Tag Archives: Apple

Avira

URL-Spoofing: Apple Safari Can Be Manipulated Easily

Leave a comment

What it’s about

All you need to do so is a bit of Javascript. With just a few lines of it Safari users can be deceived by what’s commonly known as URL-spoofing: During such an attack, a computer user innocently visits a web site and sees a familiar URL in the address bar such as http://www.avira.com but is, in reality, sending information to an entirely different location that would typically be monitored by a cybercriminal.

The security issue was discovered by David Leo, who put together a proof-of-concept for it. When clicking on OK a new website is being loaded. While the address bar tells you that you are visiting dailymail.co.uk the actual page is definitely a different one.

The URL-spoofing itself is done with just a few lines of code:

function f()
{
location=”http://www.dailymail.co.uk/home/index.html?random=”+Math.random();
}
setInterval(“f()”,10);

The last part, setInterval(“f()”,10); , makes sure that the address bar is reloaded ever 10 milliseconds (so you might as well say, that it’s kind of a DDoS attack, too), just before the browser can get the real page and so the user sees the “real” web address instead of the fake one. This causes the spoofed URL to flicker; sometimes it’s even possible to briefly see the actual URL.

What you can do

Your first step should always be to make sure that your browser is up to date so that security updates can be installed once available. In addition to that open up the Safari settings, go to the advanced tab, and choose “Show full website address”. The browser will then show the results of MathRandom in the address bar.

Alternatively you could also just use another browser for the time being: The code will not work in Google Chrome and Mozilla Firefox.

The post URL-Spoofing: Apple Safari Can Be Manipulated Easily appeared first on Avira Blog.

Avira

Ex-NSA Guy Points to Mac Security Flaws

Leave a comment

Whereas Apple develops its iOS with security a part of the process, with OS X development security seems to be more of an afterthought. ‘Bug bounty’ programs are one direction suggested for Apple, but until there is a change in the current approach, the vulnerabilities remain open to any would-be hackers.

At the recent RSA Conference in San Francisco, Wardle gave a presentation titled “Writing Bad@ss OS X Malware,” in which he challenges Apple’s OS X developers to change their way of thinking – especially considering that the majority of the malware getting into Macs (now measuring hundreds of thousands) is “amateur, even basic,” according to Wardle.

More advanced Mac attacks, such as the ‘Rootpipe’ backdoor, have been difficult for Apple to patch, and failed ‘fixes’ have been covered by thehackernews.com, computerworld.com, securityweek.com, forbes.com, and others in the first half of 2015.

AV-Test, a leading independent computer security testing firm, recently tested 10 different Mac OS X security software packages (you can read the full report here), writing that:

“The legend that Mac OS X is supposedly invincible is not borne out by the facts. In the aftermath of major attacks by Flashback, the police Trojan Browlock or Shellshock, the number of assaults on Mac OS X continues to increase.”

In AV-Test’s analysis, Avira Free Antivirus for Mac earned a 100% detection score against 160 new Mac-specific viruses and malware. If you’re taking chances with no security on your Mac, do yourself a favor and take care of it right now – FREE DOWNLOAD.

The post Ex-NSA Guy Points to Mac Security Flaws appeared first on Avira Blog.

AVG

Three reasons to be excited about: Mobile Payments

Leave a comment

While paying through a mobile device, wearable or digital card may seem like a high-tech near future, the reality is that mobile payments are already soaring around the globe.

Earlier in April, GSMA Mobile Money for the Unbanked (MMU) released its 2014 State of the Industry Report on mobile financial services.  The report indicates that there are already 255 mobile money services in operation across 89 countries and in over 60% of developing markets.

The arrival of major tech and finance players such as Apple, VISA and Samsung have brought the mobile payments into the spotlight and into the mainstream.

Here we look at three of the most interesting developments in recent months:

 

Digital Credit Cards

While generally still in the beta phase, digital credit cards promise to consolidate the bulk of a wallet or purse into a single card.

The idea is to forgo multiple cards and instead have a single digital card that can be programmed with the details of all your other payment and membership cards. At the touch of a button, your American Express card can become your Starbucks loyalty card. Pretty neat!

There are several major players in this space including Coin, Plastc, Swyp and Wocket.

Coin Card

 

Mobile payments are getting full backing

There’s recently been some good news for those worried about storing money in online services such as Apple Pay, PayPal or Google Wallet.

According to Yahoo Finance, the Feder Deposit Insurance Corporation (FDIC) now insures funds stored in Google Wallet.

This means that should anything happen to Google or one of the banks holding your money, your digitally stored funds are protected by the US federal government.

While most of us use services such as PayPal to directly make payments rather than actually store money, it’s reassuring to know that online digital balances are starting to get the same government protection offered to the traditional banking system.

 

Mobile payments are going social

One of the most interesting developments in the mobile payment space has been the land grab by several social networks to integrate payment services into their platforms. Both Facebook and Snapchat have both got involved.

The rise of dedicated social payment services is also worth noting. Payment service Venmo has already risen to prominence (although not with a few security hiccups on the way).

Venmo

 

I personally see social and banking as two diametrically opposed services. One should be private, secure and personal, the other open public and shared.

The fact of the matter is that there’s clearly a demand for a payment protocol with inbuilt social features so expect to see a whole lot more activity in this area in the coming months.

 

 

 

Security

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

Leave a comment

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted store for both iOS and OSX. Apple on Wednesday released […]

Security

Apple iOS 8.3 Includes Long List of Security Fixes

Leave a comment

Apple has released iOS 8.3, a major security upgrade for iPhone and iPad users that includes patches for more than three dozen vulnerabilities. The new version of iOS has security fixes for several vulnerabilities in the mobile operating system’s kernel, a handful of code-execution bugs and a long list of WebKit vulnerabilities. Apple also patched […]