Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
16.0K views | +0 today
Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security...
Everything related to the (in)security of Apple products
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

macOS-Fehler macht verschlüsselte Bilder und Texte zugänglich | #Apple #CyberSecurity #Encryption

macOS-Fehler macht verschlüsselte Bilder und Texte zugänglich | #Apple #CyberSecurity #Encryption | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

Ein Bug in der QuickLook-Schnellansicht speichert auch geschützte Dateien im Dateisystem, so Sicherheitsforscher.

In macOS wird ein Sandboxing verwendet, um sensible Daten voneinander zu trennen. Zudem sollte das Betriebssystem auch keine verschlüsselten Dateien zwischenspeichern. Doch genau dieses geschieht aufgrund eines Bugs – und das sogar schon über mehrere Jahre, wie zwei Sicherheitsforscher nun herausgefunden haben.

Der Fehler, so schreiben der Original-Autor Wojciech Regula und sein Kollege Patrick Wardle, liegt in der Schnellansicht QuickLook, die im macOS-Dateimanager Finder bereitsteht und es ermöglicht, mit einem Druck auf die Leertaste Dateiinhalte – etwa Bilder, Tabellen oder Texte – flott durchzusehen.

Automatische Zwischenspeicherung
Wird QuickLook verwendet, werden aufgerufene Bilder und andere Dokumentenarten allerdings automatisch zwischengespeichert – zwar nicht in Form der Originaldatei, jedoch in Form von Icon-Miniaturen (Thumbnails). Dabei unterscheidet macOS nicht zwischen verschlüsselten und unverschlüsselten Dateien. Die Thumbnails lassen sich dann wiederum in einem Cache-Verzeichnis auffinden und anschauen – Zugriff auf das (unverschlüsselte) Hauptmedium des Macs vorausgesetzt.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Encryption

 

Gust MEES's insight:

Ein Bug in der QuickLook-Schnellansicht speichert auch geschützte Dateien im Dateisystem, so Sicherheitsforscher.

In macOS wird ein Sandboxing verwendet, um sensible Daten voneinander zu trennen. Zudem sollte das Betriebssystem auch keine verschlüsselten Dateien zwischenspeichern. Doch genau dieses geschieht aufgrund eines Bugs – und das sogar schon über mehrere Jahre, wie zwei Sicherheitsforscher nun herausgefunden haben.

Der Fehler, so schreiben der Original-Autor Wojciech Regula und sein Kollege Patrick Wardle, liegt in der Schnellansicht QuickLook, die im macOS-Dateimanager Finder bereitsteht und es ermöglicht, mit einem Druck auf die Leertaste Dateiinhalte – etwa Bilder, Tabellen oder Texte – flott durchzusehen.

Automatische Zwischenspeicherung
Wird QuickLook verwendet, werden aufgerufene Bilder und andere Dokumentenarten allerdings automatisch zwischengespeichert – zwar nicht in Form der Originaldatei, jedoch in Form von Icon-Miniaturen (Thumbnails). Dabei unterscheidet macOS nicht zwischen verschlüsselten und unverschlüsselten Dateien. Die Thumbnails lassen sich dann wiederum in einem Cache-Verzeichnis auffinden und anschauen – Zugriff auf das (unverschlüsselte) Hauptmedium des Macs vorausgesetzt.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Encryption

 

No comment yet.
Scooped by Gust MEES
Scoop.it!

New macOS Patcher Ransomware Locks Data for Good, No Way to Recover Your Files | #Apple #Mac #CyberSecurity

New macOS Patcher Ransomware Locks Data for Good, No Way to Recover Your Files | #Apple #Mac #CyberSecurity | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
A newly discovered ransomware family calling itself Patcher is targeting macOS users, but according to security researchers from ESET, who discovered the ransomware last week, Patcher bungles the encryption process and leaves affected users with no way of recovering their files.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=RANSOMWARE

 

Gust MEES's insight:
A newly discovered ransomware family calling itself Patcher is targeting macOS users, but according to security researchers from ESET, who discovered the ransomware last week, Patcher bungles the encryption process and leaves affected users with no way of recovering their files.

 

Learn more / En savoir plus / Mehr erfahren:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=RANSOMWARE

 

No comment yet.
Scooped by Gust MEES
Scoop.it!

A bug in macOS' "Quick Look" feature leaks encrypted data, researchers find | #Apple #CyberSecurity #NobodyIsPerfect #Encryption

A bug in macOS' "Quick Look" feature leaks encrypted data, researchers find | #Apple #CyberSecurity #NobodyIsPerfect #Encryption | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it

A bug in macOS can expose the contents of a user's files -- including document text and photo thumbnails -- even if the drive is encrypted.

Security researcher Wojciech Regula found that the "Quick Look" feature in macOS, which takes a snapshot of a file's contents and the full file path without the user having to open each file, stores that snapshot data in an unprotected location on the computer's hard drive.

Regula, a security specialist, wrote up details about the macOS data leak issue earlier this month.

"It means that all photos that you have previewed ... are stored in that directory as a miniature and its path," Regula wrote. They stay there even if you delete the files, he said.

Patrick Wardle, chief research officer at Digita Security, built on Regula's work in his own blog post, published Monday, noting that the bug is triggered every time a user opens a folder.

The bug exposes even encrypted volumes to potential snooping.

"If we unmount the encrypted volume, the thumbnails of the file are ... still stored in the user's temporary directory, and thus can be extracted," said Wardle.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Encryption

 

Gust MEES's insight:

A bug in macOS can expose the contents of a user's files -- including document text and photo thumbnails -- even if the drive is encrypted.

Security researcher Wojciech Regula found that the "Quick Look" feature in macOS, which takes a snapshot of a file's contents and the full file path without the user having to open each file, stores that snapshot data in an unprotected location on the computer's hard drive.

Regula, a security specialist, wrote up details about the macOS data leak issue earlier this month.

"It means that all photos that you have previewed ... are stored in that directory as a miniature and its path," Regula wrote. They stay there even if you delete the files, he said.

Patrick Wardle, chief research officer at Digita Security, built on Regula's work in his own blog post, published Monday, noting that the bug is triggered every time a user opens a folder.

The bug exposes even encrypted volumes to potential snooping.

"If we unmount the encrypted volume, the thumbnails of the file are ... still stored in the user's temporary directory, and thus can be extracted," said Wardle.

 

Learn more / En savoir plus / Mehr erfahren:

 

https://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security/?&tag=Encryption

 

No comment yet.
Rescooped by Gust MEES from 21st Century Learning and Teaching
Scoop.it!

Can Apple read your iMessages? Ars deciphers “end-to-end” crypto claims

Can Apple read your iMessages? Ars deciphers “end-to-end” crypto claims | Apple, Mac, MacOS, iOS4, iPad, iPhone and (in)security... | Scoop.it
"Black-box" testing uncovers several ways the NSA could tap the popular service.

 

As Soghoian and other critics admit, the end-to-end encryption included with iMessage may make it impossible for Apple to decrypt conversations, at least in some circumstances. But in the absence of key details that Apple has steadfastly declined to provide, customers who are especially concerned about their privacy would do well to assume otherwise.

 

Gust MEES's insight:

 

As Soghoian and other critics admit, the end-to-end encryption included with iMessage may make it impossible for Apple to decrypt conversations, at least in some circumstances. But in the absence of key details that Apple has steadfastly declined to provide, customers who are especially concerned about their privacy would do well to assume otherwise.

 

                         ===> Nobody Is Perfect!!! <===

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security

 

Gust MEES's curator insight, June 26, 2013 5:39 PM

 

As Soghoian and other critics admit, the end-to-end encryption included with iMessage may make it impossible for Apple to decrypt conversations, at least in some circumstances. But in the absence of key details that Apple has steadfastly declined to provide, customers who are especially concerned about their privacy would do well to assume otherwise.


                         ===> Nobody Is Perfect!!! <===


Learn more:


http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security


Gust MEES's curator insight, June 26, 2013 5:50 PM

 

As Soghoian and other critics admit, the end-to-end encryption included with iMessage may make it impossible for Apple to decrypt conversations, at least in some circumstances. But in the absence of key details that Apple has steadfastly declined to provide, customers who are especially concerned about their privacy would do well to assume otherwise.

 

                         ===> Nobody Is Perfect!!! <===

 

Learn more:

 

http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security