Apple closes security loophole in iPhones and other iOS devices

14/06/2018

Today Apple is closing a security loophole in iPhones and other iOS devices that enabled law enforcement to hack into criminals’ devices, inculding one of the San Bernadino killers.

They have introduced “Restricted USB Mode”, which will stop hackers from extracting data through an iPhone’s lightning port an hour after being locked.  It is believed that this is how the FBI were able to read data from the iPhone belonging to a gunman involved in the shootings in San Bernadino.

Apple says this is part of their usual security reviews, and is not aimed at thwarting law enforcement but is to protect users from criminals.

GreyKey-box

The GreyKey device that hacks into locked iPhones via its Lightning port

This will protect iPhones from the iPhone hacking tool GreyKey.

The new default settings will have a feature Apple call a “USB restricted mode” which has been present in developer betas for both iOS 12 and iOS 11.4.1. With this feature, all communication through a Lightning port to USB connection will be blocked on unlocked and dormant devices.

US law enforcement uses a tool called a GrayKey, which is a small box with two Lightning cables that can unlock password encryptions on iPhones and extract data from  iPhones.  The Restricted USB Mode will cut off the GreyKey’s access.

hacked-iphone

The GreyKey device reveals a locked iPhone’s passcode in as little as 30 seconds

Of course the cops believe this is aimed firmly at law enforcement, and will result in criminals and terrorists getting away with serious crimes.

“I think that privacy protections are on a collision course with responsible law enforcement actions to conduct legitimate investigations,” said Ronald Hosko, a former assistant director of the FBI who is now president of the Law Enforcement Legal Defense Fund, which raises money to defend officers accused of misconduct. “Terrorists or other criminal organizations will do something that’s heinous, in a way that is blocked from lawful law enforcement view. They will to some extent get away with it. We will lose lives, we will lose infrastructure in a big way, and then we will be having a different conversation.”

bmc-orange


Hack Trump!

22/05/2018

 

“You’ll prise my iphone from my cold dead fingers!” Trump will never stop tweeting – luckily for hackers.

The intel is out: we’re on to hack the Don.  The White House staff tried to tell him that bringing a cell phone into the secure area was to bring in his own gaping goatse security hole.  But he insisted: he needed, not one, but two iphones.  One for calls, one for Twitter.  Cos yeah, we all need a special Twitter phone.

But even though that’s a bit against procedure in the White House, it’s not un-doable.  His predecessor Barack Obama was hooked on crack, I mean Blackberries.  He simply could not exist with his poor-excuse-for-a-smartphone.   So allowances were made and he kept his Blackberry.  But he was aware of   the security risks; he had a specially-modified one made up, without microphone, camera or GPS, and even this “military-grade” Blackberry had to be handed over every 30 days to check for tampering, further modification, any chance that it posed any extra danger.

And Trump’s calls-only iphone is issued by White House staff and swapped out “through routine support operations” to check for hacking and other security concerns (well, any extra security concerns over and above the security concern that he is carrying around a bloody listening device!!).  But he refuses to let them have his Twitter iphone, because it would be a nuisance!

I’m sure it would be difficult to hack Trump’s phone(s).  I’m sure his equipment is especially hardened against threats.  But when a target is as juicy as Trump, and you have potentially nation-state actors moving against him, nothing is hack-proof.

The White House banned its employees from using personal phones while in the West Wing in January. A statement at the time said that the “security and integrity of the technology systems at the White House is a top priority for the Trump administration”.  But Trump’s wandering the West Wing (and the rest of the White House), Twitter-phone ready to tweet.

The personal smartphone of Trump’s chief of staff John Kelly was reportedly hacked during the Trump transition.  And he didn’t replace it until October.  And Trump’s Twitter-phone hasn’t even been checked!!

This is the man who criticised Hilary Clinton for her use of a personal email server.  He is so dependant on Twitter that he needs a phone especially to tweet.  Note that he needs this phone (not device, oh no, it has to be a phone) to tweet (not to use for other electronic communication, oh no, he hasn’t used email since he came into office, he needs it only to tweet).

The guy is an idiot.  Don’t know if you’ve noticed that yet.

bmc-orange


Apple is going to kill the world! Panic!

06/01/2016

I got a stupid email today from campaigning group SumOfUs.org, asking me to sign a petition… about iphone headsets!
Here’s a taste:

“Apple is about to rip off every one of its customers. Again.

If the rumours are true, the new iPhone 7 will have a non-standard, proprietary headphone jack — making every pair of headphones on earth useless. Not only will this force iPhone users to dole out additional cash to replace their hi-fi headphones, it will singlehandedly create mountains of electronic waste — that likely won’t get recycled.

There’s only one reason for this change: to leverage Apple’s market share in order to extract even more profit from its customers. With virtually no third-party manufacturers ready to fill the new market gap, Apple stands to make a killing while we — and our planet — pay the price.”

evil_apple_by_perishhaspower-d379wwn

“Evil Apple” image by perish_is_power, on that deviantart site (said theft aided and abetted by Google – thanks, evil corporation, where would we be without you?

SumOfUs.org has sent me some pretty daft petitions in the past year or so, but this is just too much. So Apple are going to rip off its idiot “loyal customers” by adopting a proprietary technology… so what? This is what Apple does: it makes stuff that will only work with its stuff, and rips off anyone gullible enough to fall for the con.

The eco-spin on the petition – that Apple’s evil plans “will singlehandedly create mountains of electronic waste — that likely won’t get recycled” – is an extra dollop of pathetic. Land-fills all round the world are already full of Apple’s crap because if your i-thing breaks down, all the peripherals are useless and get chucked. Will the headphones scandal be the tipping point? Oh no, call 007 to save us from Apple’s satanic actions!

Sorry, SumOfUs.org, but I’m leaving your mail list (should be called a “spam list” you  jerks).  I’ve suffered a load of shite from you being put in my email inbox without a complaint, because occasionally you brought something important to my attention.  But the important issues have dwindled, and meaningless kibble has taken its place.  And this one – Oh, Apple are selling proprietary, non-reusable crap – hell, it’s not new or surprising.  If you don’t like what Apple does, don’t buy Apple.  I never have.  I’ve got a perfectly fine Sony phone, and I can use any headphones with it.  Stop buying into the con – stop buying Apple.  That will get their attention a lot more effectively than a sad petition.

 


How to download & save streaming video from the internet, using Linux

30/03/2009

IMPORTANT: I HAVE UPDATED DOWNLOADING INFO. CHECK THIS LINK. BUT THIS POST IS STILL USEFUL.

The information in this post will help you download and save video files that are hosted on sites like Youtube, Supernovatube, Youku, Megavideo, and linked to by sites like SurfTheChannel.com, free-tv-video-online.info and watch-movies-links.net. It is a good idea to read the entire post before using any of these methods, as host sites have changed from time to time, and so have the methods you can use to download the streaming video files.

Seen the latest cool video on Youtube?  Want to save it on your hard drive so you can watch it again at your leisure or share it with your internetless friends?  Well, it’s simple – if you use Linux.  Everything I explain in this post was done on a computer running Ubuntu 8.10, but I think it will work with any distro.

Okay, let’s start with Youtube videos.  First, watch the video.  Then, before you navigate away from that web page, go and look in your system’s /tmp directory.  You should find a flash video file, named something like Flashbt0cVD.  That’s the file you want.  So move it to your home directory (or wherever you keep your videos) and rename it something more descriptive.

This trick will also work with the movie and TV videos  files streaming over the internet via sites like www.surfthechannel.com, www.free-tv-video-online.info, tv-video.net and www.watch-movies-links.net.

There is a problem.  One or two of the video links sites (like tv-video.net) delete temporary files when they have finished playing.  This means you can’t move the file out of /tmp after you’ve watched it.  The solution is to link the temporary file to one in your home directory before the temporary file is deleted.  So you start to play the video, then go look in the /tmp directory. You’ll find a randomly-named video file there.  You need to link it to your home directory.  Do this by running this command in terminal:

ln /tmp/Flashuh4G6s ~/video.flv

Now you have got the video file in your /home.  You have to make sure that the name you give to the new linked file does not already exist in the directory.  So in the example above, you would first check that there is no file called video.flv in your home directory.

But there’s another problem.  If you watch a video via the links sites that is hosted at Youku, the video will be delivered as a series of small files (12-13 MB each).  But this isn’t a serious problem.  When they’ve downloaded you can put the randomly-named files into the correct viewing order by checking the properties of the files, looking at the time when the files were created.

If you have any queries, feel free to leave Comments.

UPDATE: If you are a Windoze user and you want to learn how to save streamed media, you should check out this site. There you’ll find info on how to capture and save video from lots of websites, plus audio files from last.fm and other internet radio stations. I only use Linux, so I can’t verify the accuracy of the info. But it looks good.

UPDATE 2:
Here’s info about a couple more tools for downloading video from the web. One for grabbing BBC TV (and radio) content, and one for those Youtube videos we all know and love.

For some time now, users of any operating system have been able to watch BBC TV shows streamed over the internet by BBC iPlayer. But if you wanted to download programmes, you used Windows or you were shit out of luck.

Now, Linux users can download BBC content via the new iPlayer Desktop application. But I don’t like it. The content is crawling with DRM. And the player doesn’t work properly on my EEE PC. It might work okay on a better-specified computer. But iPlayer Desktop is compatible with just Intrepid and Jaunty and my desktop machine runs Hardy (I’m talking Ubuntu here – the app works on other distros too). Anyway, I don’t like the app so I’m not supplying a link to it. It’s my blog so blah! If you really want to try it for yourself, check out the “Labs” link on the iPlayer web page.

Anyway, if you want to download BBC TV and radio shows and you use Linux, there is an easy solution – get_iplayer.
This is how it works: Steve Jobs was desperate to sell his crappy iPhones in the UK. So he turned on his diabolical charm and convinced the BBC to offer iPlayer downloads to iPhones. This happened many moons ago, when only Windows OSes could download the content. But some dastardly fellow created a program that pretended to be an iPhone. Oh, and get this: the DRM that infects all the content downloaded from iPlayer is absent from the .mov files sent to iPhones and consequently computers running get_iplayer. It’s a command-line utility, which might put some people off. But as far as I’m concerned there isn’t much wrong with command-line utilities in Linux. So check it out!

The other video download solution I want to present here is the excellent pwnyoutube.com. The way this site works is simple. When you search for or go to watch a video on Youtube, you get an URL something like:
http://www.youtube.com/watch?v=ufzqypO2k_A
To download this video, you type that URL into your browser’s address bar, then add the letters “pwn” like this:
http://www.pwnyoutube.com/watch?v=ufzqypO2k_A
Go to that URL and you will find download links for the video in question. You can download the file in .flv flash format, and most are also available in mp4.

If you have an unreliable internet connection, you can marry pwnyoutube with wget to great effect. Let’s say you want a video of The Clash playing London Calling live. A search of Youtube may turn up this video URL:
http://www.youtube.com/watch?v=Idwibw0-lb4
So, you run the edited URL in your browser:
http://www.pwnyoutube.com/watch?v=Idwibw0-lb4
This brings you to a web page offering 2 download links. You want the “high quality” mp4 version. But your network connection is lousy. If you set the browser to download this file, chances are the connection will drop before the download completes. But this is no problem. Just right-click on the download link and select “Copy Link Location”. Now open a terminal and paste the download url into the following command:
wget -c http://deturl.com/save-video.mp4?http%3A%2F%2Fv18.lscache5.c.youtube.com%2Fvideoplayback%3Fip%3D0.0.0.0%26sparams%3Did%252Cexpire%252Cip%252Cipbits%252Citag%252Cburst%252Cfactor%26itag%3D18%26ipbits%3D0%26signature%3D7ABACC132F8C18AAF6A0649B1669DB89EDFF0B83.AB3039808ECB20B7124585313CB75A55C2C7E4A1%26sver%3D3%26expire%3D1250665200%26key%3Dyt1%26factor%3D1.25%26burst%3D40%26id%3D21dc226f0d3e95be
Wget will download the file, and the -c flag means that if the connection is broken, you can run the same command when the link is resumed and wget will start the download where it left off.

Hope this helps.

UPDATE OF THE UPDATE: OMG they have ruined PWNYoutube!!! 😦

Back when I first wrote the review of PWNYoutube, it was simple, and great in its simplicity: you found the video’s URL, you added “pwn” to the URL, browsed to that URL… and you were given a couple of download links. I liked to right-click the link, copy it, then paste it into a wget command in the terminal. Brilliant, right?

But now, you do all that adding “pwn” to the URL stuff… but when you go to that URL, instead of getting a couple of simple download links, you are confronted with a bunch of complicated ridiculousness. “Use one of: SaveVid | YouDDL | ClipNabber | KeepVid…” etc etc etc. No simple download link. No simple wget. Just a bunch of downloading utilities/services/whatevers that I know nothing about, and which I want to know nothing about. Ruined, man. Ruuuiiinneddd!!!

I cast my weary eye over the options, and finally decided to try the bookmarklet. Dunno why, I guess maybe it sounded simple, or maybe unthreatening in its diminuitiveness. I successfully downloaded an mp4 (high quality) image file by using the bookmarklet – what you do is browse to a webpage that includes a Youtube video (it doesn’t have to be a web page actually on Youtube.com – many bloggers and webmasters have Youtube videos embedded in their own sites) and click on the bookmarklet. The resulting mp4 file played well in vlc, so I’ve got no issues in that regard. But changing the PWNYoutube interface so you no longer get a simple download link – that’s just bad. Shame on you, PWNYoutube!.

PWNYoutube – new interface. Boo!!

So, what’s the new PWNYoutube like? Well the bookmarklet works; I don’t know about the other utilities, if I get round to trying them I will post my verdict here. And I really should make an effort to try it all out. That’s what this blog post is all about, after all. But I’m so pissed off with PWNYoutube at the moment, I just don’t feel like doing it. If PWNYoutube can’t be bothered to provide me with a simple download link that works with wget, maybe I can’t be bothered to give them publicity. Fancy shmancy download utilities just don’t do it for me. I like wget. But PWNYoutube don’t like wget. Which makes it feel like PWNYoutube don’t like me.

YET ANOTHER UPDATE:

Here’s a couple more things relating to online video. First of all, some of the sites I have mentioned previously have become pretty crappy.  Surfthechannel.com is terrible nowadays.  All it seems to offer are links to buy videos from Amazon or watch videos streamed from Megavideo – and if you don’t sign up to become a member of Megavideo, you can’t watch anything longer than about 56 minutes.

But it’s not all bad news.  It has become easier to download videos from tv-video.net, and these downloaded files are in mp4 format and much better quality than the streamed flash videos.  To download these files, you need to use Firefox, and the Firefox add-on Video DownloadHelper.  When you’ve installed Firefox and the add-on, go to tv-video.net and navigate the site to watch the video you want.  When you click on “Play”, you’ll see the DownloadHelper icon change colour and start moving.  Click on the icon and you’ll get a drop-down menu with a number of options.  Choose to download the file.  Once the download has started, close the tab which contains the playing video: the download speed will increase considerably, and you won’t need the crappy flash version.

That’s all for now; but I’ll update this post as and when new video downloading methods come to light.

6 JUNE 2012: ANOTHER BLOODY UPDATE – but its not really a bad update:

The stuff I told you about at the start of this post, about grabbing video files out of the tmp directory, does not appear to work anymore.  Grr!  BUT:  If  you are using Firefox and have the DownloadHelper add-on, go to Project Free TV and select the TV show/movie you wanna save.  Start watching it; when it’s started properly, the DownloadHelper icon will become all colourful and rotating.  Click on that, and select Copy URL.  Now, go to a terminal and type in something like wget -c -O movie.flv then, before hitting Enter, right-click and select Paste.  That will paste in the actual URL of the movie you want.  Hit Enter, and wget will start downloading the movie.flv file (or whatever name you chose) to your Home directory. Note: in that wget command, the -O is a capital letter O, not a zero.  This seems to work with all the sites Project Free TV link with.  Dunno how long the trick will last, so get going while the going’s good!  Oh yeah, one you’ve got wget downloading the file, close the Firefox tab that’s playing the movie.  Otherwise the download will take much longer.  Good luck!!

bmc-purple


Apple iPhone released in UK

10/11/2007

Apple’s much-hyped mobile phone, the iPhone, went on sale in the UK yesterday at 6.02 PM, sparking some curious behaviour: there were queues at some stores – crazies started waiting outside the Apple store in Regent Street, central London, at 8 AM on Thursday… 34 hours early! – but other shops, like the nearby branches of Carphone Warehouse and the O2 store, were distinctly queue-free (and crazy-free).

Shouldn’t be surprised by this lunacy though – ever since its launch in the USA, the iPhone has been provoking irrational behaviour. It strikes me as pretty ridiculous that anyone even wants the bloody thing! It’s a pricey item, yet its hardly state-of-the-art. It has a 2-Megapixel camera, while many competitors now boast 5-Meg cams; it doesn’t support 3G/UMTS; it wears its wireless networking credentials like that’s something special… Bah humbug!

The iPhone’s main claim to fame is its prettiness. It is slim and sleek, and the large, sensitive touchscreen gives it great versatility. The lack of physical keys means it can be held in different positions for making calls, texting, web browsing… So yeah, it looks good. So what else has it got going for it?

Hmm… not much, methinks. You won’t catch me buying one. I think Nokia and Sony Ericsson make far superior alternatives.

iphone.jpg

The iPhone: looks good… but looks ain’t everything


$200 freebies for early buyers of Apple iPhones!!!

07/09/2007

Check this out at Om Malik’s GigaOm blog! (I would have done a trackback but I haven’t figured out how to yet)

————–

How To Get $200 Back If You Just Got An iPhone

Written by Om Malik
Wednesday, September 5, 2007 at 12:25 PM PT | 73 comments

Did you just buy an 8GB iPhone and paid full price? And are you feeling upset over the $200 dollar price drop that Apple (AAPL) just announced? Well there is a way you can help yourself and get $200 back. Apple’s store return policy states:

Should Apple reduce its price on any Apple-branded product within fourteen (14) calendar days of the date of purchase, you may request a refund of the difference between the price paid and the current selling price. An original purchase receipt is required, and you must request your refund within fourteen (14) calendar days of the price reduction.

Just to clarify, if you bought the phone from Apple store, then you can get the refund from Apple. Otherwise visit the AT&T Store to request a refund.

http://gigaom.com/2007/09/05/how-to-get-200-back-if-you-just-got-an-iphone/————–

————–

Om presents this as a straight bit of good news reporting – if you bought an iPhone full-price, you may be able to get $200 back. Sweet! But looking through the comments to his post, there are lots of folk saying how Apple have done good, or done bad, they will reap the whirlwind, or they will be feted as Gods… and some people actually accuse Om as being a pro- or anti-Apple poster!

Weird!!!


%d bloggers like this: