Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

Williston, North Dakota Adds Cryptocurrency ATM to Airport

Andrew Orr ·

The City of Williston announced the addition of a cryptocurrency ATM at Williston Basin International Airport. It supports over 40 coins such as Bitcoin, Dogecoin, Ether, Cardano, and more.

The City of Williston does not act as the fund custodian or manage any crypto transactions. Purchases and withdrawals are handled by the DCM operator, Coin Cloud. This marks the first government-hosted cryptocurrency kiosk and the first Coin Cloud installation in an airport. The DCM is located before security on the first level near the rental car offices and the baggage carousel.

Link

Musicians Call for Concert Venues to Drop Amazon Palm Scanning Technology

Andrew Orr ·

Musicians and activist groups are calling on Red Rocks Amphitheatre to stop its rollout of Amazon’s palm scanning tech.

The letter contributors are worried Amazon might send palm data to government agencies hoping to track activists and marginalized people, particularly in light of its past collaborations with police. They’re also concerned thieves might steal info from the cloud, and see AEG as inconsistent after it condemned the use of facial recognition in 2019.

Link

US Issues Joint Advisory Warning Companies of Iranian Ransomware

Andrew Orr ·

In a joint advisory issued on Wednesday, the U.S. is warning that Iranian state-backed hackers are targeting infrastructure companies with ransomware.

The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors.

Link

Snapchat Adds Memories and Explore Layers to Snap Map

Andrew Orr ·

Snapchat has added two layers to the Snap Map for users called Memories and Explore. Announced earlier this year, Layers bring more interactivity to the Map.

Now, the Memories layer will show you old Snapchats that you sent from particular places. Memories are private and only available to the individual user — you can’t see friends’ memories.

The Explore layer reimagines the heat map, which shows activity by relative volume on the Snap Map. You can tap on highlighted regions to see public photos and videos submitted by Snapchat users around the world.

New App ‘Macro by Camera+’ Aims to Compete With iPhone 13 Pro
Cool Stuff Found

New App 'Macro by Camera+' Aims to Compete With iPhone 13 Pro

Andrew Orr ·

LateNiteSoft is well known for apps such as Camera+, and on Thursday revealed its latest app called Macro by Camera+. The goal of Macro by Camera+ is to take the fuss out of taking amazing-looking close-up photos. The app intelligently chooses the best lens for your shot, and gives you just the right tools to make your subject shine. And there’s no hardware envy required: Macro is compatible with any iPhone that can run iOS 15. The controls in Macro by Camera+ are laser focused and powerfully aimed at getting the perfect up-close image in crystal clear focus. It includes manually controlled focus and EV so you can precisely control the focus and brightness of your photo.

Link

FTC Rules That This Favored Tactic by News Media is Illegal

Andrew Orr ·

Some companies, such as news publications, use a “click to subscribe, call to cancel” tactic to discourage customers from cancelling their service. The FTC says this practice is illegal.

But it’s not just hedge fund-owned publishers that have adopted the subscription practices that have caught the government’s attention. Again, most U.S. news organizations don’t give readers an easy way to cancel online. When I checked — more than a week after the FTC announced it planned to crack down on companies who don’t make it easy to cancel — The New York Times still requires me to talk to someone to unsubscribe, either by starting a live chat or by picking up the phone.

A welcome move from the FTC. Currently, my tactic for this is using a disposable card and cancelling it.

Link

GitHub Fixes NPM Bugs That Leaked Private Package Names

Andrew Orr ·

GitHub has fixed several flaws with npm packages that leaked private names and let attackers publish new versions of a package they didn’t have rights to.

The data leak was identified by GitHub on October 26th and by the 29th, all records containing private package names were deleted from the npm’s replication database. Although, GitHub does warn that despite this, the replicate.npmjs.com service is consumed by third parties who may, therefore, continue to retain a copy or “may have replicated the data elsewhere.”

Link

Brave Browser Introduces Native Crypto Wallet Called 'Brave Wallet'

Andrew Orr ·

On Tuesday Brave introduced a native wallet within its browser that doesn’t require an extension called Brave Wallet.

Unlike most crypto wallets, the Brave Wallet does not require extensions; it’s browser-native, reducing security risks and reliance on extra CPU and memory. Users can transact with almost any crypto asset with superior safety and performance, as well as connect with other wallets and Web3 DApps. The Brave Wallet will soon be available on our mobile apps as well.

Cool Stuff Found

Amazon Prime Video Now Available in the Mac App Store

Andrew Orr ·

Starting today, Prime Video is rolling out a native macOS app allowing customers to stream and download Prime Video content on Macs for offline viewing in the app. This includes licensed titles and Amazon Originals such as, The Tomorrow War, Coming 2 America, The Boys, The Marvelous Mrs. Maisel and The Wheel of Time (premiering Nov 19). Prime Video customers worldwide with Big Sur 11.4 and above can download the app for free on the Mac App Store. The Prime Video macOS app streaming experience will also include: Picture-in-Picture (allows viewers to play video content in a resizable floating window that isn’t blocked by other windows), Search/browse functionality, In-app transactions (TVOD purchases/rentals), Amazon’s growing line-up of live sports globally, including Thursday Night Football and the English Premier League (where available).

Link

New 'BotenaGo' Targets Routers and Smart Home Devices in Devastating Attack

Andrew Orr ·

AT&T Alien Labs discovered malware it dubs BotenaGo. It affects millions of routers and Internet of Things devices found with smart homes. The “devastating” part comes from the fact that it uses over 30 separate exploits due to insecure devices.

The BotenaGo malware starts by initializing global infection counters that will be printed to the screen, informing the hacker about total successful infections. It then looks for the ‘dlrs’ folder in which to load shell scripts files. A loaded script will be concatenated as ‘echo -ne %s >> ‘. If the ‘dlrs’ folder is missing, the malware will stop and exit at this point. For the last and most important preparation, the malware calls the function ‘scannerInitExploits’, which initiates the malware attack surface by mapping all offensive functions with its relevant string that represent the targeted system.

Link

Researchers Uncover Serious Flaws Within DRAM Chips

Andrew Orr ·

ETH Zurich reports that researchers from the Vrije Uni­versiteit Am­s­ter­dam and Qual­comm Tech­no­lo­gies found flaws within DRAM chips. The article I’m linking to is more of an announcement; ETH Zurich tells me the full results will be presented at IEEE in 2022.

It means that by re­peatedly ac­tiv­at­ing – or “ham­mer­ing” – a memory row (the “aggressor”), an at­tacker can in­duce bit er­rors in a neigh­bour­ing row, also called the “victim” row. That bit er­ror can then, in prin­ciple, be ex­ploited to gain ac­cess to re­stric­ted areas in­side the com­puter sys­tem – without re­ly­ing on any soft­ware vul­ner­ab­il­ity.