios-11-4-usb-restricted-mode/) Cone of Silence (Wikipedia) (https://en.wikipedia.org/wiki/Cone_of_Silence_(device)) Microsoft Office for Mac, iOS and Windows to Include JavaScript in Excel Beware! Dangerous Macro Malware Ahead Caution: Mac-specific Hack Tool Mettle Discovered Why You Need an Outbound Firewall What’s the Difference Between Incoming and Outgoing Firewall Protection? Understanding Security in NetBarrier What’s the Difference Between a Hardware and Software Firewall? Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 11 May 2018 09:00:00 -0400
Social Engineering Scams to Beware, and Digital Spring Cleaning Tips
We explain what tech support scams - by phone, or on the web - are all about, and we then take a close look at the best ways to do a spring cleaning on your Mac. Sponsor: Have an old Mac, iPhone, or iPad you want to sell? Get a $10 bonus today via SellYourMac.com/Intego. Social Engineering: Beware of ‘Tech Support’ Scams Teaming up in the war on tech support scams (Microsoft) (https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/) The 6 Most Common Social Hacking Exploit Techniques Report phishing, spam, etc. to Apple (https://support.apple.com/en-us/HT204759) Mac Cleanup Tips for Digital Spring Cleaning How to Use Optimized Storage to Increase Disk Space Change Where macOS Saves Screenshots Spotlight Secrets: 15 Ways to Use Spotlight on Your Mac Removing Duplicate Files on Mac OS X: The Complete Guide Dupin, iTunes duplicate manager How to Choose the Right Hard Disk for Your Mac Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast)
Fri, 04 May 2018 03:00:00 -0400
Beware of Trustjacking
We discuss three new types of Mac malware, talk about the latest Mac and iOS security updates, then look at a sneaky new threat that can affect the security of your iOS devices. Sponsor: Have an old Mac, iPhone, or iPad you want to sell? Get a $10 bonus today via SellYourMac.com/Intego. New OceanLotus Backdoor Discovered Targeting macOS New OSX/Shlayer Malware Variant Found Using a Dirty New Trick Snake Malware Ported from Windows to Mac About the security content of Security Update 2018-001 (https://support.apple.com/en-gb/HT208742) happyfunthisistotallyalegitimatetaxsite.com (https://www.youtube.com/watch?v=dQw4w9WgXcQ) Maker of 'GrayKey' iPhone Unlocking Box Suffers 'Brief' Data Breach, Receives Money Demands (https://www.macrumors.com/2018/04/24/grayshift-graykey-iphone-unlocking-box-data-breach/) RSA Conference 2018 (https://www.rsaconference.com/events/us18) Cybersecurity Tech Accord: 34 Tech Companies Just Promised a Bunch of Nothing (https://www.macobserver.com/columns-opinions/the-back-page/cybersecurity-tech-accord/) Intego survey, you can win $100 for telling us that you think about this podcast, and what you want to hear (https://www.surveymonkey.com/r/integopodcast) iOS Trustjacking: How Attackers Can Hijack Your iPhone Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Fri, 27 Apr 2018 05:00:00 -0400
How to Securely Sell Your Old Mac, iPhone, or iPad
In this week's episode, we explain why you may see dialogs on your Mac warning that your apps aren't compatible. Then we welcome Brian Burke, the president of SellYourMac.com, to discuss the best way to sell your old Mac, iPhone, or iPad. This is a sponsored episode brought to you by SellYourMac.com. Visit SellYourMac.com/Intego to get a $10 bonus on items worth $25 or more. How to Find Which Apps on Your Mac Are 32-Bit How to Securely Dispose of Your Old Mac Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com. We want to hear from you! Take our podcast listener survey (https://www.surveymonkey.com/r/integopodcast) for a chance to win $100 Visa gift card.
Fri, 20 Apr 2018 04:00:00 -0400
Facebook, DNS, Apple Privacy, New Mac Pro, and More
We cover a lot this week. Facebook and Cambridge Analytica, a new DNS service for individuals, new Apple privacy features, the new Mac Pro, and more. Facebook Launches Help Center Tool to Check if Your Data Was Shared With Cambridge Analytica (https://www.macrumors.com/2018/04/10/facebook-launches-help-center-tool/) Go to this link (https://www.facebook.com/help/1873665312923476) to see your Facebook status concerning Cambridge Analytica How to Prevent Facebook Apps from Accessing Your Profile Information Facebook privacy settings - do they do anything? (https://www.wired.com/story/facebook-privacy-setting-doesnt-do-anything) How to Use Cloudflare’s 1.1.1.1 Public DNS (And Why You Should) Quad9 DNS (https://www.quad9.net) Intego Mac Security Podcast Survey: Win a $100 gift card (https://www.surveymonkey.com/r/integopodcast) Apple’s new “privacy icon” in iOS 11.3 and macOS 10.13.4 (https://www.apple.com/newsroom/2018/03/ios-11-3-is-available-today/) Apple's 2019 Mac Pro will be shaped by workflows (https://techcrunch.com/2018/04/05/apples-2019-imac-pro-will-be-shaped-by-workflows/) Kirk's 2014 Mac Pro: First Impressions; Second Impressions Use an external graphics processor with your Mac (https://support.apple.com/en-us/HT208544) Apple releases PRODUCT(RED) iPhone (https://www.apple.com/newsroom/2018/04/apple-introduces-iphone-8-and-iphone-8-plus-productred-special-edition/) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 11 Apr 2018 05:15:00 -0400
How to Not Get Scammed Online
We look at the ten most common online scams, and explain how to avoid them. And we mention the fact that Apple has updated everything this week. Apple Issues New Security Updates, Patches APFS Volume Password Bug Top 10 Online Scams: Watch Out For These Common Red Flags Episode #12: What to Do if You’ve Been Hacked How Apple and Amazon Security Flaws Led to My Epic Hacking (https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/) How to Choose and Answer Security Questions Type a URL Wrong, and You Might End up with Malware on Your Mac Episode #14: What's Up with My iPhone's Battery? Episode #15: What's a VPN, and Why Should You Use One? Why You Should Connect to a VPN on Mac and iOS — and How To Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 04 Apr 2018 05:00:00 -0400
Facebook, Privacy, and Logins
After some news - about a 100TB SSD, storing data in DNA, and more - we discuss whether your smart speaker is spying on you, then examine what could happen if you delete your Facebook account. Could you still log in on all the websites where you used your Facebook profile? World's largest SSD capacity now stands at 100TB (https://www.engadget.com/2018/03/19/nimbus-data-releases-record-100tb-ssd/) How DNA can be used to store computer data (http://www.bbc.co.uk/news/av/science-environment-43395686/how-dna-can-be-used-to-store-computer-data) Is Your Smart Speaker Spying on You? Facebook confirms Cambridge Analytica stole its data; it’s a plot, claims former director (https://www.theregister.co.uk/2018/03/18/facebook_confirms_cambridge_analytica_stole_its_data_its_a_plot_claims_former_director/) Did Facebook’s ‘favors’ for the Obama campaign constitute a violation of federal law? (http://www.foxnews.com/opinion/2018/03/26/did-facebook-s-favors-for-obama-campaign-constitute-violation-federal-law.html) How to Prevent Facebook Apps from Accessing Your Profile Information How to Manage Privacy Settings on Popular iOS Apps A Parents’ Guide to Protecting Kids’ Privacy on Social Media Episode 6: Passwords Are Hard What is OpenID? (http://openid.net/what-is-openid/) SQRL: Secure Quick Reliable Login (https://www.grc.com/sqrl/sqrl.htm) Security Now podcast (https://www.grc.com/securitynow.htm) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 28 Mar 2018 04:00:00 -0400
Which Hard Drive Is Best for Your Mac?
We look at the three different types of hard drives you can use with your Mac: hard disks, fusion drives, and SSDs. We also discuss a cryptocurrency miner in the Mac App store, a new device that can crack any iPhone, and rumors of new Mac laptops. Unwanted Cryptomining Debuts (Briefly) in Mac App Store There’s a currency miner in the Mac App Store, and Apple seems OK with it (https://arstechnica.com/information-technology/2018/03/theres-a-currency-miner-in-the-mac-app-store-and-apple-seems-ok-with-it/) A Surreptitious Cryptocurrency Miner in the Mac App Store? (https://objective-see.com/blog/blog_0x2B.html) Intego video: How to Avoid Cryptojacking on a Mac (Unwanted Cryptocurrency Mining) How to Use Activity Monitor to Troubleshoot Problems on a Mac GrayKey iPhone unlocker poses serious security concerns (https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/) Apple may launch 13-inch MacBook with Retina Display priced like a MacBook Air (https://www.techradar.com/news/apple-may-launch-13-inch-macbook-with-retina-display-priced-like-a-macbook-air) How to Choose the Right Hard Disk for Your Mac Correction: you still can buy a couple of Macs with hard drives. The Mac mini, and the 21.5" iMac come with hard drives in their cheapest version. The Year in Mac Security, and Tips for Backing Up Your Mac Tweet by Lesley Carhart about smart speakers, smartphones, etc. (https://twitter.com/hacks4pancakes/status/972916184457900032) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 21 Mar 2018 04:00:00 -0400
Passwords in the Cloud
How secure are your passwords and other data in the cloud? We discuss how Apple's iCloud Keychain works, and whether you can trust it. In the news, we look at the "Right to Repair" bill in California, and discuss whether iTunes is going away. (Spoiler: no.) California to Introduce 'Right to Repair' Bill Requiring Smartphone Manufacturers to Offer Repair Info and Parts (https://www.macrumors.com/2018/03/07/california-right-to-repair-bill/) iFixit Repair Manifesto (https://www.ifixit.com/Manifesto) Kirk's experiment adding a hybrid drive to a Mac mini in 2010 (https://www.macworld.com/article/1154959/storage/momentusxthybrid.html) Apple confirms it will stop taking iTunes LP submissions as of this month (https://www.theverge.com/2018/3/6/17087184/apple-itunes-lp-submissions-stops-march-2018) ‘End of iTunes?’: Leaked Apple email sparks fears over future of music downloads (http://metro.co.uk/2018/03/06/end-itunes-leaked-apple-email-sparks-fears-future-music-downloads-7365412/) Mac and iOS Keychain Tutorial: How Apple’s iCloud Keychain Works Episode 6: Passwords Are Hard Cypher Suite (Wikipedia) (https://en.wikipedia.org/wiki/Cipher_suite) iCloud security overview (https://support.apple.com/HT202303) Is Using FileVault Encryption in macOS Good Enough? How to Encrypt and Password Protect Files on Your Mac Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 14 Mar 2018 05:00:00 -0400
Changes Coming to macOS Server
Apple is simplifying its macOS Server software, and we discuss what you may want to do if you use this software. We also look at some recent news, such as how a Mac user was able to track a Mac his sold for three years, and how a company claims they can unlock every iPhone. Phone-cracking firm advertises that it can unlock any iPhone (https://www.grahamcluley.com/phone-cracking-firm-advertises-can-unlock-iphone/) Backdoor (Wikipedia) (https://en.wikipedia.org/wiki/Backdoor_(computing)) Cellebrite (https://www.cellebrite.com/en/home/) How I sold an old Mac and unknowingly had access to its location for over 3 years (https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf) Identify legitimate emails from the App Store or iTunes Store (https://support.apple.com/en-us/HT201679) The Future of macOS Server Plex (https://www.plex.tv) macOS Server (Wikipedia) (https://en.wikipedia.org/wiki/MacOS_Server) Episode #15: What's a VPN, and Why Should You Use One? Kirk's email from Dropbox https://www.intego.com/mac-security-blog/wp-content/uploads/2018/03/dropbox-email.png Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 07 Mar 2018 04:00:00 -0500
To Beta or Not to Beta…
Is it a good idea to join Apple’s public beta programs, to get access to new features before everyone else? We discuss the pros and cons of being a guinea pig. We also highlight some recent Mac security issues and malware. Apple Releases Security Updates to Patch the Telugu Character Bug APFS Bug in macOS High Sierra Can Cause Data Loss When Writing to Disk Images (https://www.macrumors.com/2018/02/19/apfs-bug-macos-data-loss-disk-images/) macOS may lose data on APFS-formatted disk images (https://bombich.com/blog/2018/02/15/macos-may-lose-data-on-apfs-formatted-disk-images) How to Encrypt Disk Images with Disk Utility to Protect Sensitive Files OSX/Shlayer: New Mac Malware Comes out of Its Shell VirusBarrier Scanner (free in the Mac App Store) Apple Beta Software Program (https://beta.apple.com/) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 28 Feb 2018 08:00:00 -0500
Do You Really Want an AI Listening to You All the Time?
We discuss Apple's HomePod, and the security implications of having an AI listening to you all the time. We also cover news about the Chrome browser's new built-in ad blocker, a text message bug that affects Apple devices (and is now fixed), and an interesting new chip in Apple's iMac Pro. Google turns on default adblocker within Chrome (https://www.theguardian.com/technology/2018/feb/15/google-adblocker-chrome-browser) This new text bomb crashes most Mac and iOS apps with a single Unicode symbol (https://techcrunch.com/2018/02/15/iphone-text-bomb-ios-mac-crash-apple/) (Note that Apple released security updates for all its operating systems a few days after we recorded this episode.) Fuzzing (https://www.wired.com/2016/06/hacker-lexicon-fuzzing/) Apple’s New iMac Pro Delivers Enhanced Security with the T2 Chip Microsoft tightens Windows 10's Secure Boot screws: Where does that leave Linux? (https://www.pcworld.com/article/2901262/microsoft-tightens-windows-10s-secure-boot-screws-where-does-that-leave-linux.html) Apple HomePod Review: Superior Sound, but Limited by Siri Episode 11: Handcuffs Made of Tissue Paper (discussion of differential privacy) Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 21 Feb 2018 04:00:00 -0500
The Year in Mac Security, and Tips for Backing Up Your Mac
We look at the year in Mac security 2017, and discuss the rise in malware. And we discuss the best strategies for backing up your Mac. But first, Kirk tells about how his website was (sort of) hacked. NameCheap Name Server Vulnerability Allows Unauthorized Users to Create Sub-Domains Subdomain (Wikipedia) (https://en.wikipedia.org/wiki/Subdomain) DNS - Domain Name System (Wikipedia) (https://en.wikipedia.org/wiki/Domain_Name_System) Registrar Namecheap let miscreants slap spam, malware on unlucky customers' web domains (https://www.theregister.co.uk/2018/02/07/namecheap_subdomain_security_hole/) A Look Back at the Top Mac Security Stories of 2017 Smashing Security podcast, episode 64: So just a "teeny tiny" security issue then? (https://www.smashingsecurity.com/64) Macro virus (Wikipedia) (https://en.wikipedia.org/wiki/Macro_virus) Intego Mac Podcast, episode 16: Malware and Security Lingo: What Do Those Words Mean? All the articles on the Intego Mac Security Blog about Adobe Flash vulnerabilities. (There's lots.) Intego Personal Backup How to Set up Your Own Time Machine Server 4 Types of Backup Hard Drives for Mac Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 14 Feb 2018 05:00:00 -0500
Ad Blocking: The Good, the Bad, the Ugly, and the Ethics
An overuse of ads has made it hard to read websites. In order to read easily, and safely, it's useful to use an ad blocker. We discuss why you may want to use an ad blocker, how they work, and how to use them in macOS and iOS. Ad-Blockers: The Good, the Bad, and the Ethics Episode 15: What's a VPN, and Why Should You Use One? (Where we discussed Apple's malware removal tool). Intego Virus Barrier Scanner (free; Mac App Store) Strava Fitness App Can Reveal Military Sites, Analysts Say (https://www.nytimes.com/2018/01/29/world/middleeast/strava-heat-map.html) iBlocker (https://1blocker.com), AdBlock (https://getadblock.com), Ghostery (https://www.ghostery.com) Web Beacon (Wikipedia) (https://en.wikipedia.org/wiki/Web_beacon) NoScript (https://noscript.net) Hackers spread malware via Yahoo ads (https://www.scmagazine.com/hackers-spread-malware-via-yahoo-ads/article/532507/) Malware in ads turn computers into zombies (https://www.usatoday.com/story/tech/2015/01/20/malvertising/21889547/) YouTube ads are the latest ground zero for nefarious crypto mining (https://mashable.com/2018/01/27/coinhive-youtube-google-doubleclick/#US_6Ii_IRaqs) Just doesn’t feel good (https://marco.org/2015/09/18/just-doesnt-feel-good) Safari 11: How to Customize the Way Websites Are Displayed Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 07 Feb 2018 05:00:00 -0500
Malware and Security Lingo: What Do Those Words Mean?
We use lots of strange words to describe malware and security issues. We look at malware and security lingo, explain who gets to name new malware, and also talk about Apple's latest updates to all their operating systems. Apple security update information (https://support.apple.com/en-us/HT201222) macOS Sierra, OS X El Capitan Updates Patch Meltdown Flaw Episode 15: What's a VPN, and Why Should You Use One? Meltdown and Spectre: What Apple Users Need to Know cURL (Wikipedia) (https://en.wikipedia.org/wiki/CURL) Viruses, Worms and Spyware—Yikes! A Look at Malware Terminology WannaCry and the State of Mac Ransomware Intego Interviews: Amit Serper on OSX.Pirrit Adware/Malware How Does Malware Naming Work? Melissa (Wikipedia) (https://en.wikipedia.org/wiki/Melissa_(computer_virus)) Flashback to the Biggest Mac Malware Attack of All Time—Is it Still a Threat? Get 60% off Intego's Mac Premium Bundle X9 with the code INTEGOPODCAST. Download now and try it for free at intego.com.
Wed, 31 Jan 2018 05:00:00 -0500
What's a VPN, and Why Should You Use One?
After a brief discussion of the week's news, we look at VPNs, virtual private networks. We explain how they work, and when and why you might want to use one. Note that Apple released fixes for the Messages bug and some other issues we discuss on January 23, the day before this episode was published. ¡Ay, MaMi! New DNS-Hijacking Mac Malware Discovered (Updated) How the Anti-Malware Function in Apple’s Snow Leopard Works (This article explains Apple's XProtect, when it was first introduced.) Why Your Antivirus Needs Real-Time Scanning Test pop-up windows (http://www.popuptest.com) Malicious Link Texted to Mac and iOS Devices Can Cause Freezes and Resprings (Updated) (https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/) Apple CEO Tim Cook Says Power Management Feature in Older iPhones Will Be Able to Be Turned Off in Future Update (https://www.macrumors.com/2018/01/17/tim-cook-on-iphone-battery-controversy/) We Don't Need No Stinkin' Battery Features - Apple Releases iOS 11.2.5 Public Beta 6 (https://www.forbes.com/sites/anthonykarcz/2018/01/18/we-dont-need-no-stinkin-battery-features-apple-releases-ios-11-2-5-public-beta-6/#6e27deab3da2) How to Remove Wi-Fi Networks from Your Mac and iOS Device Why You Should Connect to a VPN on Mac and iOS — and How To This Home VPN Router Setup Protects Your Traffic Wherever You Are the JoshMeister's LOST Blog and Podcast Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 24 Jan 2018 04:00:00 -0500
What's Up with My iPhone's Battery?
We discuss and explain the issue around iPhone batteries, and tell you what to do if your iPhone's battery isn't lasting all day. We also look at a new, dumb password bug in macOS High Sierra, new Wi-Fi security standards, and new Mac malware. Yet another macOS High Sierra bug: Unlock App Store system preferences with any password (https://www.macworld.com/article/3246634/macs/macos-high-sierra-bug-unlock-app-store-system-preferences.html) Is Apple Even Paying Attention To macOS Security Anymore? (https://www.howtogeek.com/339063/is-apple-even-paying-attention-to-macos-security-anymore/) Wi-Fi Alliance announces new WPA3 security protections (https://www.theverge.com/2018/1/9/16867940/wi-fi-alliance-new-wpa3-security-protections-wpa2-announced) ¡Ay, MaMi! New DNS-Hijacking Mac Malware Discovered Domain Name System (Wikipedia) (https://en.wikipedia.org/wiki/Domain_Name_System) Intego New Mac User Center A Message to Our Customers about iPhone Batteries and Performance (Apple) (https://www.apple.com/iphone-battery-and-performance/) When iPhone Batteries Go Bad Why Apple Is Replacing the Battery on my iPhone SE iPhone Battery & Power Repair (https://support.apple.com/iphone/repair/battery-power) Apple Now Faces 26+ Lawsuits for 'Purposefully' or 'Secretly' Slowing Down Older iPhones (https://www.macrumors.com/2018/01/05/apple-faces-23-lawsuits-for-iphone-slowdowns/) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 17 Jan 2018 05:00:00 -0500
Is My Computer's CPU Secure?
Meltdown and Spectre; two vulnerabilities that affect the majority of computers and portable devices in circulation, need software and perhaps hardware fixes to be secure. Josh discuss an interview he conducted with a security researcher on some particularly malicious adware/malware. We also answer some reader email, and explain what "hashing" is. Meltdown and Spectre: What Apple Users Need to Know CERT: Only way to fix Meltdown and Spectre vulnerabilities is to replace CPU (Update: CERT backtracks) (https://venturebeat.com/2018/01/04/cert-only-way-to-fix-meltdown-and-spectre-vulnerabilities-is-to-replace-cpu/) Hash function (Wikipedia) (https://en.wikipedia.org/wiki/Hash_function) Episode 6, Passwords Are Hard Intego Interviews: Amit Serper on OSX.Pirrit Adware/Malware About speculative execution vulnerabilities in ARM-based and Intel CPUs (https://support.apple.com/en-us/HT208394) Assembly language (Wikipedia) (https://en.wikipedia.org/wiki/Assembly_language) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 10 Jan 2018 04:00:00 -0500
What to Do if You've Been Hacked
The producer of our podcast, Doug Adams, had his iCloud account hacked, and he joins us to explain what happened, and how he resolved the issue. We talk about what to do if this happens to you. And we tell you everything you need to know to not be a victim of phishing. Your Apple ID and phone number are now being used for iMessage on a new Mac. screenshot https://www.intego.com/mac-security-blog/wp-content/uploads/2018/01/alert.png iMessage hack floods Apple users with Chinese texts (Mashable) (http://mashable.com/2016/10/19/apple-imessage-hack/#gFGPoNGo4iqs) haveibeenpwned.com (https://haveibeenpwned.com) Clever Phishing Scam Targets Your Apple ID and Password If you think your Apple ID has been compromised (https://support.apple.com/HT204145) Intego Mac Podcast, Episode 5: Two-Factor Authentication Phishing Dangers in Business and How to Avoid Getting Hooked HMRC issues Christmas warning about iTunes gift card scam (https://www.gov.uk/government/news/hmrc-issues-christmas-warning-about-itunes-gift-card-scam) The Spanish Prisoner scam (Wikipedia) (https://en.wikipedia.org/wiki/Spanish_Prisoner) Hello You have 7 messages View Mario Romero, Support spam scam screenshot https://www.intego.com/mac-security-blog/wp-content/uploads/2018/01/phishing-email.jpg Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 03 Jan 2018 04:00:00 -0500
Handcuffs Made of Tissue Paper
Search engines collect and harvest lots of data about you, what you look for, where you are, and what you buy. We explain how you can tell Google to store less of their data, and how to change to a more privacy-friendly search engine. And we explain what Apple's "differential privacy" is all about. Learning with Privacy at Scale (https://machinelearning.apple.com/2017/12/06/learning-with-privacy-at-scale.html) How One of Apple's Key Privacy Safeguards Falls Short (https://www.wired.com/story/apple-differential-privacy-shortcomings/) Corpus Linguistics (Wikipedia) (https://en.wikipedia.org/wiki/Corpus_linguistics) macOS Sierra: Share analytics information with Apple (https://support.apple.com/kb/PH25654?locale=en_US) Share analytics, diagnostics, and usage information with Apple (iOS) (https://support.apple.com/en-us/HT202100) Everything Google Knows about You (and How to Search Privately) The data that Google collects (https://privacy.google.com/your-data.html) People are getting locked out of innocuous Google Docs for supposedly violating Terms of Service (https://www.theverge.com/2017/10/31/16581406/google-docs-error-terms-of-service-lock-out) Google: My Activity (https://myactivity.google.com/myactivity) How to Switch Search Engines on Mac OS X and iOS (And Why You Should) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 27 Dec 2017 06:00:00 -0500
Tom Cruise Is in Every Starbucks
With just a few days before Christmas, we discuss how to safely shop online in the holiday season and all year round. We also talk about a recent Apple firmware update for AirPort base stations, one that patches the KRACK exploit. Wi-Fi KRACK Vulnerabilities: FAQ for Mac, iPhone and iPad Users AirPort Base Station Firmware Update 7.7.9 Information (https://support.apple.com/kb/DL1948) AirPort Base Station Firmware Update 7.6.9 Information (https://support.apple.com/kb/DL1949) Automate and remotely access your HomeKit accessories (https://support.apple.com/HT207057) HTTPS (Wikipedia) (https://en.wikipedia.org/wiki/HTTPS) Comcast continues to inject its own code into websites you visit (https://thenextweb.com/insights/2017/12/11/comcast-continues-to-inject-its-own-code-into-websites-you-visit/) 6 Cyber Security Tips for Holiday Shopping Online Proactively Protecting Your Online Information with 5 Easy Tips Extended Validation Certificate (https://en.wikipedia.org/wiki/Extended_Validation_Certificate) Extended Validation (EV) Certificates Abused to Create Insanely Believable Phishing Sites (https://www.bleepingcomputer.com/news/security/extended-validation-ev-certificates-abused-to-create-insanely-believable-phishing-sites/) Episode #6: Passwords Are Hard (correcthorsebatterystaple) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 20 Dec 2017 07:00:00 -0500
This Is Potemkin Security
Apple discovered an embarrassing bug on December 2, and had to rush out a hurried update to fix it. We discuss this, look at the best way to back up iOS devices, and explain a change that Apple has made to iOS that trades security for convenience. Early reports about the December 2 bug (https://www.macrumors.com/2017/12/02/ios-11-1-2-date-bug-crash-loop/) Apple support document about the December 2 crash (https://support.apple.com/en-us/HT208332) Intego Mac Podcast, Episode 8: I Have Root “I Am Root”: A Retrospective on a Severe Mac Vulnerability Apple Releases macOS 10.13.2 High Sierra, iOS 11.2 and More with Security Fixes Should You Back Up Your iOS Device to iCloud or iTunes? What does iCloud back up? (https://support.apple.com/en-gb/HT207428) Apple, stop being stingy with the iCloud storage (https://www.macworld.com/article/3096106/data-center-cloud/apple-stop-being-stingy-with-the-icloud-storage.html) Time Machine Basics: How To Keep Your Data Backed Up iOS 11 Encrypted Backup Change Reduces Security, Boosts Data Safety (http://tidbits.com/article/17658) Intego Podcast, Episode 6: Passwords Are Hard (correcthorsebatterystaple) iOS 11 Horror Story: the Rise and Fall of iOS Security (Elcomsoft) (https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/) Public-key cryptography (Wikipedia) (https://en.wikipedia.org/wiki/Public-key_cryptography) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 13 Dec 2017 04:00:00 -0500
I Have Root
We discuss the recent serious vulnerability that affects macOS High Sierra, which prompted Apple to rush out a security update. We explain what this means, and how important it is to keep your Mac up to date. “I Am Root”: A Retrospective on a Severe Mac Vulnerability The "sudo" command (Wikipedia) (https://en.wikipedia.org/wiki/Sudo) High Sierra Root Login Bug Was Mentioned on Apple’s Support Forums Two Weeks Ago (https://daringfireball.net/2017/11/high_sierra_root_login_two_weeks_ago) Contact Apple About Security Issues (https://support.apple.com/HT201220) About the security content of Security Update 2017-001 (https://support.apple.com/HT208315) Behind iPhone's Critical Security Bug, a Single Bad 'GOTO' (https://www.wired.com/2014/02/gotofail/) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 06 Dec 2017 05:15:00 -0500
Tom Cruise Is in the Row Behind You
We look at a fake antivirus blog that's distributing malware, and we discuss why you need to protect your Mac when you're at the coffee machine. Because Tom Cruise might be lurking near your Mac. Watch Out! A Fake Antivirus Blog is Distributing Proton Malware Handbrake’s Server Compromised, Download Installs Complex Trojan Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App Malware Spreads through Modified Transmission Application (Again) OSX/Proton Malware is Back! Here’s What Mac Users Need to Know Want to read about Flash Player vulnerabilities? Here's a search for "Flash Player" on the Mac Security Blog. There's a lot of articles. iStat Menus Episode 6: Passwords Are Hard (correcthorsebatterystaple) How to Lock Your Mac Screen and Protect It from Prying Eyes Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 29 Nov 2017 05:00:00 -0500
Episode 6: Passwords Are Hard (correcthorsebatterystaple)
Kirk and Josh talk take a close look at passwords, how to create secure passwords, and what types of passwords to avoid. Episode 5: Two-Factor Authentication; Should You Be Worried about Bitcoin? haveibeenpwned.com (https://haveibeenpwned.com) correcthorsebatterystaple (XKCD) (https://xkcd.com/936/) List of the most common passwords (Wikipedia) (https://en.wikipedia.org/wiki/List_of_the_most_common_passwords) How to Choose the Right Password Manager for You Bruce Schneier (https://www.schneier.com) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 22 Nov 2017 04:00:00 -0500
Two-Factor Authentication; Should You Be Worried about Bitcoin?
Kirk and Josh talk explain what two-factor authentication is and why you should use it, then discuss Bitcoin, and explain how some apps and websites hijack your processor to make (virtual) money. Two-Factor Authentication: How It Works and Why You Should Use It MacVoices Update: Twitter Unhacked... (http://www.macvoices.com/macvoices-update-twitter-unhacked-overcast-issues-patreon-campaign/) Two-factor authentication for Apple ID (https://support.apple.com/HT204915) Multi-factor authentication (Wikipedia) (https://en.wikipedia.org/wiki/Multi-factor_authentication) Security tokens (Wikipedia) (https://en.wikipedia.org/wiki/Security_token) 1Password (https://1password.com) Google Authenticator (https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DiOS&hl=en&oco=0) Unlock your Mac with Apple Watch (https://help.apple.com/watch/#/apd4200675b8?cid=acs::applesearch) Why You Shouldn’t Use SMS for Two-Factor Authentication (and What to Use Instead) (https://www.howtogeek.com/310418/why-you-shouldnt-use-sms-for-two-factor-authentication/) Here's how to stop SIM fraudsters from draining your bank account (https://www.digitaltrends.com/mobile/sim-swap-fraud-explained/) Bitcoin (https://bitcoin.org/en/) Cryptocurrency (Wikipedia) (https://en.wikipedia.org/wiki/Cryptocurrency) Cryptojacking craze that drains your CPU now done by 2,500 sites (https://arstechnica.com/information-technology/2017/11/drive-by-cryptomining-that-drains-cpus-picks-up-steam-with-aid-of-2500-sites/) How to Use Activity Monitor to Troubleshoot Problems on a Mac No Coin (Firefox add-on to block in-browser cryptocurrency miners) (https://addons.mozilla.org/en-US/firefox/addon/no-coin/) (The Chrome extension "AntiMiner" is no longer available, so the link has been removed) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 15 Nov 2017 04:30:00 -0500
iOS Apps and Privacy; Amazon Wants to Open Your Front Door
Kirk and Josh talk discuss recent issues around apps having access to your iPhone's or iPad's camera all the time. They then wonder if they'd let Amazon go into their homes when no one's there to drop off packages. iOS apps can access both your cameras at any time (https://krausefx.com/blog/ios-privacy-watchuser-access-both-iphone-cameras-any-time-your-app-is-running) iOS 11: A Complete Guide to iOS Security and Privacy Hacker Lexicon: What Are White Hat, Gray Hat, and Black Hat Hackers? (https://www.wired.com/2016/04/hacker-lexicon-white-hat-gray-hat-black-hat-hackers/) Amazon Key (https://www.amazon.com/b?&node=17285120011) French mailboxes (https://www.laposte.fr/particulier/expedition-colissimo/qu-est-ce-que-la-boite-aux-lettres-normalisee) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 08 Nov 2017 05:00:00 -0500
New Mac Malware, and Apple's New APFS File System
Kirk McElhearn and Josh Long talk about the latest Mac malware and threats, and look at Apple's new APFS file system, and what you need to know as you upgrade to macOS High Sierra. KRACK and the state of malware that affects Macs Wi-Fi Protected Access II (WPA2) (https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access) OSX/Proton Malware is back How the Anti-Malware Function (XProtect) in Apple’s Snow Leopard Works The Ins and Outs of Apple’s New File System, APFS HFS Plus file system (https://en.wikipedia.org/wiki/HFS_Plus) ZFS file system (https://en.wikipedia.org/wiki/ZFS) Apple’s APFS info and FAQ (https://developer.apple.com/library/content/documentation/FileManagement/Conceptual/APFS_Guide/FAQ/FAQ.html) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Wed, 01 Nov 2017 04:00:00 -0400
Intego's 20th Anniversary, and a Look at Apple's Face ID
Kirk McElhearn and Josh Long chat with Serge Kameni, a long-time Intego developer, about the company's early years, then discuss Apple's Face ID, coming with the iPhone X. Happy Anniversary! Intego Celebrates 20 Years in Business Apple’s Face ID Security white paper (PDF) (https://images.apple.com/business/docs/FaceID_Security_Guide.pdf) Macworld: Face ID FAQ (https://www.macworld.com/article/3225406/iphone-ipad/face-id-iphone-x-faq.html) Tom's Guide: Face ID FAQ (https://www.tomsguide.com/us/face-id-faq,news-25910.html) Get 50% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Mon, 23 Oct 2017 13:00:00 -0400
Introducing the Intego Mac Podcast
Kirk McElhearn and Josh Long introduce the Intego Mac Podcast and discuss Apple's recent macOS and iOS operating system upgrades, and take a close look at Apple's security and privacy features. Apple's Privacy page Read about the Secure Enclave in this Apple iOS Security White Paper (PDF) The Secure Enclave hack is discussed in Month in Review: Apple Security in August 2017 Kirk's Apple Pay fraud experience iOS 11: A Complete Guide to iOS Security and Privacy Get 40% off Intego's Mac Premium Bundle X9 with the code PODCAST19. Download now and try it for free at intego.com.
Thu, 05 Oct 2017 13:00:00 -0400