https

Apple has finally fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications.

The flaw arose because Apple neglected to use encryption when an iPhone or other mobile device tries to connect to the App Store, meaning an attacker can hijack the connection. In addition to a security flaw, the unencrypted connections also created a privacy vulnerability because the complete list of applications installed on the device are disclosed over Wi-Fi.

It also allows the installation of apps, including extremely expensive ones that top out at … Read more

After upgrading to Mountain Lion, some OS X users have run into what appears at first glance to be a DNS-related problem in which they can't access certain Web pages. While most Web connectivity seems to work just fine, when accessing special pages like HTTPS (Hypertext Transfer Protocol Secure) connections the connection times out, resulting in programs like Safari claiming the server could not be contacted.

If you are having this problem, then try copying the server URL from your browser or other application and pinging it directly in the OS X Terminal using the following command:

ping www.… Read more

Apple's use of HTTPS for its App Store isn't winning it any friends from the Chinese government.

The company seems to have recently turned on the more secure protocol for its App Store. Before that switch, censors in China could block Chinese users from searching for certain types of apps, such as VPN software, according to Greatfire.org, which monitors Chinese Internet censorship.

Searching for such apps would cause the actual connection to reset, meaning users in China couldn't download them even if they were available in the Chinese App Store.

But now with the more secure … Read more

After updating to OS X 10.8.2, a number of people who use Apple's Parental Controls feature have reported that it is rejecting all Web sites that use the secure HTTPS protocol, which can include financial and educational sites, but also some popular commercial sites like Google.

Parental Controls allows an administrator to set time limits and content filters for a specific user account, including restrictions on Web access. Since secured Web sites that use the HTTP protocol cannot be properly examined for approval by this service, when site filtering is enabled they are blocked by default and … Read more

Searching on a popular search engine nowadays does not guarantee an anonymous state. When you click on a search result, your computer automatically sends information such as search terms, IP addresses, and the date and time that you landed on a site. But when this information is paired with additional account information, your odds of being uniquely identifiable increase tremendously.

For this week's Freeware Friday, check out some of our favorite tools to boost the privacy of your online experience and reduce leakage of sensitive information.

Disconnect (Firefox, Chrome) Disconnect is a browser extension for Chrome, Firefox, and Safari … Read more

The owner of the Qwikster Twitter handle is banking on selling it to Netflix, Verizon unveils a $99 4G LTE capable smartphone, and Google Wallet finally launches with support only on Sprint's Nexus S 4G phone so far.

Links from Tuesday's episode of Loaded:

The security add-on for Firefox called HTTPS Everywhere (download) that forces HTTPS encryption on numerous popular Web sites has graduated to its first stable release, about a year after it was released into public beta.

The tool does not let you force HTTPS (Hypertext Transfer Protocol Secure) willy-nilly on Web sites. Instead, it includes a series of rules that supports sites that allow HTTPS encryption. The Electronic Frontier Foundation said in the blog post announcing the release that it encompasses more than 1,000 popular sites, including Google Search, Wikipedia, Twitter, Facebook, bit.ly, GMX, Wordpress.com blogs, The New … Read more

Twitter has tweaked its security settings to offer an option to always enable Hypertext Transfer Protocol Secure, or HTTPS.

Although the more secure setting has always been available, in the past Twitter users had to browse specifically to https://twitter.com to take advantage of it. Now, the tighter security is a new option found in the Twitter settings page.

Clicking on your account name in Twitter and then selecting Settings brings up the appropriate page. From there, you'll see the new option at the bottom of the page. Checking "always use https" ensures that each Twitter … Read more

Sen. Charles Schumer wants online companies to switch to a more secure protocol to better protect consumers who access Web sites via public Wi-Fi hot spots.

The New York Democrat yesterday issued a call to such companies as Amazon and Twitter to switch their default pages to HTTPS from HTTP to help prevent cybercriminals from stealing online passwords and credit card numbers over public Wi-Fi networks. In his request, Schumer said that programs such as Firesheep allow even hackers with no programming skills to easily capture usernames, passwords, browsing history, and other private information from unsuspecting users in spots with … Read more