🐱‍💻 Ah, the relentless pursuit of complicating simple tasks on macOS! Now you can secure your #SSH keys with an impenetrable fortress of confusion, courtesy of the Secure Enclave™. 🔒💡 Because who doesn’t love to spend all day refreshing tabs just to feel secure? 🙄
https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf #macOS #Security #SecureEnclave #TechHumor #ComplicatedSolutions #HackerNews #ngated

"UltraLocked: Tính năng bảo mật tệp tin trên iOS sử dụng Secure Enclave, mã hóa end-to-end, tự hủy tệp tin và không lưu trữ trên đám mây. #UltraLocked #BảoMật #iOS #SecureEnclave #Encryption #ZeroKnowledge"

https://www.reddit.com/r/SideProject/comments/1ozn3u7/built_a_zeroknowledge_file_vault_for_ios_after/

The Best iPhone Privacy and Security Settings to Change on Your Apple Device (2025)

https://fed.brid.gy/r/https://www.wired.com/story/iphone-privacy-and-security-settings/

Explainer: FileVault

https://web.brid.gy/r/https://eclecticlight.co/2025/10/18/explainer-filevault-2/

Der Trump-Intel-Deal ist offiziell: US-Regierung beteiligt sich mit 8,9 Milliarden Dollar an Intel
Die US-Regierung steht nun offiziell als Anteilseignerin von Intel fest. Ziel ist es, die Halbleiterproduktion im eigenen
https://www.apfeltalk.de/magazin/news/der-trump-intel-deal-ist-offiziell-us-regierung-beteiligt-sich-mit-89-milliarden-dollar-an-intel/
#News #Tellerrand #Aktien #China #CHIPSAct #Halbleiter #Intel #Investition #SecureEnclave #Technologie #Trump #USRegierung #Wirtschaft

Die verschiednen Apple-Sicherheitsstufen zum Schutz Deiner Daten
Die Sicherheit persönlicher Daten steht für viele Nutzer:innen im Zentrum digitaler Technologien. Apple fokussiert dies
https://www.apfeltalk.de/magazin/news/die-verschiednen-apple-sicherheitsstufen-zum-schutz-deiner-daten/
#iPhone #Mac #News #AppSicherheit #Apple #BootROM #Datenschutz #FileVault #Gerteverwaltung #HomeKit #iCloud #iMessage #iPhone #KernelIntegrity #Netzwerk #SecureEnclave #Sicherheitskonzept #Verschlsselung

Platform SSO for macOS is great for UX ánd for security.

Just unlock your Mac with Touch ID to get hardware-backed auth to the IdP; phishing resistant and with SSO across native Apps and web-based services.

https://support.apple.com/guide/deployment/platform-sso-for-macos-dep7bbb05313/1/web/1.0

#passwordless #secureenclave #apple

Book Review: Red Team Blues

https://whalers.ir/blog/book-review-red-team-blues/3858/

Apple plant angeblich neue Smart-Home Türklingel mit Face ID
Apple könnte bald einen weiteren Schritt in den Smart-Home-Markt wagen. Gerüchten zufolge arbeitet das Unternehmen an einer neuen Türklingel, die mit fortschrittlicher Gesichtser
https://www.apfeltalk.de/magazin/news/apple-plant-angeblich-neue-smart-home-tuerklingel-mit-face-id/
#News #Zubehr #AppleTrklingel #Datenschutz #FaceID #HomeKit #HomeKitSecureVideo #Ring #SecureEnclave #Sicherheitskamera #SmartHome #Trffnung #WiFiChip

Forscher: Neues iPhone-Sicherheitsfeature „Inactivity Reboot“ entschlüsselt
Apple hat mit iOS 18.1 ein neues Sicherheitsfeature eingeführt: den „Inactivity Reboot“. Dieses Feature sorgt dafür, dass sich iPhones automatisch neu starten, w
https://www.apfeltalk.de/magazin/news/forscher-neues-iphone-sicherheitsfeature-inactivity-reboot-entschluesselt/
#News #Apple #BFUModus #Cellebrite #InactivityReboot #IOS181 #iPhoneSicherheit #JiskaClassen #Pegasus #ReverseEngineering #SecureEnclave

Nowa funkcja bezpieczeństwa „Inactivity Reboot”

Badacz bezpieczeństwa Jiska Classen (Naehrdine) wykonał reverse engineering funkcji „Inactivity Reboot” wprowadzonej w iOS 18.1.

Apple nie ogłosiło tej funkcji publicznie, ale działa ona poprzez Secure Enclave Processor (SEP), który monitoruje czas od ostatniego odblokowania i automatycznie restartuje urządzenie po trzech dniach braku aktywności.

Działanie i zabezpieczenia:

• SEP wysyła sygnał do systemu, aby wymusić restart i wprowadzić iPhone’a w tryb BFU (Before First Unlock), gdzie wszystkie pliki są zaszyfrowane do czasu podania kodu odblokowującego.
• System zapobiega próbom obejścia restartu, np. wymuszając „kernel panic,” a dane analityczne są przesyłane do Apple w stanie „aks-inactivity.”
• Funkcja skutecznie utrudnia włamania, chroniąc urządzenia przed narzędziami jak Cellebrite czy Pegasus.

Apple nie ujawnia szczegółów SEP, co dodatkowo utrudnia złamanie tej funkcji, nawet przy użyciu narzędzi typu jailbreak.

Funkcja ma chronić użytkowników przed wyciekiem danych, także w przypadku kradzieży. Więcej szczegółów na blogu Jiski Classen.

Z pełną analizą zapoznać możecie się tutaj.

#badacz #Bezpieczeństwo #InactivityReboot #iOS181 #SecureEnclave

Apple plant umfassende KI-basierte Siri-Überarbeitung zur Steuerung einzelner App-Funktionen
Apple Inc. plant eine umfassende Überarbeitung seines virtuellen Assistenten Siri mit fortschrittlicher künstlicher Intelligenz. Diese Neue
https://www.apfeltalk.de/magazin/news/apple-plant-umfassende-ki-basierte-siri-ueberarbeitung-zur-steuerung-einzelner-app-funktionen/
#KI #News #AppFunktionen #Apple #Datenschutz #GoogleGemini #IOS18 #KI #OpenAI #SecureEnclave #Siri #Sprachsteuerung #WWDC2024

I'm a huge fan of #biometrics as part of secure #authentication and #authorization, but the dirty little secret no one is talking about (yet) is that the source of compromised #biometricdata can't be changed or replaced. If your system's #secureenclave or #HSM gives up the goods, you can't change your face, fingerprint, or retinal pattern. Such systems need additional safeguards to avoid the biometric version of a #replayattack, ensuring that re-enrollment results in new set of #quantumresistant cryptographic values.

https://venturebeat.com/security/the-password-identity-crisis-evolving-authentication-methods-in-2024-and-beyond/

Apple mashing together Darwin / XNU and L4 into Darbat as part of creating SEPOS (sepOS?) and the secure enclave…

https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf

…reminded me of a bit of obscure research from back when Digital Equipment Corporation (DEC) was still a thing, when OpenVMS (then known as VAX/VMS) was ported onto the Mach kernel:

https://fossies.org/linux/freevms/doc/Usenix_VMS-on-Mach.PS

There are lots of reasons why that (never-released) port could have been useful, but neither VAX nor Mach really had the necessary performance back then. L4 does better.

#digitalequipmentcorporation #DEC #retrocomputing #History #history #OpenVMS #VAX #VMS #Apple #SEPOS #L4 #secureenclave #SEP #Mach

SSH Keys ide Secure Enclave?
Yes, please!
#apple #secureenclave #tpm #ssh

https://github.com/maxgoedjen/secretive

@margio

Ah la #SecureEnclave che è stata decriptata nel 2017 e bucata nel 2020?

https://9to5mac.com/2020/08/01/new-unpatchable-exploit-allegedly-found-on-apples-secure-enclave-chip-heres-what-it-could-mean/

Più o meno le stesse promesse offerte da Intel SGX le cui vulnerabilità sono ampiamente documentate https://en.wikipedia.org/wiki/Software_Guard_Extensions#Attacks (la mia preferita è la LVI)

Chi ha accesso fisico all'hardware può fare quel che vuole. E non è affatto difficile ottenerlo, perché il cellulare te lo porti dappertutto.

Leggi cosa riescono a farci i professionisti: https://www.journalofdemocracy.org/articles/subversion-inc-the-age-of-private-espionage/

> a patto di avere con se un loro device

Esatto.

Nonostante tutte queste vulnerabilità, queste aziende investono su queste tecnologie proprio per poter avere tutte le uova di tutti nel proprio paniere.
Nemmeno una basilare differenziazione del rischio.

E se mai dovesse servire, loro possono inviarti un bell'aggiornamento di sicurezza personalizzato, prendere tutti i dati biometrici che tu ritieni al sicuro nella "Secure Enclave" e nascondere tutto prima del secondo riavvio.

Invece una password che sai solo tu e puoi cambiare quando ti pare non ti espone a questi rischi.

Ma io ne capisco poco eh... 😉

@prevenzione
@Songase975