VisualSeed
About
- Banned
- Username
- VisualSeed
- Joined
- Visits
- 21
- Last Active
- Roles
- member
- Points
- 465
- Badges
- 1
- Posts
- 217
Reactions
-
Judge tosses lawsuit over 'Error 53' triggered by Touch ID repairs
focher said:Exactly how was it frivolous? iPhones absolutely did experience the Error 53. That error prevented the use of the phone, access to the data on the phone, and for many weeks Apple actually said that it wasn't going to address the issue.
Change the whole story to a car. You have a car and have an aftermarket item installed and the car won't turn on due simply to a software check.
I'm a shareholder, but people experienced damages due to encoding the Error 53 situation that left iPhones completely unusable. They have deserve to have resolution to that situation. And for those who think Apple's ultimate resolution negates the problem, put your phone in a drawer for two weeks and come back to let us know whether that caused a problem for you. I'm not suggesting this is a get rich quick opportunity, but restitution is deserved. -
Inside Sierra: How Apple Watch 'Auto Unlock' will let you jump straight into macOS
rob53 said:If I were to begin writing a security plan with the Apple Watch as a way to unlock a system, I'd be very nervous. I understand it's acceptable for ApplePay because it has more than one requirement to make it to work: 1) Watch attached to wrist, and 2) Watch authenticated to iPhone using PIN or TouchID (my emphasis, I wouldn't allow just the PIN), and 3) iPhone must be present. On the surface I might have been able to justify this combination but I'd like a few other questions answered before I would even have attempt to include it as a secure means of unlocking a computer.
1. Does the Apple Watch have some way of authenticating to the wrist it is attached to? Don't start laughing because if it doesn't, the FBI and other law enforcement people could simply attach the Apple Watch to their wrist, get close to a locked Mac and it would unlock.
2. How long does the authentication process stay in effect before the user has to re-authenticate their Apple Watch? If the time period isn't too long, say one day, then it might be acceptable and make #1 moot.
3. How secure and anti-sniffing is the version of Bluetooth used in all these devices? Can a hacker walk around with a sniffer in their pocket and sniff the Bluetooth communication going on between the devices and, most importantly, simulate it enough to unlock the computer the minute the user steps away?
4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.
5. The hardest part with getting this new feature approved for use on government computers is the unfortunate fact that the US government continues to ignore Macs and Mac security. They have begun to use iOS devices and have approved configurations (there are approved configured for Macs but they really could care less). In order for this combination of hardware to be approved for government use, all three devices would need to be approved individually then the unlocking process specifically approved. The government isn't going to "waste" its time doing this so Apple needs to step up and make sure that before macOS Sierra is released all the updated security enhancements have been documented and approved by NIST, NSA, and the US government. I'm not holding my breath so I see this feature as being fun for Apple Watch users but doubt it will ever be used within the enterprise or government installation. Apple, please prove my wrong.
I suspect the unlock feature for the mac would use the same encrypted tokenized method that unlocking the watch from the phone using Touch ID uses. It is not simply detecting the presence of a BT MAC ID. Sniffing will never let you know which token will unlock the computer. There are numerous and far easier ways to capture passwords from a keyboard. In fact, if BT sniffing was actually possible it would be better to just sniff bluetooth keyboards and key log everything someone typed.
Range is most likely going to be determined by signal strength. If the setting is allowed at all, it will be something you will have to adjust for your environment. My guess is Apple will make it so it reliably works well just a few feet away if they don't allow it to be user configurable.
I have worked with many government agencies and have specifically worked with CAC integration. The gov has no issues using Macs. Apple has rarely implemented a security protocol or method that they objected to that could not be disabled in favor of their own. Apple's support of industry standard directory services (and even active directory) over the last 10+ years has done more positive to place Macs in the gov than any user interface gimmick has done to sideline them. The places where Apple still struggles to gain acceptance is where the agencies are still heavily invested in legacy windows (and even DOS based) software. Even Microsoft and PC makers are now having a hard time fulfilling these needs. The NSA (et. al) doesn't deeply scrutinize and vet the vast majority of products or the vendors the various government agencies procure from. Only a very tiny fraction of installations require that kind of scrutiny. Even a big chunk of the IT tech on military installations is on par with whatever you can buy at your local Staples. Most agencies are free to buy whatever their budgets allow and their IT departments prefer. Politics plays more role in these decisions than any technical aspect. -
Apple mandates App Store apps support ATS security protocol by 2017
indieshack said:Great in theory but in practice this will kill some apps stone dead which use third party web data. Very bad news. -
Apple nixes Game Center app in first iOS 10 beta
anantksundaram said:SpamSandwich said:I've never understood the need for the Game Center app. All of the information should be in the background and work seamlessly with game apps.
Not any more. Yea. -
Apple nixes Game Center app in first iOS 10 beta