Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

Articles by Andrew Orr

Link

iPhone Accessory Maker Gamevice Wants to Ban Nintendo Switch From US

Andrew Orr ·

Gamevice makes game controllers for iPhones, and believes that the Nintendo Switch infringes on its design.

This is a new complaint, separate from another against Nintendo that Gamevice is now appealing after the Patent Trial and Appeal Board ruled in Nintendo’s favor. In that case, Nintendo was accused of infringing 19 Gamevice patents.

Nintendo will be hoping that the ITC dismisses Gamevice’s latest suit before it ends up in another lengthy legal battle. But if Gamevice had its way, Nintendo would not be allowed to import and sell the Switch in the U.S.

I always wonder what goes through company minds in cases like these. Does Gamevice think that people will magically flock to its products if the Switch gets banned? Because that definitely won’t happen.

Link

WireGuard VPN Gets Added to the Next Linux Kernel

Andrew Orr ·

I briefly mentioned WireGuard when I wrote of Cloudflare’s WARP beta. I think it’s something to add to your technology watch lists. It’s just not any old VPN app, it’s a VPN protocol that could very well replace current protocols like IPsec and OpenVPN, or at least be offered as an alternative. You can read the technical whitepaper here [PDF], along with this write up from Ars Technica.

WireGuard will now operate as either a Loadable Kernel Module (LKM) or built statically into the kernel itself. But whether static or loadable, it will be “in-tree”—which means it’s provided ready to go with the vanilla kernel itself, with no need for repackaging by the various distros. This puts it on the same footing as other supported drivers.

Link

Tile: Apple’s Anticompetitive Behavior Has Gotten Worse

Andrew Orr ·

On Wednesday, Tile told a congressional panel that Apple didn’t live up to its promises to resolve a dispute between the two companies.

Tile had objected to Apple requiring its users to repeatedly agree to allow Tile to operate in the background, which is crucial to Tile’s service…Tile also said that there were indications that Apple planned to update its Find My product, adding hardware, so it would be a competitor to Tile.

Those are Tile’s two arguments. One – They’re mad that Apple cracked down on apps collecting location data in the background. No sympathy there from me. Two – Apple allegedly plans to compete with Tile with its own hardware Bluetooth device, rumored “AirTag.” Tile is acting as if Apple specifically aimed its location crackdown at them, to set itself up for AirTag, but I’m not sure if that’s right. Tile certainly wasn’t the only one doing that.

Link

New Zoom Bug Can Be Used to Steal Passwords, Access Your Webcam, Microphone

Andrew Orr ·

Security researcher Patrick Wardle disclosed two Zoom bugs today. They can be used to steal Windows passwords and access your webcam and microphone. They do however require physical access to the machine.

In this blog post, we’ll start by briefly looking at recent security and privacy flaws that affected Zoom. Following this, we’ll transition into discussing several new security issues that affect the latest version of Zoom’s macOS client.

At this point, Zoom should just rewrite its software completely.

Link

OpenWRT is Vulnerable to Remote Code Execution Attacks

Andrew Orr ·

For three years, router firmware OpenWRT has been vulnerable to remote code execution attacks.

The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.

This is especially concerning because OpenWRT is commonly recommend by privacy advocates as an alternative to built-in proprietary router firmware.

Link

SiriusXM Premier is Free Through May 15

Andrew Orr ·

Announced by Howard Stern, Sirius XM is giving people free access to Premier content through May 15, starting today.

Listeners will have free access to more than 300 channels of dynamic programming, featuring the acclaimed The Howard Stern Show , hundreds of exclusive ad-free music channels, and vital news and information sources.  SiriusXM is also adding entirely new curated content, and bringing back some beloved music channels by top artists.

Link

Zoom Meetings Aren’t Encrypted End-to-End, Despite Marketing

Andrew Orr ·

Along with recent news that Zoom sent your data to Facebook (although it stopped) now we learn that its video calls don’t use end-to-end encryption, despite the company marketing it as such.

…But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below.

It just keeps getting worse for Zoom. It’s unfortunate the company has chosen such tactics, because it really is one of the better video calling apps out there.

Link

Marriott Hit by Second Data Breach Affecting up to 5.2M People

Andrew Orr ·

Hotel chain Marriott International has suffered a second data breach, exposing the personal data of up to 5.2 million guests.

The breach, which began in mid-January 2020 and was discovered at the end of February 2020, saw contact details, including names, addresses, birth dates, gender, email addresses and telephone numbers exposed. Employer name, gender, room stay preferences and loyalty account numbers were also exposed.

Marriott has also said that at present it does not believe passports, payment details or passwords were exposed in the data breach.

It sounds like login credentials of two employees were stolen, likely through a social engineering attack.

Cool Stuff Found

Apple Posts Video for Upcoming Series ‘Trying’

Andrew Orr ·

Apple uploaded a trailer for an upcoming British comedy series on Apple TV+ called Trying. It will be available to stream Friday, May 1. It co-stars BAFTA award winner Imelda Staunton, Ophelia Lovibond, and Oliver Chris. It was written by Andy Wolton.

All Nikki (Esther Smith) and Jason (Rafe Spall) want is a baby—but it’s the one thing they just can’t have. How are they going to fill the next 50 years if they can’t start a family? They already went through The Sopranos in a weekend. After ruling out every other option, Nikki and Jason decide to adopt and are confronted by a world of bewildering new challenges. With their dysfunctional friends, screwball family, and chaotic lives, will the adoption panel agree that they’re ready to be parents?

Link

Photographer Claims Apple Copied his Photo in Apple TV+ Show

Andrew Orr ·

Adrian Murphy writes that Apple copied his photo of two kids looking into a glowing chest, a visual that can be seen in Amazing Stories on Apple TV+.

To me, this is flagrant copyright infringement and is using my intellectual property to derive visual elements for one of the most viewed portions of their entire series… the intro that plays before every episode. I’m flattered by the obvious imitation, but I’m also disappointed by the obvious theft.

The scene does look visually similar to Mr. Murphy’s photo. I wonder if he will legally pursue this.

Link

Saudi Spies Use Network Flaws to Track Citizens in US

Andrew Orr ·

A report today reveals that Saudi Arabia uses flaws in telecom networks to track its citizens as they move through the U.S.

The data shows requests for mobile phone location data that were routed through the decades-old SS7 global messaging system, which allows mobile operators to connect users around the world…The SS7 system also enables tracking of phones, which has been a cause for concern by security experts. When a US carrier – such as Verizon, T-Mobile or AT&T – receives what is known as a Provide Subscriber Information SS7 message (or PSI) from a foreign mobile phone operator, they are getting, in effect, a tracking request.

Also included in the report: Senator Ron Wyden says the FCC knew about these flaws and failed to act, blaming FCC chairman Ajit Pai.