Apple releases iOS 4.3.3 to patch location bugs

By Dan Moren –┬áMay 4, 2011 04:27 PM ET —

Macworld – Apple said it would take a while to issue an iOS update to fix a handful of bugs related to the storage of location data, but it’s taken just seven days between that announcement and the appearance of iOS 4.3.3.

As Apple promised in its location Q&A last week, iOS 4.3.3 addresses three bugs related to the database of location information on iOS devices. Firstly, it reduces the amount of the cached location information to a week’s worth, rather than relying on a size limit, as it previously did.

Secondly, it no longer backs up the cache to your Mac or PC via iTunes upon syncing, so the information isn’t available to anyone with access to your computer. And finally, the cache is now deleted from the device when Location Services are disabled in iOS’s Settings app.

Apple has also announced plans to encrypt the location information on iOS devices itself in the next major update to the operating system, which presumably refers to iOS 5.

Read the rest of the article here:

LastPass resets passwords for all users following potential breach

May 5, 2011 – Zeljka Zorz – Help Net Security —

LastPass – the well-known and widely used password management and form filling system – has reset the master password for all its users following the discovery of two network traffic anomalies that could have been the result of a hack.

Thinking that it is better to be a little paranoid and prevent future damages, the company decided to assume that the anomalies are due to unauthorized access to their database and that some data has been stolen.

“We know roughly the amount of data transferred and that it’s big enough to have transferred people’s email addresses, the server salt and their salted password hashes from the database,” the LastPass Team explained on the company blog. “We also know that the amount of data taken isn’t remotely enough to have pulled many users encrypted data blobs.”

Read the rest of the article here:

Cyber bandits exploit breaking news to spread scams

May 07, 2011 (The Baltimore Sun – McClatchy-Tribune Information Services via COMTEX)

Nikki Yancey knew that no pictures had been released of Osama bin Laden after the terrorist leader was killed this week in a lightning raid by U.S. commandos in Pakistan.

So she was surprised when a friend reported that Yancey’s Facebook account had tried to entice her 600-plus friends to click on a link that allegedly would bring up photographs of the dead al-Qaida leader.

In reality, no such images were available.

What happened? Yancey’s social networking identity had been hijacked.

“I didn’t even know it had posted. I didn’t even know what it was,” Yancey said of the malicious link, which spread “malware” to any of her Facebook contacts who clicked on it. Yancey, 31, a Baltimore firefighter-paramedic, said she logs on to Facebook only a couple of times a week and did not realize the link had been disseminated until her friend tipped her off.

Read the rest of the article here: