Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

Examining the Boot Process for M1 Macs

Andrew Orr ·

Howard Oakley recently dove into the boot process for M1 Macs and how it affects booting from an external hard drive.

Unless the user has already changed its default security settings to allow it to start up from an external disk, you’ll have no joy whatsoever. Although this is secure, it’s also more than inconvenient, as the times that you most need your Mac to start up from an external disk are when it’s in trouble with its internal disk, and that’s likely to prevent you from changing its security settings, leaving your Mac dead.

Link

‘Brave’ Browser Adds Support for Crypto Domains

Andrew Orr ·

Brave is the latest browser to partner with Unstoppable Domains, letting users access decentralized crypto websites.

Through this integration, the Brave browser is supporting a decentralized network not part of the traditional Domain Name Service (DNS), which is increasingly susceptible to hijacking, denial-of-service attacks, and phishing attacks. Unstoppable Domains allows users to build and host decentralized websites for a variety of use cases, including creating NFT galleries, video, and file sharing.

Link

IRS Can Seize Your Bitcoin if you Have Unpaid Taxes

Andrew Orr ·

Deputy associate chief counsel Robert Wearing of the IRS said that the agency would seize cryptocurrency assets to settle unpaid taxes.

The perceived authority to seize an asset like bitcoin from the IRS stems from a 2014 notice it issued claiming that “virtual currency is treated as property for Federal income tax purposes.”

But there is still some question as to how the IRS would accurately determine the BTC holdings of taxpayers, let alone compel them to relinquish their bitcoin.

Link

President Biden Signs Order to Improve U.S. Cybersecurity

Andrew Orr ·

After the attack on Colonial Pipeline, President Biden has signed an executive order to improve the nation’s cybersecurity.

The executive order requires IT service providers to share certain breach information with the government, modernizes and implements stronger cybersecurity standards in the federal government, establishes security standards for development of software sold to the government and will create an “energy star” label so that consumers can better determine whether software was developed securely.

Link

Security Researcher Hacks Apple’s ‘Find My’ Network

Andrew Orr ·

Researcher Fabian Bräunlein found that Apple’s Find My location network can be used to “upload arbitrary data to the internet.”

Being inherent to the privacy and security-focused design of the Find My Offline Finding system, it seems unlikely that this misuse can be prevented completely.

Link

CIDA Warns of New Ransomware ‘FiveHands’

Andrew Orr ·

FiveHands has been around since January but was recently used in a successful attack against an unknown organization.

Attackers were targeting unpatched SonicWall Secure Mobile Access SMA 100 remote access products, for which patches were released in February. The publicly available tools the group users including the SoftPerfect Network Scanner for Discovery and Microsoft’s own remote administration program, PsExec.exe and its related ServeManager.exe.

Link

Amazon Data Breach Exposes 200,000 Fake Reviewers

Andrew Orr ·

Security researchers at SafetyDetectives found an insecure ElasticSearch database that potentially uncovers over 200,000 fake Amazon reviewers.

These Amazon vendors send to reviewers a list of items/products for which they would like a 5-star review. The people providing the ‘fake reviews’ will then buy the products, leaving a 5-star review on Amazon a few days after receiving their merchandise.

Upon completion, the provider of the fake review will send a message to the vendor containing a link to their Amazon profile, along with their PayPal details.

Primate Labs Introduces New ‘Geekbench ML’ Measurement App
Cool Stuff Found

Primate Labs Introduces New ‘Geekbench ML’ Measurement App

Andrew Orr ·

Geekbench ML uses computer vision and natural language processing machine learning tests to measure performance. These tests are based on tasks found in real-world machine learning applications. They use industry-standard models, ensuring Geekbench ML results are relevant and applicable to mobile ML application performance. Geekbench ML also integrates with the Geekbench Browser allowing users to upload and share their benchmark results with other users worldwide.

Link

Tor Exit Nodes Were Attacked in February 2021

Andrew Orr ·

A new report from Hacker News says that an unknown attacker managed to control over 27% of Tor exit nodes in February 2021.

“The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level,” an independent security researcher who goes by the name nusenu said in a write-up published on Sunday. “The average exit fraction this entity controlled was above 14% throughout the past 12 months.”

Link

GitHub Adds Support for Security Keys Over SSH

Andrew Orr ·

GitHub announced on Monday that it enabled support for two-factor authentication security keys when members use them over SSH.

When used for SSH operations, security keys move the sensitive part of your SSH key from your computer to a secure external security key. SSH keys that are bound to security keys protect you from accidental private key exposure and malware. You perform a gesture, such as a tap on the security key, to indicate when you intend to use the security key to authenticate. This action provides the notion of “user presence.”