All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Upgrade the memory of your 2020 iMac up to 128GB
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$1199 $779
SAVE $420

$250 $200
SAVE $50

$1699 $1299
SAVE $400

$1499 $1149
SAVE $350

$200 $140
SAVE $60

$89 $69
SAVE $20

$120 $35
SAVE $85

$178 $148
SAVE $30

$3498 $2998
SAVE $500

$3699 $1299
SAVE $2400

$1000 $700
SAVE $300

$3899 $1499
SAVE $2400

$748 $648
SAVE $100

$2999 $1999
SAVE $1000

$1699 $999
SAVE $700

$1698 $1398
SAVE $300

$4499 $4499
SAVE $click

$1399 $1049
SAVE $350

$1149 $799
SAVE $350

$1399 $1049
SAVE $350

$1498 $1198
SAVE $300

$2797 $2597
SAVE $200

$280 $250
SAVE $30

$699 $699
SAVE $click

$1699 $1299
SAVE $400

$8399 $8399
SAVE $click

$899 $799
SAVE $100

$1699 $1299
SAVE $400

All your passwords at risk with OS X and iOS, and Apple Sits on the Problem

The internet is a dangerous place for financial transactions.

The way security flaws work is that the Bad Guys keep finding them and using them to steal. When a company like Apple fails to take immediate action to discuss the risks and to mitigate them, it is MPG’s view that it is exposes itself to massive liability. Apple’s apparent silence on this issue is scary.

The research paper: Unauthorized Cross-App Resource Access on MAC OS X and iOS.

The article in The Register: Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

Keychains raided, sandboxes busted, passwords p0wned, but Apple silent for six months.

Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's password-storing keychain, break app sandboxes, and bypass its App Store security checks.

Attackers can exploit these bugs to steal passwords from installed apps, including the native email client, without being detected.

The team was able to upload malware to Apple's app stores, and passed the vetting processes without triggering any alarms. That malware, when installed on a victim's Mac, raided the keychain to steal passwords for services including iCloud and the Mail app, and all those stored within Google Chrome.

Xing says he reported the flaws to Apple in October 2014.”.

Our study brings to light a series of unexpected, security-critical aws that can be exploited to circumvent Apple's isolation protection and its App Store's security vetting. The consequences of such attacks are devastating, leading to complete disclosure of the most sensitive user information (e.g., passwords) to a malicious app even when it is sandboxed.

...

"We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps."

MPG: Tim? Apple silence speaks volumes.

OWC Envoy Express

World’s first Thunderbolt 3 M.2 NVME SSD enclosure.

Super fast, bus-powered, 3.3 oz, DIY easy, rugged and compact!


See also OWC Express 4M2
√ No more slow and noisy hard drives!
OWC Thunderblade Thunderbolt 3 SSD

Blazing fast, up to 16TB.

YEE HAH!



√ No more slow and noisy hard drives!
OWC Envoy Pro EX SSD
Blazingly fast Thunderbolt 3 SSD!

Up to 4TB capacity, USB-C compatible.

USB-C model also available


Great for travel or for desktop!
OWC Accelsior 4M2 PCIe SSD
6000 MB/sec!
Mac or PC.


Ideal for Lightroom, Photoshop, video.
Capacity up to 16TB!

MacPerformanceGuide.com
View all handpicked deals...

LG UM7370PUA 70" Class HDR 4K UHD Smart LED TV
$1199 $779
SAVE $420

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__