Link

New Zoom Bug Can Be Used to Steal Passwords, Access Your Webcam, Microphone

Andrew Orr ·

Security researcher Patrick Wardle disclosed two Zoom bugs today. They can be used to steal Windows passwords and access your webcam and microphone. They do however require physical access to the machine.

In this blog post, we’ll start by briefly looking at recent security and privacy flaws that affected Zoom. Following this, we’ll transition into discussing several new security issues that affect the latest version of Zoom’s macOS client.

At this point, Zoom should just rewrite its software completely.

Link

OpenWRT is Vulnerable to Remote Code Execution Attacks

Andrew Orr ·

For three years, router firmware OpenWRT has been vulnerable to remote code execution attacks.

The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.

This is especially concerning because OpenWRT is commonly recommend by privacy advocates as an alternative to built-in proprietary router firmware.

Link

SiriusXM Premier is Free Through May 15

Andrew Orr ·

Announced by Howard Stern, Sirius XM is giving people free access to Premier content through May 15, starting today.

Listeners will have free access to more than 300 channels of dynamic programming, featuring the acclaimed The Howard Stern Show , hundreds of exclusive ad-free music channels, and vital news and information sources.  SiriusXM is also adding entirely new curated content, and bringing back some beloved music channels by top artists.

Link

Zoom Meetings Aren’t Encrypted End-to-End, Despite Marketing

Andrew Orr ·

Along with recent news that Zoom sent your data to Facebook (although it stopped) now we learn that its video calls don’t use end-to-end encryption, despite the company marketing it as such.

…But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below.

It just keeps getting worse for Zoom. It’s unfortunate the company has chosen such tactics, because it really is one of the better video calling apps out there.

Link

Marriott Hit by Second Data Breach Affecting up to 5.2M People

Andrew Orr ·

Hotel chain Marriott International has suffered a second data breach, exposing the personal data of up to 5.2 million guests.

The breach, which began in mid-January 2020 and was discovered at the end of February 2020, saw contact details, including names, addresses, birth dates, gender, email addresses and telephone numbers exposed. Employer name, gender, room stay preferences and loyalty account numbers were also exposed.

Marriott has also said that at present it does not believe passports, payment details or passwords were exposed in the data breach.

It sounds like login credentials of two employees were stolen, likely through a social engineering attack.

Link

Russia Postponing Introduction of Rules Forcing iPhones to Have State-Approved Apps

Charlotte Henry ·

Russia has postponed the introduction of new legislation that required devices, including iPhones, to have state-approved apps pre-installed. AppleInsider reported that this is likely due to the current coronavirus outbreak. The legislation is now slated to come into force on January 31, 2021.

“When we buy complex electronic devices, they already have individual applications, mostly Western ones, pre-installed on them,” co-author of Russia’s legislation, Oleg Nikolayev said at the time. “Naturally, when a person sees them, they might think that there are no domestic alternatives available. And if, alongside pre-installed applications, we will also offer the Russian ones to users, then they will have a right to choose.”

Link

Key Apple Supplier Raising $200 Million From Unknown 'Customer'

Charlotte Henry ·

A key Apple supplier, Japan Display, has raised $200 million from a “customer”, Reuters reported.  There is speculation that the unknown source of cash was, in fact, Apple itself.

The $200 [sic] fund will come in the form of the customer purchasing equipment at Japan Display’s main smartphone screen factory in central Japan, the company said in a statement. As Japan Display owed Apple more than $800 million as of last year for the $1.5 billion cost of building the plant, the fund to be raised would be used for repayment, the sources have said.

Podcast

TMO UK Associate Editor Charlotte Henry (#5) - TMO BGM Interview

John Martellaro · · Add Comment

Charlotte Henry is a London-based technical journalist. A self-described media junkie, she writes about Apple — and now for the Mac Observer as well as our UK Associate Editor. She has also written for City A.M., Computer Business Review, the Independent on Sunday and CapX. Her new book is: Not Buying It.

In this episode, Charlotte and I discuss the impact of COVID-19 on the TV entertainment and streaming industry. We look at the diversion of theatrical releases to streaming, whether indoor theaters will ever return to normal, possible changes to production methods, throttling of streaming speeds, a possible return to more feel-good movies, the impact on binge watching, series vs. movie watching during lock-down, and Charlotte’s reaction to Disney+. Plus, John reveals a very personal secret!

Cool Stuff Found

Apple Posts Video for Upcoming Series ‘Trying’

Andrew Orr ·

Apple uploaded a trailer for an upcoming British comedy series on Apple TV+ called Trying. It will be available to stream Friday, May 1. It co-stars BAFTA award winner Imelda Staunton, Ophelia Lovibond, and Oliver Chris. It was written by Andy Wolton.

All Nikki (Esther Smith) and Jason (Rafe Spall) want is a baby—but it’s the one thing they just can’t have. How are they going to fill the next 50 years if they can’t start a family? They already went through The Sopranos in a weekend. After ruling out every other option, Nikki and Jason decide to adopt and are confronted by a world of bewildering new challenges. With their dysfunctional friends, screwball family, and chaotic lives, will the adoption panel agree that they’re ready to be parents?

Cool Stuff Found

Apple TV+ British Comedy 'Trying' Arriving May 1

Charlotte Henry ·

The trailer for Apple TV+ show Trying has arrived. It tells the tale of a British couple who look to adopt a child after they are unable to conceive. They need to grow up themselves though before they can look after a child. It’s a rather dark comedy and does actually seem pretty good – not that I’m biased, give it’s the first UK show! All episodes will arrive on May 1.

Link

Perhaps Apple Shouldn't Release an iPhone in 2020

Charlotte Henry ·

People have been speculating for a while about what the coronavirus outbreak means for global supply chains, not least Apple’s. It is all based on the assumption there has to be an iPhone in 2020. Over on iMore Bryan M. Wolfe says there doesn’t. It’s a view I’m increasingly sympathetic with – the world is in turmoil, does Apple really want to be waving shiny new devices around right now?

There’s nothing wrong with the iPhone 11. More importantly, with unemployment rising, now is not the best time for the company to release a new device intended for the masses. Instead, the company should use its first online WWDC conference to announce splashy updates for iOS, iPadOS, and other systems. Then, when this crisis (finally) ebbs, Apple should launch the iPhone 12 in 2021. I understand Apple just released a new iPad Pro. However, the line hadn’t been updated in nearly two years, so a refresh was justified. Same too for the 2020 MacBook Air, which includes the company’s well-received new Backlit Magic Keyboard.