Apple quietly pushes out iOS 7.0.6 and 6.1.6

Just one more reason why I don't like Apples closed off secretive operating system.  This vulnerability has been around for TWO major iterations of iOS. Apple really doesn't have a good track record with security which is rather scary considering their chant "WE ARE SAFE, THEY ARE NOT".

Apple has quietly pushed out iOS 7.0.6 and 6.1.6 -- small updates that addresses a hitherto unknown security issue with its mobile OS. According to the company's security notes, the previous versions of iOS was missing key SSL validation steps that kept Secure Transport from validating authentic connections, making it possible for "attackers with a privileged network position" to "capture or modify data in sessions protected by SSL/TLS." In other words, iOS devices were failing to protect themselves on shady networks, unbeknownst to the user.

So in short, any time an Apple device connected to a public wifi network it was putting the users security at risk. 

More here.

Perpetuating the illusion of value and prestige.

Gotta keep those prices high to perpetuate the illusion of value and prestige. This echos of the Diamond trade. 

Taiwan's Fair Trade Commission has ruled that Apple's been naughty rather than nice this holiday week, fining it for 20 million Taiwan dollars (around $670,000) after it specified pricing to iPhone carriers. 

More here.

Mac Webcam Hacked

More wonderfully innovative design from apple. 

When your Mac’s iSight camera is running, a tiny green light lets you know that it’s turned on. Or at least it’s supposed to. New research from Johns Hopkins University shows how hackers can remotely control the iSight camera in certain Macs without turning on the accompanying LED indicator light.

I'm an Electronics Engineer by trade. If I were designing a feature like this the last thing I would do is make it accessible in software OR firmware. I'd hard wire that mofo in so there is no way anyone could activate the camera without activating the LED too. 

I'm sure the designers thought they were being smart by making the circuitry more complicated than it needs to be, when in actual fact they were being arrogant thinking no-one can hack mac hardware. 

You can read more here

ACCC forces Apple to offer 24-month warranties as standard

Come on Apple. You are a multi-billion dollar company. Australian customers have been complaining about your warranty policy for years and how it does not comply with Australian law. It is pathetic that you (Apple) forced the ACCC to step in and only goes to show your true colours. 

the ACCC alleges that staff incorrectly applied the company's own warranty policies, including its 14-day return policy and 12-month manufacturer warranty, instead of guarantees required by Australian consumer law.

The full article can be found here. 

Apple Safari is not as secure as you think

This news literally made me laugh out loud. I've lost count of the number of times iSheep have insisted their choice of software is far superior because it is more secure. 

The IT security reputation of the Apple Mac as being impervious to malware/hacker attacks ratcheted down a few more notches this week after Kaspersky Lab revealed that a potentially serious loophole has been discovered in the Safari Web browser.

According to Vyacheslav Zakorzhevsky, head of vulnerability research with Kaspersky, an unencrypted file used to restore a previous browsing session in the Web browser client gives attackers direct access to the sites that the Internet user has visited.

This is particularly important when users are visiting a secure Web site - such as online banking logins or making an online payment -  an `https' Web page is not normally accessible using the `browser back' button, and for good reason, SCMagazineUK.com notes.

Zakorzhevsky, who has been with Kaspersky since 2007, says that Safari does not encrypt previous sessions and stores them in a standard plist file that is freely accessible.

"As a result, it's easy to find a user's login credentials," he said, adding that, because a complete Web session on a given site is saved in the plist file, it becomes accessible, despite the use of `https' technology.

And here is the icing on the cake. It turns out Internet Explorer, the butt of many internet jokes, is actually MORE secure than Safari. 

In July of this year, a report from NSS Labs rated Apple's Safari browser as inferior to Google Chrome and Internet Explorer in terms of blocking malware.

Apple really need to stop pocketing all the money they gouge from customers and start spending it on making their products better. 

You can read more here.

Apple continues to break labor laws

In other news, it turns out that Apple is able to design a smartphone and Foxcon can manufacture it but something as simple as stopping people from working greater than 60 hours a week still escapes their grasp. 

Remember when Apple and Foxconn pledged to improve working conditions, increase wages and limit work weeks to 60 hours? Turns out they're still working on that. According to a recent investigation by China's Fair Labor Association, Hon Hai Precision (Foxconn's official name) is "not in compliance" with laws limiting overtime to 36 hours a month.

Well done apple.  

Link to full article here 

This chart proves that android smartphones are a bad deal compared to iphones

So, today I read a propaganda piece written by cultofmac which perpetuates long running “fragmentation” campaign against Android and reinforces the isheep reality distortion bubble created by the mother ship. I tried to raise these points directly on their website in the comments section, but as usual they put their fingers in their ears pretended the world was still perfect.

They have a daring title for their article “This chartproves that android smartphones are a bad deal compared to iphones”.

Look at all that lovely green. I could pick this article to pieces all day, but I’ll just touch on 3 main points.

Firstly, while Apple does release iOS updates for older hardware, it is not uncommon for new features to only be available to users running the latest and greatest Apple hardware. Just take a second to  read this apple support page. http://support.apple.com/kb/ht5457

Secondly, Google doesn’t solely rely on OS updates to push out new features or updated code. They are able to push out API updates using the play store app and bypass the OS update process entirely. They also are relying on app updates, rather than OS updates, to push out new features. Take hangouts for example. SMS integration achieved without requiring an OS update.

Thirdly, if “fragmentation” is really such a big deal for you, then you have two options. The first is ROM’s which give you a whole swag of innovative features on top of stock Android, the second option is to get a NEXUS device. OS updates are swift, the hardware is top notch and, this will come as a shock to isheep, cheap!