Archive for October 1, 2021

iOS 15.0.1 Has A Storage Related Bug…. Just After Apple Claims They Claimed They Fixed ANOTHER Storage Related Bug

Posted in Commentary with tags on October 1, 2021 by itnerd

In the lead up to releasing iOS 15 as well as after its public release, many people complained that their iPhones running iOS 15 were misreporting the amount of storage that their iPhones had. Specifically it would mis-report the amount of free storage that you had. Specially it would claim that you were out of storage when you actually weren’t. The good news is that this was fixed in an iOS 15 update that was released today.

The bad news is that iOS 15.0.1 which is the update in question seems to have introduced a new bug where the amount of used storage would be massively under reported. Let me illustrate this:

Supposedly I have used 1.7 GB of storage. But that makes zero sense seeing as I have 10 GB of music on my iPhone. Not to mention that I have other stuff that is taking up gigabytes of space. The funny thing is that Apple in their release notes had this to say about the original storage bug in the second of the three bullet points:

My guess is that Apple either didn’t fix that bug properly, or they did fix it and introduce a new bug in the process. Either way, Apple’s shoddy QA department strikes again.

I reported this to Apple via Twitter:

To Apple’s credit, they did respond and asked me to reboot the phone and see if the behavior changed. It didn’t. So they set up a troubleshooting session tomorrow at 9AM EST. Which I think will be a waste of time for me as this is clearly a bug that their tech support people aren’t going to be able to solve. But it won’t be a waste of time for them as they’ll be able to pull all sorts of diagnostic information off my phone to hopefully figure this out in time for iOS 15.0.2 or perhaps 15.1 which is in beta at the moment. I’ll update this story as to what happens.

And to underline the fact that this is a bug, I got a response on Twitter illustrating that I am not alone in seeing this:

Now this is a low impact bug, but it underscores just how bad Apple’s ability to put out reasonably solid software has been for a while now. Just look at these stories that I’ve written over the last few years about how their QA department lets them down. And in this case, if they can’t get the small stuff right, how can you trust Apple to get the big stuff right? Tim Cook needs to focus less on buying mansions with celebrity neighbors and start smacking heads so that Apple puts out better code. Because right now it’s just downright embarrassing.

UPDATE: Much as I thought, speaking to Apple this morning was a waste of time. They told me that the fix to this is to erase the phone and set up as new. In short, this isn’t a bug that their front line support either knows about, or will admit to. I’m not going to do that as that was the suggestion for people who had the unlock with Apple Watch issue and they fixed that in this update that hit the streets yesterday. So I fully expect Apple to come out another update to try and fix this issue.

On a related topic, you have to wonder if Apple is really paying attention to the world outside their “reality distortion field”? I say that because it took me about 30 seconds of browsing on Twitter to find these two examples that support that this is a bug:

If I could find this, Apple should be able to find this and figure out that something is wrong with iOS 15.0.1. But either they can’t or they simply are ignoring it. Which reflects poorly on Apple.

UPDATE #2: I had someone reach out to me on Twitter to say that the advice that Apple Support gave to me didn’t work:

Apple really needs to get their act together.

Let’s Encrypt Root Certificate Expiry Causes Havoc On The Internet

Posted in Commentary with tags on October 1, 2021 by itnerd

Numerous websites and services have already reported issues across computers, web browsers and other devices due to the recent expiration of Let’s Encrypt’s root certificate. The best that Let’s Encrypt could do is post this Tweet:

Browsing this forum post indicates that there is no promise of a speedy resolution in getting certificate renewals. 

The fact that major websites and services are affected by this is an #EpicFail. But it gets worse. TechCrunch reported that devices that may face issues include older macOS 2016 and Windows XP (with Service Pack 3) as well as older versions of Playstations and any tools relying on OpenSSL 1.0.2 or earlier. Other experts said PlayStations 4s or earlier devices that have not had their firmware upgraded would not be able to access the Internet. Devices like Android 7.1.1 or earlier will also be affected. 

That’s catastrophic.

Chris Hickman, chief security officer at Keyfactor, a leader in securing digital identities, said this:

“A root CA (certificate authority) does not specifically create a security problem, but rather a disruption to availability to any certificate that chains to that particular root.  This in turn can lead to a number of situations in which users may be forced to click through exception messages, leading to bad user habits or in extreme cases, causing an application to respond as no longer expected, which we’re seeing now with the numerous websites and services that didn’t heed to Let’s Encrypt’s notifications about the upcoming expiration.

When transitioning from an expired root certificate to a new one, in most cases, the greatest issue is a lack of automation to distribute the new root CA certificate to those devices that need to trust it. In many organizations, the root CA certificate stores (otherwise known as roots of trust) are not managed universally. This can lead to situations like only updating parts of the network (say Windows via GPO) but not the entity of all devices that need to trust the new root. In the case of IoT devices the problem is compounded as most IoT devices still rely on firmware and software updates to manage roots of trust. Therefore, these devices are wholly dependent on users taking action. In both cases, a failure to update the roots of trust properly can lead to outages or disruptions in normal use.

Management of the roots of trust for all devices is a part of having a well-defined crypto agility strategy. Any reasonable crypto agility strategy will consider how manage and handle regular lifecycle events including the revocation or expiration of a root CA. The crypto agility strategy will allow executives to quickly identify the scope of the impact on their organization and make an informed decision as to the priorities to their organization as it relates to risk and immediacy of remediation.”

I’ll be watching this issue closely as this personally affects me as my mail server uses Let’s Encrypt certificates and hopefully those mail servers stay up and work.

If You’re Not Receiving Mail Notification Sounds On Your iPhone/iPad After Upgrading To iOS 15, Here’s The “Fix”

Posted in Tips with tags on October 1, 2021 by itnerd

After installing iOS 15, the emails that come through on my phone were silent even though I have sounds associated with him either default or custom sounds. I went through the usual troubleshooting which was as follows:

  • I have power cycled my iPhone 12 Pro no change.
  • I did a hard reset. No change.
  • I changed the sound but there’s still no sound notification when emails come in.

I started to dig around and it appears that Apple made a change that isn’t inherently clear to users who were used to the behavior in iOS 15. If you go Settings –> Mail –> Notifications –> Customize Notifications, you’ll see this:

Note the Customize Notifications option. If you click on that, and choose an email account on the next screen, you then see this:

Chances are, this is turned off, turn on alerts and make sure that a sound is selected. In other words, it should look like this:

Now if you have an Apple Watch, you need to do some extra work. Specifically:

  • Go to the Watch App on your iPhone
  • Go to Mail
  • Change “Mirror my iPhone” to “Custom”
  • Select “Send to Notification Centre”

That way, unless it’s a VIP I won’t get a notification on my Apple Watch.

By doing all of this, it roughly approximates the behavior that was present in iOS 14 and earlier. I say approximates because this does not fully fix this problem which I am certain is a bug. One that I hope will be fixed in a future iOS update.

Has this helped you? I would appreciate it if you could provide some feedback and let me know.

Review: Mujjo Full Leather Wallet Case for The iPhone 13

Posted in Products with tags on October 1, 2021 by itnerd

My wife loves the iPhone 13 that I got her. And the Mujjo Full Leather Wallet Case is something that I know that she will use on nights out on the town once the world stops ending. The case itself comes in a box that allows you to see all the qualities of the case easily:

One thing that I will note is that the inside of the case has a microfiber liner which adds class to the case. Here’s the case on my wife’s iPhone 13:

I deliberately used a flash to highlight the fact that this from the front allows you to still see the Product Red color of the iPhone 13. That’s something that my wife really liked as for her, having a Product Red iPhone is a personal statement for her. And the fact that this case is black accents it well. The edges the case around the screen is raised to protect the screen, and it worked fine with the Spigen screen protector that my wife uses.

The back of the case really does a great job of protecting the camera as it not only completely covers the camera module, but is slightly raised. In terms of the pocket on the back, I was able to put a credit card and drivers license which is what one would take if they were going out for the evening and they didn’t want to bring a wallet. It was a bit tight to get cards in and out of the pocket, but I would imagine that the leather will loosen up over time. Speaking of the leather, out of the box it had a nice smell to it, the case looks well assembled, and all the duplicate buttons worked perfectly. Plus the cutouts also have very tight tolerances and everything is either sewn or put together extremely well. I noted no flaws at all.

Now I reviewed this case last year when I got my iPhone 12 and there was one thing that I pointed out that Mujjo has addressed in this case:

The bottom of the case is now covered. That wasn’t the case last year. That will add a bit of extra protection for your phone. This one change moves this case into the top tier as far as I am concerned. Finally, in my opinion this case will survive a small drop of maybe two or three feet. But I would not want want to test anything over that.

Mujjo has a number of colors to fit your style and the case goes for €49.99. It’s a well made case that is very stylish. My wife gives it two thumbs up which means that you’ll like it as well.

10 Million Android Phones Have Been Pwned By Malware…. OMG!

Posted in Commentary with tags on October 1, 2021 by itnerd

Well this is eye opening. Security researchers have found a mind blowing malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis:

Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded on the official Google Play Store and on third-party Android app stores. If users install any of these malicious apps, GriftHorse starts peppering users with popups and notifications that offer various prizes and special offers. Users who tap on these notifications are redirected to an online page where they are asked to confirm their phone number in order to access the offer. But, in reality, users are subscribing themselves to premium SMS services that charge over $35 per month, money that are later redirected into the GriftHorse operators’ pockets. 

Zimperium researchers Aazim Yaswant & Nipun Gupta, who have been tracking the GriftHorse malware for months, described it as “one of the most widespread campaigns the zLabs threat research team has witnessed in 2021.” Based on what they’ve seen until now, the researchers estimated that the GriftHorse gang is currently making between $1.5 million to $4 million per month from their scheme.

To be clear, the malware doesn’t infect Android automatically. The end user has to download and install a compromised app from an app-store. Then they are prompted to do something else that pwns. Which means that while the malware is a problem, the education of users in safe computing is what is really needed here. Hopefully this story gets that discussion going.

Anonymous Managed To Not Just Pwn Epik Hosting…. They Pwned Them In Epic Fashion

Posted in Commentary with tags on October 1, 2021 by itnerd

While that’s a bad joke, it is accurate that Epik Hosting seriously got pwned in epic fashion according to this report:

The hacking collective Anonymous has released what it claims to be new data from the controversial web hosting company Epik.

In a press release on Tuesday, the hacktivist group announced what it has dubbed as “The /b/ Sides.” or part two of “Operation EPIK FAIL.”

Anonymous took credit earlier this month for breaching Epik, known for hosting far-right websites such as Gab, Parler, and TheDonald, before releasing an 180GB cache of the domain registrar’s data. The hack affected more than 15 million people and exposed names, physical addresses, passwords, credit card numbers, emails, and more.

Now, the hacktivist collective says it has leaked “several bootable disk images of assorted systems” in a roughly 70GB torrent file.

“[Y]ou didn’t think we completely dominated Epik and merely ran off with some databases and a system folder or two, did you?” the press release states. “We are Anonymous. Flexing as hard as we can is how we do a barrel roll (Press Z or R twice!).”

Hacking something and obtaining data is one thing. But getting entire disk images allows you to look at their server infrastructure in detail in your own environment whenever you want is something entirely different. This can lead to future attacks as the hackers in question will be able to build a complete roadmap of their target’s infrastructure along with all their weaknesses. That’s the definition of getting pwned in epic fashion. And it is an epic fail if you’re Epik. Not to mention that if you were using any of the services that Epik hosted, you may be in deep trouble. For example a Florida estate agent was fired as a result of the leak after it emerged he had tried to register domains such as theholocaustisfake.com via Epik as per the data dump that is related to this pwnage.

This is about to get very interesting. Stay tuned for updates as I am sure that lots of them are about to hit the press.

Announcing Cybersecurity Awareness Month 2021

Posted in Commentary on October 1, 2021 by itnerd

The National Cyber Security Alliance and the Cybersecurity and Infrastructure Security Agency has designated October as Cybersecurity Awareness Month, to raise awareness about the importance of cybersecurity and ensure that all individuals and organizations have the information and tools they need to be safer and more secure online. This year’s theme is “Do Your Part. #BeCyberSmart.”

I have a couple of quotes that underline the importance of cybersecurity. The first one is from Surya Varanasi, CTO, StorCentric (www.storcentric.com):

“Driven in large part by the COVID pandemic, massive layoffs, and record numbers of people being sent home virtually overnight to work, learn, shop and live, the number of successful cyberattacks climbed to dizzying heights. In fact, recent IDC research indicated that over the past year, more than one third of organizations worldwide experienced a ransomware attack or breach that successfully blocked access to systems or data. And for those that fell victim, many experienced multiple ransomware events. With cybercrime projected to cost the world $10.5 trillion annually by 2025, it is clear why ensuring your organization is taking the appropriate measures to ensure cyber safety and security must become priority number one.  

Traditionally, the game plan has been to maintain production data storage on-site, snapshot the data, replicate to an off-site location, store it to a disk, and then move it to tape storage and/or the cloud. Unfortunately, cybercriminals know this and have engineered their technology to behave accordingly. Bad actors can now rather easily use ransomware to infiltrate your network and render all forms of traditional backup useless.  

Today, what is required is an elevation in backup strategy from basic to unbreakable. In other words, for today’s ransomware threat what’s needed is to make backed up data immutable, thereby eliminating any way it can be deleted or corrupted. Unbreakable Backup can do just that by creating an immutable, secure format that also stores the admin keys in another location entirely for added protection. And, by layering-on a backup solution that has built-in verification, savvy SysAdmins can alleviate their worry about their ability to recover — and redirect their time and attention to activities that more directly impact their organization’s bottom-line objectives.” 

The second quote is from JG Heithcock, General Manager of Retrospect, a StorCentric Company:

“Today’s cyber criminals are attacking backups first, and then once under their control, coming after production data. This means that many enterprises are feeling a false sense of security, until it is already too late. 

I like to say, ‘backup is one thing, but recovery is everything.” In other words, choose a backup solution that ensures the recovery piece (which surprisingly, not all of them do). Look for a provider with vast experience, as well as a track record for continuous innovation that ensures its offerings are prepared to meet prevailing conditions. The solution(s) should provide broad platform and application support, and ensure protection of every part of your IT environment, on-site, remote, in the cloud and at the edge. Next, the backup solution should auto-verify the entire backup process, checking each file in its entirety to ensure the files match across all environments, and you are able to recover in the event of an outage, disaster or cyber-attack. And, as a last but highly critical step — at least one backup should be immutable — unable to be altered or changed in any way, at any time. Even if the ransomware took a ride along with your data to your backup site, during the last backup.”

Throughout October, the National Cyber Security Alliance will focus on a number of areas in their promotions and outreach. You should visit them via the link above to see what they are up to.

Foxconn Will Build Fisker Vehicles In Ohio Thanks To Deal To Buy GM Factory

Posted in Commentary with tags on October 1, 2021 by itnerd

Yesterday, Fisker and Foxconn made an announcement that Foxconn will build electric vehicles for Fisker Inc. at a former GM factory in Ohio. This will help to get Fisker vehicles to market with manufacturing to start in Q4 2023. I got this quote from Henrik Fisker, chairman and CEO of Fisker Inc:

“We welcome the news from Foxconn, our co-investment partner on Project PEAR, concerning their manufacturing plans for the facility in Ohio. Achieving key program objectives such as time to market, access to a well-developed supplier ecosystem and overall cost targets were all important factors in the decision to locate manufacturing in Ohio. Since signing the agreement with Foxconn earlier this year, we have been working together intensively on all aspects of Project PEAR including design, engineering, supply-chain and manufacturing. Fisker’s commitment to volume manufacturing in the United States takes another important step forward today with the signing of this agreement.”

I’ll be keeping an eye on this as the EV market needs another player in it. And this deal will help to get those vehicles to market.