“Following yet more privacy concerns over iCloud, Apple has decided to spell out very clearly how to ensure you’re visiting the genuine iCloud page,” Jamie Condliffe reports for Gizmodo.
“Apple explains that it’s ‘aware of intermittent organized network attacks using insecure certificates to obtain user information’ via iCloud,” Condliffe reports. “So, in other words, hackers seem to be exploiting the fact that humans are occasionally dumb to steal their data, by duping them into believing they’re visiting the real iCloud when in fact they’re not.
Condliffe reports, “That, of course, raises the question of how you do know if you’re looking at the right site. Fortunately, Apple’s put together a useful visual guide to help. When you’re connected to the real iCloud in Safari, you should see a green lock in the toolbar. Click it; it should say ‘Safari is using an encrypted connection to www.icloud.com.'”
Info for other, lesser browsers in the full article here.
MacDailyNews Take: Green locks. That’s what you want to see.
Good info to know.
The green lock icon is a little cryptic in itself, either by choice of the UI people or the security designers. Take your pick.
I wonder what guys with green color-blindness see? Stupid Apple.
A padlock. Does the color really tell you whether to click it or not?
I believe the opposite of the green padlock is not simply a red padlock. Aren’t there other changes to the icon, like an “X”?
——RM
I see more issues with Phising and sending people to fake URLs with Safari in Yosemite. Now instead of seeing the full URL, Safari displays the title of the page, which doesn’t show the URL until you click in the address bar.
in Safari go to safari – preferences – advanced – check box for “Show full website address”
full web address is now in the bar
I wonder how many additional lines of code it took to
1. hide the full address in the first place?
2. implement the checkbutton to turn it on and off and all of the attendant plist code to keep track of it?
3. waste the space at the beginning of the address and make is gracefully fade away at the end of the field to the point where you still need to click on it to see the whole address?
Form over function.
Apple has been dumbing down the OS and interface for years. They want dumb sheeple consumers who will trade up instead of upgrade.
Apple has been making the OS easier to use for people who aren’t technogeeks. There are a lot of folks out there who don’t even know what a URL is, and for them, the lengthy string of seemingly random characters that comprise one is meaningless and confusing.
Calling these folks “sheeple” just because they don’t share your interests seems pretty arrogant, not to mention cruel.
I have no objection to ease of use, but let us turn it off. In the case of URLs the option is provided, but in many others Apple has hidden preference settings that used to be easily set through the GUI.
Unlike many, I have no desire to spend my day in Bash (command line).
Yeah, just like those care companies that came up with automatic transmissions. Creating dumb, sheeple drivers ever since.
Grow up.
Dustin, it is easier to spoof a URL than what Apple is doing. The spoofer merely has to fake out a long domain name that begins with the correct name but ends with something wrong that is hidden by being off the URL window. This approach has been used multiplet times to spoof users into thinking they are on a legitimate site with a long address for the log on. Apple’s approach is actually better. If shows the official URL Domain name. You would see the extended spoofed name instead. a dead give-away you are on the wrong site.
IOS Safari gives you the green lock icon in the address bar too, but within this MDN window, hitting that iCloud.com link in the article puts you in a page where there is no address bar or any other indication that it’s the real iCloud.com.
If Windows thinks it’s not genuine it’ll automatically download terabytes of extreme pornography to your local drive and then secretly email death threats to your local law enforcement using your id.
How hard is it for hackers to match the green lock image?
I have received several emails from “Apple” asking me to click link to update my security prefs or something.
Looked “fishy”…no Apple tm’s, etc.
So, I checked MDN to see if they had posted any info. They usually do if there is some system-wide upgrade or request. Zip. Nada. So, in the trash they go followed by a delete trash.
Beware and be wary. The first line of defense from schemes to defraud consumers is us the consumers.
And thanks to MDN for excellent continuing coverage and links. Not only are y’all fun and interesting, but helpful too boot. Good on ya!
No green lock on the Safari page on the iPad.
GREY IS BAD.
The new Yosemite interface is horrible. Skinny grey font is hard to read. Without frames, there are practically no places to easily grab and drag windows. By default Yosemite hides things that are important. Why do away with window titles? Why turn off full URL? Apple once again degrades usability so it can push its latest fashion. Once again, the user has no real control over important things like system font and window colors. That sucks. Even Microsoft realizes that there is no “one size fits all” when it comes to fonts.
Ive’s hideous iOS has been applied to OS X and it is not appropriate. No Mac has the limitations in screen space that the iOS gadgets have, so why does Apple continue to dumb down the Mac OS ??? It’s ugly and its very frustrating. Apple should be spending its resources updating the creaky antiquated HFS file system.
Moreover, Yosemite offers no performance increase. Anyone who claims so is deluding themselves. If anything, the ugly and pointless translucency INCREASES GPU loads at all times, with zero benefit to the user. WHY, Apple??? Color bleedthrough looks like grey barf on most windows. As a developer, you can’t control what background and what other windows might be open on a desktop, so now you have no ability to guarantee an attractive color palette for your app. As a user, I am horrified. I am seriously thinking of reinstalling Snow Leopard.