Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Yubico and Keyport Release Pivot 2.0 Organizer for Keys

Yubico and Keyport partnered on the new Yubico Keyport Pivot 2.0 organizer, a durable and functional everyday-carry solution for organizing and protecting your YubiKeys, house keys, and all keys alike. It holds up to 8 keys (or more with an extension kit) and offers a low-profile lanyard attachment. It’s easy to assemble and designed to keep everything set to the ideal tightness. Keyport developed several add-on modules that integrate with the Pivot: OmniFob Smart Remote, WeeLink charger cable, a NEBA Knife and a 12-lumen flashlight.

Data Breach of California Pizza Kitchen Leaks 100,000 Social Security Numbers

TechCrunch reports that California Pizza Kitchen suffered a data breach in September. The SSNs of over 100,000 employees were leaked as a result.

While CPK didn’t confirm how many people are impacted by the breach, a notification from the Maine attorney general’s office reported a total of 103,767 current and former employees — including eight Maine residents — are affected. CPK employed around 14,000 people as of 2017, suggesting the bulk of those affected are former employees.

Teen in Canada Arrested Over $36.5 Million Crypto Theft

Bloomberg reports on a theft involving a Canadian teen stealing US$36.5 million in cryptocurrency from a victim in the U.S.

Police said the victim was targeted through a cell phone scam known as SIM swapping, in which a scammer hijacks a wireless customer’s phone number to intercept two-factor authentication requests and gain access to the victim’s accounts.

The arrest was the result of a joint investigation with the Federal Bureau of Investigation and the U.S. Secret Service Electronic Crimes Task Force, the Hamilton Police Service said in a statement. The investigation was launched last year in March.

If you haven’t already done so it’s a good idea to lock your SIM card with a PIN.

Williston, North Dakota Adds Cryptocurrency ATM to Airport

The City of Williston announced the addition of a cryptocurrency ATM at Williston Basin International Airport. It supports over 40 coins such as Bitcoin, Dogecoin, Ether, Cardano, and more.

The City of Williston does not act as the fund custodian or manage any crypto transactions. Purchases and withdrawals are handled by the DCM operator, Coin Cloud. This marks the first government-hosted cryptocurrency kiosk and the first Coin Cloud installation in an airport. The DCM is located before security on the first level near the rental car offices and the baggage carousel.

Musicians Call for Concert Venues to Drop Amazon Palm Scanning Technology

Musicians and activist groups are calling on Red Rocks Amphitheatre to stop its rollout of Amazon’s palm scanning tech.

The letter contributors are worried Amazon might send palm data to government agencies hoping to track activists and marginalized people, particularly in light of its past collaborations with police. They’re also concerned thieves might steal info from the cloud, and see AEG as inconsistent after it condemned the use of facial recognition in 2019.

US Issues Joint Advisory Warning Companies of Iranian Ransomware

In a joint advisory issued on Wednesday, the U.S. is warning that Iranian state-backed hackers are targeting infrastructure companies with ransomware.

The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors.

Snapchat Adds Memories and Explore Layers to Snap Map

Snapchat has added two layers to the Snap Map for users called Memories and Explore. Announced earlier this year, Layers bring more interactivity to the Map.

Now, the Memories layer will show you old Snapchats that you sent from particular places. Memories are private and only available to the individual user — you can’t see friends’ memories.

The Explore layer reimagines the heat map, which shows activity by relative volume on the Snap Map. You can tap on highlighted regions to see public photos and videos submitted by Snapchat users around the world.

New App 'Macro by Camera+' Aims to Compete With iPhone 13 Pro

LateNiteSoft is well known for apps such as Camera+, and on Thursday revealed its latest app called Macro by Camera+. The goal of Macro by Camera+ is to take the fuss out of taking amazing-looking close-up photos. The app intelligently chooses the best lens for your shot, and gives you just the right tools to make your subject shine. And there’s no hardware envy required: Macro is compatible with any iPhone that can run iOS 15. The controls in Macro by Camera+ are laser focused and powerfully aimed at getting the perfect up-close image in crystal clear focus. It includes manually controlled focus and EV so you can precisely control the focus and brightness of your photo.

FTC Rules That This Favored Tactic by News Media is Illegal

Some companies, such as news publications, use a “click to subscribe, call to cancel” tactic to discourage customers from cancelling their service. The FTC says this practice is illegal.

But it’s not just hedge fund-owned publishers that have adopted the subscription practices that have caught the government’s attention. Again, most U.S. news organizations don’t give readers an easy way to cancel online. When I checked — more than a week after the FTC announced it planned to crack down on companies who don’t make it easy to cancel — The New York Times still requires me to talk to someone to unsubscribe, either by starting a live chat or by picking up the phone.

A welcome move from the FTC. Currently, my tactic for this is using a disposable card and cancelling it.

GitHub Fixes NPM Bugs That Leaked Private Package Names

GitHub has fixed several flaws with npm packages that leaked private names and let attackers publish new versions of a package they didn’t have rights to.

The data leak was identified by GitHub on October 26th and by the 29th, all records containing private package names were deleted from the npm’s replication database. Although, GitHub does warn that despite this, the replicate.npmjs.com service is consumed by third parties who may, therefore, continue to retain a copy or “may have replicated the data elsewhere.”

Brave Browser Introduces Native Crypto Wallet Called 'Brave Wallet'

On Tuesday Brave introduced a native wallet within its browser that doesn’t require an extension called Brave Wallet.

Unlike most crypto wallets, the Brave Wallet does not require extensions; it’s browser-native, reducing security risks and reliance on extra CPU and memory. Users can transact with almost any crypto asset with superior safety and performance, as well as connect with other wallets and Web3 DApps. The Brave Wallet will soon be available on our mobile apps as well.