Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers

Apple has reignited a legal battle with Corelluim days after settling with the security firm over an ongoing lawsuit against the company for providing a virtual environment for security researchers that recreates its operating system. Apple on Tuesday filed an appeal of a December ruling in which a judge dismissed an argument that Corellium had infringed Apple’s copyright by offering researchers a simulated environment that emulates Apple’s iOS software. The environment allows researchers to hunt for bugs via a controllable browser that can be rebooted, instead of jailbreaking an actual iPhone. It’s the latest update in a case that could have enormous implications for the ability of private researchers and academics to probe major technologies for dangerous flaws without the risk of legal retaliation. The move follows reassurances by Apple that it would rely on security researchers to help vet its controversial new system for scanning child sexual abuse imagery. […]

The post Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers appeared first on CyberScoop.

Continue reading Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers

Google to make multi-factor authentication its default mode

Google will soon enroll users into multi-factor authentication by default, the technology giant said on Thursday. In a blog post commemorating World Password Day, the company announced the move to make users sign in via a second step after entering a password, such as a phone app. “Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” wrote Mark Risher, director of product management, identity and user security. “Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.” While multi-factor authentication isn’t entirely foolproof, and users will be allowed to opt out, Google’s embrace of automatically enrollment could be a big security boon. Microsoft said its […]

The post Google to make multi-factor authentication its default mode appeared first on CyberScoop.

Continue reading Google to make multi-factor authentication its default mode

The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code

Very few people have heard of them, but “dev-fused” iPhones sold on the grey market are one of the most important tools for the best iOS hackers in the world. Continue reading The Prototype iPhones That Hackers Use to Research Apple’s Most Sensitive Code