Apple posts two security-related job openings, looks to be closing holes where present

Posted by:
Date: Tuesday, September 6th, 2011, 04:53
Category: iPhone, News, security

applelogo_silver

If you keep losing an incredibly valuable intellectual property, it might be time to give your security a once-over.

Per PCmag.com, Apple posted two job openings on Thursday for managers of “New Product Security.” While it might be a coincidence that the positions opened up when they did, the job descriptions certainly sound like a response to Apple’s troubles of late for losing test gadgets:

“The candidate will be responsible for overseeing the protection of, and managing risks to, Apple’s unreleased products and related intellectual property,” said the post.

Apple representatives did not immediately respond to a request for comment.

Recently, an iPhone was taken into a San Francisco tequila bar in July by an unidentified Apple employee who somehow lost control of the device. The circumstances were strangely similar to an incident in April 2010, when another Apple employee lost an iPhone 4 prototype in a Bay Area beer garden.

San Francisco Police confirmed last Friday that they assisted an Apple security team to search a home in the city’s Bernal Heights neighborhood where Apple had electronically tracked the phone. The device wasn’t found there.

While it was easy to draw parallels between those two events, there were other signs that Apple’s problems went beyond iPhones. Apple is also apparently working to retrieve a prototype laptop that is in the possession of Carl Frega, a North Carolina resident who said he acquired the unreleased device via a Craigslist ad. He bought the machine thinking it was only good for spare parts.

On the same day that Apple posted the job openings, an Apple store customer was given internal company media and documents by accident after taking his computer in for service in Stamford, Conn. The customer said he was given a hard drive in addition to a computer that was being repaired with the spare drive containing a backup of the store’s internal file server.

This is significant because this is Apple, a company that has forged quite a reputation over the years for effectively keeping its secrets and sticking close to its message.

Stay tuned for additional details as they become available.

Apple loses iPhone 5 prototype, manages to locate it within days

Posted by:
Date: Thursday, September 1st, 2011, 03:31
Category: iPhone, News

Ok, this is odd.

Remember when an Apple employee lost an iPhone 4 prototype in a bar last year and the company was, well, mildly upset regarding the aftermath?

It’s happened again.

In a bizarre repeat of a high-profile incident last year, an Apple employee once again appears to have lost an unreleased iPhone in a bar.

Per CNET, the errant iPhone, which went missing in San Francisco’s Mission district in late July, sparked a scramble by Apple security to recover the device over the next few days, according to a source familiar with the investigation.

Last year, an iPhone 4 prototype was bought by a gadget blog that paid US$5,000 in cash. This year’s lost phone seems to have taken a more mundane path: it was taken from a Mexican restaurant and bar and may have been sold on Craigslist for US$200. Still unclear are details about the device, what version of the iOS operating system it was running, and what it looks like.

Apple declined to comment after being contacted this morning. A spokesman for the San Francisco Police Department said the company did not file a police report based on the loss at the bar. Craigslist did not respond to requests for comment.

A day or two after the phone was lost at San Francisco’s Cava 22, which describes itself as a “tequila lounge” that also serves lime-marinated shrimp ceviche, Apple representatives contacted San Francisco police, saying the device was priceless and the company was desperate to secure its safe return, the source said.

Apple electronically traced the phone to a two-floor, single-family home in San Francisco’s Bernal Heights neighborhood, according to the source. When San Francisco police and Apple’s investigators visited the house, they spoke with a man in his twenties who acknowledged being at Cava 22 on the night the device went missing. But he denied knowing anything about the phone. The man gave police permission to search the house, and they found nothing, the source said. Before leaving the house, the Apple employees offered the man money for the phone no questions asked, the source said, adding that the man continued to deny he had knowledge of the phone.

In an interview this afternoon, Jose Valle told CNET that neither the police nor Apple security ever contacted him. Valle, who owns the bar with his family, said however does he remember a man calling multiple times about a lost iPhone about a month ago. He told the man he would call him back if he ever found the phone.
“I guess I have to make my drinks a little less strong,” Valle said.

After last year’s embarrassing loss, Apple reportedly has taken extraordinary steps to protect its prototype devices from leaks. Next-generation iPhones are sent to carriers for testing “inside locked and sealed boxes so that the carriers can carry out checks on their network compatibility in their labs,” according to the Guardian.

Apple developers have been given new iPhones with an upgraded processor — the one that is used in the iPad 2 and is expected to appear in the next-generation iPhone. But the device “is virtually identical to the iPhone 4, and there is no way anyone can tell it’s not an iPhone 4 based on the phone’s exterior,” according to a report at 9to5Mac.com. Even last year’s prototype was enclosed in a case designed to make it look like an iPhone 3GS.

Stay tuned for additional details as they become available.

Mozilla releases Firefox 6.0.1 update

Posted by:
Date: Wednesday, August 31st, 2011, 10:52
Category: News, Software

elfirefox

Late Sunday, Mozilla.org released version 6.0.1 of its Firefox web browser. The new version stands as an 28.1 megabyte download offered the following change:

- Revoked the root certificate for DigiNotar due to fraudulent SSL certificate issuance (see bug 682927 and the security advisory).

Firefox 6.0.1 requires an Intel-based Mac and Mac OS X 10.5 or later to install and run.

If you’ve tried the new version and have any feedback, let us know.

Apple gives internship to 19-year-old jailbreak prodigy

Posted by:
Date: Friday, August 26th, 2011, 04:46
Category: iPhone, News, security

If you’re a good enough hacker and sort of threaten Apple’s warranties to a certain degree, the company might just give you an internship.

According to his Twitter feed, 19-year old Nicholas Allegra, announced that he will start an internship with Apple “the week after next.” Allegra gained notoriety last year when, as a member of the iPhone Dev Team, he released a web-based JailbreakMe exploit for the iPhone 4.



Jailbreaking refers to the process of hacking iOS to allowed users to install custom software and tweaks without Apple’s permission. Performing a jailbreak can, however, void Apple’s warranty for the device.

Allegra made waves again last month when he released an updated version of JailbreakMe for iOS 4.3.3.

According to a profile on him by Forbes earlier this month, Allegra has been on leave from Brown University since last winter while looking for an internship.

The hacker expressed that he’s not sure why he has such a knack for circumventing Apple’s security measures. “It feels like editing an English paper,” Allegra said. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”

Charlie Miller, a former National Security Agency analyst and one of the first people to hack the original iPhone in 2007, was impressed by Allegra’s hack. “I didn’t think anyone would be able to do what he’s done for years,” he said. “Now it’s been done by some kid we had never even heard of. He’s totally blown me away.”

Security researcher Dino Dai Zovi has compared Allegra’s hacking skills to those of government-sponsored “advanced-persistent threat” hackers. “He’s probably five years ahead of them,” he remarked.

Allegra taught himself to program when he was just 9 years old. “By the time I took a computer science class in high school, I already knew everything,” he said. As a self-professed Apple “fanboy,” he confessed that he hacks the iPhone because he likes the challenge.

“I didn’t come out of the same background as the rest of the security community,” he added. “So to them I seem to have come out of nowhere.”

Last year, the U.S. government approved an exemption that made it legal for iPhone owners to jailbreak and carrier unlock their devices.

Apple’s relationship with the jailbreak community has been likened to a game of cat and mouse. The iPhone Dev Team published a post, entitled “The coolest cat,” to their blog on Wednesday with an image of the iconic Tom and Jerry cat and mouse cartoon characters and the note “We loved the chase! Good luck, Steve.” The well-wishes were addressed to Apple co-founder Steve Jobs, who announced on Wednesday his resignation as CEO of the company.

Stay tuned for additional details as they become available.

Apple to officially end MobileMe sync for certain features in iCloud transition

Posted by:
Date: Monday, August 8th, 2011, 03:52
Category: News, Software

Apple’s transition to the iCloud is coming and it won’t always be easy…

Per AppleInsider, while many of the features of MobileMe are simply being upgraded in the move to iCloud, Apple has previously noted that Gallery, iDisk and iWeb are on the chopping block. Now, the company has further made it clear that data sync features will also be canceled in its iCloud transition steps.

A key feature of .Mac and later MobileMe was the cloud integration of iSync, Apple’s Mac-centric tool for keeping data in sync among a variety of devices as part of its “digital hub strategy” first unveiled a decade ago. The data sync of .Mac and subsequently MobileMe moved the “truth database” from the user’s Mac into the cloud, making it possible to sync additional types of data between Macs.

MobileMe currently allows a user to sync a variety of settings between Macs, including the layout of Dashboard widgets, Dock items, passwords and credentials saved in the Keychain, email account information including Mail Rules, Signatures and Smart Mailboxes, and System Preferences.

However, all of these features will terminate as soon as a user migrates from MobileMe to the new iCloud, according to Apple’s transition pages at me.com/move.

Other MobileMe features that are not being carried forward into iCloud include Gallery media hosting, iDisk cloud storage and its integrated iWeb web hosting, will be continued for exiting MobileMe subscribers until June 30 of 2012, even after migrating other data to iCloud. These features are easy to maintain independently from iCloud, because there is no direct equivalent in iCloud.

Gallery media hosting is being dramatically reworked as a Photo Stream feature, a push updating feature that presents a user’s photos on the mobile devices, Mac photo albums, and on Apple TV rather than via a web site. Similarly, iDisk is making way for an entirely new type of document and data updating that focuses on a users’ own hardware rather than web-centric hosting.

The iCloud migration process is currently only open to developers, as it requires users to have iOS 5 beta 5 on their mobile devices, Mac OS X Lion 10.7.2 with the iCloud for Os X Lion beta 6 package on their Macs, and the iCloud Control Panel for Windows beta 4 running on any PCs they use.

Apple notes that while Mail, Contacts and Calendars can be migrated from MobileMe to iCloud, shared calendars may be affected in the move, while Bookmarks will simply be imported from a client system. This indicates the reduction in data supported in the transition to iCloud may largely be explained by Apple’s hopes to keep the migration as simple and problem-free as possible, avoiding the issues users had in the move from .Mac to MobileMe.

Another reason for the shift in features between MobileMe and iCloud may be explained by the underlying security changes that differentiate the wide open iDisk from the carefully sandboxed design of iCloud’s Documents & Data.

Currently, data synced to MobileMe by Mac OS X Sync Services is copied into openly accessible folders. It is likely Apple hopes to completely secure all iCloud data to avoid any embarrassing lapses and contain sensitive data from potential malware attacks. Individual apps, such as Keychain Access, Launchpad and System Preferences, may be modified in the future to take advantage of iCloud’s key value data store, duplicating the old MobileMe features in a more secure fashion.

Stay tuned for additional details as they become available.

Apple releases QuickTime 7.7 for Mac OS X 10.5, Windows users

Posted by:
Date: Thursday, August 4th, 2011, 06:20
Category: News, Software

quicktimelogo.jpg

Late Wednesday, Apple released the latest version of QuickTime, its multimedia support system for Mac OS X and Windows. The new version, known as QuickTime 7.7, is available as a variably-sized download (depending on version chosen through the download page), and improves security and is recommended for all Mac OS X 10.5.x (“Leopard”) users.

The update requires Mac OS X 10.5 or later to install and run and can be located and snagged via Mac OS X’s built-in Software Update feature.

If you’ve tried the update and have any feedback to offer, let us know in the comments.

Google Chrome updated to 13.0.782.107

Posted by:
Date: Wednesday, August 3rd, 2011, 04:21
Category: News, Software

google-chrome-logo

Google Chrome, Google’s new web browser, just reached version 13.0.782.107 for the Mac. The new version, a 42.1 megabyte download, offers the following the following changes:

- Instant Pages.

- Security fixes and improvements.

Google Chrome 13.0.782.107 requires an Intel-based Mac running Mac OS X 10.5 or later to install and run.

Apple releases iOS 4.3.5 update

Posted by:
Date: Tuesday, July 26th, 2011, 03:38
Category: iOS, iPad, iPhone, iPod Touch, News, security, Software

On Friday, Apple released iOS 4.3.5, the latest incarnation of its iOS operating system for its iPhone, iPod touch and iPad devices. The updates fix a security vulnerability with certificate validation and arrive in two versions, thanks to the different flavors of the iPhone 4. iOS 4.3.5 applies to the iPad and iPad 2, the third- and fourth-generation iPod touch, the iPhone 3GS, and the iPhone 4 (GSM model); users of the CDMA model of the iPhone 4 instead get iOS 4.2.10.

These updates can be snagged by plugging in your respective iOS device and checking for updates in iTunes.

If you’ve tried the updates and noticed any differences, please let us know in the comments.

Security researcher to illustrate MacBook batteries’ vulnerabilities to malware

Posted by:
Date: Monday, July 25th, 2011, 04:19
Category: battery, News, security

In the category of “weird but interesting and mildly disturbing”, a prominent security researcher has discovered a vulnerability in the batteries of Apple’s MacBook line of portable computers that could allow hackers to ruin the batteries or install malware on them that could corrupt a Mac.

Per Forbes, Charlie Miller, a renowned white-hat hacker who works for security firm Accuvant, plans to reveal and offer a fix next month for a MacBook battery vulnerability he has discovered. Miller uncovered default passwords, which are used to access the microcontroller in Apple’s batteries, within a firmware update from 2009 and used them to gain access to the firmware.

Apple and other laptop makers use embedded chips in their lithium ion laptop batteries to monitor its power level, stop and start charging and regulate heat.

During the course of his tests, the researcher “bricked” seven batteries, rendering them unusable by rewriting the firmware. Of more concern is the possibility that hackers could use the vulnerability to install difficult to remove malware, or, in a worst case scenario, cause the batteries to explode.

“These batteries just aren’t designed with the idea that people will mess with them,” he said. “What I’m showing is that it’s possible to use them to do something really bad.” According to him, few IT administrators would think to check the battery, providing hackers with an opportunity to hide malicious software on a battery that could repeatedly implant itself on a computer.

Miller admitted that he hasn’t tried to blow up any batteries, but he did say it might be possible. “You read stories about batteries in electronic devices that blow up without any interference,” he noted. “If you have all this control, you can probably do it.”

Another researcher, Barnaby Jack, who works for antivirus software maker McAfee, also looked into the battery issue a couple years ago, but said he didn’t get as far as Miller did.

Miller, who is a regular winner of security contests demonstrating Mac, Safari and iPhone exploits, has notified Apple and Texas Instruments of the issue. Despite requests from several other researchers not to proceed, he plans to unveil the vulnerability, along with a fix he calls “Caulkgun,” at the Black Hat security conference next month.

“Caulk Gun” will change a battery’s default passwords to a random string of characters. While the fix will prevent hackers from breaking into the battery, it would also block any future firmware updates from Apple.

Stay tuned for additional details as they become available.

Apple releases Java for Mac OS X 10.5 Update 10, Java for Mac OS X 10.6 Update 5

Posted by:
Date: Wednesday, June 29th, 2011, 03:14
Category: News, Software

applelogo_silver

Late Tuesday, Apple released a pair of Java updates for its Mac OS X 10.5 and 10.6 operating systems. The updates (Java for Mac OS X 10.5 Update 10 and Java for Mac OS X 10.6 Update 5) make the same changes and per Macworld, offer “improved compatibility, security, and reliability.” The specifics on how the updates do this are unclear, however, as the release notes for both the 10.6 and 10.5 updates are a little light on the details.

Both updates are available via direct download from their respective web sites or via Mac OS X’s Software Update feature.

The updates require Mac OS X 10.5.8 and Mac OS X 10.6.4 to install and run, respectively.

If you’ve tried the updates and have any feedback to offer, please let us know.