thewayne: (Cyranose)
First, Apple. An exploit was found and weaponized that can root an iPhone or, apparently, also an iPad. You need to update your devices RIGHT NOW is you're running iOS 9. It will update your devices to 9.3.5. It's a small patch, less than 40 meg, so a fairly quick and painless update.

http://arstechnica.com/security/2016/08/actively-exploited-ios-flaws-that-hijack-iphones-likely-spread-for-years/


Windows 10 also has a big problem that is currently not patched, so it requires a registry edit to close the hole.

To update the registry, do the following steps:
Click the Start button, and in the search field, type in "regedit", then select "regedit.exe" from the list of results
Navigate through the tree to "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad"
Once you have the "Wpad" folder selected, right click in the right pane, and click on "New -> DWORD (32-Bit Value)"
Name this new value "WpadOverride"
Double click the new "WpadOverride" value to edit it
In the "Value data" field, replace the "0" with a "1", then click "OK"
Reboot the computer

Obviously this is not a trivial thing to do and messing with the wrong keys and values can brick your computer. I'm not sure if this is also a problem in earlier editions of Windows, so you should do a bit of research before doing something like this. It's already been fixed in most Linux distributions and also in MacOS.

https://it.slashdot.org/story/16/08/13/0149241/disable-wpad-now-or-have-your-accounts-compromised-researchers-warn
thewayne: (Cyranose)
The good news is that a non-technical jury found that Google's use of Java to create Android was not infringing. Oracle has been suing Google over this for years and the jury came back after three days of deliberation and said Google was OK with what they did. Considering that Sun, who was bought out by Oracle, also thought it was OK even though Sun didn't like it, probably was a key factor.

Revealed in the testimony was that Oracle tried to develop their own phone using Java and couldn't.

I'm not a huge fan of Google. Yes, their products are pretty good, and I use their search engine, maps, and Gmail regularly. It's their original 'Don't be evil' mantra that bugs me because they monetize everything. Now, a business has to make money to survive in business, but why couldn't they be more upfront about it?

The basic standard is that if you're not paying for a service, then YOU (and your information) is the product being sold.

Oracle is, of course, going to appeal the verdict. Had Google lost, it is rumored that they could ask for as much as $9 BILLION dollars, insert your best Dr. Evil voice as needed.

http://arstechnica.com/tech-policy/2016/05/google-wins-trial-against-oracle-as-jury-finds-android-is-fair-use/


The bad news concerns Apple. Amongst the many lawsuits against it at any given time was one from VirnetX that claimed that Apple was infringing against its patents with its Facetime and iMessage apps. Yesterday they lost the case. VirnetX is a patent troll: they buy lots of patents, wait for a product that is vaguely similar to be successful the go crying to the East Texas courts. VirnetX claims that Apple has done irreparable harm to its brand, even though they've never produced a product and no one has heard of them outside of the patent troll game.

So Apple may have to cough up a heck of a lot of money, or possibly turn off iMessages and Facetime, which would suck in a major way and probably FINALLY! get the attention of Congress and the need for patent reform.

Me, personally, I don't use Facetime but I can appreciate the product. I use iMessages regularly, and I love the fact that my texts, which are all so sexy and top secret, are very strongly encrypted and my cell carrier can't see them since they're shunted through Apple's servers. So I would hate to see them go.

Apple is, naturally, going to appeal the decision.

http://arstechnica.com/tech-policy/2016/05/patent-troll-that-beat-apple-now-wants-judge-to-block-facetime-imessages/

However....

Apple just hired the co-founder of Silent Circle, Blackphone, and PGP Corp. Jon Callas is an expert when it comes to encrypted communications, so presumably he's going to beef-up Apple crypto and possibly revamp iMessages and Facetime so they're even more secure and perhaps no longer infringe on VirnetX's patents.

http://www.reuters.com/article/us-apple-encryption-callas-idUSKCN0YF2J1
thewayne: (Default)
Starts at $350-500 and tops out at $10K or so, the one that I want starts at $550.

Sorry, I think I'll stick with the Pebble that I ordered. But it does look pretty sweet, I just don't want that much money in a wristwatch.
thewayne: (Cyranose)
First, Apple. Today they released a patch for OS-X to fix Bash, the question is how complete is the patch. Everything that I've heard thus far is that the patches for various *nix distros are partial and that a further patch will be required. So I don't know where that stands. I was not able to find the patch in Mac's Update service, but the direct links in the article worked fine. No computer restart required.

http://krebsonsecurity.com/2014/09/apple-releases-patches-for-shellshock-bug/


Now, Jimmy John's sandwich shop hack. 216 JJ's were compromised, the number of cards stolen is not mentioned in the article. Here's the problems, and I'm using the plural purposely. First, it was a service vendor, Signature Systems, that was compromised, so another 100 mostly mom & pop operations were also affected. They're spread all over the USA, no significant geographic clumping.

But the fun doesn't end there, oh no! Anyone who processes credit cards has to be certified to be PCI-compliant, there are different levels of certification depending on how what your credit card volume is. The auditor company who certified Signature Systems is the only auditor to have their accreditation CANCELLED by the processing card industry.

But wait, there's more! In addition to the auditor losing their certification and going out of business, one model of cash register system installed by Signature Systems was not certified as of late October 2013, and many systems were installed after that date! Even though lawsuits would be flying around regardless, these are going to be interesting because clearly Signature Systems was grossly negligent.

http://krebsonsecurity.com/2014/09/signature-systems-breach-expands/


And finally, my wife and I had an interesting experience in Las Cruces last week. While we were in town, every time I used my card on my wife's account, it was declined. We called the bank and we had a very healthy balance in the account, unfortunately my wife left her wallet at home, so we had to use my cards. Fortunately my account's card worked fine. We thought maybe it was because we were 100 miles from home, but we're frequently in 'Cruces, so it was odd. When we got back to Alamogordo that night, it was declined yet again at a bookstore (three Eric Clapton CDs). As it happened, the clerk also worked at the issuing bank, and she said a whole bunch of cards had been cancelled because of the Home Depot breech. Checked my mail the next day and there was a brand new, bright shiny card. The old one met the shredder. I got my Amazon account reconfigured, received a text message from DirecTV and got them reconfigured, and I think I'm now good.
thewayne: (Default)
Basically it's so thin, and packs in so big a battery etc., that everything had to be glued in to make it fit in as thin a package as Apple wanted. They went to the extreme of manufacturing the Retina display directly in the lid, which means the least problem and it's replacement time, which is VERY expensive.

iFixit, a well-known repair depot for Apple gear who publishes DIY repair manuals, tears apart every Apple product as soon as they get their hands on it. The previous model MacBook Pro's scored 7 of 10 for being repairable, apparently a very good score. The current model? 1/10.

The sad thing about it is that laptop will set you back $2,000. I'm used to paying more for Apple laptops because I think they deliver good value and longer life. But a product that cannot be serviced? If I could get a four-year warranty on it, that would be one thing.

This is going to make my next laptop purchase very difficult. My first Mac, a MacBook Pro, was bought around five years ago and it was retired last December, replaced with an Air. Though there are no user-servicable components, to the best of my knowledge it is serviceable. I got a good four and a half years out of my first, and I think that is an acceptable lifespan for a laptop, especially as much as mine travels. A $6-700 laptop, obviously not an Apple, that lasts three years and can't be serviced? Wouldn't sting as much.

http://www.wired.com/gadgetlab/2012/06/macbook-pro-unfixable/
thewayne: (Default)
"A German court has ruled that Apple's iPhone and iPad devices infringe a Motorola patent and issued an injunction against sales of the products in Germany, in the latest move in a long series of legal battles between the companies. It's the latest stage in the international patent conflict that's been raging over mobile devices, which has included the recent Samsung victory over Apple in an Australian court and a defeat for Samsung in a Dutch court."

I wonder if this is Motorola Motorola or Google Motorola?

So crazy. There's only so many metaphors that you can use to express using a computer. So much ridiculous shenanigans going on: I recently received an email notification of a class action settlement against Ticketmaster that I would get $1.50 credit IF I BOUGHT ANOTHER TICKET FROM TICKETMASTER. Certain types of attorneys are definitely in the right biz.

http://apple.slashdot.org/story/11/12/12/006203/german-court-issues-injunction-against-iphone-ipad
thewayne: (Default)
Basically when iTunes launched in Windows, (prior to the 10.5.1 update) it would send an unencrypted HTTP request. If you controlled someone's network upstream of their computer, you could intercept this request and proffer an "update" that was malware that could give the government all sorts of information that you might rather they didn't get, including the ability to listen to Skype conversations before they are encrypted.

Just the thing if you're living in an Arab Spring country.

The sad thing is that Apple was informed of this flaw in 2008. They fixed it last week.

It only affected Windows users of iTunes (and probably, by extension, Safari) as the Mac OS-X updater is a more secure subsystem.

http://www.h-online.com/security/news/item/iTunes-security-vulnerability-had-been-present-for-over-three-years-1384718.html

http://apple.slashdot.org/story/11/11/25/1343201/itunes-flaw-allowed-spying-on-dissidents
thewayne: (Default)
The patch will encrypt the location database and force it to recycle. Also, if you turn off the location tracking option, it will not store location information in the table.

In the Wired article, Apple says: "Apple calls this “crowdsourcing” location data, because millions of iPhones are collecting this data and transmitting it to Apple to build its comprehensive location database to assist with location services.

“Calculating a phone’s location using just GPS satellite data can take up to several minutes,” Apple said. “iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements).”
"

http://www.wired.com/gadgetlab/2011/04/iphone-location-bug/


In the Q&A, "4. Is this crowd-sourced database stored on the iPhone?
The entire crowd-sourced database is too big to store on an iPhone, so we download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone. The backup is encrypted or not, depending on the user settings in iTunes. The location data that researchers are seeing on the iPhone is not the past or present location of the iPhone, but rather the locations of Wi-Fi hotspots and cell towers surrounding the iPhone’s location, which can be more than one hundred miles away from the iPhone. We plan to cease backing up this cache in a software update coming soon (see Software Update section below).
"

Further, Apple claims "The reason the iPhone stores so much data is a bug we uncovered and plan to fix shortly (see Software Update section below). We don’t think the iPhone needs to store more than seven days of this data."

And finally, the fix: "Software Update
Sometime in the next few weeks Apple will release a free iOS software update that:

* reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
* ceases backing up this cache, and
* deletes this cache entirely when Location Services is turned off.

In the next major iOS software release the cache will also be encrypted on the iPhone."


Apple Q&A: http://www.apple.com/pr/library/2011/04/27location_qa.html


http://apple.slashdot.org/story/11/04/27/1326252/Apple-Updating-iOS-To-Address-Privacy-Concerns
thewayne: (Default)
Two people, so far, have filed suit against Apple, and undoubtedly they'll seek (and probably get) class action status. I'm so surprised. *yawn*

http://www.wired.com/gadgetlab/2011/04/iphone-customers-lawsuit-data/

http://www.ibtimes.com/articles/137806/20110425/apple-hit-with-class-action-suit-over-tracking.htm


Meanwhile, Steve Jobs says 'we don't track anyone.' Steve is known for frequently responding to anyone sending him email, someone sent him the following and got a reply:

Q: Steve,

Could you please explain the necessity of the passive location-tracking tool embedded in my iPhone? It's kind of unnerving knowing that my exact location is being recorded at all times. Maybe you could shed some light on this for me before I switch to a Droid. They don't track me.

A: Oh yes they do. We don't track anyone. The info circulating around is false.

Sent from my iPhone


Not a lot of meat there. The MacRumors article goes on to say "As many observers have noted, the iOS location database does not record exact GPS data, instead seeking to pinpoint the locations of Wi-Fi access points and cell towers that the device comes within range of, although the database does offer a clear general track of a user's movements."

http://www.macrumors.com/2011/04/25/steve-jobs-on-ios-location-issue-we-dont-track-anyone/

http://apple.slashdot.org/story/11/04/25/2118249/Steve-Jobs-We-Dont-Track-Anyone
thewayne: (Default)
This story broke a few days ago and is causing quite a kerfuffle. Apparently there is a small database file that stores every location you've ever been to with your iPhone/iPad 3G. The file is uploaded to Apple on a regular basis and is backed up to your computer every time you sync the device.

And Google does something similar with Android phones. Apparently the difference is that the iPhone keeps the location information seemingly forever, the Android phones keeps it for a fixed number of days then I guess it overwrites the oldest info.

Apple claims that it is there to 'improve the user experience', but when you get down to it, it's going to be used to better target advertising and better relate geographic activities available.

Part of the outcry is that 'Apple is tracking your every move!' How does Apple benefit from knowing where I am at any given time? They don't in the specific, they do in the aggregate. They can't sell advertising based on one person's movement, they can in the aggregate. At the same time Apple/Google is tracking your movement, so is your cell carrier. They know precisely where you are whenever your phone is turned on, and it is logged and archived for a long time. Look at what happens if there is a murder investigation: law enforcement subpoenas cell provider records, and they can geomap your whereabouts before, during, and after the murder. I used to work for a taxi company, and our system tracked every car's movement with GPS lat/long coordinates, and we could geomap and timestamp a vehicle's movements to the point of seeing them drive around the block, we did this occasionally when customers called in complaints.

And since the table is backed up every time you sync your phone, if someone steals your laptop, they can know where you go! I think this is kind of a silly argument. If someone steals your laptop, unless they are a government agency or involved in corporate espionage, why would they care? They want the value of the laptop that they can sell it for. I have a password on my laptop, and I'm considering encryption, so I'm not too concerned about it. And theoretically if they steal or find your phone, they can track your location! But it's easy to lock an iPhone and program it to self-destruct the data if the correct code is not entered in X attempts. There's also software via MobileMe that will track your phone's location and allow you to remotely lock it or wipe it.

And it just came out that if you have a Mac and use Apple's Safari browser, it also tracks location data there.

So your cell phone company has the location info, your cell phone maker has less precise location info. How important is it?

I really don't know. The data in the iPhone is stored in a SQLLite database. I'm wondering if you could open a SQLLite program, open the database, zero the contents, and then restore the phone from the backup, thus zeroing the data on the phone.

I think that we'll probably see Congress writing some letters to Mr. Jobs asking for an explanation, and it wouldn't surprise me if in a couple of months there's an iOS update that has better geolocation opt-out features. Regardless, your cell provider will always track your location, they're legally required to for emergency 911 services.

Oh, and if you're interested, there's an app that you can download for the iPhone that will read this table and geomap it, so you can see where it has tracked your location.

Myself, I don't own an iPhone yet, supposedly the iPhone 5 will launch later this year, probably August-ish. I'll look at them at that point and get either a 4 or 5. I don't think I'm particularly concerned at this point, especially since you're always going to be tracked by your cell carrier. It's going to be used to target advertising, something that I'm very good at ignoring, it's just another one of life's little annoyances.

http://www.wired.com/gadgetlab/2011/04/iphone-location/


NPR also has a story on this: (heck, all sorts of sites have stories on this)

http://www.npr.org/blogs/thetwo-way/2011/04/20/135570632/researchers-apples-iphone-keeps-track-of-every-little-place-you-go


Yes, you can turn off location tracking in your phone's preferences, but it doesn't really disable this particular thing. The option just prevents applications from accessing location info, and it's questionable if it actually does that.
thewayne: (Default)
"As of Wednesday, Wall Street valued Apple at $222.12 billion and Microsoft at $219.18 billion. The only American company valued higher is Exxon Mobil, with a market capitalization of $278.64 billion."

Probably pushed over the top by the iPad sales, they're apparently moving 200,000 units a week. It'll be interesting to see if this continues. It's also going to be quite interesting by the end of the year when Google Android slate machines start hitting the street.

http://www.nytimes.com/2010/05/27/technology/27apple.html?hp=&adxnnl=1&adxnnlx=1275235226-YDtql5rarhbl1HwLc4cV8A

http://apple.slashdot.org/story/10/05/26/228232/Apple-Surpasses-Microsoft-In-Market-Capitalization?art_pos=13
thewayne: (Default)
I should have posted this last week. Very cool story: owner has Mac laptop stolen when apartment is robbed. Owner works at an Apple store and is smarter than the average bear. Friend calls owner to express surprise that the owner got the laptop back as a chat program shows the owner is logged on. Owner uses a remote-control program, Back To My Mac, to activate the laptop's web cam and take a picture of the guy using said laptop. Picture is turned in to the police, laptop and all stolen possessions are recovered.

You just can't get a happier ending than that! Property recovered, perps do the perp walk and go to jail.

Original article: http://www.nytimes.com/2008/05/10/nyregion/10laptop.html?_r=1&oref=slogin

Slashdot thread: http://entertainment.slashdot.org/article.pl?sid=08/05/11/0133232

And a Macosxhints.com has a post describing better ways of doing it, including rigging it so that it takes a picture every time someone logs on to your computer or opens the lid: http://www.macosxhints.com/article.php?story=2006120918170984. That's what I'm thinking about doing as my main non-work computer is a MacBook Pro that has said built-in web cam, I want it to also FTP the picture up to my web site when it gets an internet connection.

Now, granted, this is specific to the Mac. But lots of laptops are coming equipped with web cams now, so I would expect there are similar background programs for the Windows and *nix environments.
thewayne: (Default)
They had a sale at the campus bookstore last Friday so I went ahead and bought two copies. I'm in no hurry to install it as I've heard reports of incompatibility with Adobe CS3, so I'll wait a bit, maybe I'll do it when we're in Phoenix in case we have problems, the Apple store is only a few miles away. Still, no reason not to read up on a few things.

Tweaking the User Interface

MASSIVE Ars Technica review (15 pages or so of material) (and the Slashdot thread thereof)

First look at installing it

July 2017

S M T W T F S
       1
23 4567 8
910 11 1213 14 15
16 17 18 19 202122
232425 26 272829
3031     

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jul. 27th, 2017 12:37 pm
Powered by Dreamwidth Studios