AuthorJonny Evans

Why Apple must be looking into using blockchain

Everyone who can is looking into using Blockchain and Apple is no exception, though it will be a long time before we see any consumer-facing implementations of this.

Apple looks at lots of technologies

If it’s on the Gartner Hype Cycle you can bet a few bucks Apple is looking at it.

That’s why I think it will eventually introduce a 3D printer that works in conjunction with ARKit (unverified prediction), and also why it must be thinking about how to use blockchain.

To read this article in full, please click here

Apple, Amazon server spy story is wake-up call to security pros

Apple and Amazon have strenuously deniedBloomberg’s claims of a sophisticated hardware exploit against servers belonging to themselves and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips

Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it’s claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer, Super Micro. That company’s server products are/were also used by Amazon, the U.S. government and 30 other organizations. The chips were (it is alleged) put in place by employees bribed by Chinese government agents.

To read this article in full, please click here

Apple, Amazon server spy story is wake-up call to security pros (u)

Apple and Amazon have strenuously denied Bloomberg’s claims of a sophisticated hardware exploit against servers belonging to them and numerous other entities, including U.S. law enforcement  

Chinese, Apple and chips

Put in very simple terms, the claim is that malicious chips were found inside servers used in data centers belonging to the tech firms.

These chips (it’s claimed) worked to exfiltrate data from those servers, which were themselves sourced from server manufacturer Super Micro. That company’s server products are/were also used by Amazon, the U.S. government, and 30 other organizations. The chips were allegedly put in place by employees bribed by Chinese government agents.

To read this article in full, please click here

Easy to prevent Apple flaw may threaten enterprise security

An obscure flaw in Apple’s Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing

Duo Security researchers say they’ve figured out how to enrol a rogue device onto an enterprise’s MDM system, if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple’s Device Enrolment Program (DEP), but not yet set-up on the company’s MDM server, they said.

To read this article in full, please click here

Easy-to-prevent Apple flaw may threaten enterprise security

An obscure flaw in Apple’s Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.

Serial number spoofing

Duo Security researchers say they’ve figured out how to enroll a rogue device onto an enterprise’s mobile device management (MDM) system if the business has failed to enable authentication on devices enrolled on the system.

To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple’s Device Enrollment Program (DEP) but not yet set up on the company’s MDM server, they said.

To read this article in full, please click here

9+ iOS 12 security improvements you should know about

Apple has shipped iOS 12 and it’s packed with new security improvements and settings every user needs to know about.

Ad tracking

Apple has made it much harder for data harvesting companies to exfiltrate your data without you knowing.

Safari in iOS 11 blocked third-party cookies that tracked you across multiple websites and cookies older than 30-days in age.

iOS 12 also gives you the option to block social media sharing icons and comment boxes from tracking you. Apple has also made it much harder for fingerprinting technologies to track and identify you by gathering information about your device, such as capacity or installed apps.

To read this article in full, please click here

Mac and iOS apps stealing user data — an enterprise take

Reports claiming numerous apps distributed through Apple’s App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data

On the surface, the data being extracted is kind of … personal, such as location and browser histories. Information like that provides additional insight into what individual users are up to. Why should that concern an enterprise?

That’s a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here

Mac and iOS apps stealing user data, an enterprise take

Reports claiming numerous apps distributed through Apple’s App Store are secretly exfiltrating user data should be an alarm call to enterprise CIOs. It signals a new battlefront in the eternal enterprise security wars.

The enterprise risk of personal data

On the surface, the data being extracted is kind of… personal: Location, browser histories, information like this provides additional insight into what individual users are up to. Why should that concern an enterprise?

That’s a rhetorical question, of course. Most enterprise security professionals recognize that any form of data exfiltration poses an overall challenge.

To read this article in full, please click here

Apple insists developers ramp up their privacy commitments

Apple recently told the U.S. Congress that is sees customer privacy as a “human right”, though the explanation didn’t at that time extend to how third-party developers treat data they get from iOS apps. Now it does.

Privacy for the rest of us

Starting October 3, Apple will insist that all third-party apps (including new apps and app updates) submitted to the App Store include a link to the app developer’s own privacy policy.

This is a big change as until now only subscription-based apps needed to supply this information – and it also extends to the privacy policy itself, which Apple insists must be clear and explicitly in explaining:

To read this article in full, please click here

TSMC’s iPhone chip attack is a wake-up call for enterprise security

Apple chipmaker TSMC suffered a serious WannaCry-related ransomware infection that closed down production at some of its factories. The incident should be a wake-up call for manufacturers across every industry.

Manufacturing is under attack

TSMC has said the incident was not the result of a direct attack. Instead it says its systems were exposed to the malware “when a supplier installed tainted software without a virus scan.”

The malware spread fast and impacted some of the company’s most advanced facilities used to build Apple’s A-series chips.

To read this article in full, please click here