Last Active
  • Apple strikes again: Which developers got 'Sherlocked' at WWDC

  • Apple VP talks Apple TV 4K, commitment to future home audio products

    entropys said:
    He also covered the redesigned Siri Remote. Although some rumors suggested that Apple would add Find My support for the accessory, Twerdahl says that wasn't necessary because of the design changes made to the remote.
    "With the changes we've made to the Siri Remote - including making it a bit thicker so it won't fall in your couch cushions as much - that need to have all these other network devices find it seems a bit lower," he said.
    The redesigned remote also nixes both the accelerometer and the gyroscope, meaning that it can't be used as a game controller. Twerdahl says that's because Apple believes "a dedicated game controller is the best experience" for users wanting to play a game. Apple initially required all Apple TV games to support the Siri Remote, but that policy has since been changed.
    In non marketing crafted language that means: we had a margin target and to achieve it we had to ditch bits. Note there is no Apple game controller to substitute (probably a good thing tbh).
    Nonsense. Apple doesn’t need to recreate the game controller any more than it needs to recreate the printer — just buy one of the many options and start playing. 

    I honestly dont get the fauxrage about not having the remote in Find My — how hard is it to lift up the seat cushions? It’s not like you’re going to be driving across town trying to find your TV remote.
    When you have kids that have a tendency to take the remote out of the TV room and leave it in the most obscure and interesting places, the necessity becomes apparent.  I’ll be attaching an airtag to the next remote using epoxy…
  • November iPhone sales may be down 20 percent year-on-year, with iPhone XR as the top selle...

    I have usually recommended to friends and family to get the current model, but for the X and XS there’s no way I could justify the price tag.  Last year I told them to get a 7 or an 8, because the extra price is for not must haves.  I wanted to upgrade from my 7 this year, but opted for the battery replacement instead (before dec 31).  I also want a smaller phone, which is currently not offered.  Something like a 4.5-4.7” phone.  These 3 things are what have kept me from buying a new phone (price, size, cheap battery replacement).
  • Apple posts detailed roster of first AirPlay 2-equipped TVs

    I personally don’t like smart TVs.  I’d prefer a dumb tv and I’ll bring my own set top and/or receiver.  If I ever get a “smart” tv, I’ll disable whatever I can and keep it off the network.  I just don’t trust the software on these race to the bottom devices.
  • Hundreds of iOS apps leaking data due to misconfigured Firebase backends, report says

    foggyhill said:
    maestro64 said:
    HeliBum said:

    Yep, leaking private information and Google are synonymous.

    Anybody know where to find the list of affected apps?

    It would be nice to know which apps have this issue.
    Report is pay to view but

    Enterprises are at significant risk from the Firebase vulnerability because 62% of enterprises have at least one vulnerable app in their mobile environment. The vulnerable apps are in multiple categories, including tools, productivity, health and fitness, communication, finance and business apps.

    Worse, the data being leaked is highly sensitive including PII, PHI, plaintext passwords, social media account and cryptocurrency exchange private access tokens, financial transactions, vehicle license plate and geolocation information, and more. 

    Our Mobile Threat Team discovered over 2,300 unsecured Firebase databases and 3,000 unique iOS and Android apps with this vulnerability. The Android versions of these apps alone have been downloaded over 620 million times. 

    More than 100 million records are exposed, including: 

    • 2.6 million plain text passwords and user IDs
    • 4 million+ PHI (Protected Health Information) records (chat messages and prescription details)
    • 25 million GPS location records
    • 50 thousand financial records including banking, payment and Bitcoin transactions
    • 4.5 million+ Facebook, LinkedIn, Firebase, and corporate data store user tokens

    Why on god's green earth are plain text passwords even stored..., why not store salted hashes, who the hell does that... It wasn't even good security practice in 1993, let alone 25 years later!!.
    I just don't get it.
    Seems it's not just Google that were idiotic here; most IT and devs are lazy ass that wouldn't know security if it bit them in the ass.
    Then there devs like me who like to put emphasis on security but can’t because the business doesn’t make it a priority.  I have even pointed out and executed attacks on our system to show that they are viable.  I get blank looks and get told to work on the next new feature they promised to clients a month ago.  Small businesses just don’t put emphasis on security because it’s not sexy or doesn’t “sell”.  In an industry where we deal with PII and HIPA, it should be required and absolutely the most important feature... but alas, I digress.