Archives for Category : Security

A fake anti-virus application called “MAC Defender” is making the rounds. DO NOT DOWNLOAD OR INSTALL IT as it is a fake. It reports bogus virus infections and requests your credit card number to remove them. Details are here:

• Apple: How to avoid or remove Mac Defender malware
• ars technica: Fake “MAC Defender” antivirus app scams users for money, CC numbers

You can’t be spontaneously “infected” by this piece of garbage, you have to run it and enter your admin account password before it can install itself. Don’t!

To repeat, MAC Defender is a fake. Do not install it!

2011-May-31 Update

Security Update 2011-003 is now available via Software Update in the apple menu. This update detects known instances of the Mac Defender malware with the list of known instances automatically updated as needed.

If you use Skype for your audio and video conferencing make sure you’ve got the latest and greatest version as it contains a fix for a bug that could potentially allow malicious persons full access to your machine:

• The Register: Skype bug gives attackers access to Mac OS X machines
• Skype: Security Vulnerability in Mac Client Has Been Addressed
• Skype: Download Skype 5.1 for Mac

The fix was released about a month ago so if you haven’t updated your Skype application since then be sure to do it soon.

NOTE: PowerPC Mac users still using Skype 2.8 don’t have to worry as that version never had the problem.

You’ve probably been hearing a lot lately about how Apple is tracking your every move via the GPS on your iPhone. Or at least that’s what the headlines say.

The reality is a bit different, as spelled out in this press release from Apple:

• Apple Q&A on Location Data

The upshot is that the database in question contains the GPS locations of nearby Wi-Fi hotspots and cell towers and their GPS coordinates. The nefarious purpose of this information? To give faster location data to apps that request it with your permission (“Application XYZ wants to use your location …”) Details are in the Q & A.

The location data is an amalgamation of locations from all iPhone users in a given area with no personally identifying information included. It is not your specific location, it is the location of various radio sources in the area surrounding where you’ve been. Up to 100 miles away in fact. Using GPS alone could take several minutes for a result or may not be possible at all if you are indoors for example. Using this crowd sourced data gives results in seconds.

There is a bone fide bug in Apple’s current implementation in that the cached data is kept much longer than it should be, possibly up to a year where Android phones using the same technique correctly only keep the last week or so worth of cached data. According to the Q & A, Apple will be fixing this soon.

Anyway, them’s the facts. Feel free to chime in with your comments.

2011-04-29 Update

Macworld has an excellent article explaining exactly how Apple’s GPS-assist works:

• Macworld: How the iPhone knows where you are

What’s amazing to me is not just how inaccurate some of the original reporting was, one article stated flat out that Apple tracks your exact location, but how some of the follow up reports continue to get it wrong.

I just received a bogus Apple App Store order confirmation email containing an Order Status link that points to (a presumably compromised) guitar store web site. I can only assume that clicking on the link will take me to a faked form where the low-life scammer will try to steal credit card or other information. Here is what the message looked like:

This is a fake! When I hover the mouse cursor over the Order Status link for a few seconds I see that it points to a web site named best-guitar.net rather than Apple, which is a pretty big hint that’s it’s not legitimate. I’ve never received a notification from Apple’s App Store that looks like this so that raised alarm bells as well.

Be aware that this and similar scams are making the rounds.

Apple has released a bug fix update to the iPhone OS, version 3.0.1, that fixes a very critical security issue which could allow someone to compromise the device by sending a carefully crafted SMS text message. Plug your iPhone into the Mac or PC you normally sync with, select the iPhone in the devices section of iTunes, then perform an update using the appropriate button on the Summary tab.

NOTE: This does not impact iPod touch users since those devices do not support SMS texting.