Wednesday, September 03, 2014

How celebrity photos were likely stolen from iCloud backups

Wired has an interesting article that discusses how sensitive celebrity photos may have been leaked from iCloud backups. The article describes using a password guessing tool called iBrute that leverages a flaw in "Find My iPhone" infrastructure to brute force a user's iCloud username and password. Once the iCloud credentials are obtained, attackers can use the forensics tool Elcomsoft Phone Password Breaker (EPPB) to impersonate an iPhone and download the entire iCloud backup, which includes not only photos, but texts, email, and much more sensitive information.

Apple has apparently fixed the "Find My iPhone" flaw that allows iBrute to guess iCloud passwords (it now times out after 5 attempts). And there is currently an investigation into the data leaks. In the meantime, if you're an iCloud user, it might be a good idea to setup two-factor authentication, and make sure that you're using a unique, hard-to-guess password. Also, don't do stupid things with your smartphone.

UPDATE: Tim Cook addresses iCloud security issues and promises increased security and account activity notifications.

Also, Ars Technica has a great article that details some real-world testing they did trying to crack their own devices using some of the techniques mentioned above.

Wednesday, June 11, 2014

Mario Maker

This is a pretty compelling argument for buying a Wii U. Combine the awesomeness of the Mario platformer franchise with the creativity of Minecraft and you get Mario Maker. Cue the awesome community-created levels, a la Little Big Planet, and Nintendo may have a huge success on their hands. Now if they would only release it for iOS and Android.

Friday, January 10, 2014

Gmail Setting to Enhance Privacy and Eliminate Spam from Google+

Google released a new Gmail feature that allows people from Google+ to send you an email. What could possibly be wrong with this? For those who want to opt-out of this feature, simply login to Gmail, click Settings (the gear icon), and find the setting called "Email via Google+," and change it to "No one":

Monday, December 16, 2013

Purchased movies in the cloud pulled due to licensing agreements

When was the last time you purchased a movie? What format was it in? DVD, Blu-ray, iTunes, Vudu, Amazon, Google Play? It is very likely that you used some sort of cloud-based video service such as Amazon's Instant Video service, Vudu, or UltraViolet. These formats are becoming more and more common as our devices are more connected, and the old, physical media model is going away. Having your entire movie collection in an online library, accessible from any connected device sounds awesome, right?

But, what happens when a movie you buy is pulled by the content provider and you are not able to watch it? I know, I know, first world problem. But, that's what's happened to consumers of Amazon's Instant Video service, who purchased Christmas videos. Disney, the owner of the content, has a license restriction with Amazon that allows them to pull the content whenever they want. In this case, Disney wanted certain Christmas videos only available for viewing on their TV channel, and not through any other means. So those Christmas videos customers purchased? Well, they won't be available for viewing again in their video libraries until July 2014. Something to be aware of the next time you purchase a movie.

UPDATE 12/17/13: Amazon said that this was apparently a glitch and has apologized. Although they still retain control to enable/disable purchased items in your online video library.

Tuesday, November 05, 2013

Obamacare is a Lie

I'm really trying to be positive and look for the good that will come from the Affordable Care Act. Everyone has a story about how they've been devastated by exorbitant medical care costs and increasing health insurance premiums. I think everyone would welcome some change in this area.

President Obama said recently, "The bottom line is we are making the insurance market better for everyone."

I don't know about everybody else's bottom line, but in 2014, I am losing my existing health insurance plan and being forced into a high-deductible plan with higher premiums, and less choices. My employer admits that the changes are being driven by new federal regulations and states that the new plan will give us all "a way to get smarter about using health care and be more thoughtful about managing costs." That's a nice way of saying, "You're going to pay more." So much for keeping that health care plan.

Our family's out-of-pocket health care expenses rose 40% from 2012 to 2013 (as of August 2013), and we still anticipate more health care expenses this year, which will make that percent increase even higher. In 2014, our family deductible (in-network) will increase by 67%, and our family out-of-pocket maximum (in-network) will increase by 80% compared to 2013 amounts.

I know this is a "first world problem," and that I really need to just be grateful for what I have. Maybe I need to shop around and just buy my own health insurance plan rather than take the one offered to me by my employer. If only there were a web site where I could access a central marketplace of offerings. There are a lot of promises being made about how the ACA will make things better for everyone. Let us be wise and consider the impact these changes are really having on us. Trust the math.

Wednesday, October 23, 2013

Digital Attack Map Shows Real-Time Animated World Map of DDoS Attacks

Digital Attack Map presents an animated, real-time global map that visualizes distributed denial-of-service (DDoS) attacks. The data comes from ISPs who have agreed to share their anonymous network traffic and attack statistics. While not comprehensive, and missing details about the exact sources and targets, Digital Attack Map still provides an interesting look at the status of network attack traffic and is updated hourly.

Wednesday, September 11, 2013

Fixing iTunes error "You do not have enough access privileges for this operation"

If you come across an error in iTunes that says, "You do not have enough access privileges for this operation," it may be due to a problem with the permissions or the contents of the folder /Users/Shared (OS X) or C:\ProgramData\Apple Computer\iTunes (Windows Vista/7). This folder is where iTunes stores information relating to iTunes purchases and computer authorization.

This article from Apple's support site gives specific steps for both OS X and Windows users on how to fix the problem.

In OS X, the problem can usually be fixed by simply selecting the folder, pressing Command+i (or right-clicking and selecting Get Info), then making sure that the permissions are set to Read & Write for all users and groups (you may need to click the lock icon and enter your password to make changes):

Also ensure that the changes you made will apply to all subfolders and files by selecting the option "Apply to enclosed items..." from the little gear menu:

If you are comfortable with Terminal, you can accomplish the same thing simply by entering the following command:

sudo chmod -R 1777 /Users/Shared