archive-com.com » COM » T » TIDBITS.COM

Total: 405

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Sparkle Vulnerability Real, but Exploits Highly Unlikely
    home or office with an Ethernet or secure Wi Fi connection you have nothing to fear Just keep letting your apps update when they want and as long as you re on a private network you ll be fine However if you often use public Wi Fi networks without also employing a VPN to secure all your network traffic you could be at risk if there was a sufficiently capable hacker at the next table That risk would apply for any affected app that has automatic update checking enabled and is running However using a VPN will keep you safe and should be standard operating procedure when using networks outside your home or office If a VPN isn t an option you can also disable automatic update checking in any apps that use Sparkle and when an update arrives download and install it manually Since taking advantage of this vulnerability would require a targeted attack it s highly unlikely that it would be used indiscriminately against people who aren t high profile government or corporate officials If you are still worried how do you figure out which apps are vulnerable People have offered all sorts of Terminal commands to suss out vulnerable apps but the best one I ve found comes from RussW a commenter on Mac Kung Fu His solution checks to see if the app uses both Sparkle and an insecure HTTP connection and then it prints out a list of those apps in a fairly readable format Unfortunately there are smart quotes in RussW s text that partially break the command thanks to reader Joe for pointing that out so I ve created a Pastebin link with the properly formatted command Follow that link copy the command under RAW Paste Data paste the command in the Terminal window and press Return Terminal will list the vulnerable apps in your Applications folder The list may be long but those who use public Wi Fi networks can use it to figure out for which apps automatic updates should be disabled until a new version is available At that point either update manually or re enable automatic updating only when on a trusted network Again this is necessary only if you re paranoid or are concerned about using untrusted networks And as Security Editor Rich Mogull likes to remind us if you re in China or are being pursued by the NSA your data is probably already compromised Make friends and influence people by sponsoring TidBITS Put your company and products in front of tens of thousands of savvy committed Apple users who actually buy stuff More information http tidbits com advertising html Comments about Sparkle Vulnerability Real but Exploits Highly Unlikely Comments are closed Joe 2016 02 15 14 01 If you re going to copy and paste RussW s terminal command beware of smart quotes I suppose it depends on your browser and possibly system settings but from the provided terminal screen shot it looks like the author

    Original URL path: http://tidbits.com/article/16261 (2016-04-24)
    Open archived version from archive


  • TidBITS ExtraBITS for 4 April 2016
    double homicide It remains to be seen if the FBI will share its knowledge of how the unlocking is being achieved with Apple but it s conceivable that the hack works only on older iPhones or models running a particular version of iOS At that point the FBI could both share the information with Apple and still use the technique on iPhones currently in the possession of law enforcement when possible Read post comments 2 Verizon Wireless Adding 20 Upgrade Fee 3 According to a leaked memo published by MacRumors Verizon Wireless is instituting a 20 flat rate upgrade fee for customers upgrading to a new iPhone or other smartphone in order to cover support costs Starting 4 April 2016 the charge will be applied to new smartphones purchased on a Device Payment financing plan or at full retail price and even to customers taking advantage of Apple s iPhone Upgrade program AT T and Sprint but not T Mobile have similar upgrade fees Read post comments 4 Amazon Bans Non compliant USB C Cables 5 We ve reported previously on how poorly made USB C cables could ruin a laptop Online retailer Amazon is now taking steps to protect its customers from such cables adding to its list of prohibited items Any USB C or USB Type C cable or adapter product that is not compliant with standard specifications issued by USB Implementers Forum Inc Amazon vendors caught selling faulty cables risk Amazon closing their accounts and destroying any merchandise stored in the company s fulfillment centers While this isn t a guarantee that all cables purchased through Amazon will work properly third party vendors now have extra incentive to sell only quality cables We hope to see other online retailers follow Amazon s lead but even still we

    Original URL path: http://tidbits.com/article/16397?print_version=1 (2016-04-24)
    Open archived version from archive

  • ExtraBITS for 4 April 2016
    Its Nik Collection Photo editing Apps Make Sure You re Getting OS X Security Data iBooks with iCloud Drive Is Unreliable and Confusing FlippedBITS 1Password Versus iCloud Keychain TidBITS Watchlist Notable Software Updates for 4 April 2016 x Welcome to TidBITS We make our articles available via RSS and in a weekly curated email newsletter You can also support our work by becoming a member and receive several benefits Close To help us avoid automated posts and misuse of our site please enter the words below Close Gerberding Thanks for your interest in forwarding this article via email Please fill in your email address and that of the recipient below You can also include a short message Close Send to Your email Your name Your message indicates required fields To help us avoid automated attempts to spam recipients please enter the words below Email 04 Apr 2016 Print ExtraBITS for 4 April 2016 by TidBITS Staff In ExtraBITS this week the FBI has agreed to unlock an iPhone related to an Arkansas homicide Verizon is adding a 20 fee to phone upgrades and Amazon is trying to banish non compliant USB C cables from its store FBI to Unlock iPhone in an Arkansas Homicide Case Apparently it wasn t just about one iPhone Despite the government s protestations that it wasn t seeking a backdoor when asking Apple to unlock the iPhone in the San Bernardino terrorism case the Associated Press is reporting that the FBI has now agreed to help an Arkansas prosecutor unlock an iPhone and iPod associated with a double homicide It remains to be seen if the FBI will share its knowledge of how the unlocking is being achieved with Apple but it s conceivable that the hack works only on older iPhones or models running

    Original URL path: http://tidbits.com/article/16397 (2016-04-24)
    Open archived version from archive

  • TidBITS Apple Reissues iOS 9.3 for Older Devices; Links Remain Problematic
    The issue with iOS 9 3 was that those devices would get stuck at activation if users couldn t remember their Apple ID usernames and or passwords If your iOS device is stuck at the activation step Apple has posted some instructions explaining how to bypass the hangup 2 To obtain the new update issued with build number 13E237 check Settings General Software Update or update via iTunes Apple has also issued an iOS 9 3 update for GSM equipped iPad 2 tablets 3 which resolves a similar activation issue However many users are reporting that tapping Web links in iOS 9 3 is causing hangs and app crashes The new iOS 9 3 release does not fix this issue One affected TidBITS reader contacted Apple who informed her that this is an emerging issue meaning that Apple is just now learning about it and probably hasn t identified the solution yet Benjamin Mayo of 9to5Mac claims to have traced the issue back to specific third party apps 4 installed on iOS devices but otherwise we don t have much light to shine on the issue Given that iOS 9 3 was in beta for much longer than most minor iOS updates it s surprising that Apple missed these bugs in the update Regardless if you follow our advice of storing passwords in a password manager like 1Password or LastPass you likely missed the activation glitch entirely Unfortunately the Web link bug is still a major problem for many iOS users and all we can do is hope Apple releases a fix soon If you haven t yet updated to iOS 9 3 it s definitely worth waiting until there s more movement from Apple 1 http arstechnica com apple 2016 03 apple pulls ios 9 3 update for older

    Original URL path: http://tidbits.com/article/16370?print_version=1 (2016-04-24)
    Open archived version from archive

  • TidBITS AT&T Adds International Support to Wi-Fi Calling
    when traveling abroad in iOS 9 3 see iOS 9 3 Works the Night Shift Protects Notes and More 1 21 March 2016 AT T has kept pace with its major competitor expanding its Wi Fi calling service 2 to the rest of the world image link 3 This means that if you re an AT T customer traveling abroad with an iPhone 6 or later running iOS 9 3 you can make calls to or receive calls from the United States over Wi Fi for free Calls to numbers outside the United States are still subject to the same rates dictated by your plan If you haven t already done so here s how to turn on Wi Fi calling which is now supported by numerous carriers in the United States 4 Go to Settings Phone Wi Fi Calling and enable Wi Fi Calling on This iPhone You ll need to enter your home address for 911 emergency calling purposes for more details see Turn on Wi Fi Calling in iOS 9 5 28 October 2015 Apple provides more information about Wi Fi calling 6 as well After enabling Wi Fi calling the carrier name at the left of the status bar will probably look different when you have a Wi Fi connection On an AT T iPhone 6 it displays AT T Wi Fi instead of AT T LTE From then on when you make or receive calls while connected to a Wi Fi network they ll be routed over the Internet instead of the cellular network Wi Fi calling is a life changing feature if the cellular reception in your home or office is poor and if you re an AT T customer who travels abroad it could save you a fortune in roaming charges as well

    Original URL path: http://tidbits.com/article/16358?print_version=1 (2016-04-24)
    Open archived version from archive

  • Turn on Wi-Fi Calling in iOS 9
    carriers are still rolling out support city by city and VoLTE between different carriers still doesn t exist When you get a VoLTE to VoLTE call though it s almost shocking how much better it sounds like talking on a good Skype connection You don t have to use Wi Fi Calling especially if you have a typical service plan that allows unlimited voice calls in the United States and sometimes within and to other countries and you never suffer from poor reception However if you have sketchy connectivity or travel a lot Wi Fi Calling is a big advantage for ensuring that you can always make and receive clear calls This is especially true outside America s boundaries with some carriers T Mobile charges nothing for incoming calls over Wi Fi Calling wherever you are and counts minutes for calls placed to U S numbers whether on U S based Wi Fi or elsewhere in the world against plan minutes which can be unlimited Sprint is the same AT T by contrast is so far limiting calls to be received and placed when a customer is in the United States Puerto Rico and the U S Virgin Islands However this seems likely to change Manage Wi Fi Calling Turning on Wi Fi Calling is a low stress operation Here s the procedure for AT T it varies only a little for other carriers In Settings Phone Wi Fi Calling enable Wi Fi Calling on This Phone You re prompted with a long explanatory message labeled Enable Wi Fi Calling Tap Enable You get an AT T specific welcome screen Tap Continue You re presented with extensive information about 911 emergency calling While AT T tries to switch to cellular for 911 calls to identify your whereabouts it can t always and needs a street address as a fallback location Tap to continue Enter your street address and tap to continue Tap Verify Address if the address shown as corrected by AT T to match its location database is accurate Finally tap OK Wi Fi Calling can take a few minutes to activate When it s ready the text Wi Fi appears in the status bar between the carrier name and the Wi Fi signal strength waves You can return to the same setting location to disable Wi Fi Calling I had to do this when my home Internet connection went wonky just before I switched ISPs Once I got my new ISP s connection working properly I re enabled Wi Fi Calling You may need to do the same if you find yourself on a Wi Fi network with inconsistent service that causes phone calls to drop or suffer poor quality You can also update your emergency address later on should it change Beyond the iPhone T Mobile and Sprint let you relay Wi Fi Calling from other devices T Mobile requires iOS 9 0 or later while Sprint requires iOS 9 1 or later That means you can place calls using an iPad iPod touch a Mac running OS X 10 11 El Capitan or an Apple Watch with watchOS 2 The iPhone doesn t have to be within range or even powered on Apple says except for calls originated from the Apple Watch This is an extension of a Continuity feature that allows placing and receiving cell based calls via an iPhone but works in only the specific carrier and OS combinations described On your iPhone in Settings Phone Calls on Other Devices you can choose whether to allow any relayed calling or not and which devices The Apple Watch can already place calls just by being paired with an iPhone On the Mac you use FaceTime to place audio calls by clicking the phone icon just as if you were making a cellular call relayed through an iPhone A note on 911 emergency calling 911 calls are routed over Wi Fi only when a cellular connection can t be made The hierarchy according to AT T is first cellular then Wi Fi plus your location information derived from Apple s Wi Fi location database and lastly Wi Fi plus your registered address even if you re not at that address it s the best information available That may not sound ideal but think of it this way without Wi Fi Calling the 911 call would be entirely impossible to make The End of Voice as a Separate Thing Wi Fi Calling is a particularly old school service taking what began life as a switched network circuit based hardware routing system the PSTN and dropping what is effectively a PSTN simulation into the Internet It has taken a long time to arrive especially given that we ve had Skype like equivalents for so many years but it s nonetheless welcome since Internet telephony remains fragmented and flaky I switched to making most office calls using Skype s PSTN offering long ago That service has only gotten better over time and when integrated with Google Voice for forwarding I seldom know from where a call originates The call rings all over and I pick it up wherever is convenient on my Mac using a headset or an iPhone via Skype or FaceTime or the Phone app The future of Internet telephony is the disappearance of voice as a separate service to think about Wi Fi Calling is an odd step in that direction but it dissolves more of the boundaries between voice and data More about iOS Networking Privacy and Security If you re looking for more detailed information and step by step instructions for a wide variety of activities related to this topic take a gander at my latest book A Practical Guide to Networking Privacy Security in iOS 9 which the fine folks at Take Control have available for sale for 15 The 177 page book covers Wi Fi and Bluetooth configuration and troubleshooting working effectively on cellular networks including avoiding overage fees configuring your iOS

    Original URL path: http://tidbits.com/article/16010 (2016-04-24)
    Open archived version from archive

  • TidBITS Chapter 4 of “Take Control of Slack Basics” Available
    Web sites and use emoji You ll also learn how to edit and delete messages navigate within the message list there are lots of shortcuts react to a message mark a message for later and even link to a specific message image link 2 If you want to practice with Slack s message related features join our public SlackBITS group which has over 130 members and so far has hosted discussions of Slack the Mac iOS and Apple TV You re welcome to ask anything you like there Instructions on how to join are in Chapter 1 Introducing Slack 3 Also available to everyone is Chapter 2 Get Started with Slack 4 However Chapter 3 Master the Interface 5 and this new Chapter 4 are accessible only by TidBITS members so if you re not currently one we hope this is incentive to join 6 TidBITS members receive other benefits too but what s most important is that the TidBITS membership program has kept TidBITS afloat the last few years your support is essential If you re already a TidBITS member log in to the TidBITS site using the email address from which you joined to read and comment on

    Original URL path: http://tidbits.com/article/16363?print_version=1 (2016-04-24)
    Open archived version from archive

  • TidBITS Restricting Your Cell Carrier’s Use of Your CPNI Data
    two practices The first is uncompetitive upselling which could happen if a telco used its CPNI to tweak pricing for additional services for a particular customer in ways that competitors couldn t match for instance The second pretexting prevents CPNI from being purchased by an outside party that would then pretend to be the phone company in order to get a customer to disclose or do something they wouldn t otherwise The most recent changes to the CPNI legislation were back in 2007 but Geoff said that AT T started notifying customers about the company s use of CPNI in 2012 Indeed when I searched through my email archives on CPNI there was just one hit an identically worded message from AT T sent in August 2012 Are there any actual abuses of CPNI Yes Additional research revealed among many other stories 5 at the Electronic Privacy Information Center EPIC that in 2014 Verizon paid a 7 4 million fine 6 for using CPNI for marketing purposes without informing customers Worse AT T had to pay a 25 million fine 7 in 2015 for disclosing personal information and misusing CPNI data for almost 280 000 of its U S customers thanks to crooks paying off employees in three AT T call centers in Mexico Colombia and the Philippines to unlock stolen and or grey market phones It s important to realize that restricting a carrier from using your CPNI doesn t prevent it from being collected so opting out might not prevent such information from being swept up in data breaches like AT T s but it certainly can t hurt Regardless the fact that the FCC felt it was important to require telcos to offer such an opt out makes me think it s worth doing Restricting AT T from using CPNI isn t difficult but it does require information you may not have handy Follow these steps or you can use a voice response system at 800 315 8303 or talk to a person at 800 288 2020 Go to http att com ecpnioptout 8 Amusingly the link underneath the associated text in the email message used a tracking link which makes me wonder if a click on it would become part of my CPNI Enter your account number or customer ID and billing ZIP code select Restrict Use of My CPNI and click Submit The tricky part here is getting your account number which is most easily found on your bill or by logging in to AT T s site and looking in your profile AT T says it s also available on the CPNI notice which isn t true you can see my notice above and there s no ID on it image link 9 What about other carriers and other types of personal information that s gathered and potentially shared or sold A page in the MIT Information Systems Technology Knowledge Base offers links to opt out of these and other programs at AT T

    Original URL path: http://tidbits.com/article/16345?print_version=1 (2016-04-24)
    Open archived version from archive



  •