VisualSeed

About

Banned
Username
VisualSeed
Joined
Visits
21
Last Active
Roles
member
Points
465
Badges
1
Posts
217
  • Judge tosses lawsuit over 'Error 53' triggered by Touch ID repairs

    focher said:
    Exactly how was it frivolous? iPhones absolutely did experience the Error 53. That error prevented the use of the phone, access to the data on the phone, and for many weeks Apple actually said that it wasn't going to address the issue. 

    Change the whole story to a car. You have a car and have an aftermarket item installed and the car won't turn on due simply to a software check.

    I'm a shareholder, but people experienced damages due to encoding the Error 53 situation that left iPhones completely unusable. They have deserve to have resolution to that situation. And for those who think Apple's ultimate resolution negates the problem, put your phone in a drawer for two weeks and come back to let us know whether that caused a problem for you. I'm not suggesting this is a get rich quick opportunity, but restitution is deserved.
    Apparently the judge listen to all that nonsense and said "Get a life. Case dismissed."
    tommikelepacificfilmmagman1979netmagejony0
  • Inside Sierra: How Apple Watch 'Auto Unlock' will let you jump straight into macOS

    rob53 said:
    If I were to begin writing a security plan with the Apple Watch as a way to unlock a system, I'd be very nervous. I understand it's acceptable for ApplePay because it has more than one requirement to make it to work: 1) Watch attached to wrist, and 2) Watch authenticated to iPhone using PIN or TouchID (my emphasis, I wouldn't allow just the PIN), and 3) iPhone must be present. On the surface I might have been able to justify this combination but I'd like a few other questions answered before I would even have attempt to include it as a secure means of unlocking a computer.

    1. Does the Apple Watch have some way of authenticating to the wrist it is attached to? Don't start laughing because if it doesn't, the FBI and other law enforcement people could simply attach the Apple Watch to their wrist, get close to a locked Mac and it would unlock.

    2. How long does the authentication process stay in effect before the user has to re-authenticate their Apple Watch? If the time period isn't too long, say one day, then it might be acceptable and make #1 moot.

    3. How secure and anti-sniffing is the version of Bluetooth used in all these devices? Can a hacker walk around with a sniffer in their pocket and sniff the Bluetooth communication going on between the devices and, most importantly, simulate it enough to unlock the computer the minute the user steps away?

    4. When the user leaves their Mac, does the computer get automatically locked? If so, from how far away. If not, this is a feature I'd absolutely demand and I'd want the distance to be minimal, like maybe 10 feet.

    5. The hardest part with getting this new feature approved for use on government computers is the unfortunate fact that the US government continues to ignore Macs and Mac security. They have begun to use iOS devices and have approved configurations (there are approved configured for Macs but they really could care less). In order for this combination of hardware to be approved for government use, all three devices would need to be approved individually then the unlocking process specifically approved. The government isn't going to "waste" its time doing this so Apple needs to step up and make sure that before macOS Sierra is released all the updated security enhancements have been documented and approved by NIST, NSA, and the US government. I'm not holding my breath so I see this feature as being fun for Apple Watch users but doubt it will ever be used within the enterprise or government installation. Apple, please prove my wrong.
    The watch has the option to be made to require a PIN to enable it. This falls under the same logic as the PIN on the phone. The watch loses authentication if it is removed from the user's wrist or the battery dies. If the FBI had your watch they would have to know the code to authorize it no matter who's wrist they put it on.

    I suspect the unlock feature for the mac would use the same encrypted tokenized method that unlocking the watch from the phone using Touch ID uses. It is not simply detecting the presence of a BT MAC ID. Sniffing will never let you know which token will unlock the computer. There are numerous and far easier ways to capture passwords from a keyboard. In fact, if BT sniffing was actually possible it would be better to just sniff bluetooth keyboards and key log everything someone typed.

    Range is most likely going to be determined by signal strength. If the setting is allowed at all, it will be something you will have to adjust for your environment. My guess is Apple will make it so it reliably works well just a few feet away if they don't allow it to be user configurable.

    I have worked with many government agencies and have specifically worked with CAC integration. The gov has no issues using Macs. Apple has rarely implemented a security protocol or method that they objected to that could not be disabled in favor of their own. Apple's support of industry standard directory services (and even active directory) over the last 10+ years has done more positive to place Macs in the gov than any user interface gimmick has done to sideline them. The places where Apple still struggles to gain acceptance is where the agencies are still heavily invested in legacy windows (and even DOS based) software. Even Microsoft and PC makers are now having a hard time fulfilling these needs. The NSA (et. al) doesn't deeply scrutinize and vet the vast majority of products or the vendors the various government agencies procure from. Only a very tiny fraction of installations require that kind of scrutiny. Even a big chunk of the IT tech on military installations is on par with whatever you can buy at your local Staples. Most agencies are free to buy whatever their budgets allow and their IT departments prefer. Politics plays more role in these decisions than any technical aspect.
    ai46
  • Apple mandates App Store apps support ATS security protocol by 2017

    Great in theory but in practice this will kill some apps stone dead which use third party web data. Very bad news.
    A lot of data doesn't really even require it. Fetching weather or stock quotes for instance. Read only data that you pass no credentials to access.  If the sources want to use SSL, that's great, but many of them haven't been touched in years. Unless they see a revenue impact to their services by being banned from iOS apps, many won't do anything. 
    indieshackjbdragon
  • Apple nixes Game Center app in first iOS 10 beta

    I've never understood the need for the Game Center app. All of the information should be in the background and work seamlessly with game apps.
    Couldn't agree more. It was one of those pointless pieces of included Apple iOS clutter that could not be deleted. 

    Not any more. Yea. 
    Long before iCloud there was a need to sync game scores and achievements so you could switch devices or remove and reinstall the game and not lose your scores. There were a couple third party networks that games developers used. Game Center made that part of the OS but the App itself was another failed social network attempt by Apple. iCloud sync pretty much made it obsolete. 
    jony0
  • Apple nixes Game Center app in first iOS 10 beta

    And I was just about to finally accept Sammy_Jammy_88888's request to join in a game of CandyFarmPokerCrushVilleCombat... after 4 years...
    patchythepirate[Deleted User]mike1cornchip