Gmail Uses Encrypted HTTPS When Checking, Sending Email

Posted in グーグル, セキュリティ, メール by shiro on 2014年3月21日

How to Protect Your iCloud Keychain from the NSA

Posted in アップル, セキュリティ by shiro on 2014年3月5日

Apple fixes SSL bug with OS X 10.9.2 and Mountain Lion security update

Posted in アップル, セキュリティ, バグ by shiro on 2014年2月26日


About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001 | Apple

Apple fixes SSL bug with OS X 10.9.2 and Mountain Lion security update | The Loop

Apple releases OS X 10.9.2, patches SSL flaw and adds FaceTime Audio support | Ars Technica

さっそく修正された OS X の goto fail バグ | maclalala2

Apple Releases OS X 10.9.2 With Fix for ‘goto fail’ SSL Vulnerability | Daring Fireball

Release notes say nothing about an SSL fix | Twitter / markgurman

Apple’s ‘Gotofail’ Security Mess Extends To Mail, Twitter, iMessage, Facetime And More

Posted in アップル, セキュリティ, バグ by shiro on 2014年2月24日

Apple releases security patch via iOS 7.0.6

Posted in アップル, セキュリティ, バグ, NSA, OS by shiro on 2014年2月23日


Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’ |

An update to iOS 6 pushed yesterday fixes the bug there as well. Reportedly, OS X 10.9.1 is still affected by the vulnerability.

On the Timing of iOS’s SSL Vulnerability and Apple’s ‘Addition’ to the NSA’s PRISM Program | Daring Fireball

So if this bug, now closed, is not what the NSA was exploiting, it means there might exist some other vulnerability that remains open.

Apple’s SSL/TLS bug | ImperialViolet

Apple’s SSL/TLS Bug | Daring Fireball

Apple’s SSL/TLS bug |

Both OS X and iOS are affected. iOS has been patched already, but OS X hasn’t — see for yourself.

Apple releases security patch via iOS 7.0.6 | The Loop

たった一行のミスが・・・ | maclalala2

急げアプデ! 今回のアップルの脆弱性はかなりやばいぞ | ギズモード・ジャパン

Apple Disputes Research Saying iMessage is Not Secure

Posted in セキュリティ, ソーシャルネットワーク by shiro on 2013年10月19日

Investigating Touch ID and the Secure Enclave

Posted in アップル, セキュリティ, 指紋認証 by shiro on 2013年9月25日

Investigating Touch ID and the Secure Enclave | Securosis Blog

More from Rich Mogull:

I suspect Apple will eventually release more details in response to public pressure — they still tend to underestimate the level of security information the world needs before placing trust in Apple (or anyone else). But if my assumptions are even close to accurate, Touch ID looks like a good part of a strong system that avoids a bunch of potential pitfalls and will be hard to crack.

Investigating Touch ID and the Secure Enclave | Daring Fireball

Password denied: when will Apple get serious about security?

Posted in アップル, セキュリティ by shiro on 2013年3月30日

Apple Introduces Two-Step Verification for Apple ID and iCloud Accounts

Posted in アップル, ID by shiro on 2013年3月22日


Apple beefs up iCloud, Apple ID security with two-step verification | 9to5Mac

Apple’s two-step verification is available in the U.S., U.K, Australia, Ireland, and New Zealand.

How to Enable Two-Step Verification for Your Apple ID | MacStories

How-to enable iCloud two-step verification | The Loop

Apple enables two-step verification for iCloud accounts |

Two-step verification for iCloud accounts | The Loop

Apple has joined the growing list of companies offering two-step verification to secure user accounts. By enabling two-step verification, whenever you attempt to log in on a new device with your Apple ID, you will be asked to enter a 4-digit verification code. This code will be sent to a device that you have registered as a trusted device, such as your iPhone, via a Find My iPhone notification or SMS.

Apple introduces two-step verification for Apple ID, iCloud accounts | The Verge

Apple Introduces Two-Step Verification for Apple ID and iCloud Accounts | Daring Fireball

Major security hole allows Apple passwords to be reset with only email address, date of birth (update) | The Verge

Security Hole Allows Apple Passwords to Be Reset With Only Email Address and Date of Birth | Daring Fireball

Apple rolls out fix for password reset security hole, iForgot site back up |

Anatomy of the Apple ID password reset exploit |

How the Apple ID password reset exploit worked | The Loop


Posted in アップル, ハッキング by shiro on 2013年2月20日


One Site May Be Responsible for Recent Hacks | AllThingsD

The site is called iPhonedevSdk, according to sources close to the Facebook hacking investigation. After Facebook employees visited the mobile development site in recent weeks, malicious code injected into the HTML of the site used an exploit in Oracle’s Java plugin to infect employee laptops, as the company divulged last Friday. […]

Of note: Do not visit this site, as it may continue to be compromised. While it’s potentially risky to publicize the web site, AllThingsD is providing the name to inform readers, mobile developers and organizations interested in mobile development in order to keep them from becoming infected.

iPhoneDevSDK | Daring Fireball

Malware Attack on Apple Said to Come From Eastern Europe | Bloomberg

Facebook, Apple employees likely visited iPhoneDevSDK, where their computers were compromised by Java exploit | The Next Web

Facebook, Apple employee Java exploits were reportedly from visiting iPhoneDevSDK |

After hack, Apple releases Java security update for Mac users | 9to5Mac

ハッカー攻撃を受けたアップル | maclalala2

Dev site behind Apple, Facebook hacks didn’t know it was booby-trapped | Ars Technica

iPhoneDevSDK — the site apparently responsible for the hacks at Facebook, Apple, and Twitter — says it was not aware it was being used to attack visitors until it read press reports this week. In a news post (do not click if you’re wary of security breaches) on Wednesday, site admins said they had no knowledge of the breach and were not contacted by any of the affected companies. Though, iPhoneDevSDK is now working with Facebook’s security team in order to share information about what happened.

iPhoneDevSDK Admins Didn’t Know Site Was Booby-Trapped | Daring Fireball

《Update:ワナが仕掛けられたことを知らなかった管理人》 | maclalala2