21st Century Learning and Teaching

Eine Auswertung der CVE-Liste zeigt, für welche Programme und Betriebssysteme 2015 die meisten Sicherheitslücken gemeldet wurden. Wie sicher die Software ist, lässt sich daraus jedoch nicht ableiten.

Auf der wichtigsten Liste öffentlich bekannter Sicherheitslücken tauchten im Jahr 2015 besonders häufig Mac OS X, iOS und Flash auf. Das geht aus einer Auswertung von CVEDetails.com hervor, die auf der CVE-Liste (Common Vulnerabilities and Exposures) basiert.

Im Rahmen des CVE-Projektes vergeben wichtige Software-Hersteller wie Apple, Adobe, Microsoft und Mozilla eindeutige IDs für Sicherheitslücken, in Zusammenarbeit mit der Non-Profit-Organisation Mitre.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

http://www.scoop.it/t/securite-pc-et-internet

"No iOS Zone" denial-of-service vulnerability could lead to your iPhone or iPad constantly crashing.

The researchers say that they first informed Apple of the problem in early October 2014, and that iOS 8.3 appears to resolve some of the issues they uncovered.

Chances are that this won’t be the last time that a serious denial of service flaw is found in iOS. Just last month, Apple released iOS 8.2 which fixed a flaw that allowed hackers to restart iPhones by sending them a maliciously-crafted Flash SMS.

More details of the “No iOS Zone” flaw can be found in the slide deck of the presentation given at the RSA conference.

Bug forces millions of sites to use easily breakable key once thought to be dead.

Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=FREAK

par Stéphane Larcher, le 23 février 2015 16:16

Before you sync your iCloud or reinstall your apps, you need to lock down your iPhone or iPad. Here are seven important tweaks (and more) you can set to bolster your privacy.

Learn more:

- http://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

- http://gustmees.wordpress.com/2013/10/23/smartphone-pictures-pose-privacy-risks/

- http://gustmees.wordpress.com/2014/03/05/often-asked-questions-are-there-cyber-security-dangers-with-apps-and-whats-about-privacy/

The patch comes hours after the leaked photos emerged.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=iCloud

Many of OS X’s most popular apps were recently revealed to be vulnerable to man-in-the-middle (MiTM) attacks.

The vulnerability specifically targets those that use Sparkle — a third-party software update framework — and unencrypted HTTP connections.

A security engineer from Vulnsec, known as Radek, said the vulnerability works on both El Capitan and its predecessor, Yosemite.

The total number of apps affected isn’t known, but Radek did estimate the number to be “huge.” Some of those confirmed as vulnerable are:

Camtasia 2 (v2.10.4)
DuetDisplay (v1.5.2.4)
uTorrent (v1.8.7)
Sketch (v3.5.1)
Additionally, security researcher Jonathan Zdziarski told Ars Technica that the ‘Hopper’ reverse engineering tool and ‘DXO Optics Pro’ are also susceptible.

Learn more:

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Speaking remotely to an Electronic Privacy Information Center crowd honoring him last night, Apple CEO Tim Cook had some choice words about how other tech companies do business.

I’m speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be.

We don’t think you should ever have to trade it for a service you think is free but actually comes at a very high cost. This is especially true now that we’re storing data about our health, our finances and our homes on our devices.

We believe the customer should be in control of their own information. You might like these so-called free services, but we don’t think they’re worth having your email, your search history and now even your family photos data mined and sold off for god knows what advertising purpose. And we think some day, customers will see this for what it is.

Learn more:

- https://gustmees.wordpress.com/2013/12/21/privacy-in-the-digital-world-shouldnt-we-talk-about-it/

- https://gustmees.wordpress.com/2014/10/03/design-the-learning-of-your-learners-students-ideas/

Le mythe vient de s'effondrer : un chercheur en sécurité vient de démontrer combien il était facile de contourner les mécanismes de sécurité mis en place par Apple dans OS X pour polluer le système avec des malwares.

Finalement, Apple ne fait pas mieux que les autres fabricants ni même éditeurs de solutions de protection, puisque la conférence a démontré que la plupart des outils de protection pouvaient être contournés.

Apple reste toutefois moins sujet aux attaques pour l'instant, mais les choses pourraient changer à l'avenir.

En savoir plus / Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?tag=Immune+No+More%3A+An+Apple+Story

FREAK heißt die Abkürzung für eine Sicherheitslücke, die Millionen Android- und iOS-Nutzer gefährdet. Weil in den Browsern von Android und iOS seit vielen Jahren eine ernste Schwachstelle steckt, die das Mitlesen der Daten auch bei verschlüsselten HTTPS-Verbindungen ermöglicht. So prüfen Sie, ob Sie betroffen sind.

Mehr erfahren / Learn more:

- http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=FREAK

Every vulnerability found may be good news ("it's been found!"), but it's also a failure of quality control and testing.

Are you surprised to see OS X and iOS top the chart?

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

MacOS X, iOS und Linux waren im Jahr 2014 unsicherer als Windows. Ein Microsoft-Programm führt aber eine andere Top 10 an.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

- http://www.scoop.it/t/securite-pc-et-internet/?tag=Linux

Is there any (Mac) OS X-specific malware around? Oh yes. But for some odd reason I haven't said anything interesting on this topic for quite a while… The last time was two and a half years ago. Yes...

So what can we deduce from these data?

First: cybercriminals find it easiest making money with mostly legal (well, almost legal) approaches. Persistent advertising also makes money, and coupled with large-scale infections – big money.

Second: OS X virus writers are a fairly rare but sophisticated species. Unlike the Windows virus scene, the OS X virus scene bypassed the childish stage of ‘viruses for fun’ and went straight to the grown-up – Mac OS – stuff with all the attendant hardcore malware tricks that are necessary for it. These are serious folks, folks! It’s very likely they honed their skills on the Windows platform first, and then went over to Mac to conquer new, uncharted territory in search of new untapped money-making possibilities. After all, the money’s there, and the users are relatively blasé about security, which means there are plenty of opportunities – for those blackhatters who are willing to put in the work.

Third: professional espionage groups have really taken to exploiting OS X. Many APT attacks in the last few years acquired Mac-modules, for example Careto, Icefog, and the targeted attacks against Uyghur activists. Yes, here we’re talking pinpointed –exclusive as opposed to mass – attacks, aimed at specially chosen victims; this is why they don’t figure in the top-20. Not that they are any less dangerous; especially if your data may be interesting to intelligence agencies.

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

Targeted attacks aim to steal sensitive data from Mac systems, says F-Secure

Learn more:

- http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security