close
  • Sc chevron_right

    Apple Patches iPhone Zero-Day

    news.movim.eu / Schneier · Thursday, 15 December - 16:43

The most recent iPhone update—to version 16.1.2—patches a zero-day vulnerability that “may have been actively exploited against versions of iOS released before iOS 15.1.”

News :

Apple said security researchers at Google’s Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.

WebKit bugs are often exploited when a person visits a malicious domain in their browser (or via the in-app browser). It’s not uncommon for bad actors to find vulnerabilities that target WebKit as a way to break into the device’s operating system and the user’s private data. WebKit bugs can be “chained” to other vulnerabilities to break through multiple layers of a device’s defenses.

  • Sc chevron_right

    Apple’s Lockdown Mode

    news.movim.eu / Schneier · Sunday, 31 July - 18:21 · 1 minute

I haven’t written about Apple’s Lockdown Mode yet, mostly because I haven’t delved into the details. This is how Apple describes it:

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.

At launch, Lockdown Mode includes the following protections:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

What Apple has done here is really interesting. It’s common to trade security off for usability, and the results of that are all over Apple’s operating systems—and everywhere else on the Internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.

There aren’t a lot of people who need Lockdown Mode, but it’s an excellent option for those who do.

News article .

EDITED TO ADD (7/31): An analysis of the effect of Lockdown Mode on Safari.

Collabora Office (@CollaboraOffice@mastodon.social)
  • Be chevron_right

    Modern XMPP — A story based on Monal

    pubsub.movim.eu / berlin-xmpp-meetup · Saturday, 9 April, 2022 - 18:31 edit

Modern XMPP — A story based on Monal

When? Wednesday, 2022-04-13 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

Where? Hybrid in xHain hack+makespace, Grünberger Str. 16, 10243 Berlin and at the Live Stream. In our virtual room xmpp:berlin-meetup@conference.conversations.im?join you can ask questions.

#jabber #xmpp #community #xhain #freesoftware #berlin #meetup #federation #ios #monal #apple #livestream

  • Be chevron_right

    Diving deep into Briar (and Monal)

    pubsub.movim.eu / berlin-xmpp-meetup · Friday, 8 October, 2021 - 18:05 edit

Diving deep into Briar (and Monal)

We are very happy to have Nico Alt from The Briar Project with us, who will give a talk Diving deep into Briar: a closer look at its internals If everything works well, the talk will be streamed over media.ccc.de. Briar is a secure messaging technology based on peer-to-peer communications with no centralized servers.

Also we will welcome a special guest, Thilo Molitor‎ from Monal, who will explain how Monal works and can answer questions. Monal is a "fast, friendly and free" Jabber/XMPP client for iOS and MacOS.

When? Wednesday, 2021-10-13 18:00 CEST (always 2ⁿᵈ Wednesday of every month)

Where?xHain hack+makespace, Grünberger Str. 16, 10243 Berlin (as formerly)

See you then!

If you watch the live stream, you may ask questions in our non-physical room (xmpp:berlin-meetup@conference.conversations.im?join). Streaming URL and other information will also be passed there.

#jabber #xmpp #community #xhain #freesoftware #berlin #meetup #federation #briar #securemessaging #monal #ios #macos

UPDATED COVID-19 RULES: To enter xHain, you must be fully vaccinated against Covid-19 or recovered ("2G"), with certificate. See Hygiene concept xHain.

  • Nu chevron_right

    L’éditeur de Fortnite demande l’aide de la Commission européenne face à Apple

    news.movim.eu / Numerama · Wednesday, 17 February, 2021 - 15:41

La bataille entre Epic Games et Apple s'étend. Désormais, une plainte est déposée devant la Commission européenne, sur fond d'accusations anticoncurrentielles. [Lire la suite]

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom ! https://www.numerama.com/vroom/vroom//

L'article L’éditeur de Fortnite demande l’aide de la Commission européenne face à Apple est apparu en premier sur Numerama .

  • Ar chevron_right

    Not just Facebook: Snap, Unity warn Apple’s tracking change threatens business

    news.movim.eu / ArsTechnica · Friday, 5 February, 2021 - 18:11

Snapchat on an iPhone.

Snapchat on an iPhone. (credit: Maurizio Pesce )

Social media company Snap (which runs Snapchat) and game development software company Unity have joined Facebook in warning their investors that Apple's imminent ad-tracking change will negatively impact their businesses.

As previously reported, Apple plans to use the next iOS update (iOS 14.5, due out in early spring) to implement a requirement that all apps on the platform gain user opt-in to track users with IDFA (ID for Advertisers) tags. IDFA tags are used to track what users do across multiple apps in order to target advertising more effectively.

Social media giant Facebook has told its own investors that the coming change to Apple's operating system could very negatively impact its advertising revenue, because this kind of tracking-based ad targeting is one of Facebook's main ingredients for success.

Read 7 remaining paragraphs | Comments

index?i=WBMcr9Wzi9I:KlPRdfvASY4:V_sGLiPBpWUindex?i=WBMcr9Wzi9I:KlPRdfvASY4:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA