[Security] Protecting Mail On Recent Versions Of OS X

It has been brought to our attention that recent versions of Mail on OS X (perhaps starting with 10.10, but definitely since 10.11), will re-download all of your email from your email server. And since your server doesn’t encrypt your email, that’s a serious concern. This means that the following attack is possible to bypass Espionage’s […]

Espionage 3.6.3 drops 10.7, 10.8, 10.9 + Sparklegate Fix

EDIT February 17, 2016: 3.6.4 and 3.6.5 release notes included here as there are only minor changes. We’re momentarily back from our break in cryptocurrency-research-land (where we’ve been advancing our goal of sustainably open-sourcing Espionage) to bring you the immediate release of Espionage 3.6.3! “But wait! This doesn’t seem like such an exciting release! What […]

Apologies! Sky Kinda Falling + Protecting Yourself From Sparklegate

This is a followup to yesterday’s post: Sky Not Falling: Sparklegate Not As Bad As It Could Be After trying and failing to reproduce Sparklegate, I arrived at the conclusion that Gatekeeper and Quarantine did in fact protect OS X users from the Remote Code Execution (RCE) attack. What I Missed Radek, the discoverer of […]

(UPDATED) Sky Not KINDA Falling: Sparklegate Not As Bad As It Could Be

UPDATE February 1, 2016: It turns out some users are vulnerable to this attack. Read this followup post! Sparklegate is the term I’ve coined for the recent discovery that, allegedly, every OS X machine out there is vulnerable to RCE (remote-code-execution) attacks because the widely used Sparkle framework, along with OS X’s standard WebView component, […]

Espionage 3.6.2 Released!

Espionage 3.6.2 delivers an important security fix to address a plausible deniability issue with folders that were set to auto-lock, and it also brings important improvements and bug fixes: Security The path for folders set to auto-lock was leaked in previous versions, compromising their plausible deniability (PD). If you require PD for those folders make […]

How Secure Is Your iPad?

Apple’s iPad may turn out to be more of a security risk than a useful tool for some, especially for those who, prior to yesterday’s launch, speculated that the iPad would be a God-send to the health care system, and possibly other sectors like businesses. According to Steve, however, the iPad is designed primarily for […]

Espionage 2.5.3 Released!

Thanks go out to Dirk for emailing us today and letting us know of a security issue whereby a folder’s password could be logged to the system log in a certain error scenario (not cool!). The issue itself is due to a typo in the code that was introduced in 2.5, versions prior to that […]