Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

Apple Customers Get Weird Email About Apple Card

Andrew Orr ·

Last night, Apple sent the next wave of invitations for Apple Card, but there seems to be a goof in the system. The email said that the early invitation is waiting, but the email address Apple has on file is wrong. You can click a link in the email to supply the correct one.

There are multiple reports on Reddit of people receiving the email who are 100 percent sure they signed up with the correct Apple ID email address…Several users have contacted Apple Support, who are apparently aware of the issue and it has been forwarded to the Apple Card engineering team. Still, it’s worth noting that some users may have also received the email for the right reason – because they didn’t use the email address associated with their Apple account.

I too got the email last night, but since it arrived at an address no longer associated with my Apple ID, my email was probably legitimate in that I didn’t sign up with the correct one.

Link

CBS and Viacom Merge to Become ViacomCBS

Andrew Orr ·

ViacomCBS is the name of a merged corporation between CBS and Viacom. It will create a joint media library including over 140,000 TV episodes and 3,600 movies.

In their announcement, the companies note that the merger creates a joint content library that includes more than 140,000 TV episodes and 3,600 films, and “reunites fan-favorite franchises such as Star Trek and Mission: Impossible” (which were previously split between Paramount on the film side and CBS on the TV side). They also say that this will allow them to “accelerate” their direct-to-consumer strategy, which includes offerings like CBS All Access, Showtime and Pluto TV. The deal is expected to close by the end of 2019.

Link

This Company Will Pay You to Review the iPhone 11

Andrew Orr ·

WhistleOut is looking for someone to review the iPhone 11 for them. You’ll get paid US$1,000 plus you can keep the phone when you’re done.

You’ll be putting the new iPhone through its paces—testing the camera, getting into the nitty gritty of the interface, seeing what kind of battery life you’re able to squeeze out of it—and writing a comprehensive review based on your findings. We’ll need your written review within a week of you receiving the phone. We’ll give you a review form for this.

Link

What Happens When Apple Locks You Out of the Ecosystem?

Andrew Orr ·

Luke Kurtis shares his story of how Apple disabled his account after he unknowingly bought a fraudulent iTunes gift card. Although he eventually got his account restored, it took two months to get it back.

Had I not taken advantage of my internal Apple contacts, I may not have gotten my account back. I spent a large part of those two months in a kind of grief, mourning not only the loss of a collection of media built up over a decade and a half, but also all the products I owned that no longer functioned as they were supposed to. The company I had given so much money to over the years could revoke my access to everything with just the press of a button.

That’s pretty scary stuff. Now that Apple Card is a product, imagine getting locked out of your account, unable to pay off your Card because there isn’t a way to do it online.

Link

Automattic Buys Tumblr for Pennies on the Dollar

Andrew Orr ·

Automattic, the company behind WordPress, just bought Tumblr from Verizon for less than US$3 million. Verizon had acquired the site from Yahoo for US$1.1 billion.

As part of the deal, Automattic will gain 200 staffers from Tumblr. Verizon is said to have discussed a sale of Tumblr with a handful of different companies but ultimately landed on Automattic. “The sale price isn’t material to Verizon,” today’s report says citing “people familiar with the matter.”

Before you get excited, know that the porn ban will remain in place.

Link

White House Drafts Order to Investigate Alleged Social Media Left-Wing Bias

Andrew Orr ·

The White House is drafting an executive order that would address alleged left-wing bias by social media companies, with an official saying:

If the internet is going to be presented as this egalitarian platform and most of Twitter is liberal cesspools of venom, then at least the president wants some fairness in the system. But look, we also think that social media plays a vital role. They have a vital role and an increasing responsibility to the culture that has helped make them so profitable and so prominent.

A WH official actually used the phrase “liberal cesspools of venom.” What a trashy administration.

Link

TP-Link Kasa Smart Plug Mini Cancels HomeKit

Andrew Orr ·

TP-Link unveiled its Kasa Smart Plug Mini back at CES 2019. The company quietly announced that it has canceled the device’s HomeKit integration.

It’s not known yet whether the company is abandoning HomeKit for all devices or solely for this one product. Nor are there any details about whether there will be any recourse for customers who bought the Kasa Smart Plug Mini in the expectation that HomeKit was coming.

Link

Music App Deezer Adds Queue List Feature

Andrew Orr ·

Music app Deezer is adding a new feature called Queue List for premium users. People can change devices in the middle of a song without having to restart it or search for it again.

Each user’s queue list is now stored in the cloud, making it effortless to switch between mobile, web, desktop, smart watches, autos, Android TV and Xbox.

Users can also edit and make changes to their queue list with all changes reflected across devices. Even if your queue list is set to Shuffle or Repeat, you can still enjoy your music on this setting after switching devices.

Link

Def Con 2019 and Hacking iOS Contacts

Andrew Orr ·

Another Apple hack shown off over the weekend at Def Con 2019 involves iOS Contacts and a SQLite vulnerability. But it’s not something we need to worry about. Emphasis mine:

Documented In a 4,000-word report seen by AppleInsider, the company’s hack involved replacing one part of Apple’s Contacts app and it also relied on a known bug that has hasn’t been fixed four years after it was discovered…

They replaced a specific component of the Contacts app and found that while apps and any executable code has to have gone through Apple’s startup checks, an SQLite database is not executable.

Basically, it sounds like the bug is only available if you specifically remove a key component of Contacts.

Link

News+: Don't Give Money to Ransomware Scammers

Andrew Orr ·

In the latest issue of PCMag, Max Eddy writes that you shouldn’t give money to ransomware attackers when they ask.

First, most cyberattacks—including ransomware—don’t last long. The command and control servers that issue the unlock commands and receive payment can be found and taken offline…In either case, anyone who has been infected and not paid the ransom can no longer get their system unlocked, even if they pay.

This is why keeping several backups is important, one online, one offline. And keep your operating system up to date with the latest security patches and improvements.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

Link

FBI to Monitor Social Media for Domestic Terrorism Threats

Andrew Orr ·

The FBI wants to monitor Facebook, Twitter, and Instagram for domestic terrorism threats in real time.

The FBI ultimately wants an interactive tool that can be accessed by all headquarters division and field office personnel via web browsers and through multiple devices. Interested vendors should have the capabilities to offer the agency the ability to set filters around the specific content they see, send immediate and custom alerts and notifications around “mission-relevant” incidents, have broad international reach and a strong language translation capability and allow for real-time geolocation-based monitoring that can be refined as events develop.

Just ask the NSA.

Link

iOS 13 Has an Important Bluetooth Privacy Feature

Andrew Orr ·

Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).

Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.

Link

Low Credit Score? No Problem, You Could Still Get an Apple Card

Andrew Orr ·

Goldman Sachs is accepting “subprime” applicants for Apple Card, meaning people with a low credit score.

While there is no standard definition for who qualifies as subprime, most fall under a FICO score of 660, and their loans often sour before borrowers with higher credit scores. Ten years ago, big lenders got into trouble when irresponsible loans made to subprime mortgage borrowers defaulted, helping create the worst excesses of the financial crisis.

I think this is great. Apple Card revolves around helping you pay off your credit as soon as possible, and tells you the minimum payment you need for a zero-interest payment. You might still get a high APR, but as long as you don’t carry a balance that won’t affect you. As we head into another school year, Apple Card could be a good choice for college students who may have low credit.

Link

Online Payment Integrations Can Introduce Vulnerabilities

Andrew Orr ·

At Black Hat 2019, researcher Joshua Maddux found that security vulnerabilities can arise when websites add online payment integrations like Apple Pay. To be clear, he says it’s not an issue with Apple Pay itself, but rather how websites add it. And other third-party integrations can be similarly affected.

The flaws fit into a well-known type of vulnerability called “server side request forgery,” which allow attackers to bypass protections like firewalls to directly send commands to web applications. These vulnerabilities pose a real threat, and are regularly exploited in the wild. Most recently, they played a role in last month’s massive Capital One breach. Similarly, flexibility in how a website integrates Apple Pay potentially exposes its own backend infrastructure to unauthorized access.