Agency joining with Apple, AT&T in opposing sale of cell phone customer data
Following a similar move by Apple last Thursday filed with the Delaware bankruptcy court handling the sale of some RadioShack assets, the US Federal Trade Commission has sent the court a list of conditions for the sale of the electronics retailer's assets that would be needed to protect personal privacy of cellular service customers who bought their equipment and/or service from RadioShack. Neither Apple, nor fellow filer AT&T, are seeking to block the overall sale.
Security focus, device design key to BlackBerry revival, claims CEO Chen
BlackBerry will start to make money on smartphone sales again in the future, the manufacturer's chief executive has insisted. In an interview, CEO John Chen revealed he continues to believe Blackberry's devices business will become profitable, with the company's refocusing on enterprise and government customers forming a central part to the rejuvenation plans, instead of the consumer market.
Still using BlackBerry for personal phone, new account designed to be passed on
US President Barack Obama, still well known for using a specially locked-down BlackBerry as his personal smartphone, used a White House Executive Office-registered iPhone to post the first tweet on Twitter from his own @POTUS account. Improvements in security made to the iPhone starting with iOS 8 have apparently made the device worthy of being used by the President. Unlike other official presidential Twitter channel, Obama himself will tweet from the @POTUS account.
New P2P instant messaging app helps keep conversations private
It's hard to have a conversation about the Internet without also having a conversation about privacy, or the lack thereof. As a response, BitTorrent Bleep is a new messenger service brought about by a desire for a little more privacy than the average text or IM program. We sat down with Bleep to see just how well this newcomer holds up to its promises.
Xbox Live ban for game testers leaking early details of Microsoft remake
Microsoft's rumored remake of the Gears of War franchise is being marred form accusations that it is being overprotective of its intellectual property. A game testing company has alleged that Microsoft is making some of its staff's Xbox One consoles unusable as a punishment for the leaks, a claim that Microsoft has refuted, denying it has 'bricked' the consoles in question.
Attack called 'sneaky,' permission to install mod also gave malware permission
A pair of high-profile game modifications to open world title Grand Theft Auto 5 for Windows are infected with malware, straight from the tinkerers. The "Angry Planes" and "No Clip" mods, one of which was featured by gaming enthusiast site Kotaku, have both been confirmed to be infected by a keylogger known as Fade.exe, which is implanted and given permission to run by the user during the process of installing the modification to the game.
End-to-end encrypted messaging app from BitTorrent adds screenshot protection
BitTorrent has made its private and secure messaging app available to all potential users, following an invitation-only alpha testing period last year. Alongside the existing Windows, OS X, and Android versions, Bleep has finally made the transition to iOS, allowing iPhone and iPad owners to use the end-to-end encrypted, peer-to-peer messaging service.
New device could be more attractive to thieves than iPhone, though harder to steal
While the Apple Watch contains a number of security features designed to protect users' data in the event of theft or misplacement, it lacks an "Activation Lock" type feature as seen on the iPhone (and more recently, other smartphones), which makes the device more attractive to thieves, according to a new report. Although Apple is likely to add additional security features to the device moving forward, at present a thief could reset the device and pair it to a new iPhone easily.
Contentious utility ignored Apple guidelines, created zero-day exploit
Controversial software package MacKeeper -- long a sore spot with veteran users due to its aggressive and fear-based advertising, reputation for causing more problems than it might solve, and deliberate difficulty and obfuscation when users want to remove it -- has often been labelled junkware, extortionware, trickware, or even a form of malware in its own right, despite the company's protestations. A security researcher has now found, however, that the program contains a critical security flaw that leaves users vulnerable to attack.
Data collection will continue until reconsidered by district court
The US National Security Agency (NSA) has been handed a defeat in appeals court. A three-judge panel in the Court of Appeals for the Second Circuit has ruled that the NSA phone records collection "exceeds the scope of what Congress has authorized" in Section 215 of the Patriot Act. However, the denial of a motion filed by the American Civil Liberties Union to suspend data collection by the NSA has been upheld, so data collection will continue for the time being.
Minor update patches WebKit security flaws in Yosemite, Mavericks, Mountain Lion
On Wednesday, Apple updated its Safari browser for OS X 10.8 (Mountain Lion), 10.9 (Mavericks), and 10.10 (Yosemite) to versions 6.2.6, 7.1.6, and 8.0.6, respectively. The updates applied patches to discovered security flaws in WebKit, the underlying engine of Safari, that could have been exploited if left unfixed. Potential problems that could have arisen from the flaws could have resulted in crashes, access to filesystem contents, or allowing a site to spoof a user interface. The updates as relevant will appear in the Updates tab of the Mac App Store.
Action rooted in security, but poses issues for jailbroken devices
Continuing with recent custom, Apple has stopped "code-signing" iOS 8.2 for security reasons. The move, intended to protect users, does make downgrading back to earlier versions impossible, and prevents users with jailbroken devices in iOS 8.2 from updating. The code-signing procedure, which applies to both Apple and iOS or OS X developers, is designed to prevent malicious apps from masquerading as legit ones, or for outside parties to inject code into applications.
Claims attackers can acquire fingerprint data before it is secured
The fingerprints of owners of some Android smartphones could be acquired by hackers, researchers claim. A flaw, said to affect the Samsung Galaxy S5 and other unnamed Android devices, allegedly allows an attacker to copy the biometric data on the device itself, suggesting that fingerprint-based security on Android is not as secure as first thought.
Exploit puts iOS devices in reboot loop, only fix to exit range of router
Security firm Skycure have divulged the existence, but not the actual exploitation method, of a exploit in iOS that allows a Wi-Fi provider to reliably crash an iOS device upon connection to a known access point. The flaw allows a maliciously-crafted SSL certificate to crash the device completely, forcing it into a "repeatable reboot cycle" as long as the device remains within range of the assaulting Wi-Fi network.
Retina 12-inch MacBook can hang during first setup, workaround posted
A new tech note from Apple details a flaw that can occur during the initial setup of the new 12-inch Retina MacBook that causes the process to stop temporarily -- sometimes for a prolonged period -- before finishing. According to the new tech note, Apple recommends that if users experience the issue they can restart the initial setup process by restarting, and can opt to disconnect from the Internet in order to allow the setup to proceed, and then connect to the Internet afterwards. The problem appears to center around Apple ID setup or iCloud account creation.
Recently-fixed AFNetworking library requires app update to close security hole
A flaw in a popular older version of an open-source networking library used by a number of iOS apps could create an exploitable vulnerability, particularly for users who do not keep their apps up-to-date. The issue could allow a hacker to bypass HTTPS security and conceivably steal passwords or other personal data. While the library in question was patched to address the problem three weeks ago, apps which include the older library are still vulnerable. According to SourceDNA, at least 1,500 iOS apps are currently exposed.
Yosemite-only patch seemingly does little to mitigate Rootpipe-based attacks
Researchers from security firm Synack have determined that Apple's latest patch for the "Rootpipe" privilege escalation flaw remain mostly unfixed, even on OS X 10.10 "Yosemite." Ex-NSA staff member Patrick Wardle examined the new patch, and found a new path around Apple's security fix, leaving the computer unprotected from hostile users with physical access. In other developments, the malware is loose in the wild and has been for some time, but is a discrete app and still not a remote attack.
CoinVault victims can use tool to decrypt files encrypted by ransomware
Victims of one strain of "ransomware" may be able to get their data back. A collaboration between the Netherlands Police's National High Tech Crime Unit (NHTCU) and security company Kaspersky, a tool has been created that can be used to decrypt data encrypted by the CoinVault malware, potentially saving many users from paying a random or having to rebuild their data if backups failed.
Trusted Voice Smart Lock option rolling out to stock Android devices
Owners of devices running stock Android will be able to unlock their smartphones and tablets by uttering "OK Google." Following changes to Google Play Services, Android Police reports that the Trusted Voice unlocking option is starting to roll out, appearing in the Smart Lock settings. Users are warned before setting up Trusted Voice that it is "less secure" than a knowledge-based security measure, such as a PIN or a pattern, as "someone with a similar voice or a recording of your voice could unlock your device."
Apple Watch hands-on reports, a look at Photos, new videos, more
Following a longer-than-expected submission process to Apple, we're pleased to report that episode 10 of The MacNN Podcast, along with all previous episodes, has finally arrived on iTunes. Listeners can now search for, subscribe to, and generally wallow in our backlog of tech news, app picks, and bad jokes. The latest episode has a couple of remote reports from Australia and the UK about the Apple Watch concierge try-on experience, the arrival of Photos with OS X 10.10.3, our new videos, and more.
Publication of regulation likely to redouble opposition efforts to regulation
The US Government has released the Federal Communications Commission's Open Internet regulation package to the Federal Register. With publication, the net neutrality and Title II regulation, as laid forth by the FCC, are effective and enforceable starting on June 12.
How and where to download software safely
Look, we're not on Windows PCs here. Yet, even though we don't have the same overwhelming problems with viruses, that doesn't mean we should invite trouble. You can download apps that don't do what they claim, and instead do all sorts of things they shouldn't. Consequently, it is a very good thing that Apple has safeguards in place – yet those same safeguards are a problem for some of the very finest Mac software around.
Exploit demonstrated with physical access, possible remote exploit
Alongside bug fixes and other improvements, Apple has patched a longstanding security flaw which could give users with physical access to a machine root privileges, regardless of assigned permissions. The flaw, indexed as CVE-2015-1130, was reported to Apple in October of 2014, but Apple requested that it be not publicly disclosed until patched due to the "substantial amount of changes" required to fix.
Widely beta-tested, each brings new features to devices
With today's release of OS X Yosemite 10.10.3, Apple is officially releasing its iPhoto replacement program Photos for the Mac. While the program has already been in use on iOS for some time, the new program sits alongside existing iPhoto or Aperture libraries with its own copy, and adds new abilities and features we have previously reported on. The update, leaked earlier today, also brings a non-beta version of iCloud Photo Library and new emoji, while the iOS 8.3 release shares the emoji improvements and adds wireless CarPlay support, along with new Siri accents and languages.
Encrypt attachments before emailing them
People do tend to believe that a Word attachment is emailed out across the Internet as exactly that, a Word attachment: they don't realize that it's converted into something else for transmission. Similarly, people tend to think that an email leaves their computer and goes directly to their recipient's machine: they don't realize how many, many and three times many other computers that email may pass through on the way. In theory, someone using one of those computers along the way could intercept the email, and obtain a copy of that Word attachment. So that's what Privacy Envelope is designed to do: it is built to stop even the incredibly remote possibility of anyone getting their paws on your attachment.
Unprotected Wi-Fi, obvious root password hampers Anonabox security efforts
The Anonabox, the controversial privacy-minded Internet router, has suffered another blow as more security issues have been uncovered. Though the device does protect users by pushing traffic through the Tor network, it has been discovered the $100 routers themselves have security flaws that can allow outside sources to control the device, as well as being able to monitor Internet use.
Extremely powerful and comprehensive backup solution
Roll up your sleeves, get a coffee, and watch ChronoSync backup your hard drives. Or alternatively, roll your sleeves back down and nip out to lunch, because you're not needed here: ChronoSync has it covered -- and you can look in on it remotely, with the companion apps ChronoAgent and InterConneX. This is surely the most comprehensive disk backup and management application we've seen, and possibly that nature ever intended. That does mean it's complex, but you're not going to turn to this if all you've used so far is Apple's Time Machine.
Indoor Flir FX security camera can be reused as sports camera
Flir, the producer of the Flir One thermal camera, has launched a multi-purpose network-enabled camera. The Flir FX is primarily a security camera that is similar to Dropcam, including remote storage of footage on its cloud service, but Flir has added a number of extra features that makes it useful for other video functions, such as a dashcam for a car or as an action camera.
Groups claim that YouTube Kids hosts content that wouldn't be allowed on TV
A series of children's and consumers advocacy groups have requested that the US Federal Trade Commission (FTC) look into Google's YouTube Kids app. The groups are claiming that Google is running afoul of laws restricting advertising to children, saying that "the videos provided to children on YouTube Kids intermix commercial and other content in ways that are deceptive and unfair to children and would not be permitted to be shown on broadcast or cable television."
Shuttered security software deemed safe to 'fork' for future products
A crowdfunded third-party security audit of popular (and shuttered) personal encryption tool TrueCrypt has concluded. The effort, led by cryptographic expert Matthew Green found that "TrueCrypt appears to be a relatively well-designed piece of crypto software," and that the audit "found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances."
Staffers discuss new book, new gaming column, new apps
We're now at episode eight of The MacNN Podcast, which this week welcomes our new Apple Gaming column, as well as reminding listeners about our weekly game news roundup. We also discuss the book Becoming Steve Jobs, and Tim Cook's latest honor from the business world. More confusion about Windows 10 pricing outside China has come to light, and tech companies are asking for changes in the Patriot Act.
Two-factor authentication, kill switch added to Slack following unauthorized access
Work-focused messaging service Slack has increased the security of its accounts, following an intrusion to company servers. The company admits on its blog that its servers were accessed by unauthorized users over a four day period in February, and though it only revealed the intrusion on Friday, it claims to have been working hard on improving the service's overall security.
Microsoft dodges questions about free versions to pirates, Parallels users
Microsoft has made a passing attempt to clarify some of its policy on free upgrades to Windows 10. In an interview, senior director of product marketing at Microsoft Aaron Woodman detailed what the company has decided about the offering -- and an alarming amount of decisions seem to have not been made yet about licensing the OS.
Other members include Microsoft, LinkedIn, Evernote, DropBox, many others
Nearly all of the tech industry, including Apple, Google, Microsoft, Yahoo, and LinkedIn have co-signed a letter to the US government, calling for reform of Section 215 of the Patriot Act before it expires and is likely renewed in May. The coalition is seeking an "effective end to bulk collection" of user metadata, "transparency and accountability mechanisms" for federal and industry reporting, and eased declassification of Foreign Intelligence Surveillance Court decisions.
Twitter starts testing automatic playing of promoted videos in iOS apps
Twitter is starting to test automatically-playing videos in its apps. According to Ad Age, the service will autoplay promoted video ads to some Twitter users in the United States using the official iOS app. While the videos will play muted, some users will see a looping six-second preview while others will see the the full video in a loop, with both groups able to select the video to view it full screen and with sound turned on.
Game streaming service resets all accounts as security measure
Twitch has warned users that their account information may have been compromised in a breach. The game streaming service has attempted to protect its users from any further potential security issues arising from the possible intrusion, by reseting the passwords and stream keys for all accounts, as well as disassociating them from linked YouTube accounts.
New Android Lollipop security function prevents locking when smartphone is held
Android users may be able to use their smartphone for longer periods without seeing their lock screen, thanks to a new feature spotted rolling out to Smart Lock on Android Lollipop devices. On-body detection will keep a smartphone or tablet unlocked if it detects it is being carried, automatically reinstating the lock when it detects it has been placed down on a surface.
Leading reseller B&H gets Apple mini-store at brick-and-mortar Manhattan HQ
Although many MacNN readers will be familiar with B&H Photo Video through the company's online site via its frequent mention in our various deals posts, the firm is actually the largest non-chain electronics retailer in the United States, having a midtown Manhattan location since 1973 and being a widely-recognized photo, video, and Apple specialist. Earlier this week, the store opened its Apple-authorized "store within a store" focusing on Apple products.
Early 2015 MacBooks, MacBook Pros get separate version
Apple on Thursday has updated OS X Yosemite 10.10.2 (only) with a new security update. While details are not available, the update could possibly be the first to address an https vulnerability known as FREAK, which can compromise secure web browsing on a variety of systems and applications. In addition, the company has issued an update for iPhoto to further help with the eventual transition to Photos, as well as clear up a few bugs.
Proposal could provide affected Target breach victims with up to $10,000
Target has agreed to a potential settlement with victims of the retailer's major breach of late 2013. Still needing to be approved by a federal judge, the settlement in the class-action lawsuit will involve Target placing $10 million in escrow for payment to victims, with the possibility of some individuals receiving as much as $10,000 in damages over the hacking.
Apple releases new Safari betas for OS X 10.9 and 10.8
On Wednesday, Apple updated the developer versions of Safari with two new betas aimed at users of older OS X versions, specifically 10.8 (Mountain Lion) and 10.9 (Mavericks). The new versions follow a slight update to the current Safari versions for OS X 10.8 and later that contains several WebKit fixes for security issues. Version 7.15 is for Mavericks, while Mountain Lion owners will see only version 6.2.5.
Potential but unwieldy security threat to those running pre-iOS 8.1.1
A new device on the market costing $300 could be used by attackers to crack the PIN codes on iOS devices running system versions older than iOS 8.1.1. While the chances of it being used on someone's personal device are extremely low -- since it requires both physical access to the device as well as a great deal of time -- users can protect their devices and foil the so-called "IP Box" attack by moving to a more complex passcode.
Company discovered breach seven months after intrusion
Washington state-based healthcare provider Premera has suffered a massive cyberattack, which has potentially led to the theft of 11 million customers' data. More than six million people affected by the breach live in Washington state, with many employees of Microsoft and Amazon at risk. The initial attack happened on May 4, 2014, with the realization that the system had been breached not occurring until January 29, the same day fellow provider Anthem realized that they had been attacked.
HTTPS bug still just a proof of concept, no proof of any successful wide attacks
Researchers at FireEye have continued looking at FREAK https attack vulnerabilities, and have found a number of top apps on Apple's iOS app store and Google Play Android apps remain vulnerable to the vector, despite a system-level patch being available on both platforms. The company found 5.5 percent of iOS apps it surveyed were still vulnerable on iOS 8.1 but only seven apps under 8.2, which contained Apple's patch. However, even with current patches, 11.2 percent of the top Android apps were susceptible.
Fingerprint scanning, face and iris recognition coming to Windows 10
Windows 10 will be including more alternative log-in systems when it launches, with Microsoft embracing biometric security on computers. The software giant also advises that the team behind Windows 10 have made changes to the way it compresses system files and how the operating system handles recovery functions, helping reduce the software's footprint on the device's storage.
Hearing before Committee on Oversight and Government Reform today
US Federal Communications Commission head Tom Wheeler is appearing before the Committee on Oversight and Government Reform today, to defend the agency's Title II and net neutrality regulation. In a prepared statement before the group, Wheeler calls the buildup to the decision "one of the most open and expansive processes" that the FCC has ever run, and decries accusations of improper influence by President Obama in drafting the Open Internet Order.
SecuTablet uses hardware from Samsung Galaxy Tab S 10.5
BlackBerry's enterprise partnership with Samsung and IBM has resulted in the launch of new hardware. The SecuTablet is a mobile device that borrows the physical design and specifications of the Samsung Galaxy Tab S 10.5 combined with BlackBerry's SecuSuite software, with the company claiming it to be secure enough for national and international public sector markets and enterprise.
Anti-terror legislation seen as license to spy, would have driven western companies away
A proposal that would have mandated that high-tech hardware and software have "backdoors" installed that would be accessible by the government, as well as forcing companies to provide keys for any encryption schemes used on the devices or in programs, has been suspended from proceeding through the legislative process. In addition, the proposal would have mandated all data created by Chinese users would have been required to remain in China, requiring hundreds of western services to build data centers in the country.
MacNN and Electronista daily deals for March 13, 2015
Welcome to Daily Deals, the weekday post when the staff of MacNN and Electronista search for discounts and deals on hardware, software, games, gadgets, and other tech for you, our discerning readers. Today, in a particularly storage-heavy edition, we've got the 1TB Samsung 850 Pro SSD, a bare 4TB hard drive intended for network-attached storage, and an inexpensive Epson WorkForce desktop printer.
The password app does so much more
We're not here to lecture. You know you need a password manager, and you know that 1Password gets praised a lot for how it stores your passwords, and how it generates stronger ones than mere mortals could. We could just point out that 1Password is now free for basic use on iOS, but instead, we're going to enthuse. Specifically, we are here to enthuse about what else 1Password does that makes it such a useful tool on our Macs.