IF Cellebrite Can Crack any iPhone, THEN…

Posted February 27, 2018 by Gerald B
Categories: cellebrite, cracking

Tags: , , ,

As this article posits, Cellebrite can now crack any iPhone.

OK. Suppose that’s a true statement. Every single iPhone is now susceptible to lawful (or unlawful) compromise.

If you’re an iPhone owner does this change your behavior? If you’re a law abiding citizen I’m betting you’re not changing your buying habits until this becomes a glaring problem (such as your phone being routinely and remotely jacked).

If you’re Apple does this change your behavior. I hope the answer is unequivocally and emphatically, “Yes!” Apple went to the mat with the US Dept of Justice over this very topic. Now that there may be a universal crack for the iPhone if I’m Apple my behavior very definitely would change.

First, no more face sensors, no more biometric security. I have an old janky iPhone 5. It’s slow as hell and busted up to the point of failure. But, it’s locked tight. I don’t want some ying yang authority forcing me to look at my phone or give up my fingerprint. There are files, emails, texts I don’t want anyone having access to excepting the intended recipient. Why? Privacy. That’s why. The same reason we don’t have a party line telephone system any more. The same reason I don’t keep my bills on the front porch or my office correspondence printed and out in plain sight. Privacy. Plain and simple. In the U.S. it’s still in our Bill of Rights. It’s being frayed generation after generation but it’s still there.

If I’m Apple I’m spending an inordinate amount of time and resources figuring out how very clever people are reverse engineering iOS and then I work my ass off to plug those holes. I love Apple. Love the principled stand they take on things (even if I disagree with those stands). Apple is chockablock full of very, very smart people and if anyone can out-clever very clever it is Apple. I hope they’re modding phones and honeypotting Cellebrite in ways that expose their methods.

Advertisements

Love Me Some Bacon

Posted April 1, 2016 by Gerald B
Categories: bacon reviews, food

Best Bacon Reviews Guide ever.

I absolutely love bacon. Seriously love bacon. So, when I arrived at my new job a year ago I made a couple pans of bacon for my coworkers. I’ve never learned everyone’s names in a company so fast. It was a hit and I knew immediately I’d chosen well. These are absolutely my kind of people.

Every Friday since, I’ve made bacon. We started at 35 people and a few pans. We’re now pushing 85 hungry faces and it’s an all-morning affair. I’m made all kinds of bacon and I have my favorites. I won’t taint your opinions but think it would be awesome if everyone reviewed bacon and make an already awesome bacon review guide even better.

The Sovereign Republic of Apple

Posted July 28, 2015 by Gerald B
Categories: Apple, encryption, Peter Thiel, privacy, seasteading, technology

Tags: , , , , ,

I have a profound admiration for Peter Thiel. There are a large number of brilliant thinkers walking the planet today. Peter Thiel, in my mind, is among them.

So, as the USA Freedom Act spins up and the Patriot Act spins apart and companies such as Apple plant their feet firmly, and rightly so in my mind, in the “strong encryption IS privacy” camp… I can’t help but pondering the societal tug of war going on when an AHA! moment hits. If corporations are people…

What if Apple Became a Country?

ala something like Seasteading which Peter Thiel has given considerable thought. Look at it on a couple merits.

  • Apple, as a country, has something like the 10th largest economy in the world.
  • AAPL could repatriate it’s own cash without the tax hit and reinvest in itself on its own tax terms.
  • Apple could…………………… (fill in the blank)

It’s a really wacky idea. Granted. And then there’s all that political baloney that comes with. But, a NEW country, founded on doing the right thing and iterating and deprecating laws like old, inefficient code. A concept like that certainly has appeal to me. Do countries even have to have soil any longer? The definition of so many things are being reframed that I wonder if the concept of a “border” is due for a change. Some Californians want to see a redrawing of their boundaries such that California becomes multiple new states. Interesting. Why couldn’t one of them be the Sovereign Republic of Apple? Yes, I know, it might be a different country surrounded by… The U.S. on all sides. The Vatican is a country. It’s surrounded on all sides by Italy. But, then, people might say, who would recognize Apple internationally? It wouldn’t be part of the U.N.! So, England isn’t part of the U.N. Either is Ireland or Scotland. The U.K. is. But, those countries are not.

See, what constitutes a country to many really… doesn’t matter. What matters is a modicum of international recognition and a declaration of independence. A governing law and a geopolitical boundary. My contention is “the ground” bit. How MUCH ground is necessary? Could the privately owned Apple Campus be declared “the ground”? How about an uncontested patch of dirt on Luna (our lunar neighbor)? Why do we HAVE to have a boundary? Nowhere does it say we have to have a capital city.

For a company that prides itself on Thinking Differently, I wonder if our buddies at Apple have ever thought of creating a new country of their own?

 

LastPass Hacked

Posted June 16, 2015 by Gerald B
Categories: Bitcoin, Blockchain, Keychain, LastPass, OSX, security, technology

Tags: , , , , , ,

I hate passwords. I have too many accounts and too many passwords to remember. So, I resorted to using LastPass not too long ago for simplifying sign on services. Okta was another service I’d had the opportunity to use and I found the experience of both to be quite good.

Until this morning.

There is no substitute for a good, strong password portfolio + a regimen of deprecating them on a schedule. If you’re good at eating at least once per day, you should be capable of changing your passwords once every six months (if not more frequently).

Apple has Keychain. Google has Authenticator. I’m sure Microsoft has something (probably called Keychain or Authenticator because they’re too lazy to come up with their own product names). Anyway, the point is, picking one of these and electing for an extremely long factor passcode that is 100% machine generated is probably the best way to go. I, personally, like GUIDs with mixed upper and lower case letters mixed in PLUS another character in there somewhere such as a “!” (which I don’t use). But you get the idea. A password such as has a lot going for it:

!c40d2b17-42f8-4908-b341-F6538CBE997C

First it’s nearly 40 characters long. A human isn’t going to remember a randomly generated string of mixed case and letters very easily. That is a good thing. Nor is that person going to bother to write that sort of thing down or easily transcribe it to a friend or relative.

The one thing it sucks at now is it’s public and has probably been scooped up by some machine and folded into the crazy ass long list of passwords to try while attempting to brute force past a security wall of some kind. Plus all it’s variants. Don’t even waste your time recycling it.

But, that type of password is ideally suited to living in something like Keychain and probably forgotten. Easily discarded and reset regularly. See, we get attached to passwords. It’s the familiarity of the thing. A birthdate mixed with an address mixed with a childhood friend’s dog’s name. The problem with anything remotely like those… The cracking algorithms and raw compute power available today can make mincemeat out of those in nothing flat. The ability to recurse through all the variations with brute force velocity is astounding and only getting better and cheaper to do so.

Blockchain holds a lot of promise. If you’ve not been paying attention to digital security or alt digital currencies like Bitcoin… The Blockchain holds a lot of promise. A LOT! Our digital identities are at risk. Our state secrets are at risk. Our banking is at risk. Our infrastructure is at risk. Oddly enough, our flesh and blood lives are now inextricably weaved with the digital fabric of the world. We are cyborg in William Gibson’s finest sense of it. Wearables are an interesting aside.

What’s a netizen to do?

If you’re a Mac, like me I use Apple’s built in password generator. Follow these very simple steps:

1) Click on the Apple Menu (upper left) and select System Preferences

2) Click on Users and Groups

3) Click on Change Password. If it asks for iCloud Password, Cancel or Change Password… Choose Change Password. Don’t worry, we’re not changing anything. We’re just fabricating a new password for you to use elsewhere or at the very least showing how to do it at a later time.

4) See the icon that looks like a key? Click that and a small window like the one pictured below will show up.

LastPass GUID Keychain Blockchain

 

5) One of the first things you’ll see is the Type menu dropdown. I prefer Random. Pick anything you like. But, remember, anything resembling a word is going to be more easily cracked. Apple probably oversimplifies the Quality meter. Generally speaking the farther that meter is to the right, the better the password.

6) Next, change the length of your password. See how you can manipulate the quality and security of your new passcodes? And, it’s all built into OSX.

Well, this is all good and fine. We have a new, strong password generator in our pocket.

How do we put this into practice?

I’ll show you, in my next post (because I have to create screen shots and write against an outline I’m creating in my notebook – yes, pen and paper) how to go about integrating Keychain into your web browsing of secure sites AND using Keychain across Apple devices.

See, Apple’s already solved this problem and I placed my faith in a couple of companies because of employment policy. Well, screw that. Apple has more cash money and a declared interest in the security of the digital fabric. I believe them when they say it. Google, Microsoft… not so much. Facebook, not at all. Those guys are out to monetize our behaviors across a broad spectrum, not make our lives better.

Apple Watch Upgrade Path?

Posted June 3, 2015 by Gerald B
Categories: Apple, Apple Watch, iPhone, WWDC

Tags: , , , , ,

I had the bright idea to stand in line to get the first gen iPhone. That device was magical (sort of) in an initial sort of way. Pull that phone out now and hold it up to an iPhone 6. The magic is gone pretty much upon startup.

But, I’ve since bought just about every version of the iPhone up to the 4S which is where I stopped being so eager to lap up everything. The pace of annual updates had picked up. I soured on spending so much on two year contracts and being bound to a specific carrier and their particular stupidity. So, I have a 4 and 4S on pay-as-you-go plans with a carrier that has really reliable service in my home town. I was content until last night.

The Apple Watch has me wanting to re-up. (And there’s the key for Apple.) It would be a pricey step up to say the least. I’d not only have to abandon my 4S, but I’d nearly have to commit to a 6 or 6+ (unlocked, off contract) and buy a Watch.

And for what?

Do I really want to send little drawings to anyone? No. My heartbeat? Nope. Are there any “can’t live without apps yet?” Um, no. Then why on earth would I want to just chuck all that dough out the window for a gen 1 product? Again!

I don’t have a good answer.

That’s about the most ridiculous thing I could have said. But, it’s precisely the answer. I’m not even interested in the Sports version. I’m more interested in the experience. I liken it to my going to the top of the World Trade Center in 1981. I was there. It was there. We hooked up and I had a great view for an afternoon.

Is this what Apple has become? Less a device maker. More of a desire maker? An experience.

The Swatch watch I have is about the size and heft of an Apple Watch. It has a good number of complications, a swanky faux leather wristband and a kick ass dial. I love that watch. Guess what? I don’t wear it except when I’m “going out”. I don’t wear it at work. I do wear it to work, though. I don’t wear it around the house. It’s a true accessory.

However, I can tell you I’m tired of my phone being such a large (physically and metaphorically) distraction. I do like the promise of being able to trim down the distractions of the day. Can a first gen product deliver on that?

Upgrades Concern Me

Like I said, I’ve bought a lot of Apple iPhones and iPads. AAPL likes that. AAPL thrives on precisely that.

But, I don’t want to buy a Watch 2s or a Watch 6s years down the line any more than I want to replace my Swatch.

So, what is the upgrade path? Is it like Tesla’s sedans and it’s going to be on the software updates for a good long period? The upgradeable car has a nice allure to it. That doesn’t jibe with the APPL year-over-year need for predictably innovative/lucrative product cycles, though.

How does this Apple Watch thing play out as a product line over the years? Because I don’t really want to buy this one and then find out next year they’ve added iSight and FaceTime hardware or Thuderbolt or some sort of wet neural networking that gen one can’t get. But, you know what? I don’t think most people think that way. It’s priced low enough (as Apple’s Items of Desire go) that things will turn out okay for Apple.

I suppose WWDC will be particularly interesting this year. Still, I wrestle with the whole first gen commitment and how long the danged thing will be relevant. What’s it’s lifespan? When does Apple stop supporting Gen One? These are the things blocking me… a (weary) early adopter.

GASP! Tim Cook is human!?

Posted October 30, 2014 by Gerald B
Categories: AAPL, Apple, technology, Tim Cook

Tags: , , ,

Who the hell coulda guessed THAT!? Tim Cook just came right out in front of God and everyone and admitted he’s… human!

Welcome to the party Mr. Cook. We proudly admit you to the human race. We accept your (misplaced) fondness of Auburn football. You must be one helluvan uncle. And furthermore, what you do with your private moments is your’s (not our’s). Keep doing what you do so well: inspiring us to be the best we can be in all our endeavors. We’re rooting for you and the company you love as dearly as we do.

SEO Tools on Mac? Doubtful

Posted October 27, 2014 by Gerald B
Categories: Apple

Tags: , , , , , , ,

I love Macs. You can tell from this blog, right? But, SEO on a Mac is just not feasible so far as I can tell. I’ve tried. It sucks.

So, some will probably say… you just don’t write well for the search engines. That’s might be true. There’s so much more involved than writing though and getting your geek on and tuning your site for device responsiveness and zippy downloads. It’s not ALL just content. Matt Cutts can say that all. day. long. There are other ways to:

1) get your site noticed by Google, Bing, and all the other indices out there quicker than just “waiting” to be discovered; and
2) to rank stronger and faster than will happen organically and certainly than would happen with content alone;

and it’s not going to get done with a Mac. 😦 Yes… that makes me sad to even type it.

You can create content like a fiend on a Mac. That’s what all the ads say, right? You just can’t promote it like a fiend (without using Windows emulation software anyway).

So, I’m on a crusade to prove that notion wrong. If anyone has a really good tool for SEO that’s native to the Mac (and I mean better than Kontent Machine and GSA and Scrapebox and the like) please let me know. I’d love to test it out and sing the praises of worthwhile tools. Take it to the comments folks. I’m all ears.