Various thoughts from an educational professional & geek.
Hackers have finally breached Apple's security but your iPhone's probably safe (for now) ...
Get link
Facebook
Twitter
Pinterest
Email
Other Apps
Cyber security experts recently discovered that the almost impenetrable Apple App Store had been hacked. While cyber break-ins have become routine news for many companies, Apple has long prided itself on providing technology for its phones and tablets that was incredibly secure.
This was done by controlling how developers – the people who create your apps on your device – not only create their code but also upload it on to the app store. Steve Jobs ensured that Apple would check each app before it entered the marketplace, as well as the developers themselves, and the firm has enforced tight controls on what the devices could access.
This meant that Apple mobile products arguably were (and probably still are) the most secure you could buy. However a new attack dubbed XCodeGhost has done a great job of undermining Apple’s otherwise strong security.
The attack method used was cunning and, in a technical sense, impressive. Rather than attack the devices or the App Store, the hackers compromised the Xcode framework, the underlying programming system used by developers to create the apps. This is akin to poisoning a city’s water supply at its source rather than attacking the settlement’s buildings or army directly.
App developers use a suite of software known as Xcode to create programs for Apple devices. Within this is a large library of functions that enable each created app to talk to the underlying phone or tablet. Each library function has different roles, from allowing you to share your location to making your phone sound like a light sabre when you wave it around.
The hackers created a malicious program (malware) that used the internet to seek out Mac computers with Xcode installed, gambling on the possibility that some of these devices were used to create apps for the Apple App store. It then dropped contaminated code library features into the Xcode system. These will appear to do what the app developers programmed them to do but also capture and send personal data from your device back to the hackers.
Malicious intentShutterstock
Security experts are concerned that this innovative attack leaves Apple open to future attacks. It attacks anyone who has this coding environment installed on their computer system and compromises the code before it enters the secured systems offered by Apple.
Not only is this embarrassing for the company, as their checks clearly missed this compromise. It is also embarrassing for the many developers affected as their own internal security and anti-malware processes have been compromised.
What does this mean for you?
If you are the owner of an iPhone or iPad, there is nothing you can do. Apple has never offered Apple device owners the opportunity to protect their own technology. Apple has owned this, controlled this and until recently has been very successful in protecting its products.
Android-powered devices have historically been relatively vulnerable to an excess of 40,000 types of malware. The equivalent number for Apple devices remains very low. However, this new and interesting attack means that attackers have established an alternative route into your device, through the framework used by app developers. They only need one compromised app from one compromised developer machine to be successful.
Different experts have already found multiple apps, such as Angry Birds 2, that are infected. Many of these apps are being updated in earnest by their creators to patch the security breach and new versions are automatically being installed on your iPhone or iPad. If you are ultra concerned you can delete the app and re-install in a few days time when you know it has been secured.
In order to prevent further breaches, Apple must review its security policies and how it checks all code before it enters their App Store. It also means that the onus is on all developers to improve the way they scan their own systems. Otherwise, Apple will refuse to allow them to participate in this otherwise very successful and secure system.
Explainer: should you change your password after Heartbleed? By Andrew Smith , The Open University If you’re struggling to understand the deluge of information about the Heartbleed vulnerability , you’re not alone. Some reports tell us to change all our online passwords immediately, others warn us that this could do more harm than good. There is a lot of misinformation out there. It is essential that you do not panic but nor should you be complacent. We all need a good old fashioned mix of common sense and prudence. What is Heartbleed? On many of the servers and internet web services we use, there is a free and open source security technology called OpenSSL . In simple terms, when you see the padlock beside the web page URL , you have a secure and encrypted web connection that may have been managed by the OpenSSL software. To date, OpenSSL has worked incredibly well. Network engineers and users like you have been more than happy with the service it has provided. But Google
The wheels at my university are renowned for being slow and cumbersome. However, getting a simple prepackaged course from a 3rd party with no rights issues out there has been nothing short of escargot'esqe. As of the 1st of May 2017 - we have our first Linux NAL - following the model of the relevant knowledge courses that once occupied the students of the Open University. Offering Linux is not a new notion - having offered for three years a short course in Linux that was at the time ahead of most in reaching a distance learning population. In this short time, we engaged with over 2400 students giving them all a taste of Linux. Now, with the maturity of HTML5 and some considerable insight from NDG and LPI in collaboration with Cisco Systems. We are able to offer a fully remote Linux experience. With the Linux operating system running as a web browser based cloud instance. Our first presentation of this course will have all the hallmarks of a discovery experience - while
You have to face it, in some ways we are all fish in our own personal ponds. Some of us succeed in changing the water, finding a different or more interesting pond. Yet remain a fish in water, unless we evolve, Often work takes me around the country (and sometimes the world). Part of my working ethos is to share advice, experience and a can do (rather than a cannot do) approach to qualification delivery. Yet so many seem trapped in a self created universe; a perception of what their limitations are and how they bind them in what they do. It is rare to see fish fly, but they do, it is rare to see fish survive out of water but some can. Some fish climb, to change their environment others seek bigger more plentiful ponds until they become oceans. You can't free a fish from water, that is its choice alone.
Comments
Post a Comment