Apple retail to use iBeacon location technology

Posted by:
Date: Monday, November 18th, 2013, 09:08
Category: Apple, Developer, iOS, Mobile, News, privacy, Retail Store, security, Services, WWDC

ibeacon2Earlier this year at WWDC, Apple introduced iBeacon, a technology that would be introduced as part of iOS 7 and new Apple hardware. iBeacon utilizes BlueTooth LE (Low Energy) to provide very precise location data to your device, which can either provide detailed directions inside a building, like a mall, or give you information about a particular item on a shelf that you are standing in front of. Yes, it’s that precise. Since it has to take a location measurement very frequently to provide that level of precision, it uses the BlueTooth LE radio (separate from the regular one generally used), in order to prevent excessive battery drain on your device. This opens up a lot of opportunities for all retailers, not just Apple.

(more…)

Security firms weigh in on Adobe breach, cite 38 million+ user IDs stolen

Posted by:
Date: Wednesday, October 30th, 2013, 10:56
Category: Hack, News, security

adobelogo

You’re probably going to want to change your Adobe login and password.

Per Macworld and Krebs on Security, the security breach reported earlier this month at Adobe is turning out to be much more widespread than the company first let on. At least 38 million users have been affected by the early October incident.

When Adobe announced the breach on October 3, it said that attackers stole user names and encrypted passwords for an undisclosed numbers of users, along with encrypted credit or debit card numbers and expiration dates for 2.9 million customers. Krebs on Security has reported on the full extent of the attack, confirming the 38 million figure with Adobe.

The total damage could go beyond 38 million users. According to the article, the 3.8GB file includes more than 150 million usernames and hashed passwords, all taken from Adobe. The same file also apparently turned up on a server with the other stolen Adobe data.

Adobe says that 38 million active users users were affected, whereas the other usernames and passwords could include inactive IDs, test accounts and IDs with invalid passwords. However, Adobe is still investigating, and given the tendency of users to repeat the same usernames and passwords across multiple Web services, inactive account holders could still face a security risk. Adobe is trying to notify inactive users of the breach, and has already reset passwords for active users who were affected.

To make matters worse, Krebs on Security and Hold Security both claim that the hackers stole source code for flagship products such as Photoshop, Acrobat, and Reader. Adobe acknowledged that at least some Photoshop source code was stolen; the company is trying to get the data taken down.

In a blog post, Hold Security suggested that the source code theft could have far-reaching security implications. “While we are not aware of specific use of data from the source code, we fear that disclosure of encryption algorithms, other security schemes, and software vulnerabilities can be used to bypass protections for individual and corporate data,” the firm wrote. “Effectively, this breach may have opened a gateway for new generation of viruses, malware, and exploits.”

Active Adobe users affected by the breach should have received a notification from the company by now, prompting them to change passwords. As always, users can employ several strategies to keep their data safe, such as setting different passwords on each site or setting up a password manager.

Stay tuned for additional details as they become available.

Firefox updated to 25.0

Posted by:
Date: Wednesday, October 30th, 2013, 10:08
Category: News, Software

elfirefox

Firefox is now old enough to make foolish mistakes but get a lower insurance rates when it goes to rent a car.

On Wednesday, Mozilla.org released version 25.0 of its Firefox web browser. The new version, a 47.1 megabyte download via MacUpdate, adds the following fixes and changes:
- [New] Web Audio support.

- [New] The find bar is no longer shared between tabs.

- [Changed] If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information.

- [Changed] Resetting Firefox no longer clears your browsing session.

- [Developer] CSS3 background-attachment:local support to control background scrolling.

- [Developer] Many new ES6 functions implemented.

- [HTML5] iframe document content can now be specified inline.

- [Fixed] Blank or missing page thumbnails when opening a new tab.

- [Fixed] Security fixes can be found here.

Firefox 25.0 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, please let us know in the comments.

Apple, Adobe sandbox Flash Player development for OS X versions

Posted by:
Date: Thursday, October 24th, 2013, 22:00
Category: News, security, Software

When in doubt, sandbox the sucker.

Per Mac|Life, Adobe announced on Wednesday that the latest version of the Safari web browser included with OS X Mavericks now features app sandboxing for Flash Player, following similar moves with browsers from Google, Microsoft and Mozilla.

Although Flash Player has been sandboxed for some time, for whatever reason Apple didn’t get on board with Safari until version 7.0, which is included with this week’s update to OS X Mavericks.

“For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process,” explains Adobe Platform Security Strategist Peleus Uhley.

“As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.”

The bottom line is that viewing Flash Player content will now be safer and more secure for Safari users on OS X Mavericks, thanks to the combined work of Adobe and Apple, who not so long ago were on opposite sides of the track when it came to Flash technology.

If it makes it more secure, then godspeed…

Adobe announces security breach, says 2.9 million customer accounts, encrypted credit and debit card data stolen

Posted by:
Date: Friday, October 4th, 2013, 07:43
Category: News, security

adobelogo

You might want to check in with Adobe on this…

Per AppleInsider, Adobe on Thursday confirmed that malicious parties had compromised its networks and potentially gleaned credit card and other personal information from the accounts of nearly three million users.

The company revealed the breach in a post to its official blog. Adobe’s security team recently discovered a number of “sophisticated attacks” on its network, with some of those attacks targeting customer information and source code for several Adobe products.

In all, the attackers are believed to have stolen information on 2.9 million Adobe account holders. That data includes customer names, encrypted credit and debit card numbers, expiration dates, and other customer order information. Adobe does not believe that decrypted credit or debit card numbers were removed from the network.

Adobe has contacted federal law enforcement for help in the investigation and is resetting passwords for affected accounts in order to prevent further unauthorized access. Owners of affected Adobe ID accounts will receive an email notification from Adobe with information on how to change their passwords.

The company also recommends that account holders affected by the attack change their passwords on any website where they may have signed up with the same login credentials.

On its end, Adobe has spread news of the breach to banks that process its payments, and is coordinating with payment card companies and card-issuing institutions to help protect customers’ accounts. In addition, the company is extending a free one-year credit monitoring membership to those customers whose information was compromised.

Stay tuned for additional details as they become available.

Google Earth updated to 7.1.2.2019

Posted by:
Date: Wednesday, October 2nd, 2013, 06:31
Category: News, Software

googleearth

On Wednesday, software giant Google released version 7.1.2.2019 of its popular Google Earth program. The new version, a 45 megabyte download, adds the following fixes and changes:
- The “Enable Controller” option in user preferences is now turned off by default. This prevents red directional arrows from displaying as a result of uncalibrated joysticks and other controllers being connected to Earth at startup.

- For enhanced security, “Use HTTPS for Google connections” is now toggled on by default.

- We fixed a bug whereby the cache size rose above user-specified limits.

- We fixed a crash resulting from searching on some Windows machines.

- We updated the LEAP API to version 1.08.

- We reduced LEAP controller sensitivity to user hand motions. This enables a smoother flight and greater control over your flight path when using a LEAP.

Google Earth 7.1.2.2019 requires an Intel-based Mac running Mac OS X 10.6 or later to install and run.

If you’ve tried the new version and have any feedback to offer, let us know in the comments.

German group breaks through iPhone 5s Touch ID fingerprint authentication, releases video of hack

Posted by:
Date: Monday, September 23rd, 2013, 11:48
Category: Hack, iPhone, News, security

eliphone5s

It only took three days to hack the iPhone 5s’ Touch ID authentication system.

Per The Mac Observer, the gChaos Computer Club has claimed to have hacked Apple’s newest security feature. The group started by scanning the fingerprint associated with an iPhone at high resolution, and then printing it out for transfer to another material such as latex. Once the material holding the print, complete with ridges and grooves, has finished setting up, the group placed it over someone else’s finger and used it to successfully unlock the iPhone.

The Chaos Computer Club said, “In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake.”

They added that it’s a simple process to lift fingerprints and then convert those into fakes that can be used to bypass security systems. “You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints,” they said.

While the process CCC showed was fairly straight forward, it isn’t exactly a simple process for the average person. It involves successfully collecting a quality fingerprint, scanning it at 2400 DPI or higher, and cleaning up the scanned image and then printing it to an acetate sheet on a laser printer before applying the material that will ultimately hold the fake print.

The group released the following video demonstrating the hack:



Assuming someone steals your iPhone with the intent of hacking around Touch ID it’s actually much easier to simply make you unlock your iPhone instead of duplicating your finger or thumb’s unique patterns. Find My iPhone can also be used to remotely wipe the device and keep anyone from hacking into your personal information.

The bigger problem in this case is that someone else has physical control over your iPhone. When that happens it’s much easier to find ways to hack in — especially since at that point the potential hackers have time on their hands.

Even still, the CCC’s Touch ID demonstration does show that Apple’s Touch ID technology may not be quite as secure as the company implied.

Working around fingerprint security systems is something that people have been doing for years, and Apple doesn’t force iPhone 5s owners to use Touch ID. It’s a convenient alternative to using a four-digit passcode, and is still more difficult to work around.

Stay tuned for additional details as they become available.

iOS 7 Lock Screen bug discovered, Apple says fix is en route

Posted by:
Date: Thursday, September 19th, 2013, 15:58
Category: iOS, News, security, Software

ios7logo

Per Forbes and AllThingsD, the first iOS 7 security bug has appeared and may be worth noting. The bug is currently found in the iOS 7 Lock screen and Control Center implementation that could allow a person to bypass the device’s passcode and access the photo library. This bug is more of a potential security issue as it requires users to both be running their camera app (so it shows up in multitasking) and have Control Center activated for the Lock screen. Here are the steps (which we have independently re-produced):

1) Swipe up from the bottom of the Lock screen to open Control Center.

2) Launch the Clock app.

3) Open the Alarm Clock section of the Clock app.

4) Hold down the power button.

5) Quickly tap Cancel the immediately double-click the Home button.

6) Hold down for a bit longer on the second click.

With access to the photos, users could also share the images to social networks and via email (which could be worrisome). Of course, disabling Control Center access from the Lock screen will completely rid you of this potential security breach, but, either way, Apple will likely get a fix out in the coming weeks.

The hack is demonstrated below:



Apple has also confirmed in a statement to AllThingsD that it is working on a fix for a future software update:

“Apple takes user security very seriously,” Apple spokeswoman Trudy Muller told AllThingsD. “We are aware of this issue, and will deliver a fix in a future software update.”

Stay tuned for additional details as they become available.

Adobe Reader, Acrobat Pro updated to 11.0.04

Posted by:
Date: Tuesday, September 10th, 2013, 07:41
Category: News, security, Software

You can’t knock a useful update.

On Tuesday, Adobe released version 11.0.04 of its Adobe Reader and Adobe Acrobat Pro applications. The updates, which can also be snagged through the Adobe Update Utility, add the following fixes and changes:

- This update provides system requirement enhancements, mitigation for security issues, improved overall stability, bug fixes, and feature enhancements.

Acrobat Reader 11.0.04 and Acrobat Pro 11.0.04 require an Intel-based processor and Mac OS X 10.6.8 or later to install and run.

If you’ve tried the new versions and noticed any differences, please let us know what you think.

Apple confirms September 10th media event, hints at next-gen iPhone handsets

Posted by:
Date: Wednesday, September 4th, 2013, 06:12
Category: Hardware, iOS, iPhone, News, security, Software

applelogo_silver

It went official yesterday.

On Tuesday, Apple sent out invitations for a media event next Tuesday, Sept. 10, at which the company is expected to show off its next-generation iPhone models that will come in a new range of colors.

Per The Loop, the event will kick off at 10 a.m. Pacific, 1 p.m. Eastern, according to The Loop. It will be held at Apple’s corporate headquarters in Cupertino, Calif.

Though the invitation itself makes no mention of the iPhone, it does say that the announcement “should brighten everyone’s day” — a likely reference to the fact that Apple is expected to offer its next iPhones in an array of new colors. Specifically, leaked parts have suggested “iPhone 5S” will be available in a new “champagne” shade, while a low-cost plastic “iPhone 5C” will potentially be available in white, green, red, blue, pink, and possibly more.


invite-130903

Colors featured in the invitation include yellow, green, orange, white, red, pink, and shades of dark and light blue. Apple’s forthcoming iOS 7 update is also a more vibrant and colorful update to the company’s mobile operating system.

The company may have some surprises in store for fans and observers when Chief Executive Tim Cook presumably takes the stage next Tuesday, but the event is widely expected to center on the company’s largest revenue generator: the iPhone. It will likely see the unveiling of the successor to the iPhone 5, currently thought to be named the “iPhone 5S.”

The company’s next-generation premium smartphone is expected to include a fingerprint sensor embedded in the home button. Last year, Apple purchased AuthenTec, a biometric security firm, potentially setting the stage for the defining feature of this year’s iPhone.

Integrating a fingerprint sensor — a move that would largely negate the need for passwords and lock-screen codes — could give Apple an edge that its competition could not likely soon address.

Apple’s “S” series iPhones have typically been refinements of the models immediately preceding them, and most of the rumors surrounding the “5S” have been in that vein. Leaked cases for the device have shown that it will retain the same form factor as the iPhone 5, though it may be available in a “champagne” color option, as well as the existing black and white models.

Analysts expect a 31 percent faster “A7″ chip that could be 20 percent more power efficient than the A6 seen in the iPhone 5. It may also feature a dedicated motion-tracking chip to enable a new range of user interactions.

Apple is also rumored to offer a model of the device with 128 gigabytes of storage, while the camera is expected to be upgraded with a dual-LED flash component for better low-light pictures. It’s likely that the camera itself will also see improvements.

Perhaps the most widely leaked device, though, has been the expected lower-cost plastic iPhone. That model is believed to be called the “iPhone 5C,” and recent leaks of an apparent user manual seem to confirm that name.

Observers believe that Apple will largely repackage the internals of the existing iPhone 5 into a polycarbonate shell to lower manufacturing costs. To differentiate the device, the “5C” would be available in a range of colors.

The move back to polycarbonate for the chassis would allow Apple to offer the “iPhone 5C” at a much lower price point than the premium-built iPhone 5 or anticipated “iPhone 5S.” That lower price could give Apple a better chance of picking up mid-range smartphone customers, who often choose Android phones when upgrading from feature phones simply due to price.

Most importantly, though, a lower-cost iPhone would give Apple a much better chance of competing in the world’s largest smartphone market: China. Investment firm UBS opined in August that an affordable iPhone would move more than 11 million units on China Mobile alone.

The Sept. 10 event will also mark the announcement of a release date for Apple’s newest mobile operating system, iOS 7. The new platform, revealed at this year’s Worldwide Developer Conference, features an almost complete visual overhaul, with many of the features of previous iOS versions giving way to a “flatter” aesthetic spun out of the leadership of Jony Ive, Apple’s design chief.

Aside from the new look, iOS 7 will also feature iTunes Radio, a new music streaming service that will take on Pandora, Spotify, and other services. It will also come with improvements to Siri, allowing Apple’s digital assistant to display more information and control phone settings, and tweaks to the Camera app, giving users access to more editing options.

The media event is likely to offer final – and long-anticipated – release dates for the next-gen iPhone handsets as well as iOS 7.

Stay tuned for additional details as they become available.