Recent Articles By Andrew Orr [RSS]

Facebook Tried to Buy a Hacking Tool to Spy on iPhone Users

· Andrew Orr · Link

Facebook logo

According to court filings, when Facebook was in the early stages of building its spyware VPN called Onavo Protect, it noticed that it wasn’t as effective on Apple devices as it was on Android. So Facebook approached a hacking group called NSO Group to use its Pegasus malware.

According to the court documents, it seems the Facebook representatives were not interested in buying parts of Pegasus as a hacking tool to remotely break into phones, but more as a way to more effectively monitor phones of users who had already installed Onavo.

Zoom’s Encryption is Linked to Chinese Servers

· Andrew Orr · Link

Chinese flag

Researchers found that Zoom uses its own encryption scheme, sometimes using keys issued by China.

Some of the key management systems — 5 out of 73, in a Citizen Lab scan — seem to be located in China, with the rest in the United States. Interestingly, the Chinese servers are at least sometimes used for Zoom chats that have no nexus in China. The two Citizen Lab researchers, Bill Marczak and John Scott-Railton, live in the United States and Canada. During a test call between the two, the shared meeting encryption key “was sent to one of the participants over TLS from a Zoom server apparently located in Beijing,” according to the report.

I don’t have further commentary on Zoom, other than asking, “How will this end?”

iPhone Accessory Maker Gamevice Wants to Ban Nintendo Switch From US

· Andrew Orr · Link

Nintendo switch logo

Gamevice makes game controllers for iPhones, and believes that the Nintendo Switch infringes on its design.

This is a new complaint, separate from another against Nintendo that Gamevice is now appealing after the Patent Trial and Appeal Board ruled in Nintendo’s favor. In that case, Nintendo was accused of infringing 19 Gamevice patents.

Nintendo will be hoping that the ITC dismisses Gamevice’s latest suit before it ends up in another lengthy legal battle. But if Gamevice had its way, Nintendo would not be allowed to import and sell the Switch in the U.S.

I always wonder what goes through company minds in cases like these. Does Gamevice think that people will magically flock to its products if the Switch gets banned? Because that definitely won’t happen.

Intel Releases 10th Generation H-Series Chips

· Andrew Orr · News

A photo shows Intel's new 10th Gen Intel Core H-series processor. Intel Corporation released the new processor family on on April 2, 2020. (Credit: Intel Corporation)

Intel released new 10th-generation processors designed for high-end computers, Comet Lake chips built on Intel’s 14 nanometer architecture.

WireGuard VPN Gets Added to the Next Linux Kernel

· Andrew Orr · Link

Image of wireguard logo

I briefly mentioned WireGuard when I wrote of Cloudflare’s WARP beta. I think it’s something to add to your technology watch lists. It’s just not any old VPN app, it’s a VPN protocol that could very well replace current protocols like IPsec and OpenVPN, or at least be offered as an alternative. You can read the technical whitepaper here [PDF], along with this write up from Ars Technica.

WireGuard will now operate as either a Loadable Kernel Module (LKM) or built statically into the kernel itself. But whether static or loadable, it will be “in-tree”—which means it’s provided ready to go with the vanilla kernel itself, with no need for repackaging by the various distros. This puts it on the same footing as other supported drivers.

Tile: Apple’s Anticompetitive Behavior Has Gotten Worse

· Andrew Orr · Link

Logo of tile

On Wednesday, Tile told a congressional panel that Apple didn’t live up to its promises to resolve a dispute between the two companies.

Tile had objected to Apple requiring its users to repeatedly agree to allow Tile to operate in the background, which is crucial to Tile’s service…Tile also said that there were indications that Apple planned to update its Find My product, adding hardware, so it would be a competitor to Tile.

Those are Tile’s two arguments. One – They’re mad that Apple cracked down on apps collecting location data in the background. No sympathy there from me. Two – Apple allegedly plans to compete with Tile with its own hardware Bluetooth device, rumored “AirTag.” Tile is acting as if Apple specifically aimed its location crackdown at them, to set itself up for AirTag, but I’m not sure if that’s right. Tile certainly wasn’t the only one doing that.

5 Zoom Alternatives to Maintain Your Privacy

· Andrew Orr · Quick Tip

Image of people on a video call

After multiple privacy and security violations have been found with Zoom, Andrew wanted to share three Zoom alternatives he found.

New Zoom Bug Can Be Used to Steal Passwords, Access Your Webcam, Microphone

· Andrew Orr · Link

Zoom logo

Security researcher Patrick Wardle disclosed two Zoom bugs today. They can be used to steal Windows passwords and access your webcam and microphone. They do however require physical access to the machine.

In this blog post, we’ll start by briefly looking at recent security and privacy flaws that affected Zoom. Following this, we’ll transition into discussing several new security issues that affect the latest version of Zoom’s macOS client.

At this point, Zoom should just rewrite its software completely.

Twelve South Launches AirPods Bag ‘AirBag’

· Andrew Orr · Cool Stuff Found

Today Twelve South announced AirBag, a mini AirPods bag meant to hold your AirPods or AirPods Pro. It’s made with full-grain leather and includes a strap to sling it over your shoulder. It’s also a limited edition product, and as of this writing there are 683 AirBags left. You can get one on Twelve South’s website for US$49.99.

AirBag is a genuine leather micro-mini bag made exclusively to carry and protect AirPods Pro. Wear this petite vintage pouch over your shoulder, around your neck or ditch the strap for the little leather top handle. A metal snap button keeps your AirPods safe and secure. AirBag works with wireless charging and has an opening for Lightning charging.

Twelve South Launches AirPods Bag ‘AirBag’

iWork for iOS Updated to Support Trackpads, Mice

· Andrew Orr · Product News

Following yesterday’s update to iWork for macOS, today Apple updated iWork for iOS to support trackpads and mice, along with other features.

OpenWRT is Vulnerable to Remote Code Execution Attacks

· Andrew Orr · Link

Image of a router

For three years, router firmware OpenWRT has been vulnerable to remote code execution attacks.

The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.

This is especially concerning because OpenWRT is commonly recommend by privacy advocates as an alternative to built-in proprietary router firmware.

SiriusXM Premier is Free Through May 15

· Andrew Orr · Link

SiriusXM logo

Announced by Howard Stern, Sirius XM is giving people free access to Premier content through May 15, starting today.

Listeners will have free access to more than 300 channels of dynamic programming, featuring the acclaimed The Howard Stern Show , hundreds of exclusive ad-free music channels, and vital news and information sources.  SiriusXM is also adding entirely new curated content, and bringing back some beloved music channels by top artists.