Scam Alert: AppleSecurityIssue.com

A reader passed along an information on a scam site targeting Mac users.

The site address is applesecurityissue.com

applescurityissue.com scam

Quick search on the phone number 1-800-610-8993 yields one discussion at Apple Support Communities, so far. The site itself was registered on September 4, 2014 and updated today, September 18, 2014.

Whois information on applesecurityissue.com:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: APPLESECURITYISSUE.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS17.JIXHOST.COM
Name Server: NS18.JIXHOST.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 18-sep-2014
Creation Date: 04-sep-2014
Expiration Date: 04-sep-2015

>>> Last update of whois database: Thu, 18 Sep 2014 20:01:06 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar’s sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant’s agreement with the sponsoring
registrar. Users may consult the sponsoring registrar’s Whois database to
view the registrar’s reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services’ (“VeriSign”) Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: APPLESECURITYISSUE.COM
Registry Domain ID: 1874184235_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-09-04 11:22:40
Creation Date: 2014-09-04 11:22:40
Registrar Registration Expiration Date: 2015-09-04 11:22:40
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Domain Status: clientRenewProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Gaurav Kumar
Registrant Organization:
Registrant Street: New Delhi
Registrant City: Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 110018
Registrant Country: India
Registrant Phone: +91.1234567890
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: gautam@webcreationindia.co.in
Registry Admin ID:
Admin Name: Gaurav Kumar
Admin Organization:
Admin Street: New Delhi
Admin City: Delhi
Admin State/Province: Delhi
Admin Postal Code: 110018
Admin Country: India
Admin Phone: +91.1234567890
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: gautam@webcreationindia.co.in
Registry Tech ID:
Tech Name: Gaurav Kumar
Tech Organization:
Tech Street: New Delhi
Tech City: Delhi
Tech State/Province: Delhi
Tech Postal Code: 110018
Tech Country: India
Tech Phone: +91.1234567890
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: gautam@webcreationindia.co.in
Name Server: NS17.JIXHOST.COM
Name Server: NS18.JIXHOST.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-09-18T20:00:00Z

The data contained in GoDaddy.com, LLC’s WhoIs database,
while believed by the company to be reliable, is provided “as is”
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, LLC. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the “registrant” section. In most cases, GoDaddy.com, LLC
is not the registrant of domain names listed in this database.

Tips: Sync Your Web Browsers Settings

Just a few years ago, setting up a new computer for either yourself or others was a chore. It is still a chore, but easier. Thanks to sync services provided by Apple, Google and Mozilla; moving browsers’ settings and bookmarks are no longer difficult.

Apple has iCloud, Google has Chrome Sync and Mozilla has Firefox Sync. You get to move your Bookmarks and Passwords with ease.

iCloud System Preference Pane

Firefox Sync

Google Chrome Sync

Chrome Sync

OS X Mavericks 10.9.3 build 13D61

Apple seeds OS X Mavericks 10.9.3 build 13D61 to Developers and OS X Beta Seed Program Members.

OS X Mavericks 10.9.3 build 13D61

As usual, be forewarned before installing any beta/preview release software. There tends to be some show-stopping bugs.

According to a certain Apple engineer, the development of OS X Mavericks 10.9.3 is nearing completion.

In addition to the new build of OS X Mavericks 10.9.3, Apple also releases Safari 7.0.4 Seed 1.

Mobile Safari and Journalism, or the lack of it.

Mobile Safari

The New York Times Bits published an interview with the person who claimed to be responsible for the development of the first iPhone App, namely Mobile Safari.

John Gruber has a different take on it.

Judging by my inbox, an awful lot of coffee was spewed in Cupertino today upon reading Tolmasky’s self-aggrandizing description of his role in Mobile Safari’s creation. There’s a difference between “the developer responsible for the first version of mobile Safari” and “the developer who claims he was responsible for the first version of mobile Safari”.

UPDATE: Said one long-time trusted source: “He definitely was NOT the lead on the project and several other engineers made far more significant contributions.”

Personally I have been taking what news organization published with a grain or a boulder of salt.

Apple Releases Security Update 2014-002 for OS X Lion, Mountain Lion and Mavericks

Apple Mac OS X Security Update 2014-002

Apple Releases Security Update 2014-002.

Security Update 2014-002 is recommended for all users and improves the security of OS X

Security Update 2014-002 also includes Safari 7.0.3.

Security Update 2014-002 Mavericks

Security Update 2014-002 is recommended for all users and improves the security of OS X. This update also includes Safari 7.0.3.

For detailed information about the security content of this update, please visit: http://support.apple.com/kb/HT1222

For information on the content of Safari 7.0.3, please visit this website:http://support.apple.com/kb/HT6195

For some reasons, Apple website is using Lion image for OS X Mavericks Security Update 2014-002. Someone is not paying attention to the detail.

 

Security versus Convenience

Elliott Kember wrote the headline: “Chrome’s insane password security strategy

Kember points out the way Google Chrome manages saved passwords.

There’s no master password, no security, not even a prompt that “these passwords are visible”. Visit chrome://settings/passwords in Chrome if you don’t believe me.

Yes indeed. Unlike Mozilla Firefox, Google Chrome does not offer users to set Master Password. Apple added Passwords Manager in Safari 6; the passwords are actually stored in users’ Keychain.

Justin Schuh, who works on Google Chrome Security according to his Hacker News profile, says that it was a design decision to not include Master Password in Google Chrome.

For most users, there’s a certain level of inconvenience they are willing to tolerate when dealing with security. Unsurprisingly a lot of users are still using obvious passwords or none at all for their computer login. That’s because they prioritize convenience over security.

Security and convenience have an inverse relationship. It would look something like this:

Security-vs-Convenience-Linear

that is true if it is a linear relationship. In reality it looks more something like the following:

Security-vs-Convenience-Curved

It is more like a curve line. More convenience means less security.

The concern about the way Google Chrome manages passwords is valid. At the same time there is a bigger issue with security. Having a Master Password option would be useless if it is the same obvious password people are using for their computer login. Most users using Mozilla Firefox never set the Master Password at all.

Users need to understand why they need to secure their computers. Ultimately the users are the one to set the security level based on their convenience level.

Apple Releases OS X Mountain Lion 10.8.4

Apple releases OS X Mountain Lion 10.8.4 Build 12E55 on Tuesday June 4, 2013. The same build that was seeded to developers on May 24, 2013.

The 10.8.4 update is recommended for all OS X Mountain Lion users and has features and fixes that improve the stability, compatibility, and security of your Mac, including the following:

  • Compatibility improvements when connecting to certain enterprise Wi-Fi networks
  • Microsoft Exchange compatibility improvements in Calendar
  • A fix for an issue that prevented FaceTime calls to non-U.S. phone numbers
  • A fix for an issue that may prevent scheduled sleep after using Boot Camp
  • Improved VoiceOver compatibility with text in PDF documents
  • Includes Safari 6.0.5

OS X 10.8.4 12E55

OS X 10.8.4