Author: Nick Farrell

Apple ignored warnings of potential iCloud hack

Three-Wise-MonkeyFruity cargo cult Apple’s delusions of its own iCloud invulnerability may have led to naked pictures of its starlet customers being leaked to the Internet.

A security researcher warned Apple in March 2014 of a security hole that left the personal data of iCloud users vulnerable.

A string of emails went back and forth between Jobs’ Mob and Ibrahim Balic, a London-based software developer, which told the cargo cult of a method he’d discovered for infiltrating iCloud accounts.

The exploit Balic says he reported to Apple shares is similar to the exploit allegedly used in the so-called “Celebgate” hack.

Balic told an Apple official that he’s successfully bypassed a security feature designed to prevent “brute-force” attacks. Typically, this kind of attack is defeated by limiting the number of times users can try to log in.

He said that he could try over 20,000 passwords combinations on any account and he was warning them so that it could be fixed. The vulnerability was also reported by Balic using Apple’s online bug submission platform.

By May 6, the reported vulnerability apparently remains unfixed, as an Apple official continues to question Balic over the details of his discovery, but did nothing.

Then soon after the Celebgate photos exploded across the Web, Apple reportedly patched Balic’s vulnerability.

Apple  denied, however, that it was in any way linked to the Celebgate event. The theft of the photographs, a statement from the company insisted, was not the result of “any breach in any of Apple’s systems including iCloud or Find my iPhone.”

This is the second time that Apple has done this to Balic. In June 2013, he identified a security flaw in the Apple Developer Centre.

In that case, the website was almost immediately taken down, and Apple claimed that “an intruder attempted to secure personal information of registered developers” and it had called the rozzers.

The implication was that Balic was a criminal for reporting the flaw and Apple was only too happy to have him arrested for daring to point out flaws in its security.

Needless to say Balic was a little concerned about that and went public in the form of a comment on a TechCrunch article. He later uploaded a YouTube video, which he says contains proof of his discovery.

Apple later acknowledged Balic for reporting a cross-site scripting (XSS) vulnerability on its Web Server notification page.

Linux security Bashed

linuxA remotely exploitable vulnerability in Linux has been found and it could be really nasty for those who depend on the operating system.

Stephane Chazelas, who found the vulnerability, has named it CVE-2014-6271, but has been dubbed Shellshock by those who like their viruses to be a little more like a Marvell super-villain.

The flaw is in Bash, which supports exporting shell variables as well as shell functions to other bash instances. It has been a feature of Linux for a long time.

Web applications like cgi-scripts may be vulnerable especially if calling other applications through a shell, or evaluating sections of code through a shell.

The problem is fixed by upgrading to a new version of bash, replacing bash with an alternate shell, limiting access to vulnerable services, or filtering inputs to vulnerable services.

However it could be a while before word gets out that bash is vulnerable and a lot of Linux systems are vulnerable.

Security experts say that this vulnerability is very bad and it will be a race to get systems upgraded before someone has a working exploit.

Tod Beardsley, engineering manager from Rapid7, said it was difficult to write a “bash bug” exploit, but not impossible.

“It’s quite common for embedded devices with web-enabled front-ends to shuttle user input back and forth via bash shells, for example — routers, SCADA/ICS devices, medical equipment, and all sorts of webified gadgets are likely to be exposed,” he said.

Manning sues US army for sex change

AP_chelsea_bradley_manning_wikileaks_lpl_130822_16x9_992A year after having been sentenced to 35 years jail for leaking documents proving US war crimes, “Chelsea” Manning is suing the army.

In an 180-page complaint, former Army intelligence analyst Bradley Manning, who now uses the name Chelsea Elizabeth Manning, alleged having been “denied access to medically necessary treatment for her gender dysphoria”.

Since she was imprisoned August 21, 2013, she has been seeking hormone treatment; she says she feels that she is a woman in a man’s body.

The case has the backing of the American Civil Liberties Union. Manning sued Defense Secretary Chuck Hagel and the Pentagon, alleging that her US constitutional right not to be subjected to cruel and unusual treatment, is being violated.

“The government continues to deny Manning’s access to necessary medical treatment for gender dysphoria, without which she will continue to suffer severe psychological harms,” said Chase Strangio, attorney in the ACLU Gay Lesbian Bisexual and Transgender project and co-counsel for Manning.

“Such clear disregard of well-established medical protocols constitutes cruel and unusual punishment.”

Manning has acknowledged releasing more than 700,000 classified documents to WikiLeaks.

In 2010, WikiLeaks began publishing 250,000 American diplomatic cables and 500,000 classified military reports, covering both American diplomacy and the US wars in Iraq and Afghanistan.

Why smartphones and tablets need to get dumber

dumbFor a while now smartphones have been trying to load more technology into an ever shrinking body.

Some of this has led to design problems, such as Apple’s incredible bendy phone, but also a problem that the phones are simply too expensive.

Chips in smartphones are now reaching the point where they need the graphics and processing power of a five year old PC.

The answer, which the mobile phone makers have so far ignored, is not to make smartphones smarter, by providing them with ever more features, but to make them dumber and shift the processing power and functionality onto the internet. This has already been seen with the development of Chromebooks.

This is the same logic which has been used, on and off, to promote the use of dumb terminals in PC networks. Instead of requiring huge amounts of processing power at the client side, you shift all the processing work and storage to a server.

With the rise of 4G, this becomes possible on mobile units, such as tablets and phones because the bandwidth between the unit and the ISP becomes that much greater.

What this would mean is that instead of trying to stuff technology onto a mobile or tablet, you can put only hardware that would connect you to a server, a couple of cameras, a microphone, GPS and speakers and a battery. RAM requirements would be much smaller, as would any storage, processing and power needs. The battery life would be much longer because it would not need to run high powered processors.

The unit cost of such a gizmo would be much less with the touchscreen being the only significant outlay.

Such a device would certainly work well on wi-fi, but what would stop it now is the risk of a user entering an area where the bandwidth is not up to snuff.

It would also require the telcos to set up their own cloud-based networks for customers to use that could process the traffic and do all the work that the mobile used to do. This is something of a business opportunity which they have either not seen, or do not think they can manage yet.

However, if I am right, it does mean that ultimately Apple style technology heavy, high-margin devices will become redundant. The devices could be made super-cheaply in China and they would be sold by the telcos.

Each phone would be pretty much the same, and the only difference between them would be the services that the telco offers on its server side.

A bonus of such a system is its security. If a phone is lost or stolen, all the data is stored in a cloud and can be found by reconnecting a new phone to that account. This means that hackers have to take on a cloud security system rather than jailbreak a device. Unless your telco is Apple, that should be a little trickier, particularly if the dumb terminal offers a better form of ID than a password.

 

Debian says there is no place like Gnome

gnome-sweet-gnome.0Open Sauce operating system Debian, which defaulted to the Xfce desktop in the past after switching from GNOME, has decided to go back.

Debian developer Joey Hess said that the decision to go back to the GNOME camp was based upon the accessibility, systemd integration, and other factors mentioned on the Wiki for the Debian desktop requalification for Jessie.

This is not to say that GNOME is all great and everything is a bunch of fluffy bunnies for Debian and the interface, which has been getting a bit of a bad press lately.

Hess said that Debian could still go back if things do not improve. Some desired data is not yet available, but at this point he was around 80 per cent sure that GNOME is coming out ahead in the process.

“This is particularly based on accessibility and to some extent systemd integration… The only single factor that I think could outweigh the above is media size, if there was a strong desire by Debian to see a single CD with a standalone usable desktop,” he said.

The Debian live team doesn’t care about fitting on a traditional CD and Hess does not care enough about any more to make it a hard blocker on the default desktop.

The GNOME community is still larger and GNOME 3 has improved a lot.

Debian 8.0 Jessie will likely be released next year. GNOME 3.14 stable is coming this week and should be ready for the next major Debian update.

 

Press flip-flops on Fablets

apple flip flopIf you want to see how Apple’s control of the US trade press is distorting reviews and facts about its products you do not have to look much further than the reviews for the fruity cargo cult’s Fablet.

When Flablets first started appearing, Apple made a big thing about how bad they were, and the Tame Apple Press automatically rubbished them. Despite this they were a huge success, and Apple was forced to copy its rivals and produce one.

Has the Tame Apple Press stuck to its guns and said that Fablets are rubbish? Er no, they have just contradicted their previous views because Apple now tells them to say something different.

Tech Crunch’s Darrell Etherington wrote this week that “The additional size makes for a less ‘perfect’ ergonomic quality, something the iPhone 6 definitely achieves, but there’s still lots to love about the industrial design of the 6 Plus … For most tasks, I find the iPhone 6 Plus to be a two-handed device – but I also find that I’m absolutely fine with that.”

But this is the same magazine that wrote about the Galaxy Note: “Unfortunately, you might look a little crazy with that huge thing up to your face. I found that it was really difficult to get comfortable with the device, never feeling like I had complete control over it as I would with a smaller phone.”
What is the difference? Tech Crunch’s favourite company now makes Phablets so anything it said in the past is officially rubbish.

Josh Geller, from BGR, wrote this week that “Apple has finally taken the wraps off the iPhone 6 and the iPhone 6 Plus, and Apple fans are going crazy with anticipation over the largest iPhones ever released, something needs to be said. And that something is, “Thank you, Samsung.” We got it wrong.”

At least he admits he got it wrong, but what was Geller thinking when he wrote this: “The most useless device I’ve ever seen … This is a phone, after using it for a few hours, that feels like it is too big to be taken seriously. That’s the end of it. I don’t care if you like large screens on mobile devices, I don’t care if you love Android, and I don’t care if you love 4G LTE — this is a device fit for use only by such a small subset of the human population that I can’t fathom how AT&T and Samsung are putting so much marketing resources behind it.”

Lauren Goode at the Wall Street Journal admits that she is biased toward Apple and will say whatever the cargo cult put out is great.

“Maybe I’m getting old, and my eyes are getting worse. Or maybe I’m stuck in Apple’s reality-distortion field (help). But something strange happened this week. I started to like a phablet.”

This is the same writer who told us “It’s still too big for a smartphone … After testing it over the past week and a half, the awkwardness that came with carrying such a large, “notice me” phone outweighed the benefits of it, for me.”

The New York Times’ David Pogue was clearly trying to get back into Apple’s good books when he wrote “The iPhone 6 and iPhone 6 Plus are absolutely terrific phones. They’re fast and powerful and well designed. There’s not a single component that hasn’t been improved. These phones are a delight to behold and to be held.”

This is the same numpty who said about the Samsung Phablet that its “sheer size basically makes one-handed operation impossible. Samsung’s given the Note 3 an entire settings menu dedicated to trying to make it easier to use one-handed, but even with my adult male-sized hands it’s a struggle to reach even half of the screen without dropping the device.”

For some reason his “adult hands” do not drop Apple devices, just those made by a rival.
While it is mostly Amercians journalists who are keen to sacrifice their credibility to butter up Apple, the UK’s Guardian is also keen to toady up to Jobs’ Mob.

Charles Arthur wrote this week: “Too big. This thing’s too big. Waaay too big. It’s … actually, that screen is pretty nice, isn’t it? Wow, you really can get a lot of content on there, can’t you? Hey, my hand’s getting used to the size. It’s quite comfortable, isn’t it?”

However the Guardian has a strong view about other people making Phablets. Samuel Gibbs  moaned that the sheer size of the device basically makes one-handed operation impossible. Samsung’s given the Note 3 an entire settings menu dedicated to trying to make it easier to use one-handed, but even with my adult male-sized hands it’s a struggle to reach even half of the screen without dropping the device.”

What a difference two years makes, and the fact that the outfit is your favourite toymaker.
It seems that the trade press has gone a long way since we had to send back bottles of whisky from suppliers at Christmas because they represented low-level bribery. Instead, it is clear that trade journalists are Apple’s glove puppets and no longer can be relied on to tell you the truth.

 

iPhone6 bends in your pocket

bendShocked iPhone6 plus users have discovered that the build quality of the iPhone 6 is not quite what they expected.

The Apple fanboys are finding that if they put the phone in their front pockets they develop a slight bend.

The Tame Apple Press has rushed to say that while the rumours are true it clearly takes quite a bit of force and in any event, you would never put an iPhone in your pocket, you would carry it around so others can see it and want to buy it.

According to experts, the problem should not be surprising. Jeremy Irons, a Design Engineer at Creative Engineering said that it should not surprise anyone that the phone bends.  The only thing keeping its shape is the thin aluminium frame that covers the back and reaches around the sides. There is also another very thin piece of steel behind the glass.

This problem did not exist with the previous iPhones, which were thicker and not as long. In material bending, larger cross sectional areas and shorter lengths make things stronger. So the increased length and decreased thickness contribute to the weakness of the new iPhone.

While the iPhone 5S was only seven percent thicker than the iPhone 6 Plus, it was actually 22 percent stronger in bending. When you make something longer, it gets proportionally more bendable, when you make it thinner, it gets a lot more bendable.

Climate deniers are liars says Schmidt

google-apple-maps-eric-schmidtSearch engine outfit Google has pulled out of the American Legislative Exchange Council (ALEC) saying that the outfit is a bunch of liars.

Google Executive Chairman Eric Schmidt  said that it had been a mistake for Google to join that particular lobby outfit because it was pretty much against everything that the outfit believed.

ALEC thinks that human-created climate change could be “beneficial” and opposes environmental regulations. It is backed by a lot of big US companies who want a philosophy that will allow them to cheaply pollute.

Schmidt said groups trying to cast doubt on climate change science are “just literally lying”.

However ALEC also has some other strange views which are opposed to Google’s.  It thinks that Net Neutrality and municipal broadband projects are all a communist plot.

Earlier this month, Google refused to comment after 50 advocacy groups called on the company to end its affiliation with ALEC.

Schmidt appeared on The Diane Rehm Show and was asked by a listener whether Google is still supporting ALEC. The listener described ALEC as “lobbyists in DC that are funding climate change deniers.”

Schmidt responded, “we funded them as part of a political campaign for something unrelated. I think the consensus within the company was that was sort of a mistake, and so we’re trying to not do that in the future.”

He said that Google has a very strong view that decisions in politics should be based on facts and the facts of climate change are not in question anymore.

“Everyone understands that climate change is occurring, and the people who oppose it are really hurting our children and grandchildren and making the world a much worse place. And so we should not be aligned with such people. They’re just literally lying,” Schmidt said.

Google was a member of ALEC’s Communications and Technology TaskForce, along with Facebook, Microsoft, and Yahoo. Microsoft also cut ties with ALEC recently.

ALEC CEO Lisa Nelson spat the usual right wing US bile against its former ally saying it was unfortunate to learn Google has ended its membership in the American Legislative Exchange Council.

She said it was all due to public pressure from left-leaning individuals and organisations who intentionally confuse free market policy perspectives for climate change denial.

No one can stand up to what big business wants in the US without being labelled a left wing pinko.

 

Ozzie walks his Talko

ozzieFormer Microsofty supremo  Ray Ozzie, who was in the teams that created VisiCalc and Lotus Symphony is pushing some mobile tech which floundered at both Microsoft and Google.

Groove, which was sold to Vole,  was a P2P outfit which if it was developed promised internet services where you could share files, instant message, and manage tasks with colleagues in real-time.

Neither Microsoft nor Google could get similar technology to work, so Ozzie is shot of being Bill Gate’s replacement at Microsoft, he is having a crack at it on his own.

Dubbed Talko, a new app for iPhone that’s coming soon to Android and web. It looks like a mix of WhatsApp,  Google Voice, and a little bit push-to-talk app Voxer. Talko lets you text, call, send voice or photo messages, and conference call your team.

Every message and call is recorded inside one thread, and you can bookmark specific audio bits or messages so people can return to them later. Talko is designed to turn your average meeting minutes doc into a living conversation — a conference call, then a series of messages, then a photo — and each conversation has a URL only accessible to your team.

Talking to the Verge, Ozzie said that people have been able to record conference calls for quite some time, and there are various products that let you take sideband text notes, but they haven’t been wrapped in a form that has broadly gotten people’s minds away from equating voice with the phone.

He thinks that phone calls have been stuffed because people hate interrupting other people. Talko is built around the asynchronous nature of how we talk to each other today. If somebody misses the beginning of a conference call, they can hop in midway and listen to what’s happened, or send a quick text to the people on the call, or listen to the call later with the aid of bookmarks and tags to guide the way.

He wants to get to a point where Talko will transcribe all these missed calls for you.

All this is stuff which has been seen in the consumer market but not in business.

EMC nearly married HP

weddingIn a merger that would have ranked alongside that of Kim Kardashian and Kris Humphries, EMC was seriously considering tying the knot with the maker of expensive printer ink, HP.

A Wall Street Journal report suggested that EMC and HP have investigated a potential merger deal that would have created a super-vendor worth close to $130 billion.

The deal was approached as a “merger of equals” and was in discussion over the past year. HP CEO Meg Whitman would have become CEO of the combined company, while EMC’s Joe Tucci would have been President.

Fortunately, the deal fell apart because both companies had concerns over whether their respective shareholders would have approved it.

That is not to say it was completely bad.  HP would have gained EMC’s storage expertise and domination over the mid-range storage sector. HP’s forays into cloud computing have shown the strategy of a chicken with its head cut off.

EMC has some good technology in cloud computing, commodity hardware and modular approaches to IT, but these are successful at the expense of its highly lucrative core businesses.Its VMware subsidiary is doing well, but it is not making enough for the outfit to be a truly happy bunny.

What the pair clearly forgot was that they compete for business; integrating the two operations would have been a nightmare for managers, but great for accountants.

Fortunately, the idea died a death before anyone heard about it.

Phone 4U shafted by suppliers claims founder

Finding-Nemo-Shark-Wallpaper-HDPhone 4U’s founder, John Caudwell, blamed the outfit’s demise on its mobile network suppliers and private equity owners, BC Partners.

Caudwell, who started the chain of phone shops in the 1980s and sold it for £1.5bn in 2006, said Vodafone, EE and other networks had refused to supply the retailer, in a strategy to reduce competition and fatten their margins.

Phones 4u’s private equity owners had left the company financially weakened so that it could not defend itself, he said.

BC had acquired the chain in 2011 in a £610m deal, only to allow it to be saddled with debts of £635m.

“It’s astonishingly ruthless. Vodafone have had millions upon millions from Phones 4u over 25 years,” he said.

“It’s dreadful for British business. It gives us a terrible reputation, it destroys jobs and it is a terribly unhealthy environment to do business… The private equity houses left the business laden with debt and that weakened their ability to defend themselves and fight.”

Judging by the way that EE and Vodafone jumped and bought a portion of Phones 4u’s old stores, Caudwell might have a point.

Vodafone will take over 140 Phones 4u stores while EE will take over 58 shops. The deal will see the jobs of more than one thousand people saved as staff are to remain working at their current locations.

Phones 4u went into administration on September 15 after failing to retain EE and and Vodafone as carrier partners.

The Vodafone deal will preserve 887 jobs. The deal with EE, announced Monday, saves a further 359 jobs. In addition, Dixons has offered jobs to those working at Phones 4u confessionals in its stores.

The Vodafone and EE-owned stores will be rebranded by their new owners, though it’s not clear how long that will take. Dixons Carphone plans to make an offer to acquire as many as 100 stores and will invite the staff at those stores to apply for available positions.

Vodafone and EE have claimed that Caudwell is off-base with his remarks.  Phones 4u management told them that they could not stock the phones because of the company’s large debts.

Vodafone said: “Phones 4u was offered repeated opportunities to propose competitive distribution terms to enable us to conclude a new agreement, but was unable to do so on terms which were commercially viable.

Administrator PWC said that 362 of the retailer’s stores will close, immediately costing 1,697 staff their jobs. Another 720 people have been retained in the short term to assist with the closure programme, the accountants added, but will then be made redundant.

 

Murdered whistleblowers can still share documents

dead moleA whistleblower, who is murdered by the men in black, can now make sure that all their secrets are broadcast all over the internet.

A new dark web service called ‘Dead Man Zero’  claims to offer potential whistleblowers a bit more peace of mind by providing a system that will automatically publish and distribute their secrets should they die, get jailed, or get injured.

It is the ultimate revenge site against a government which arrests or kills you.

“So what if something happens to you?…Especially if you’re trying to do something good like blow the whistle on something evil or wrong in society or government. There should be consequences if you are hurt, jailed, or even killed for trying to render a genuine and risky service to our free society.”

“Now you have some protection. If ‘something happens’ to you, then your disclosures can be made public regardless,” the site promises.

What you do is upload your files, encrypted with a password, to a cloud storage service. Then you include the link, along with the password and an optional description of your material. The site will then add its own layer of encryption, too. You are then given your own unique URL to log in from, accessible only using the Tor browser.

If you don’t log back into it once a day, week or month (those are the options), your documents and respective password will be published on the site, and sent to a list of email addresses that you provide in advance.

Ideally these would be hacks you trust to do the story justice, rather than your tin foil hat mate who runs a site which claims that the world is run by lizards.

The site can also be accessed via a smart phone, assuming you can browse hidden services on it.

For a user to upload their archive, they are required to pay 0.30 Bitcoin (around £70 or $120 at today’s rate). More than 399 sets of documents have been uploaded, and 17 will be released if their owner doesn’t log in within the next 24 hours.

Of course, there is a certain amount of trust required here. It could be a site set up by the men in black to get your documents and lull you into a false sense of security.

It will also protect any blackmailers of the rich and famous, or ex-boyfriends looking for post-mortem revenge.

Nvidia wrestles with ARM connections

arm-wrestlingARM Holdings Chief Executive Officer Simon Segars defended his smartphone graphics technology which Nvidia claims it invented.

Nvidia is currently taking Samsung Electronics and Qualcomm to court for using the technology in its phones and accusing both companies of infringing its property patents on graphics chip technology.

Nvidia said Samsung devices made with graphics technology from ARM, Qualcomm and Imagination Technologies illegally use its intellectual property, or IP.

Segars said that the company stood behind its IP and will work with its partners when something like this happened.

Nvidia is not suing ARM or Imagination yet but it did say it would ask the US International Trade Commission to prevent shipments of Samsung devices containing ARM’s Mali or Imagination’s PowerVR graphics architectures, as well as Qualcomm’s graphics technology.

Nvidia has to play this carefully. Nvidia depends on ARM’s technology to make its Tegra chips for tablets and cars.

Segars said that it did “create a bit of a curious situation… But we do a lot of business with a lot of people.”

Microsoft no longer Trustworthy

bad-dogSoftware King of the World, Microsoft thinks that it is Trustworthy Computing Group is surplus to requirements and is shutting the whole lot down.

Its role will be taken over either by the company’s Cloud and Enterprise Division or its Legal & Corporate Affairs group. The move will mean the death of the Microsoft Security Response Centre and the related functions – as well as the cybercrime unit.

So far Vole has not announced the move publically but it has been leaked to several blogs and, given that Microsoft is trying to save cash, is every likely to be true.

The idea is to integrate the Trustworthy Computing work into Microsoft’s engineering teams. Microsoft has confirmed that an unspecified number of jobs from the group will be cut.

Trustworthy Computing will be missed, at least by outsiders. For years, the TwC group at Microsoft played an important role in the security industry.

It was started in 2002, and appeared to make huge improvements to Volish security. It dealt with some hard security topics, and seemed to get security into Microsoft’s thought.

It did those things, however it was more PR and spin for outsiders. Microsoft insiders said that the unit was there to create the perception that Microsoft had a handle on security, while at the same time getting the experience it needed within its own divisions.

Microsoft walking away from it is part of the mind-set where enterprise desktops give way to cloud and mobile and ‘things’.

 

Amazon can’t read Germany

german strikeUS online bookseller Amazon is continuing its war against the German unions despite multiple strikes shutting down its business.

American companies generally do not understand trade unions, which they see as a communistic method by which workers get things like decent wages and conditions which prevent the shareholders and management becoming as wealthy as they should. In the US, trade unions are identified as being in the pockets of organised crime.

In the EU, where things are a little more balanced, unions have a little more respect and power.  But not, in Amazon with appears to be going through the sort of battles that Margaret Thatcher had with the coal miners in the 1980s.

Workers at German warehouses of online retailer Amazon.com took strike action again on Monday as labour union Verdi pressed its demands in a long-running dispute over pay and conditions.

Verdi said in a statement it had called out workers to strike at distribution centers in Bad Hersfeld, Leipzig, Graben and Rheinberg. Verdi had in June staged walkouts at three of those sites.

Amazon hires 9,000 warehouse staff at nine distribution centers in Germany, its second-biggest market behind the United States, plus 14,000 seasonal workers.

Verdi wants Amazon to raise pay for workers at its distribution centres in accordance with collective bargaining agreements across the mail order and retail industry in Germany and has organised several stoppages over the past year.

Amazon insists that its warehouse staff are logistics workers and says they receive above-average pay by the standards of that industry.