Apple not hit by Heartbleed. Sometimes it is better to be lucky than smart. The best is to be both.

 Apple

How Apple dodged the Heartbleed bullet
[Via AppleInsider]

In 2011, Apple told its developers that it would be deprecating OS X’s Common Data Security Architecture including OpenSSL, describing it as an outdated relic of the late 1990s. Nearly three years later, OpenSSL was hit by a severe flaw that affected a wide swath of vendors and their users, but not Apple.

[More]

Apple was not hit by the Heartbleed defect because it had stopped using the vulnerable software in its operating systems 6 months before the vulnerability was added.

Apple just saw some other flaws in the underlying Open Source security applications and moved to its own.

Smart and lucky.Best way to go. 

Seating upgrades using iBeacon

 P1000223

Apple’s iBeacon used to push seat upgrades in nosebleeds at sporting events
[Via AppleInsider]

Some U.S. sports arenas have begun pushing ticket upgrades to fans in the cheap seats through Apple’s iBeacon technology for iPhone, offering users the ability to upgrade their seats quickly and easily.

[More]

Nice win-win. The team gets some money for a seat that would already be empty and gets to make sure that the staium looks fuller.

The fans get to experience the game in a much better location. All because they had an iPhone.

An iPad, a couple of mikes and a mixer – Musical magic

Inside the iPad rig Jimmy Fallon used to duet with Billy Joel on ‘The Tonight Show’
[Via AppleInsider]

Apple’s iPad was the centerpiece of a live performance this week featuring the legendary Billy Joel and “Tonight Show” host Jimmy Fallon, and AppleInsider has learned exactly what hardware and software producers utilized to make the memorable duet happen.

[More]

Another demonstration of how technology can create magical moment.s Those who thought an iPad was just for consuming content were just plain wrong.

Here we see two very talented gentlemen creating an entire do-wap group with just some software and some hardware.

No need for a recording studio. Just a demonstration of sheer talent.

$90 accessory for iPhone demonstrates disruption of medicine

eyes

Stanford University develops $90 iPhone accessory to replace ophthalmology kit costing tens of thousands
[Via 9to5Mac]

Researchers at Stanford University’s School of Medicine have developed two low-cost iPhone adapters that provide images of the eye that usually require specialist ophthalmology equipment costing tens of thousands of dollars. The university hopes that it will be useful both for primary care physicians in the U.S. as well as rural medical centres in developing countries.

The adapters make it easy for anyone with minimal training to take a picture of the eye and share it securely with other health practitioners or store it in the patient’s electronic record.

“Think Instagram for the eye,” said one of the developers, assistant professor of ophthalmology Robert Chang, MD … 

[More]

Software and hardware that puts a $10,000 device in the hands of anyone with a cell phone. Now EMT or emergency room doctors can do a quick scan of the eye, when needed, and send the pictures on to the ophthalmologists, instead of just describing what the eye looks like.

We will see a lot more of these sorts of accessories applied to smartphones.

Could Healthbook change everything, once again?

Blood Pressure Monitor 

This is Healthbook, Apple’s major first step into health & fitness tracking
[Via 9to5Mac]

Seven years out from the original iPhone’s introduction, and four years past the iPad’s launch, Apple has found its next market ripe for reinvention: the mobile healthcare and fitness-tracking industry. Apple’s interest in healthcare and fitness tracking will be displayed in an iOS application codenamed Healthbook. I first wrote about Apple’s plans for Healthbook in January, and multiple sources working directly on the initiative’s development have since provided new details and images of Healthbook that provide a clearer view of Apple’s plans for dramatically transforming the mobile healthcare and fitness-tracking space…

[More]

Personalized health is one of the changing aspect of medicine. For example, being able to test blood sugar before and after every meal can provide data regarding exactly which foods are a problem or not for the individual.

Now, Apple needs to sell hardware ot really make its profits so I expect the Healthbook to work with products Apple will sell – like a wristband that provides much of the physical data.

I know just having a lot of data showing how my weight fluctuates has helped me understand my metabolism more.

Having more data could tell us each a lot more about ourselves.

Of course, the FDA will have something to say about al this.

Apple’s wearables will be part of our digital hub

Rings

→ Wearing Apple
[Via Marco.org]

Craig Hockenberry:

Given everything presented above, it’s pretty clear to me that a “smartwatch” isn’t in Apple’s immediate future. But they’re clearly interested in wearable technology. So what are the alternatives for a product that could be released this year?

His guess is as good as any others I’ve heard. I don’t know if he’s right, but I agree that watches are problematic.

Apple’s previous blockbusters — Mac, iPod, iPhone, iPad — were all in categories that people really wanted, and there was hope of something good existing within what was technically possible. There were halfway decent portable music players before the iPod, and people really wanted portable music players. Same for smartphones and tablets.

I’m not sure those conditions hold, especially the demand side, for smartwatches: it’s a category that pundits and the tech media are telling us we want, but I’m not sure enough people really do.

[More]

Those who envision some sort of smart watch have it wrong. In many ways what I think will happen (and so does this article) is that Apple will make a lot of “kinda dumb”.

First, the computational power will be in our pocket – an iPhone. I have written about this several times. We do not want a large bulky watch.

What we wear will provide biometric input that, in combination with the security of an iPhone, will permit secure financial transactions to be done, safer than a credit card.

It will transmit health data to our iPhone and then out to the web. 

As this article states, we do not have to wear these devices on our wrist. Heck, I expect there to be ear plugs that wirelessly communicate, or rings, or headbands.

Wearable separates the computer from display or input. That is where Apple is going.

An iPhone case that measures your health – HP, BP, lung fucnton, temperature, EKG

Wello brings health data to the humble iPhone case
[Via PandoDaily]

Health monitoring is leaving the doctor’s office and heading to the smartphone.

Azoi today announced an iPhone case that can measure its owner’s blood pressure, heart rate, and temperature after just a few seconds of contact. The device will also ship with a free peripheral that allows owners to measure their lung functions. It’s called Wello, and it’s now available for pre-order in the United States, China, Canada, and other countries.

Wello is the latest example of the shrinkage of health monitoring. Companies like Jawbone and Fitbit are turning their wrist-born fitness trackers into intelligent health monitors. Scanadu is trying to condense the equipment found in a doctor’s office into a thumb-sized device.

Health monitoring is getting easier than ever. Now we’ll just have to see if that makes people care more about their well-being or if these devices will receive about the same amount of attention as the decades’ worth of fitness tools collecting dust in closets around the world.

[More]

We will see many more of these soon. Assuming the FDA can deal with the deluge.

This will be out “pending FDA approval.” Hope it is soon (they say Fall 2014) because it is really kinda cool.

Check out the video.

I want one. Or maybe Apple will be making a purchase  soon.

Open Source critics of Apple’s security bug forced to eat crow – Linux security bug is worse

apple prismfrom Wikipedia

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
[Via Ars Technica]

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical “goto fail” flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.

[More]

This bug may well have been there since 2005! The cry of Open Source is that, because so many eyeballs can see everything, critical bugs get found.

In contrast to closed source systems, such as Apple’s OS.

The reason these bugs were found was because people were specifically looking for them. Testing or eyeballs did not reveal them. Because Snowden released slides indicating that the NSA was specifically getting client data from various OS, including Windows, iOS and Linux.

This bug actually makes it easier for someone to get the information than Apple’s bug. For the hacker to use Apple’s bug, they had to be on the same network. But this one does not require that be the case.

You can bet that the NSA has been using this bug to get ahold of encrypted data from anyone using the appropriate Open Source tools.

All in systems that everyone supposedly can review.

The failure may allow attackers using a self-signed certificate to pose as the cryptographically authenticated operator of a vulnerable website and to decrypt protected communications. It’s significant that no one managed to notice such glaring errors, particularly since they were contained in code that anyone can review.

This was only found when some of the Open Source companies held audit reviews, probably to check out the very bug Apple found,

There was lots of criticism for Apple’s supposedly poor coding and bad error testing. But here we have something that has been a part of Linux for perhaps 10 years. Where was all the great checking by all those eyeballs?

I have to say that if Snowden’s revelations only helped Apple and others to identify these bugs (simply because they looked) he should be welcomed as a whistleblower. Because these are really devastating security flaws.

They hate Tim Cook because he cares about us

 empathy

Tim Cook to Apple Investors: Drop Dead
[Via NCPPR]

Tim Cook to Apple Investors: Drop Dead

Apple CEO Tim Cook tells Investors Who Care More About Return on Investment than Climate Change: Your Money is No Longer Welcome

As Board Member Al Gore Cheers the Tech Giant’s Dedication to Environmental Activism, Investors Left to Wonder Just How Much Shareholder Value is Being Destroyed in Efforts to Combat “Climate Change”

Free-Market Activist Presents Shareholder Resolution to Computer Giant Apple Calling for Consumer Transparency on Environmental Issues; Company Balks

[More]

Sociopaths. They hurt us all. This group fails to understand that part of Apple’s success is caring about the world its customers live it. It wants to sell them devices that make that world better.

So trying to make the world better by decreasing pollution— in ways that actually also make money for Apple—is a direct ROI. Or it should be to these guys. But they seem to be suffering from some psychiatric disorder.

An anti-social one.

Yes, they do not want Apple spending money on environmental stuff, such as reducing toxic emissions or polluting water supplies, when that money should go to shareholders. Some quotes:

“The company’s CEO fervently wants investors who care more about return on investments than reducing CO2 emissions to no longer invest in Apple. Maybe they should take him up on that advice.” …

…After today’s meeting, investors can be certain that Apple is wasting untold amounts of shareholder money to combat so-called climate change. The only remaining question is: how much?”…

…”Apple’s actions, from hiring of President Obama’s former head of the Environmental Protection Agency Lisa Jackson, to its investments in supposedly 100 percent renewable data centers, to Cook’s antics at today’s meeting, appear to be geared more towards combating so-called climate change rather than developing new and innovative phones and computers.”

Sociopaths. They got GE to buckle here but not Apple. Here is how this was described by another attendee:

What ensued was the only time I can recall seeing Tim Cook angry, and he categorically rejected the worldview behind the NCPPR’s advocacy. He said that there are many things Apple does because they are right and just, and that a return on investment (ROI) was not the primary consideration on such issues.

“When we work on making our devices accessible by the blind,” he said, “I don’t consider the bloody ROI.” He said that the same thing about environmental issues, worker safety, and other areas where Apple is a leader.

As evidenced by the use of “bloody” in his response—the closest thing to public profanity I’ve ever seen from Mr. Cook–it was clear that he was quite angry. His body language changed, his face contracted, and he spoke in rapid fire sentences compared to the usual metered and controlled way he speaks.

He didn’t stop there, however, as he looked directly at the NCPPR representative and said, “If you want me to do things only for ROI reasons, you should get out of this stock.”

We would all be better off if they did sell their stock. They lack an understanding of why Apple is so successful.

As do many sociopaths from Wall Street. As I wrote earlier— Apple is successful because it has created a family that includes its own customers.

So, Apple makes the world we live in better and we buy stuff from it because of that. By helping save the environment (even if that help does nothing) it shows that it wants to improve where we live. And sell us products that also make our life better.

They are both part of the same thing, as far as Apple is concerned.

Even if climate change was not happening, it would still be useful marketing, because it shows Apple cares about our world. Don’t those sociopaths get it? 

Nope because of the actual defects in sociopaths—they show a lack of remorse, a lack of shame, and, tellingly a lack of empathy.

Sociopaths, lacking the empathy and sympathy described by Adam Smith in his book on Moral Sentiments. These are not the moral men he expected to be running capital markets.

They are bandits, enriching themselves at the detriment of the rest of us. It is not normal for them to be the ones running our capital markets.

We need them all to sell all their stock.We need to move the sociopaths to other jobs.

Then perhaps we can begin the road back to normalcy.

Schneier asks the question – Magic Eight ball says “Reply hazy. Try again.”

 Apple Blossoms

Was the iOS SSL Flaw Deliberate?
[Via Schneier on Security]

Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement.

The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is a single line of code: a second “goto fail;” statement. Since that statement isn’t a conditional, it causes the whole procedure to terminate.

The flaw is subtle, and hard to spot while scanning the code. It’s easy to imagine how this could have happened by error. And it would have been trivially easy for one person to add the vulnerability.

Was this done on purpose? I have no idea. But if I wanted to do something like this on purpose, this is exactly how I would do it.

EDITED TO ADD (2/27): If the Apple auditing system is any good, they would be able to trace this errant goto line not just to the source-code check-in details, but to the specific login that made the change. And they would quickly know whether this was just an error, or a deliberate change by a bad actor. Does anyone know what’s going on inside Apple?

EDITED TO ADD (2/27): Steve Bellovin has a pair of posts where he concludes that if this bug is enemy action, it’s fairly clumsy and unlikely to be the work of professionals.

[More]

Schneier is a guy to listen to. There are a lot os things discussed in the comments about this because we have so little information.

It fits his criteria, With the logs of changes on hand, Apple should be able to back track and figure out how this happened. The best conspiracy theory would have to include the possibility that anyone signing off on correct testing of the code would also have to be involved – unless the same guy who added the code also signed off on the testing.

Makes for a great idea. even if it is much more likely that human error was involved.

Will Samsung provide such details abouts its movile security?

Lock

Apple details Touch ID and Secure Enclave tech in new security white paper
[Via AppleInsider]

An iOS security white paper published by Apple on Wednesday offers a deeper understanding of the company’s Touch ID fingerprint sensing system and the so-called “Secure Enclave” found in the A7 SoC, both of which were introduced with the iPhone 5s.

[More]

This is nice to see. The key is building their own processor and devoting space to a Secure Enclave.

What will Samsung do? I wonder what patents Apple holds here?

Android developed for freedom, not security. Apple is the opposite. I chose security.

Apple touts secure design of iOS as Google chief admits Android is best target for malicious hackers
[Via AppleInsider]

Speaking at Mobile World Conference, Google’s new Android chief Sundar Pichai admitted that security plays second fiddle to “freedom” in the design and implementation of Google’s mobile operation system, exposing Android users to an overwhelming, disproportionate share of malware vulnerabilities.

[More]

This is a classic battle. But, when it comes to my personal data, along with credit card info, I want as much security as possible. 

Security from  the prying eyes and harmful arms of others. I think this will be a continuing plus for Apple and iOS.

Because, truthfully, in today’s society, there can be no freedom unless we can also secure our digital selves.

Apple lets us do this. Android, not so much.

We are family – How an agile and resilient company responds to a customer or why I love Apple

#broken #ipad #screen

(Not mine. I have a picture. I’ll upload later.)

A couple of weeks ago, I did something really stupid.

I put my new iPad Air on top of my car as loaded in a bunch of stuff. And I forgot about it.

Like the dog in National Lampoon’s Vacation, the poor little iPad tried to hold onto the roof, only flying off as I reached about 35 mph.

I heard it come off and hit the ground. Stopping and running back to see the damage revealed a totally smashed screen.

I mean with pieces of glass falling off. I went home and it still worked; I could just not decipher the odd lines on the screen that still had parts working.

But I could back it up. So I did. Then I did something that turned out to be miraculous.

I went to the Apple Store to see if there was anything I could do – repair or what not. I had used an American Express card to pay for it so I figured I could use they Buyer Protection to get some money back.

But as it turned out, I had also purchased Applecare+ (always a worth while expense) and one of the things recently added to iPad ‘scare was the Two Strikes clause.

You get two free replacements, no questions asked, when the iPad is damaged

Even if it was my fault. (i’d imagine that they would not replace it if you tried to blend it ;-)

They erased my old iPad, set me up with a new one with a new Applecare+ coverage. For like $50, cheaper than any sort of new purchase would have taken.

They had 3 people come over to deal with this – one to deal with the old iPad, one to get the new one up to speed.

And the manager came over, introduced herself, showed actual concern for the horrible state my iPad was in and just acted like I was part of the family who needed comforting

And that is why I love Apple.

Even when we do something stupid they treat us like part of the family and not some leper to be shunned.

(And yes, I do know that Apple can easily replace the screen, refurbish the unit and sell it in China and still make money. But when are win-win solutions a problem?)

Instead of feeling like  a schlub at some customer service line, I was treated like a continuing valuable customer who needed something done for their problem. And Apple did just that.

I had a replacement within 30 minutes and was on my way. In a store that was simply jammed. And pretty much no wait.

This is why I will buy Apple. A little time and energy here  on something they will make out okay in the end, and they create a community that is self sustaining.

Interesting coincidence between Apple’s vulnerability and the NSA

sunset from airplane

★ On the Timing of iOS’s SSL Vulnerability and Apple’s ‘Addition’ to the NSA’s PRISM Program
[Via Daring Fireball]

Jeffrey Grossman, on Twitter:

I have confirmed that the SSL vulnerability was introduced in iOS 6.0. It is not present in 5.1.1 and is in 6.0.

iOS 6.0 shipped on 24 September 2012.

According to slide 6 in the leaked PowerPoint deck on NSA’s PRISM program, Apple was “added” in October 2012.

These three facts prove nothing; it’s purely circumstantial. But the shoe fits.

Sure would be interesting to know who added that spurious line of code to the file. Conspiratorially, one could suppose the NSA planted the bug, through an employee mole, perhaps. Innocuously, the Occam’s Razor explanation would be that this was an inadvertent error on the part of an Apple engineer. It looks like the sort of bug that could result from a merge gone bad, duplicating the goto fail; line.

Once in place, the NSA wouldn’t even have needed to find the bug by manually reading the source code. All they would need are automated tests using spoofed certificates that they run against each new release of every OS. Apple releases iOS, the NSA’s automated spoofed certificate testing finds the vulnerability, and boom, Apple gets “added” to PRISM. (Wasn’t even necessarily a fast turnaround — the NSA could have discovered the vulnerability over the summer, while iOS 6 was in developer program beta testing.)

Or, maybe nothing, and this is all a coincidence.

I see five levels of paranoia:

  1. Nothing. The NSA was not aware of this vulnerability.
  2. The NSA knew about it, but never exploited it.
  3. The NSA knew about it, and exploited it.
  4. NSA itself planted it surreptitiously.
  5. Apple, complicit with the NSA, added it.

Me, I’ll go as far as #3.1 In fact, I think that’s actually the optimistic scenario — because we know from the PRISM slides that the NSA claims some ability to do what this vulnerability would allow. So if this bug, now closed, is not what the NSA was exploiting, it means there might exist some other vulnerability that remains open.


  1. “Never ascribe to malice that which is adequately explained by incompetence.” —Napoleon Bonaparte 

[More]

Best conspiracy theory that might actually have some basis in reality. Apple might owe Snowden a hearty pat on the back, He revealedthe fact that the NSA was hacking Apple.

Apple was added to the PRISM program only a couple of months after the vulnerability first appeared. And this vulnerability allowed exactly the sort of thing that the NSA said it could do.

Now the paranoid thing is to think that the NSA used a mole to place the vulnerability there. I’d hate to think that the Security State would purposefully undercut a UScompanyto feed its needs.

If it did, heads need to roll.

But, what this does suggest is that Apple has been working overtime to figure out just how the NSA was hacking Apple.

Now Apple has fixed this. Wonder how the NSA feels about it?


Is pCell miraculous? 70 megabits per second sure would be

 Spring Framing

Is pCell the Holy Grail of wireless networking?
[Via CNET News.com]

Serial entrepreneur Steve Perlman claims that his new patented technology can create the wireless network of our dreams.

His invention, pCell, theoretically delivers on the long-sought dream of ubiquitous, fast Internet, with the reliability and consistency previously only achievable through a wired connection. pCell is “effectively mobile fiber,” he announced in a press release for his new company, Artemis Networks.

The technology turns conventional wisdom about wireless technology on its head. pCell, which stands for “personal cell,” exploits interference rather than avoiding it as in conventional wireless networks.

[More]

Hard to tell if this is a real disruptor or another Segway. But if it really could get 70 megabits per second per antenna (an iPhone has 2) you are talking about game-changing levels.

Follow

Get every new post delivered to your Inbox.

Join 408 other followers

%d bloggers like this: