Tips for resolving iCloud password issues

Person holding iCloud picture with Blue Sky in the background

On July 4th, Apple experienced issues with most of its iCloud services, per this site. End-users were having trouble signing into iCloud and accessing their accounts, along with Photos, Mail, Backup, Find My Friends, Contacts, Calendars, and more seeing downtime. Apple Stores were also reportedly affected by the outage and were not able to process transactions.

While this issue was eventually resolved by Apple, there could be other times where iCloud has issues and end-users are asked for a password. End-users will tend to try their known password, which in these times will not work. After trying multiple times, end-users will then think they have the wrong password and try another password, which gets saved in the keychain and is wrong. 

This will result in the following scenario for the end-user: 

  • Lost access to their account.
  • Not understanding why they lost access.
  • Not knowing what password is the truly correct password.

This can lead to all sorts of issues. For example, Denial of Service attacks can be leveraged to get end-users to use side channels, and these side channels can be loaded with spam and other undesirable internet materials. In the event there are issues with iCloud and passwords, it is recommended to do the following procedure:

  • At the first prompt for a password for an account that has been working fine up to that point, just ignore for a few minutes. 
  • After this, the first move should be to power cycle the computer (shut it down (not restarting), giving the computer 5-10 seconds to rest, and then powering it back on). 
  • If it is still asking for a password that worked previously, check for service interruptions and/or contact tech support. 
  • If the account is of security concern, consider logging into the account via a different method and reset the account password. 
  • Make sure you didn’t get locked out by a hacker. It is important that you determine this ASAP because the longer you wait after they log you out, the more time they have to get into other accounts and lock you out. 
    • If you find you have been locked out of your account, change passwords in your other accounts, starting from highest priority to lowest.

If you have any questions, or would like to discuss further, let us know!

IMPORTANT: Voluntary Recall/Replacement Program for certain MacBook Pro laptops

Apple MacBook Pro sitting on a wood desk

Per this notice on Apple’s website on June 20th, Apple announced a voluntary recall of a limited number of older generation 15-inch MacBook Pro units which contain a battery that may overheat and pose a safety risk. The units were sold primarily between September 2015 and February 2017 and can be identified by their product serial number. The recall does not affect any other 15-inch MacBook Pro units or other Mac notebooks.

This article details that users who have MacBook Pros that were manufactured should check to see if their computer is involved. Instructions are given on how to check for this in the linked website above. This is vitally important due to the potential safety hazard involved with affected computers.

Please let us know if you have any questions or would like to discuss further.

Beware Applications requesting a plug-in be downloaded

Computer displaying directory computer code

As noted in this article, “a security researcher has disclosed a new flaw that undermines a core macOS security feature designed to prevent apps, or malware, from accessing a user’s private data, webcam or microphone without their explicit permission.” Recent privacy protections, expanded in the Mojave version of the Macintosh operating system, were meant to make it more difficult for malicious apps to get access to the user’s private information, unless the user allows access through a pop-up dialog.

However, these protections weren’t as good as Apple previously believed. This bug is the result of a whitelist of approved applications that are allowed to create “synthetic clicks” to prevent them from breaking. This includes the popular video playing application VLC, which the researcher showed could access a user’s camera, microphone, and other Macintosh computer services, through a plug-in that performed malicious actions.

This is a reminder that users should be aware anytime an application asks for permission to download and/or load additional software. In this case, any application that requires a download and installation of a plug-in would require closer scrutiny. This is especially true for anyone who attempts to access files through something like torrent services, which could potentially request to download a plug-in to view the downloaded file (or else the file that is downloaded through the torrent file could also be a payload with malicious intent, even if not requiring a plug-in).

If you’d like to discuss further, please let us know!

New Apple update against Intel CPU attacks imposes 40% performance penalty

Intel CPU chip shown on computer's internal motherboard

As mentioned in this article, Apple has posted a new article on its website that details how a user can implement Full Mitigation for a “theoretical” speculative attack that targets Intel CPUs (central processing units). Full Mitigation is mostly for users that are at heightened risk for an attack, such as government workers or high-ranking business executives.

Enabling this mitigation results in an approximate 40% drop in performance. However, as previously mentioned, most users won’t need to enable this level of mitigation, as the attack is theoretical at this point and there are no known attacks in the wild for this.

macOS 10.14.5 includes the most relevant patches for users, although there have been reported issues from Mac users with some methods of file sharing over macOS. As always, it is the best practice to only download trusted software from the Apple App Store.

If you have further questions or would like to discuss, let us know!

Did you know: Easy way to add items to the Mac Dock

Apple Macintosh Desktop with Dock displayed

Most users know that it’s possible to add items to the macOS dock by dragging and dropping an icon onto the Dock. However, there’s another way that you can add anything instantly to the Dock on macOS with a keyboard shortcut.

Here’s the process:

  • Navigate to the item you want to add to the Dock in the Finder
  • Select the item to add to the Dock in Finder
  • Now hit the keyboard shortcut: Control+Shift+Command+T

If you’d like to know other time-saving tips, let us know!

Outlook breach reportedly targeted Crypto users

Laptop, iPhone and Mouse locked inside heavy duty metal chain

We previously notified our readers of a breach involving Microsoft Outlook email. Users of Cryptocurrency are now coming forward to indicate that this Outlook breach led to a theft by hackers of their Cryptocurrency from various Cryptocurrency Exchanges, as detailed in this follow-up article.

Keeping anything online, whether it be email or items like Cryptocurrency, leaves a user open to potential hacks. It is wise to copy email to a folder on the user’s computer vs. leaving it online in an inbox or the like for hackers to gain access to. When stored in a folder on a personal computer, it’s much harder to access.

Also, enabling verification items like 2fa (Two-factor authorization), where a user is required to verify log-ins and other procedures using an application on their phone, are wise to use to prevent access to user accounts. As one user indicated in the article, they did not have 2fa enabled on their account, so it allowed the hackers easier access.

If you’d like to discuss further on ways you can protect yourself online, please let us know!

Current Mac viruses, malware and security flaws

Multi-color computer code displayed on a Monitor

Yes, it’s true: Mac malware, viruses and other security flaws do exist. However, they are very rarely found in the wild. This article details the current known threats to the Mac related ecosystem, while also providing current status and ways that you can alleviate possible threats before they affect your computer.

As always, it’s a good idea to not buy electronics from untrusted sources, as you can open yourself up to various threats, as we’ve blogged about previously.

If you have any questions or would like to discuss further, please let us know!

New WiFi to offer security, speed improvements

Girl holding paper into the sky with outstretched arm, showing cut-out of Wifi logo and trees in the background

Individuals that rely heavily on WiFi may want to hold off on new equipment purchases until they are WiFi 6 (aka 802.11ax) equipped and/or upgradable to WiFi 6. As detailed in this article, the new upgrade will make WiFi faster, while also approving its efficiency in other areas. The speed is almost tripled from WiFi 5 (aka 802.11ac), meaning that it can deliver more speed to more devices. And with its efficiency improvements, the advantages are more apparent through improving the network when lots of devices are connected.

WiFi 6 puts forth new technologies to help mitigate the issues that come with putting dozens of Wi-Fi devices on a single network. It allows routers to communicate with more devices at once, send data to multiple devices in the same broadcast, and lets Wi-Fi devices schedule check-ins with the router. When all is said and done, the result should be that the devices are more likely to maintain top speeds even in busier environments.

In addition to speed improvements, WiFi 6 should provide greater security, as WiFi 6 will need to support WPA3 to receive certification from the Wi-Fi Alliance. WPA3 is the most recent security protocol and the biggest upgrade to the security level of WiFi in a decade. This will make it harder for hackers to crack passwords by guessing multiple times, and make some data less useful even if hackers are able to gain access. Therefore, most devices will include this greater level of security to receive certification.

In order to use WiFi 6, you’ll need a router that supports it. Those that will see the biggest improvements in WiFi performance are those that have WiFi 6 enabled devices and have lots of devices attempting to connect to one WiFi 6 router. At this point, the routers remain relatively expensive, but should become more affordable as time goes on.

If you’d like to discuss WiFi topics like this further, please let us know!

Beware mobile VPN services promoted by scam ads

Mobile phone user holding iPhone with VPN application in use

It is becoming more and more popular for a user to be on a mobile device and receive pop-up windows or be otherwise directed to a site to indicate that you’ve been hacked or are being tracked, and the solutions is to install a VPN (Virtual Private Network) application. A VPN allows the user to connect to another public IP in order to mask their current IP, and encrypt data sent.

With these pop-up redirect ads, what is occurring is that various VPN providers provide affiliate programs, where individuals are compensated for driving traffic to the VPN provider. These individuals create scare-tactic ads that promote users install the VPN application, and in return, the affiliate marketer receives compensation in exchange.

As the article states, if you receive one of these warnings, just close the page. If you are having issues closing the page, close your web browser. Upon re-opening the browser, attempt to close the page if it still exists. Also, closing the page that prompted the redirection is also advised, to prevent further issues. Also, NEVER install any applications being promoted on these sites, as they could install any variety of malware onto your device.

Please let us know if you have questions or would like to discuss setting up a more secure VPN into your computing environment!

Microsoft admits hackers had access to online email

Computer with new email notification displayed

For the first three months of 2019, Microsoft has admitted that hackers had access to some details of certain Outlook.com email accounts. As this article states, Outlook.com is the web version of Microsoft’s email service, and this online service was previously known as Hotmail. Per Microsoft, “this unauthorized access could have allowed unauthorized parties to access and/or view information related to your email account …but not the content of any emails or attachments.”

While it appears no actual emails were read or attachments were accessed, this is an important reminder that being online brings its share of risks to user data. It’s a smart idea to use an actual email application to view email, in companion with a web browser, and to store as much email off-line as possible. This will help in prevention of potential data access in the event your email account gets hacked.

In relation to this, and as has been mentioned before, it is important to ensure the safeguarding of passwords, for email and other sites. It is good practice to change passwords periodically throughout the year. By doing so, there’s less of a chance that the current password is in the hands of hackers if it is changed more often, in the event an account is compromised. Also, never send password or login information via email, as this just opens user’s data to easily being compromised.

As always, please contact us if you have questions or would like to discuss further!