Dropbox 2.0.0 released

Posted by:
Date: Tuesday, March 12th, 2013, 11:27
Category: News, Software

A nifty thing has just hit version 2.0.0.

On Tuesday, Dropbox released version 2.0.0 of its cloud-based storage client for Mac OS X. The new version, a 26.1 megabyte download (via MacUpdate), which adds the following fixes and changes:
- Fix a bug where discrete graphics would be enabled on OS X laptops.

- Add support for Brazilian Portuguese.

- Other small fixes.

Dropbox 2.0.0 requires Mac OS X 10.4 or later to install and run.

If you’ve tried the new beta and have any feedback to offer, please let us know in the comments.

Microsoft releases Office 2011 14.3.2, Microsoft Office 2008 12.3.6 updates for Mac

Posted by:
Date: Tuesday, March 12th, 2013, 09:17
Category: News, Software

On Tuesday, Microsoft released its Microsoft Office 2011 14.3.2 update. The update, a 118 megabyte download, adds the following fixes and features:

- This update fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2011 14.3.2 requires Mac OS X 10.5.8 or later to install and run.

The company also released its Office 2008 12.3.6 update, a 219.9 megabyte download (via MacUpdate), which offers the following fixes and changes:

- This update fixes critical issues and also helps to improve security. It includes fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.

Microsoft Office 2008 12.3.6 requires Mac OS X 10.4.9 or later to install and run.

AMD announces upcoming Richland chips, boasts new features, no word as to whether they’ll find their way into Apple products

Posted by:
Date: Tuesday, March 12th, 2013, 08:50
Category: Hardware, News

amd_logo_27739

There’s no guarantee that they’ll be in the next MacBook Pro or MacBook Air that you buy, but there’s cool AMD stuff on the horizon.

Per Engadget, AMD has announced that it’s planning to release a fresh batch of low-power APUs just 11 months after Trinity. Known as “Richland”, this generation won’t be vastly different at the silicon level, as it’s built on the same 32nm process as Trinity, has the same number of transistors and offers very similar compute performance in terms of raw GFLOPs. However, there are some noteworthy upgrades in attendance, including a move to Radeon HD 8000M graphic processors, which are claimed to deliver a 20-40 percent increase in “visual performance” in higher-end models, plus power-saving tweaks that should provide over an hour of additional battery life while watching 720p video.

The top-end quad-core A10-5750M is claimed to beat a laptop Core i7 by over 50 percent in terms of 3DMark performance, and even a dual-core A6-5350M is said to have a 20 percent advantage. There’s no sign of any all-round computing benchmarks, however, or even real-world gaming frame rate comparisons, so it’ll be up to later benchmarking efforts somewhere down the line.

Richland should arrive in regular-shaped notebooks (with TDPs between 20 and 35 watts) starting next month, while ultra-thin notebooks (17 watts or less) and desktop parts should get here by the summer. By then, we’ll be a lot closer to the launch of AMD’s Kaveri APUs, which are to due to ship before the end of this year and should represent a more radical leap than Richland. And in the midst of all this, there’s also Intel’s upcoming Haswell architecture, which is set to debut sometime this year.

Stay tuned for additional details as they become available.

Security firm Skycure illustrates possible hacking attacks through iOS’ use of Provisioning Profiles

Posted by:
Date: Tuesday, March 12th, 2013, 07:41
Category: iOS, iPhone, News, security, Software

In the words of assorted security analysts, Apple may be setting itself up for a malware fall thanks to its Provisioning Profiles.

Per The Next Web, while iOS users have been relatively safe from malware on their devices, researchers from security company Skycure say they’re concerned about a feature of iOS that could be used by malicious actors to read information, passwords and even encrypted data from devices without customers knowledge. They’ve detailed the new vulnerability in a presentation at the Herzliya Conference and a company blog post.

It’s worth noting at the beginning that Skycure’s product, still in development, is a mobile firewall with a cloud component designed to secure devices against attacks just like these. This isn’t all that unusual, though, as many security firms like Sophos and Intego produce research reports along with consulting and security products.

Provisioning Profiles (mobileconfigs) are small files installed with a single tap on iOS devices. They essentially function as instruction lists which can alter many settings, including network configurations and they’re used by thousands of companies around the world including app developers, corporations with IT departments and more.

Their use is officially approved by Apple and there is nothing innately malicious about any given profile. But, if put to the right uses, they do open up the ability to read usernames and passwords right off of a screen, transmit data that would normally be secure (over HTTPS) to a malicious server where it can be read and a lot more.

In a demonstration, Skycure’s CTO Yair Amit and CEO Adi Sharabani sent the author to a website where a link was offered. A provisioning profile was presented, installed and led to a screen that looked a lot like a phishing attempt, which requires an action on the part of a user in order to infect or grant access to a hacker.

After the profile was installed, Sharabani demonstrated that he could not only read exactly which websites the author had visited, but also scrape keystrokes, searches and login data from apps like Facebook and LinkedIn. To be perfectly clear, this is not a vulnerability within iOS, instead it uses standardized frameworks to deliver a profile that has malicious intent.

iOS has typically been far more secure than other platforms because of its heavy use of curation on the App Store, but also because it has been built from the ground up to use sandboxing. This means that apps are cordoned off, unable to reach outside of their data box or to affect any other apps that have not given them explicit permission to do so.

Provisioning Profiles step outside of that protection and can do things like route all of a victim’s traffic through a third-party server, install root certificates allowing for interception and decryption of secure HTTPS traffic and more.

Sharabani provides a couple of scenarios by which people could be convinced to install what seems like a harmless provisioning profile, only to be a victim of a traffic re-routing attack:

- Victims browse to an attacker-controlled website, which promises them free access to popular movies and TV shows. In order to get the free access, “all they have to do” is to install an iOS profile that will “configure” their devices accordingly.

- Victims receive a mail that promises them a “better battery performance” or just “something cool to watch” upon installation.

The attacks, Sharabani stated, can be configured to use a VPN, APN proxy or a wireless proxy (WiFi), so just because you’re not on a WiFi network doesn’t mean that the profile can’t send your traffic to a third-party. This also means that (unlike a VPN, where there is an indicator in your status bar), you could also be affected by the hack without your knowledge. Of course, you would still have had to install a profile in the first place.

For the third attack scenario, Skycure came up with a list of cellular carriers that ask clients to install a special profile that configures their device to work with that network’s data servers. Of course, those sites could end up being compromised to deliver corrupted profiles, but it’s bound to be harder to do if it’s the carrier’s own servers doing the distribution.

As of now, no evidence has been found of a Provisioning Profile attack in the wild. And, to be extremely blunt once again, you are not at risk at all if you don’t install any profiles to your device, period. And if you have to, make sure that those profiles are from a trusted source and are verified. You should also only download and install profiles from ‘secure’ HTTPS links.

The disclosure of the issue, Sharabani says, is really about raising awareness, rather than starting a panic. While the attacks can be powerful and harmful, the Provisioning Profile attack, much like phishing, relies on user ignorance. Just as you wouldn’t type your password into a page provided as a random link, don’t install profiles from websites that you don’t know and avoid them completely if at all possible.

Because of the deep integration of Provisioning Profiles into the workflows of IT departments and other companies, it’s unlikely that they’ll be going away any time soon. So the best defense for now is knowledge and care.

Stay tuned for additional details as they become available.

Lawmakers drafting bipartisan bill that would allow for cell phone unlocking after contract terms have been met

Posted by:
Date: Tuesday, March 12th, 2013, 07:30
Category: iPhone, Legal, News

Well, maybe SOME aspects of the government sort of work.

Per AppleInsider, U.S. Senator Al Franken and members of the Senate Judiciary Committee have introduced bipartisan legislation that would allow users to legally unlock their smartphone once their contract subsidy has concluded.

The Democrat from Minnesota announced on Tuesday that the “Unlocking Consumer Choice and Wireless Competition Act” would restore an exemption to the Digital Millennium Copyright Act and allow users to unlock their cell phone once their contract expires.

Joining Franken were Judiciary Committee Chairman Sen. Patrick Leahy (D-Vt.), Judiciary Committee Ranking Member Sen. Chuck Grassley (R-Iowa), Sen. Orrin Hatch (R-Utah), and Sen. Mike Lee (R-Utah).

The senators defined the bill as a “narrow and common sense proposal” that they believe will promote competition and improve consumer choice.

The bill was prompted by a Library of Congress ruling made in late 2012 that determined cell phone unlocking would be removed as a legal exemption from the Digital Millennium Copyright Act. As of Jan. 26, 2013, unauthorized unlocking of all newly purchased phones became illegal. “This bipartisan legislation will quickly allow consumers to unlock their current phones instead of having to purchase a new one.” — Sen. Al Franken

“Right now, folks who decide to change cellphone carriers are frequently forced to buy a new phone or risk the possibility of criminal penalties, and that’s just not fair for consumers,” Franken said. “This bipartisan legislation will quickly allow consumers to unlock their current phones instead of having to purchase a new one. I support this commonsense solution to save consumers money.”

Last week, President Barack Obama’s administration also came out in support of legalizing the unlocking of cell phones and tablets. Their endorsement was given in response to a White House petition created by Sina Khanifar, which to date has received nearly 115,000 signatures.

Khanifar said he frequently travels from Europe to San Francisco, Calif. Those international trips have made cell phone locking not only a nuisance, but also a financial burden.

“Anyone who travels internationally, and most people do at some point, you won’t be able to take your cell phone with you,” he said. “Trying to use it with the existing roaming fees that carriers charge is almost impossible because they’re so exorbitant.”

The proposed Senate bill would alleviate those issues for consumers like Khanifar. A similar bipartisan bill is also expected to be introduced in the House of Representatives this week.

“It just makes sense that cell phone users should be able to do what they want with their phones after satisfying their initial service contract,” Hatch said. “This bill reinstates that ability, while also ensuring that copyrights are not violated.”

Stay tuned for additional details as they become available.