Show 272 – Feb 11, 2019
Run Sheet ~ Zarn & Michael
Aussie Tech Heads Podcasting
Our Aussie Apple Ramblings
Wired reports ~ A Teen Hacks Apple and Won’t Share How
As it turns out, Apple had multiple run-ins with teens this week! In the second instance, an 18-year-old German hacker demonstrated a vulnerability in macOS that lets an attacker steal passwords that are stored in the keychain. Perhaps more importantly, he has also pointedly decided not to share how he did it. That’s not out of malice (hopefully) but in protest of Apple’s lack of a macOS bug bounty program, a system that pays out hackers for finding and disclosing bugs. Apple does have an invite-only bug bounty set up for iOS, but not its desktop counterpart.
Anybody want to be on the show as a guest please contact firstname.lastname@example.org
propublica reported ~ Google has quietly dropped ban on personally identifiable web tracking
Google is the latest tech company to drop the longstanding wall between anonymous online ad tracking and user’s names.
When Google bought the advertising network DoubleClick in 2007, Google founder Sergey Brin said that privacy would be the company’s “number one priority when we contemplate new kinds of advertising products.”
And, for nearly a decade, Google did in fact keep DoubleClick’s massive database of web-browsing records separate by default from the names and other personally identifiable information Google has collected from Gmail and its other login accounts.
The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer.
The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customised to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct.
The move is a sea change for Google and a further blow to the online ad industry’s longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people’s real names. But until this summer, Google held the line.
“The fact that DoubleClick data wasn’t being regularly connected to personally identifiable information was a really significant last stand,” said Paul Ohm, faculty director of the Center on Privacy and Technology at Georgetown Law.
“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy,” he said. “That wall has just fallen.”
“We updated our ads system, and the associated user controls, to match the way people use Google today: across many different devices,” Faville wrote. She added that the change “is 100% optional–if users do not opt-in to these changes, their Google experience will remain unchanged.”
Existing Google users were prompted to opt-into the new tracking this summer through a request with titles such as “Some new features for your Google account.”
Reminder this week we are bought to you by
Story 3 ~ pic
9TO5Mac reports ~ Apple Maps adds more indoor maps for malls and airports, expands transit directions to new cities
Apple has today updated Apple Maps with new transit direction cities, and expanded support for indoor maps for malls and airports. Today’s Apple Maps updates are being done server side so no software update is required.
Starting today, transit directions will be available outside of the U.S., in Australia.
Maps for malls are also now available in the following cities:
Upper Mount Gravatt, Australia
For those of us who have not used Apple Maps to look inside of a shopping centre or airport.
you can see on the map, for those watching live (in the show notes for those who are not) a “Look Inside” caption you click. This enlarges the the area and you can Zoom in even more to find the store you are looking for.
Apple exec met with teenager who found FaceTime bug at his Arizona home, will be eligible for bug bounty program
The FaceTime bug that made waves as result of 9to5Mac’s coverage last week was actually first reported to Apple by Grant Thompson and his mother in Arizona a week earlier. However, deficiencies in the Apple bug reporting process meant that the report was not acted upon by the company …
Instead, the teenager made headlines when his mother shared their Apple communications on Twitter. Their claims were later proved to be legitimate.
Around January 22, Apple Support directed them to file a Radar bug report, which meant the mother had to first register a developer account as an ordinary customer. Even after following the indicated steps, it does not appear that Apple’s product or engineering teams were aware of the problem until its viral explosion a week later.
Apple took down the Group FaceTime servers to prevent the bug from happening as a short-term workaround, a few hours after the bug was publicised by 9to5Mac. Customers are still waiting for an iOS software update to restore Group FaceTime.
CNBC reports that an unnamed “high-level Apple executive” met with the Thompsons at their home in Tucson, Arizona on Friday. They apparently discussed how Apple could improve its bug reporting process and indicated that Grant would be eligible for the Apple bug bounty program.
“They also indicated that Grant would be eligible for the bug bounty program. And we would hear from their security team the following week in terms of what that meant,” said Michele Thompson. “If he got some kind of bug bounty for what he found we’d certainly put it to good use for his college because I think he’s going to go far, hopefully. This is actually a field he was interested in before and even more so now.”
Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
A class action suit has been filed that accuses Apple’s two-factor authentication of being too disruptive to users, taking too much time out of a user’s day when it is needed, and abusive since it can’t be rolled back to a less safe login method after 14 days.
The suit, filed by Jay Brodsky in California alleges that Apple doesn’t get user consent to enable two-factor authentication. Furthermore, once enabled, two-factor authentication “imposes an extraneous logging in procedure that requires a user to both remember password; and have access to a trusted device or trusted phone number” when a device is enabled.
Filing paperwork associated with the suit also alleges that harm is being done, and potential class members “have been and continue to suffer harm” including economic losses, based on a waste of personal time for an extended login process that has become a multiple-step process.
The filer alleges that a software update enabled two factor authentication on or around September 2015. However, neither macOS El Capitan nor iOS 9 released in the timeframe put forth by the filer mandated two-factor authentication, nor implemented it without an explicit and multiple-step opt-in procedure requiring the user to consent. It is required to take advantage of some of Apple’s services, like Home Sharing and HomeKit Hubs, however.
Brodsky alleges that the email that Apple sends after two-factor authentication is enabled is insufficient to warn the user that the setting is irrevocable. The filing calls a link in an email to a page to reset the configuration “unobtrusive” but does not specify what would have been sufficiently noticeable in a three-paragraph email.
FYI – Why Is My iPhone Battery Icon Yellow?
A yellow battery icon means that your iOS device has Low Power Mode enabled. Go to the Settings app and select Battery. You can then toggle Low Power Mode on and off. Low Power Mode is useful when your battery level is low and you want to prevent it from completely dying before you are able to access a charger.
Thanks to appsliced.co for the answer
Another FYI – pic
Theres a pic for this story as well – So I’m watching the ABC news the other morning and when they reported the Financials with a cross over to a CommSec analyst – there on a screen the Can and Apple Pay Logo – slightly hidden but visible
Reminder this week we are bought to you by
Hey S i r i What day was 3rd December 1957
Show notes link each week on show upload
the link being
there you will see the last 5 weeks shows notes
Spotify – just search Aussie Mac Zone
Apple News ~ Aussie Mac Zone
(remind ~ how to Favourite)
Thanks to our sponsors, this week being
Aussie Tech Heads podcasting
Aussie Tech Radio
& our supporters you our listeners!