Bonne nouvelle pour ceux qui utilisent des Macs à la maison! La sécurité sur OSX va enfin être à la hauteur de Windows dès la prochaine version qui sortira cet automne.
Pour ceux qui ne le savent pas, les Macs c’est la cata au niveau sécurité. Apple a toujours été mauvais élève dans ce domaine, mais avait réussi jusqu’à peu à éviter d’attirer l’attention des créateurs de virus et autres voleur d’identité parce qu’il y a très peu de mac utilisés dans le monde.
Tout cela a changé dernièrement et Apple essaie de rattraper son retard (idem sur iOS).
Notez que même avec la mise à jour, il n’est toujours pas recommandé d’utiliser des parcs de Macs en entreprise. Apple connait mal ce marché.
Some “media experts” and some consumers and companies believe that because Apple is curating apps you can find in their apps store, they face a lesser chance of being infected with malware or of using badly written apps which don’t perform well or leak information.
Well, once again (remember Instagram?), a security researcher proved that iOS is missing basic privacy protection mechanisms and that pretending to check apps to protect users is only an excuse to make money by taking a cut of the profit. Apple simply can’t control, in detail, what is in every app they release.
So this time, we have the LinkedIn app which is sending users’ calendar meetings to the LinkedIn servers without the user knowing about it… This can be especially dangerous when things such as conference call phone numbers and passcodes are stored in the event itself. Fortunately, there is a way to turn that feature off, by simply refusing to let LinkedIn show the calendars in the app itself.
But it doesn’t solve the big privacy issues plaguing iOS, a 5 year old OS which was never built to be secure, but to look smooth and to be very easy to use in order to kill Nokia’s Symbian. Apple has tried multiple times to implement enterprise features, but most attempts have failed as it’s simply not in Apple’s DNA to build a secure OS. SMEs and corporations usually have to rely on 3rd party solutions to try and make these devices usable in a business environment.
Let’s face it. The most popular smartphones on the market today are loved for their fun and useful features, not because they protect your privacy. They were not designed with security in mind, even though they hold so much information about an individual or an organization. And it’s worse if you jailbreak it in order to be able to customise it.
Some security researchers say all smartphones are vulnerable to malware and this could lead to identity theft, among other things. And it’s true, even though BlackBerrys offer better protection than iPhones (no sandbox) or Androids (no review system), it’s still possible to trick a user to go visit an infected website that could help leak information.
Choose your smartphone and the content you will put on it wisely. Treat everything that is on it as public information or just remove data you’d rather not see fall in the wrong hands, whomever they may belong to 🙂
Guardian article about malware:
Guardian article about how easy it is to steal your data if you leave the Wifi on your phone constantly on:
Streaming music service Spotify has been displaying malicious ads to users of their Free version. The ads lead to websites that used the Blackhole Exploit Kit to infect users with the Windows Recovery fake AV application.
Source: Help Net Security
Tripadvisor members have probably received an email from the CEO, explaining that their member’s list has been accessed by a third party.
It’s just one more company to add to the long list of those who have had their client’s list leaked.
It will make spammers very happy, but again, the positive thing is that, at least, they’ve come forward, unlike some other companies I’ve used in the past which just don’t even bother to acknowledge the fact that there has been a leak…