Slashdot Mirror

Security questions only get you into your iCloud login. They can’t remote unlock your phone. They can remote WIPE it, which is concerning, but it’s unlikely to help the cops gather evidence against you.

It does look like there are reset venues that would allow iCloud to restore data back to your phone after you force wipe it without the passcode (see http://support.apple.com/kb/HT...). That doesn’t appear to be the case if you backup locally to iTunes and enable encryption on that backup.

Today’s lesson: Cloud backup is generally a security risk.

I look forward to Apple stepping up and enabling client-side encryption of iCloud backups like Crashplan & Co. do with your data.

Too bad for "standard forensics" that the passcode is mixed in with a hardware-specific key baked into the SOC. So you'll first need to be able to run arbitrary code on the individual's phone itself in order to keep guessing beyond the limit. That's going to require a significantly more intrusive examination.

More importantly, you can also disable "simple passwords" in IOS and use a longer and more complex alpha-numeric password. These passcodes can be up to 37 characters long, utilizing any of 77 different characters (upper & lowercase, numbers and some punctuation).

If you are really worried about the security of your data, you should enable complex passcodes. The default 4-number PIN is really there more to stop curious friends from getting onto your device than preventing a determined hacker (or law-enforcement officer) from getting access.

This is not news at all. They are EXPECTED to do this. It's what they did with Bluetooth also - you cannot transfer files, photos, mp3s via Bluetooth because of their misplaced sense of copyright protection....meh!

Yeahrightsure.

That's why they have a "Share" button in nearly every (probably actually IS every) App.

And besides, Bluetooth was never intended to be a mass-data-transfer protocol. It was essentially intended to be the RF version of IrDA. Apple has the "Share" button (which allows several methods of data-transfer) and AirDrop for the uses you mention for Bluetooth.

And also, in iOS 8 and OS X 10.10, there are signs that the Post-Jobs-Apple is loosening the reigns a bit. Is it wonderful yet? Meh. But, keep in mind that this is only the beginning.

...The only difference here is that there is that Apple isn't privy to your transaction data at the register - though the merchant, the bank, and VISA/MC/AMEX still are.

1. The fact that Apple isn't privy to the transaction is a significant and unique difference, data-mining-wise.

2. Please tell me how the merchant, your Bank, and the CC company can somehow conduct a transaction without the details.

That and they have you transmit a photo of your credit card (and photos are unhackable, just ask the stars who took nude selfies) instead putting the onerous task of entering twenty two digits *all by yourself* into another payment processor's web/app form. I mean, that's 15 seconds you'll never get back.

1. The picture of the card, if it is even sent to your bank, is done once, and I would guarantee it is encrypted as part of their Proprietary Setup Protocol, and is only used to establish that you actually have the card in your hand. I assume this procedure actually setup up some Public Key stuff.

2. The picture of the card may actually just be used by software in the phone itself, and again, just for the purposes of one-time Setup.

3.. Oh wait. Here's the answer. Your card-photo is obviously simply used by the phone to do OCR so users that wish can avoid having to type (Dyslexics and others do exist, and do have problems with long, unbroken strings of characters, you insensitive clod. But, as you can see from the freely-available information that you chose to ignore (that took me exactly 2 seconds to Google), you are free to spend the 15 seconds if you don't trust your own phone to do a little OCR (on an OCR font, BTW).

. The Apple-Hate runs strong in this one...

Google should make provision for ApplePay on android devices. Then, when Apple won't allow Google's payment app on iOS, it's time for an anti-trust investigation. Google can incorporate an authentication mechanism as powerful if possibly slightly less convenient, as Apple's thumbsmudge method.

Google CAN, but WON'T.

Apple sells computing devices. Google sells data. Specifically, your Data.

That's the difference.

And for all the Apple-Bashing that goes on around here, do you think that Google or Microsoft (remember the Microsoft Wallet?) would commit to a Privacy Policy like THIS ?

Apple has come to the (correct) conclusion that people are getting more than a little sick and tired of being Data-Mined by everything and everybody. The great thing is, that as primarily a hardware company (who really only makes software to sell their hardware), Apple doesn't even have to change its Business Model one iota to (truthfully) establish itself as The platform vendor who doesn't try to make money off of the most intimate details of your LIFE ...

It will be ONE WHOLE YEAR MORE before they get into NFC in a big way!* This will certainly doom them, just like how they went out of business when they were late to the MP3 party, and again when they were late to the smartphone party, and again when they didn't let people install apps on their smartphones on Day 1, and then again when they didn't ship the first tablet...

Those morons, in the last 15 years they've doomed themselves so many times they just have to sit in the corner and console themselves with the fact that they're one of the biggest and most profitable company in the world. IDIOTS!

So wrong on so many levels. 1) Apple DOES has A solution for payments, just maybe not the one you want. 2) NFC is not the ONLY reason that someone will or won't buy a new iPhone. (Fun fact: they sold FOUR MILLION in the first 24 hours.) 3) Things CAN and WILL change. That year will go by pretty quick. They aren't going to miss the boat entirely just because they're not on it this year. 4) Did you notice Apple is the biggest company in the world? They have some smart people there doing good work. Maybe, JUST MAYBE, they analyzed their options and decided this was the best, and MAYBE it'll turn out that that's true.

* Besides all the pull they have with retailers and credit card companies to make them use Apple on the back-end... besides that one little detail, DOOMED!

"No Swype"

https://itunes.apple.com/us/ap...

"All but Unusable with one hand"
How large of an Android tablet do you type on one handed?

You seriously don't see any side view images of the iPhone?

Counting by images, the 2nd, 5th and 7th iPhone images on http://www.apple.com/iphone-6/... are all side views!

Please try harder!

Do you rate Apple.com as one of those "rumor mills and third party sites"?

If it's Transparency you want, have I got a deal for you...

Jus' Sayin'...

The six has a flat back, Mr. Always Corrected.

No it doesn't, not according to Apple's website - see the bit where they compare thickness - the smaller 6 clearly has the protruding lens. Also you can quite clearly see it in engadget's hands on video.

Is this where you could opt out of iAds tracking?

Interesting. I am sure they give away targeted ads to their advertising partners for free though. Because they do not want you to look like a fool.

From Apple's page at http://www.apple.com/iphone-6/:
http://images.apple.com/iphone-6/overview/images/design_details_right_large.jpg
The perfectly orthogonal side view shows no camera protusions whatsoever.

From Apple's page at http://www.apple.com/iphone-6/:
http://images.apple.com/iphone-6/overview/images/design_details_right_large.jpg
The perfectly orthogonal side view shows no camera protusions whatsoever.

Artistic license or great Conspiracy? It is a sort of mixed message isn't it. The "from the side" images don't show this bezel protruding - along with an "artistic" shadow.

As for the other images - they all clearly show the camera bezel. https://www.apple.com/iphone-6... This isn't like it's a great selling feature - meaning - is it material or just marketing?

Scroll down to the "Streamlined: inside and out" and "Elements of Design" and you'll clearly see the camera "protruding."

It's quite possible that the side view looked "strange" with a little hair-thin spec that was removed "for clarity." Kind of like cereal "enlarged to show texture" (or make you hungry) ?

Gosh - having a phone so large it requires an external monitor you wear on your wrist? Or a thin bezel sticking out from the back? Oh the horror.

...but they can change the password for you.
so they can read the mail.

http://support.apple.com/kb/HT...

so how is it not total bullshit that is is spewing from his filthy mouth?

Very likely, if I can read my mail, so can he. It's only logical.

The fact that an organization acts as a conduit for delivering messages does not necessitate that they have the ability to read the contents of those messages. The one does not follow from the other. It may be likely that the two go hand-in-hand, but by no means is it logical that they would do so.

The various white papers and other security documents Apple has released over the last year or two make it clear that they claim they do not hold the private keys necessary to decrypt their users' data. Those private keys reside on the devices of the users, with unique keys being generated for each device and unique copies of the data being maintained separately for each device. For instance, in the case of iMessages, here's how Apple claims they work:
1) I type up an iMessage to send to another Apple user and press Send.

2) My device queries Apple's servers for the public key(s) of the recipient, which could be numerous if they've configured iMessages to arrive on multiple devices.

3) My device creates and encrypts one copy of the message for each device, using the public key that is specific to each device for the copy going to it.

4) My device signs the copies using its private key.

5) The iMessage is sent to Apple, who then forwards it and immediately deletes it, unless they can't deliver it, in which case it'll stay queued for up to 7 days.

6) The recipient's device verifies the signature against my public key and then decrypts the message using its own private key.

Assuming the system works as described, Apple shouldn't have access to the content of the messages. Whether or not you believe that it works as described is a matter of how much faith you put in corporations and/or the governments that might be compelling them to insert backdoors. For instance, there are trivial ways that they can circumvent their own systems to gain access to messages, without having to compromise the private keys at all. The easiest way I can imagine would be to simply provide the public key of a wiretapping device in addition to the other keys in step #2 above. Unless you're sniffing your own traffic to ensure that you're sending EXACTLY what you're expecting to send, you'd never notice that you've sent out an extra copy of the message, and would be entirely unaware that it had landed on a government agent's device as well.

But again, it isn't logical that they would have that sort of access. "Likely", given the state of things? Sure. But logical? By no means. Again, the one does not follow from the other. Particularly so in the case of Apple, since their money comes from hardware sales, not from monetizing the user's information, so it's in their best interests to make those devices as secure to use as possible.

> Apple, and others, stopped using the "truly free" gcc because GPL v3 became quite restrictive.

There's nothing in there that should scare off anyone.

GPL v3 includes language to thwart anti-circumvention efforts, anti-tivo'ization requiring installation information like signing keys, etc.

I believe Linus has spoken against the anti-tivoazation clause in the GPL v3.

If someone is bothered by the GPL3 in a project like C++ compiler, then you should be very suspicious of their motives. They clearly aren't interested in playing nice or being a good citizen.

They played nice and were good citizens with GPL v2 for many years.

Plus Apple was a good citizen by supporting many FOSS projects and releasing various internal projects as FOSS.

http://www.opensource.apple.co...

They clearly aren't interested in playing nice or being a good citizen. They clearly want to be free to f*ck you over later.

I'm suspicious of people who see things so "clearly". :-)

"We have no plans to do anything like that. Swift is a new option for developing on the platform. We have no plans to drop C, C++ or Objective-C. If youÃ(TM)re happy with them, please feel free to keep using them."

https://lists.apple.com/archiv...

"Swift is Apple's modern, type-safe language for Cocoa development But Objective-C remains a first-class citizen too"

http://devstreaming.apple.com/...

Seems like it's not meant to supplant but to live alongside it.

"We have no plans to do anything like that. Swift is a new option for developing on the platform. We have no plans to drop C, C++ or Objective-C. If youÃ(TM)re happy with them, please feel free to keep using them."

https://lists.apple.com/archiv...

"Swift is Apple's modern, type-safe language for Cocoa development But Objective-C remains a first-class citizen too"

http://devstreaming.apple.com/...

Seems like it's not meant to supplant but to live alongside it.

Yes, there's an auto-download setting on the Mac.

http://support.apple.com/kb/HT...

I thought they already announced it. Even added a free cell phone radio!

I've not over years of use, I guess it's that weak-ass Gorilla Glass 2 the original post was wishing for. Hopefully Apple ditched them if you can simply scratch it with keys.

You understand that users of older versions of iOS can download the older versions of the iOS apps, right, if the developer chooses to make it available.

http://support.apple.com/kb/ht...

How is this forcing customers to upgrade as often as possible? Also, I said 4 years, not 5 years. You might want to re-read what I wrote, instead of what you think I wrote.

Apple doesn't develop their own supporting chipsets, CPU or GPU hardware, or any other such thing. At most, there may be some proprietary "System Protection Chip" that isn't needed at all for the system to work.

In fact, Apple themselves have instructions on their website for how to install Windows on Mac hardware. I guess you need to catch up to what the world has known for a while.

For some weird reason, wikipedia has chosen to source that statement to an article from Verge, rather than the direct Apple source. Apple's statement can be found at http://www.apple.com/iphone-6/...

Folks,

My son took the course last year as a senior in high school via iTunesU.

https://itunes.apple.com/us/co...

It's also available on EdX.

https://www.edx.org/course/har...

Heck, I took it way back thirty-odd years ago. :-)

Also, here's a link to the original article in the Harvard Crimson:

http://www.thecrimson.com/arti...

--Paul

http://store.apple.com/ca/prod...
You can buy it, so the ruling is directly applicable. But I guess all they have to do is say that it comes free on all their hardware, and they might get away with it. Really they sell a specific product that obviously has to come with their OS to even make sense, if you want some hardware without an OS, that is a PC and it is not Apples fault that MS has prevented an OS free one from being sold.

Now for Android, I actually think that it is freely available.

iOS seems to live in a grey middle area. They sell developer versions, and as far as I am aware it is not freely available in any version, but it is also not given away. So is it free, or is it commercial, who can say.

When you have a relatively small customer base and are highly restrictive about what hardware your OS will run on, you have a lot of freedom to be very VERY controlling of your environment.

Seriously?

Within a very large "set" of possible motherboards, video cards, etc, What possible bearing would the range of a certain class of hardware that an OS can run on have to do with whether that OS uses featureless, monochromatic "tiles" that look like they were designed by a six-year-old (but which are running on a GPU that can crank out 25 zillion individually shaded and textured polygons per second), and which barely knows how to do an overlapping window, let alone multiple desktops, as opposed to an UI that actually looks like it was designed by someone who not only implemented easy-to-use features to compensate for systems with limited screen real-estate, while taking full advantage of systems with multiple displays? (Yes, I am fully aware that other OSes have supported things like multiple desktops for some time; but this is about Windows "Modern UI" vs. OS X).

So obviously, it isn't the tightly-spec'ed hardware (since what Apple is doing could be handled by any competent GPU designed in this century) (trackpad gestures notwithstanding). So maybe, just maybe, it is something else, eh?

As I understand it (and I may be wrong), the accounts were accessed by abusing the "forgot my password" service.

I hadn't heard this exactly, but Apple's public statement did include a mention of security questions. Their statement was pretty vague. They say that there was "a very targeted attack on user names, passwords and security questions".

Still, that's not really an exploit of iCloud's service. If they chose security questions that someone could find the answer to, I wouldn't consider that an iCloud exploit. I do think that the use of security questions should be reevaluated, but they're a pretty standard practice these days. Even if someone forces a reset of your password, under normal circumstances you should notice that the password has changed the next time you log in.

They already have one.

Apple is a marketing company, not a technology company. They have brazenly stolen others ideas and (quite successfully) marketed them.

That's a ludicrous conclusion. If they're to be reduced to something other than a technology company, then let them be an industrial design firm. While everyone else is concentrating on specs and feature bullet lists, Apple seems to this day to be the only company focusing on UI and usability. Their goal is to make things that people enjoy using - ignoring the specs and feature bullet lists - and sell bazillions of them.

There are already smartwatches on the market. Check out Samsung's product page: Powered by Google Android Wear! 1.63" Super AMOLED® display!. Now check out Apple's product page, which focuses on its design. Even the technology page describes how each feature should make you want to have one.

Non-geek people I know couldn't care less about a 1.63" Super AMOLED® display. They understand why they'd like to "glimpse the weather forecast, check out what’s next on your calendar, or find your current location on a map". You can probably do the same things with a Samsung, but know knows? They'd rather tell you about which OS is installed on the thing.

Apple is a marketing company, not a technology company. They have brazenly stolen others ideas and (quite successfully) marketed them.

That's a ludicrous conclusion. If they're to be reduced to something other than a technology company, then let them be an industrial design firm. While everyone else is concentrating on specs and feature bullet lists, Apple seems to this day to be the only company focusing on UI and usability. Their goal is to make things that people enjoy using - ignoring the specs and feature bullet lists - and sell bazillions of them.

There are already smartwatches on the market. Check out Samsung's product page: Powered by Google Android Wear! 1.63" Super AMOLED® display!. Now check out Apple's product page, which focuses on its design. Even the technology page describes how each feature should make you want to have one.

Non-geek people I know couldn't care less about a 1.63" Super AMOLED® display. They understand why they'd like to "glimpse the weather forecast, check out what’s next on your calendar, or find your current location on a map". You can probably do the same things with a Samsung, but know knows? They'd rather tell you about which OS is installed on the thing.

All iPods?

. It's a good question if they'll put it in the cloud backup -- I don't use the Cloud backup features.

Passwords are only part of the backup if the backup is local and encrypted with a password - iCloud does not back up that part. You can, however, enable the iCloud keychain.

You're making the mistake of thinking this is the same system. It's not. It's far more secure than your Android NFC, and even more so than credit and debit cards.

http://www.apple.com/iphone-6/...

Just caught this bit on their Apple Watch overview page:

It's as integral to Apple Watch as the Click Wheel is to iPod. Or the mouse is to Mac.

Pretty funny when the majority of Macs are sold with trackpads and now all iPods are sold with touchscreens.

They are still storing your credit card number somewhere. How is that different from storing a photo?

Just this year Apply wrote a very long, detailed white paper about exactly what the difference is. The short story is that, on a 5S, things like your password keychain, the unlock password itself and the signatures that sign the system and certificates is kept either in a secure enclave chip, or on a block of the flash media that the secure enclave can read and write, but the regular flash controller itself cannot address. This is a security tier itself that sits above the normal full-disk encryption of the phone (where your photos live), which is done with your unlock password.

http://www.apple.com/live/2014...

Anyone else seeing "10:49 a.m., 10 a.m. can’t come soon enough." and 10:47 a.m., Looking forward to a great day in Cupertino! Join us at 10am Pacific. #AppleLive"?

Today is the day.

http://www.apple.com/live/2014...

I thought that they made it as closed source as Windows is. Apple isn't exactly forthcoming with anything that they do.

It's all on their website, you can find all the open source components and the source code for them for the latest release of OS X here. You can find more information on other releases and products at http://www.opensource.apple.com.

I thought that they made it as closed source as Windows is. Apple isn't exactly forthcoming with anything that they do.

It's all on their website, you can find all the open source components and the source code for them for the latest release of OS X here. You can find more information on other releases and products at http://www.opensource.apple.com.

Free: m48
https://itunes.apple.com/us/ap...

$10.99: m48+
https://itunes.apple.com/us/ap...

Free: i48
https://itunes.apple.com/us/ap...

Free: m48
https://itunes.apple.com/us/ap...

$10.99: m48+
https://itunes.apple.com/us/ap...

Free: i48
https://itunes.apple.com/us/ap...

Free: m48
https://itunes.apple.com/us/ap...

$10.99: m48+
https://itunes.apple.com/us/ap...

Free: i48
https://itunes.apple.com/us/ap...

You can use any phone with SMS support which seems pretty standard. Since people are typically syncing from their iPhones to the iCloud they usually have an iPhone, but it's possible to use a freebie 10 year old brick phone if you wanted.

And I am sure you realize that the 2factor Authorization as currently designed and utilized by Apple only protects against your account data being used to purchase things from the AppStore and interact with your account.

Details are at http://support.apple.com/kb/ht5570 and quoting from there:
It requires you to verify your identity using one of your devices before you can take any of these actions:

• Sign in to My Apple ID to manage your account
• Make an iTunes, App Store, or iBooks Store purchase from a new device
• Get Apple ID related support from Apple

All iCloud communication is still unprotected. Bzzzzt. Neeext!

Until Apple revokes the iOS Developer Program membership of the developer who is abusing TestFlight.

But it's their way or the highway if you want to sell to iOS users. And yes, you do want to sell to iOS users. Android users never spend any money. /slight-exaggeration

So to whom should one sell, say, an app for monitoring a wireless network or a video game in a historical fiction setting? Apple provides no public API for enumerating nearby SSIDs, and under Guidelines 15.3, Apple would reject games whose "enemies" are a particular organization (such as soldiers in a particular country's army).