Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

Lazarus Group’s Dacls RAT Affects Macs for the First Time

Andrew Orr ·

Security researcher Patrick Wardle writes that the Lazarus group’s RAT malware has been targeting macOS for the first time. MalwareBytes also published a report (and the source of my quote below). It was found to be distributed with a two-factor authentication app called MinaOTP, commonly used by Chinese users.

We believe this Mac variant of the Dcals RAT is associated with the Lazarus group, also known as Hidden Cobra and APT 38, an infamous North Korean threat actor performing cyber espionage and cyber-crime operations since 2009.

The group is known to be one of the most sophisticated actors, capable of making custom malware to target different platforms. The discovery of this Mac RAT shows that this APT group is constantly developing its malware toolset.

The conclusion I’m drawing is that it’s unlikely to affect most Mac users.

Link

Spotify CEO Says Apple Will Open its Platform More

Andrew Orr ·

In an interview with Bloomberg TV, Spotify CEO Daniel Ek says he expects Apple to open its platform more to third party services.

“Long term, we do expect Apple to open up,” Ek said in an interview with Bloomberg TV that aired on Tuesday. Spotify has criticized Apple for taking a 30% cut of subscriptions and accused it of limiting app updates and preventing functionality on the Apple Watch and Siri.

Spotify will only be satisfied with the cancellation of Apple Music and the preinstallation of its app on iOS. But that still wouldn’t change the fact that it doesn’t pay artists a fair wage.

Link

Hacker Bribed Roblox Insider to Access Kids’ Data

Andrew Orr ·

Motherboard reports that a hacker had bribed a Roblox insider to access the data of over 100 million users.

“I did this only to prove a point to them,” the hacker told Motherboard in an online chat. Motherboard granted the hacker anonymity to speak more candidly about a criminal incident.

Beyond just viewing user data, the hacker was able to reset passwords and change user data too […] The hacker said they changed the password for two accounts and sold their items. One of the screenshots appears to show the successful change of two-factor authentication settings […]

Proving a point my a**. This person tried to claim a bug bounty from Roblox. They denied it because he/she acted “more maliciously than a legitimate security researcher.” He messed with the accounts after denial, so his point was revenge.

Update: A Roblox spokesperson informed me that only a small amount of customers were affected, not 100 million, and immediate action was taken to address the issue. Additionally, it was a Roblox insider and not an employee.

Link

Firefox 76 Improves Built-In Password Manager

Andrew Orr ·

Mozilla released Firefox 76 today, bringing improvements to the browser’s Lockwise password manager. It also gives Mac users picture-in-picture functionality.

Firefox Lockwise will require a device’s account password before allowing a saved password to be copied, and it will let users know if a website breach has occurred that compromises a login and password.

It also provides an alert for vulnerable passwords, which are passwords used for more than one site. The password generating feature that creates random passwords has also been rolled out to more sites.

That’s great to know. I had no idea Firefox had a built-in PM.

Edison Mail Arrives in the Mac App Store
Cool Stuff Found

Edison Mail Arrives in the Mac App Store

Andrew Orr ·

Popular iOS email app Edison has arrived to the Mac App Store. It brings features like a Focused Inbox, Today Folder, and notification muting, as well as analyzing user email for research and e-commerce trends. The company announced it in a blog post:

We’ve been working night and day to ensure that the Edison Mac app experience is incredible for all our consumers. Available for Yahoo, Gmail, Outlook accounts, and more, Edison offers a universal inbox that keeps all emails from multiple accounts in a single place. This means no more jumping from inbox to inbox in order to see messages in your different accounts.

Mac App Store: Edison Mail – Free

Link

France Claims Apple is Undermining its COVID App Efforts

Andrew Orr ·

On Tuesday the French government accused Apple of undermining its efforts with its contact tracing app “StopCovid.”

Apple’s iPhones normally block access to Bluetooth unless the user is actively running an app. French officials want Apple to change the settings to let their app access Bluetooth in the background, so it is always on. So far, they say, Apple has refused.

O, the French minister, said he could not explain the reasoning behind Apple’s decision on Bluetooth. “We consider that oversight of the healthcare system, fighting the coronavirus, is a matter for governments and not necessarily for big American companies,” he said.

As we pointed out on our Daily Observations podcast, most people aren’t going to care about the privacy aspects of these apps. But they will care about battery life, and apps like these constantly using Bluetooth in the background will undoubtedly be a factor, Bluetooth Low Energy or not.

Link

This Pandemic Gives More Power to Big Tech

Andrew Orr ·

Kara Swisher wrote for The New York Times about how this pandemic will put even more power into the collective hands of Big Tech companies.

Now, as we turn to the healthy companies to help us revive the economy, it could be that the only ones with real immunity are the tech giants. In this way, Covid-19 has accelerated their rise and tightened their grip on our lives. And this consolidation of power, combined with Big Tech’s control of data, automation, robotics, artificial intelligence, media, advertising, retail and even autonomous tech, is daunting.

This has been my fear as well. What happens to all the small businesses unable to loans from the government and money from customers? They get swallowed by delivery apps, whether it’s for groceries, alcohol, or other goods.

Link

You Can Now Lock Google Drive on iOS With Face ID, Touch ID

Andrew Orr ·

Today Google updated Google Drive on iOS with a feature called Privacy Screen. It lets you lock the app with Face ID and Touch ID. Digital Trends notes:

The feature is activated each time you close the Drive app and reopen it and also locks files if you switch between Google Drive and another app, according to a Google spokesperson. You’ll have the option to turn this feature on and adjust its timing in Drive settings.

I personally would like Apple to let us lock every app with Face ID / Touch ID. Apps can clearly do this by themselves, but having it “baked” into the operating system is ideal.

App Store: Google Drive – Free

Link

Backblaze S3 Compatible APIs are Here for B2 Cloud Storage

Andrew Orr ·

Today Backblaze announced it supports S3 compatible APIs for its B2 cloud storage service. This means that developers and software companies can use Backblaze storage without having to rewrite code or change their workflows.

Official Launch Partners: Cinnafilm, IBM Aspera, Igneous, LucidLink, Marquis, Masstech, Primestream, Quantum, Scale Logic, Storage Made Easy, Studio Network Solutions, Veeam, Venera, Vidispine, Xendata. These companies join a list of more than 100 other software, hardware, and cloud companies already offering Backblaze B2 to support their customers’ cloud storage needs.

Link

Senators Introduce COVID-19 Consumer Data Protection Act

Andrew Orr ·

Today a group of Republican senators announced plans to introduce the COVID-19 Consumer Data Protection Act.

The legislation would provide all Americans with more transparency, choice, and control over the collection and use of their personal health, geolocation, and proximity data. The bill would also hold businesses accountable to consumers if they use personal data to fight the COVID-19 pandemic.

A good move, I think. We need thoughtful legislation passed to preempt the contact tracing train.

Link

SteamVR Drops Support for Mac Customers

Andrew Orr ·

Steam announced today that SteamVR is dropping support for macOS so the team can focus on Windows and Linux.

We recommend that macOS users continue to opt into the SteamVR [macos]branches for access to legacy builds.

Users can opt into a branch by right-clicking on SteamVR in Steam, and selecting Properties… -> Betas.

SteamVR first came to the Mac in 2017 when Apple added support for external GPUs. They’re most likely reacting to a lack of interest on the part of users and a lack of commitment on Apple’s part.

Link

The ORG Domain Won’t Be Sold to a Private Entity After All

Andrew Orr ·

The board of the Internet Association for Assigned Names and Numbers (ICAAN) has rejected the sale of the Public Interest Registry to private equity firm Ethos.

Since 2003, PIR has operated the .ORG generic top-level domain (gTLD) as a not-for-profit organization, as well as six other gTLDs. Per the gTLD Registry Agreements, ICANN must either approve or withhold consent of a proposed change of control, the deadline for which is 4 May 2020.

After completing its evaluation, the ICANN Board finds that the public interest is better served in withholding consent as a result of various factors that create unacceptable uncertainty over the future of the third largest gTLD registry.

Good news for public organizations with .ORG websites. We don’t need another private company jacking up prices.

Link

Get a Raspberry Pi Camera With This New $50 Product

Andrew Orr ·

The Raspberry Pi Foundation announced a camera board built around a 12MP Sony IMX477 sensor, and it supports interchangeable lenses.

The High Quality Camera is compatible with almost all Raspberry Pi models, from the original Raspberry Pi 1 Model B onward. Some very early Raspberry Pi Zero boards from the start of 2016 lack a camera connector, and other Zero users will need the same adapter FPC that is used with Camera Module v2.