2-Factor Authentication Letter from Apple Support

Dear John Puterhead,

Thank you for using two-step verification to protect your Apple ID. This email provides information about recent updates to your service.

Two-step verification now protects iCloud

Starting today, in addition to protecting your Apple ID account information, two-step verification also protects all of the data you store and keep up to date with iCloud. For more information, read the Two-Step Verification FAQ.

Sign in securely with app-specific passwords

If you use iCloud with any third party apps such as Microsoft Outlook, Mozilla Thunderbird, or BusyCal, you can now generate app-specific passwords that allow you to sign in securely even if the app you are using does not support two-step verification.

To generate an app-specific password:
        •        Sign in to My Apple ID (https://appleid.apple.com)
        •        Go to Password & Security
        •        Click Generate App-Specific Password

App-Specific passwords will be required starting on October 1, 2014.
For complete instructions and answers to common questions, read Using App‑Specific Passwords. If you need additional help, visit Apple Support.
Apple Support

Facebook will grind down your resistance: Custom Managed Audiences

Reading the Derek Willis article on TheUpshot I found that political campaigns are using Facebook to place ads on your wall.

Here’s how an academic, Lindsay Hoffman phrases it,

Changes to the contents of users’ news feeds are usually greeted with skepticism if not outright hostility, but eventually users will become accustomed to these targeted messages, said Lindsay Hoffman, an associate professor of communication at the University of Delaware and coordinator for research and technology at the university’s Center for Political Communication.

Well, Lindsay, I have two questions for you. Ready?

  1. Who is paying you to say that?
  2. Do you think then that Facebook’s strategy is just to grind down everyone’s resistance over time?

ICYMI, here’s a link to an article on Custom Managed Audiences.

Twitter Security

While the spirit of tweeting is usually public you may not want all your Twitter settings as open as that spirit.

NakedSecurity from Sophos has published a nice guide to help you set things right on your Twitter account.

The article covers login verification, password resets, photo tagging, locations settings, and more.

Be sure to check it out when you have a chance.

Dropbox and Trusted 3rd Parties Own ‘Your Stuff’

From the Dropbox ‘Terms’ page —

Your Stuff & Your Permissions

When you use our Services, you provide us with things like your files, content, email messages, contacts and so on (“Your Stuff”). Your Stuff is yours. These Terms don’t give us any rights to Your Stuff except for the limited rights that enable us to offer the Services.

We need your permission to do things like hosting Your Stuff, backing it up, and sharing it when you ask us to. Our Services also provide you with features like photo thumbnails, document previews, email organization, easy sorting, editing, sharing and searching. These and other features may require our systems to access, store and scan Your Stuff. You give us permission to do those things, and this permission extends to trusted third parties we work with.

If it sounds contradictory that’s because it is. Don’t trust Dropbox.

Hacked by Cat Videos, Really!

Brought to you kindly from The Intercept

Many otherwise well-informed people think they have to do something wrong, or stupid, or insecure to get hacked—like clicking on the wrong attachments, or browsing malicious websites. People also think that the NSA and its international partners are the only ones who have turned the internet into a militarized zone. But according to research I am releasing today at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, many of these commonly held beliefs are not necessarily true. The only thing you need to do to render your computer’s secrets—your private conversations, banking information, photographs—transparent to prying eyes is watch a cute cat video on YouTube, and catch the interest of a nation-state or law enforcement agency that has $1 million or so to spare.

We’ve had illegal commercialized hacking for quite a while now, but now we have “legal” commercialized hacking.

One way to help protect yourself is to use the EFF’s HTTS Everywhere plug-in. Sadly, it does not cover Apple’s Safari yet.

Here’s the other relevant portion of the article from The Intercept —

Companies such as Hacking Team and FinFisher sell devices called “network injection appliances.” These are racks of physical machines deployed inside internet service providers around the world, which allow for the simple exploitation of targets. In order to do this, they inject malicious content into people’s everyday internet browsing traffic. One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge.