Apple patches Shellshock vulnerability, but it’s not in Software Update

Posted by:
Date: Wednesday, October 1st, 2014, 01:24
Category: OS X, security

OS X bash Update 1.0 for OS X Mavericks released to address Shellshock bug on Macs

Apple released OS X bash Update 1.0 for OS X Mavericks to fix a vulnerability in the bash UNIX shell. “Shellshock” is believed to be much worse than the Heartbleed vulnerability that was discovered earlier this year.

PC Magazine wrote about two scenarios that can make OS X vulnerable to the Shellshock bash bug:

For example, Bash would be exposed if a user turned on the remote login capability for all users, including guests. But that is an action that “is probably not the most secure thing to do anyway,” Erwin wrote, as it would open up the computer to other possible attacks.

Another scenario in which adjusted settings could make a difference is on a Lion OS X server running Apache or PHP scripting environments, Erwin wrote. If Apache is configured to run scripts, an attacker could insert variables into a script that a Bash shell would run.

Curiously, OS X bash Update 1.0 isn’t available through the usual channel (the Updates tab in the App Store). It needs to be downloaded and installed manually. Based on the potential impacts of the bug it’s recommended that all OS X 10.9/Mavericks users install OS X bash Update 1.0 right away. 

iOS 8′s MAC randomization requires cellular data & location services to be disabled

Posted by:
Date: Saturday, September 27th, 2014, 15:36
Category: iOS, iOS 8, iPhone, privacy

You know that we love, cherish and respect your privacy here at The PowerPage, right?

Privacy bugs will be interested in reading Apple’s new “Privacy built in” microsite, which extolls the virtues of some of the new privacy features that are baked into iOS 8. While it’s a huge step in the right directions for the consumer (so much so that the FBI is spreading FUD about it), some industry experts are taking issue with one of the new features.

At issue is what Apple calls Randomized Wi-Fi addresses. In reading that section of Privacy Built In, one could be left to believe that merchants and retailers can no longer track your movements and behavior by scanning your iPhone’s Wi-Fi MAC address. While Apple has taken steps to obscure it in iOS 8, it’s not a simple (or automatic) as Apple leads us to believe.

A new blog post from AirTight Networks’ Bhupinder Misra called “iOS8 MAC Randomization – Analyzed!” (read parts 1 and 2) takes issue with Apple’s claims that iOS 8 uses randomized and locally administrated Wi-Fi MAC addresses in the probing state. For his blog posts Misra used sophisticated packet sniffing gear to dig into the inner workings of randomized MAC addresses.

His conclusions:

On the iPhone 5s, MAC randomization happens only under the following conditions:

  1. Phone is in sleep mode (display off, not being used)
  2. Wi-Fi should be ON but not associated
  3. Location services should be OFF in privacy settings

Then after reading scandalous reports from The Washington Post and Gizmodo stating that “Apple’s new feature to curb phone tracking won’t work if you’re actually using your phone” he decided to dig a little deeper and discovered that location services should be OFF for random MAC addresses to actually show up.

It has to do with the cellular data connection setting. Basically, if the phone’s cellular data connection is ON, there is no MAC randomization! If you now turn OFF the cellular data connection (Settings -> Cellular -> Cellular Data OFF), random MAC addresses show up.

Rups!

iOS8 MAC RandomGate:  Who turns OFF location services AND turns OFF cellular data connection while using their iPhone?

So if both Cellular Data and Location Services have to be switched off to randomize MAC addresses, it’s not really much of a privacy feature then, is it? I think that Apple needs to clarify how this feature really works and it should probably remove it completely from the fancy new Privacy Built In page.

Misra says it best:

Bottom line, this further shrinks the population which is covered by MAC address randomization, perhaps to inconsequential levels and maybe even zero. Who turns OFF location services AND turns OFF cellular data connection while using their iPhone. That is why I now call it “iOS8 MAC RandomGate”.

Apple’s done a lot right with respect to user privacy, but this one seems a tad disingenuous to me.

The iPhone 6 Plus has a content problem

Posted by:
Date: Tuesday, September 23rd, 2014, 03:19
Category: iOS, iPad, iPhone

WIRED Magazine is only available on the iPad, and that's a problem - Jason O'GradyI purchased an iPhone 6 Plus on Friday to replace my iPhone 5s and an iPad mini Retina. I figured that the large, 5.5-inch screen on the 6 Plus would allow me to consolidate two devices into one.

It turns out that while the concept of an iPhone-6-Plus-as-an-iPad (think iPad nano) sounds good in theory, it fails in practice.

The iPhone 6 Plus ships with a different build of iOS 8 (12A366) than the iPhone 6 (12A365) which allows it to do a few new tricks that aren’t possible on its smaller 4.7-inch cousin. Most notably, the iPhone 6 Plus home screen can be rotated to a horizontal (or “landscape”) view with the dock running along the right-hand side.

Another new trick: the 6 Plus home screen be flipped 180-degrees (another first) to the delight legions of commuters that connect Lightning and/or audio cables into the bottom of their iPhone only to promptly stick them into their vehicle’s cup holder upside-down. Sadly the UIs for Apple Maps and Google Maps don’t rotate 180-degrees (but Waze does).

Most of Apple’s first-party apps (including Mail, Calendar, Messages, Settings and Clock) feature a new dual-pane mode when rotated into landscape mode on the iPhone 6 Plus, similar to how they behave on the iPad. It’s a nice trick that I hope that more iOS developers integrate into their apps.

(more…)

Samsung takes swipe at iPhone 6 Plus in snarky web video

Posted by:
Date: Friday, September 19th, 2014, 02:38
Category: Hardware, iPhone, Samsung

Samsung touts its Note in a new web video

If you haven’t seen it yet, take a look at the web video that Samsung posted on its YouTube channel. The video trolls Apple for coming out with a 5.5-inch iPhone (the fabled iPhone 6 Plus) two years after it released the Galaxy Note 2 in 2012.

The video highlights early negative reviews of the Galaxy Note (the WSJ said it “looks like you’re talking into a piece of toast,” Mashable called the Note “an unwieldy beast”). It then shows a recent BGR post from September 9, 2014 titled “The truth hurts, Apple fans: You can thank Samsung for your big new iPhone displays.”

The Samsung video then takes a few potshots at features that the Note has over the iPhone 6 Plus, including a stylus, handwriting recognition, and dual window mode.

While Samsung beat Apple to market with a “phablet” (anyone else dislike that term?), that doesn;t mean that it’s better. Apple’s a notorious second-mover on many technologies. It lets companies like Samsung test the waters with multiple screen sizes, then releases its version when it feels like, a) there’s enough of a market for it, and b) when the product is just right.

So… Samsung Galaxy Note 4 or iPhone 6 Plus? Which is better?

Here’s the video:

PPUG meets in Philadelphia this Saturday, June 7

Posted by:
Date: Friday, June 6th, 2014, 14:42
Category: PPUG, User Group

http://thescene.s3.amazonaws.com/pics/bar/2/51481/profile/1205061797294_272.jpgJoin us for a spectacular autumnal meeting on Saturday, June 7, 2014 at noon.

The Philadelphia PowerBook Users Group (PPUG) will hold its Welcome to Springtime Festival meeting from 12 noon to 3 p.m. at the Manayunk Brewing Company. We usually have lunch (and a brew) while we talk mobile computing.

PPUG founders Jason O’Grady (PowerPage.org), Rob Parker, Bob Snow, as well as Youngmoo Kim will be on hand to talk about latest developments in mobile computing, new Macs, iPad, iPod, iPhones, and the latest Apple developments. Come hear special presentations from our panel and some fabulous demos as well.

Jason and the gang will discuss the latest announcements and developments from Apple’s WWDC which will have just ended on June 6th. So we will really be the absolute first user group to discuss all of the newest latest developments coming from Apple for the next year.

You don’t want to miss this meeting!

Of course we’ll have a healthy serving of Q&A.

Join us for a great meeting, it’s free and open to you and your guests.

Feel free to bring items to sell or swap as well.

OUR MEETING PLACE:

Manayunk Brewing Company
4120 Main Street
Philadelphia, PA 19127
215.482.8220

If you are part of a Mac User Group, then forward this announcement to your membership.  All are welcome!

Arrival Time app Twist shuts down suddenly

Posted by:
Date: Sunday, April 6th, 2014, 14:10
Category: App Store, Apple, Apps, iPhone, News, Software

It’s a sad day for fans of Twist, the ETA/arrival time app and service. After working intermittently for the last four of five days, the website was taken down and the app was removed from the App Store over the weekend.

The developers confirmed that Twist was shuttered on April 5, 2014 in a Tweet:

When I reached out for comment, they replied:

(more…)

Fresh renders of the thin and wide iPhone 6 look phabulous

Posted by:
Date: Monday, March 31st, 2014, 19:44
Category: Hardware, iPhone, Rumor
iphone-6-mockup-hajek-t

Render: Nowhereelse.fr

With the rash of iPhone 6 rumors hitting the wires lately, the expression “where there’s smoke, there’s fire” could be considered apropos.

The months leading up to an iPhone announcement (expected in September, in the case of the iPhone 6) are filled with leaks from Apple’s supply chain. Parts, pieces and components become increasingly harder to hide as the company begins to manufacture millions of devices. Manufacturing partner Foxconn (a.k.a. Hon Hai Precision Co.) has the capacity to build as many as half a million iPhones per day at its peak, and as it does, leaks become inevitable.

Armed with leaks of case molds, schematics, and the rear bezel of the iPhone 6, French Apple blog Nowhereelse.fr and graphic designer Martin Hajek teamed up to create some fabulous 3D renders of the most anticipated smartphone of 2014:

Fresh renders of the thin and wide iPhone 6 look phabulous

Courtesy: Nowhereelse.fr

What’s your take on the iPhone 6 renders? Love ‘em or hate ‘em?

Is this the iPhone 6′s rear bezel?

Posted by:
Date: Monday, March 31st, 2014, 18:05
Category: Hardware, iPhone, Rumor

While this one lands squarely in the rumor department, someone posted what might be the first photos of a bona fide iPhone 6 to microblogging service Weibo (via Nowhereelse.fr and BGR)

It might only be the rear casing, but these photos look like they could be the real deal.

What’s your take? Any Chinese readers care to translate the on-screen text to the left of the first image? Any pixel pushers care to grok the EXIF data? Start sleuthing and post your discoveries in the comments.

New leak purporting to be the iPhone 6

iphone-6-leak-weibo-ogrady-1

iphone-6-leak-weibo-ogrady-2

Leaked iPhone 6 dimensions: definitely larger than the iPhone 5

Posted by:
Date: Saturday, March 29th, 2014, 18:55
Category: Hardware, iPhone

The good folks at Nowhereelse.fr have posted a document from a Chinese website that they think could be a schematic design for the iPhone 6. The drawing depicts a device that is 85 millimeters wide by 150 millimeters long, which would give it a display with a 5-inch (diagonal) screen.

iphone-6-schematic-ogrady

The problem with the leaked dimensions is that they don’t sync with previous rumors that we’ve seen about the upcoming iPhone 6 sporting a 4.7, 5.5, or even 5.7-inch display (or possibly, both).

Take this one with a healthy grain of salt and, as always, consider the source. Without further confirmation the drawing should be treated with skepticism and scrutiny, but if you have any theories on it (one way or the other) sound off in the comments.

Rumor department: iPhone 6 to get 5.5-inch display in fall #TAC

Posted by:
Date: Thursday, January 16th, 2014, 17:58
Category: Apple, iPhone

In probably my favorite post of the week, Apple’s finally rumored to be exploring large displays for the iPhone 6, tentative due in the fall. Look, everyone likes to have a phone that will run al day on a charge but it’s foolish to think that Apple’s not losing customers that want larger screens to Sammy. Sure, many iPhone owners also have iPads (I’d venture to say that it’s a high percentage) which should satisfy their need for a larger screen, but many don’t and they’re not cool with a puny 4-inch iPhone.

Research firm DisplaySearch reports in their new Quarterly Worldwide FPD Shipment and Forecast Report reports that Apple is likely to launch two new versions of next-generation iPhone with two larger display options. According to the report Apple will launch a 4.7-inch model with 1600×900 resolution, 386ppi and LTPS TFT LCD display technology. A larger version of the “iPhone 6″ could pack a 5.5-inch display with 1920×1080 resolution at 401 PPI utilizing the same display technology.

The X factor here is developers. They’re going to need to re-compile their apps for a fourth screen size and Apple will have to tell them about it by WWDC (think June-ish) at the latest.

The good news is that Apple is exploring two iPhone screen sizes (4.7 and 5.5-inches) so that there will be an option for both small and large hands. (Read more at The Apple Core).

What size iPhone 6 would you buy? Is 4-inches a deal breaker?