Archive for July 23, 2014

Apple’s Release Of Info On Their “Backdoors” Leave People Unimpressed

Posted in Commentary with tags , on July 23, 2014 by itnerd

It didn’t take long for people to react to Apple’s disclosure of what the purpose of these “backdoors” that are floating around iOS are. Let’s start with the guy who found them. Here’s a bit of what Jonathan Zdziarski had to say via a blog post:

I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there – prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data. They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me. I wonder if the higher ups at Apple really are aware of how much non-diagnostic personal information it copies out, wirelessly, bypassing backup encryption. All the while that Apple is downplaying it, I suspect they’ll also quietly fix many of the issues I’ve raised in future versions. At least I hope so. It would be wildly irresponsible for Apple not to address these issues, especially now that the public knows about them.

Well, he’s not impressed. Neither is blogger, journalist, and science fiction writer Cory Doctorow who via BoingBoing is extremely unimpressed with Apple and the way they’ve reacted to the discovery of these “backdoors”:

The original paper (paywall), published in Elsevier’s Digital Investigation sparked a non-denial denial from Apple, basically admitting that the back-doors were there, but misleadingly suggesting that they were only for enterprise administration.

But as you can see from Zdziarski’s slides (PDF), neither this nor other excuses really hold water. The backdoors are actively maintained code that can be accessed over networks, possibly over cellular networks, without developer tools, and even on devices that are not in enterprise mode. The backdoors expose deep and sensitive data that is nominally encrypted and locked, and there are tools and systems in the field that rely on them, including law-enforcement tools for slurping up data from people who’ve been detained — a practice the Supreme Court recently held to be illegal.

So it seems that Apple’s disclosure this morning has done little to make this go away. That is why I’m going back to what I said in this post when Apple denied that these were “backdoors”:

I really think that Apple needs to be completely transparent here as I suspect that this is not going to go away anytime soon.

I am sticking with this because I’m not too impressed with Apple’s explanations either at the moment. I think it’s safe to say that many people also aren’t either.

 

Leave a comment »

AdBlock Plus Claims It Can Stop Canvas Fingerprinting

Posted in Commentary with tags on July 23, 2014 by itnerd

This morning, I posted a story about Canvas Fingerprinting. A method of online tracking that is impossible to detect and impossible to stop. Well, AdBlock Plus who makes a tool to allow you to surf the web without getting ads the like says they can stop Canvas Fingerprinting and cookies for an added bonus. They have a blog post that goes into detail about what Canvas Fingerprinting is and how it works. Then they tell you how they can help:

When you add the EasyPrivacy filter list in Adblock Plus this won’t make Adblock Plus block tracking cookies directly. Instead, Adblock Plus will block the script that would try to set these cookies. And guess what: blocking that script doesn’t just prevent cookie-based tracking, it also lets you deal with canvas fingerprinting or evercookie or any other tracking approach. In particular, the rules to prevent AddThis tracking were added to EasyPrivacy almost five years ago.

Now I haven’t tried this so I can’t vouch for whether this works or not. Thus I would like to see a third party test this out empirically to see if it does work. If it does, perhaps we’ll feel safer when surfing the web…. Until the next person finds a way to monitor your activities without you knowing about it and being unable to stop them.

Leave a comment »

Still Using Wndows XP…. Anti-Malware Support Ends In Less Than A Year

Posted in Commentary with tags , , on July 23, 2014 by itnerd

Windows XP may not be getting patches anymore. But it’s still getting Anti-Malware support from Microsoft. At least for now because that will run out in less than a year. Thus if you’re still on XP which 1 in 5 SMEs are still using XP, that will leave you more exposed than you are right now by not having security updates.

Now to drive the point home, 10ZiG has a countdown clock for this. When it reaches zero, you might want to be on another Microsoft OS to ensure that you’re safe.

Leave a comment »

BlackBerry Makes BES 10 A Hosted Service

Posted in Commentary with tags on July 23, 2014 by itnerd

BlackBerry put out a release today along with a blog post to announce that customers can now get BlackBerry Enterprise Server (BES) 10 in an environment that is hosted by BlackBerry. This provides the benefits of BlackBerry’s trusted enterprise mobility management (EMM) and advanced security capabilities with the convenience and cost-effectiveness of outsourced IT administration. With BES10 Hosted, hosting partners can provide customers with easy-to-manage iOS, Android and BlackBerry devices with BlackBerry’s best-in-class security and support in order to meet each customers diverse mobile business requirements.

In addition to BES10 Hosted, BlackBerry also introduced 10 new enterprise apps for Secure Work Space for iOS and Android, BlackBerry’s containerization and secure connectivity option that delivers a higher level of control and security to iOS and Android devices, all managed through BES10.

Leave a comment »

Apple Announces Public Yosemite Beta Will Start Tomorrow

Posted in Commentary with tags on July 23, 2014 by itnerd

If you’ve been wanting to get a sneak peek at Apple’s next version of OS X, you’ll need to be one of the first million to sign up tomorrow. You’ll need to go here to sign up and the whole idea is that you’ll be able to provide feedback to help to shape the OS prior to launch this fall. Of course you have be comfortable running beta software. If you’re not, then I would not suggest that you sign up. But if you are, have fun and please post a comment and share your thoughts.

Leave a comment »

New Technology Tracks Your Web Usage Without Your Knowledge

Posted in Commentary with tags on July 23, 2014 by itnerd

The Globe And Mail is reporting on a new technology that is rapidly spreading through major websites that not only tracks you without your knowledge, but there’s no way for you to evade it:

Canvas fingerprinting, which can command your browser to draw a unique identifier and then log your online behaviour, is nearly impossible to detect, does not fall under “do not track” voluntary systems and evades most conventional ad-blocking software. It is already tracking users on 5 per cent of the biggest sites on the Internet, including The White House, Starbucks, Re/Max Canada, Canadian retailers Metro and Home Hardware, Postmedia website Canada.com, as well as a number of pornography sites.

That’s not encouraging. If you read the complete article, you’ll see how chilling this is. At least with conventional technologies, you can can evade them by clearing cookies or setting the “do not track” option on your web browser of choice correctly. Now, all that is off the table. What’s also interesting is that when websites were contacted about why they were using Canvas fingerprinting, most of them yanked it out or committed to doing so quickly. That sounds like they got caught with their hand in the metaphorical cookie jar.

What this proves is something that I’ve been saying for a while now. You should have no reasonable expectation of privacy anymore. It doesn’t exist. You can also bet that even if Canvas fingerprinting disappears (which it won’t), there will be some other technology that will be even more invasive and even more stealthy to replace it.

Leave a comment »

Apple Posts Document Explaining What The iOS “Backdoors” Are

Posted in Commentary with tags , on July 23, 2014 by itnerd

The last time I posted on the circus surrounding the discovery of backdoors in iOS, I called on Apple to be far more transparent about all of this as their response did little to make people feel better. Now they have. A support document has been posted that details what these functions within iOS do:

Each of these diagnostic capabilities requires the user to have unlocked their device and agreed to trust another computer. Any data transmitted between the iOS device and trusted computer is encrypted with keys not shared with Apple. For users who have enabled iTunes Wi-Fi Sync on a trusted computer, these services may also be accessed wirelessly by that computer.

The article then goes on to explain in some amount of detail the three functions and what they are used for. Now it’s unusual for explanations about “diagnostic capabilities” in Apple software to be documented in a public support document. That implies that Apple wants people to find them. Now it’s a safe bet that security experts and others will still have questions about these three functions, but at least Apple is showing that they recognize that they can’t just sweep this under the rug.

Leave a comment »