Andrew Orr's photo

Andrew Orr

Since 2015 Andrew has been writing about Apple, privacy, security, and at one point even Android. You can find him most places online under the username @andrewornot.

Get In Touch:

CorelDRAW Graphics Suite Adds iPad App, M1 Support

Graphics suite CorelDRAW has added support for M1 Macs and created a brand-new iPad app. Built to take advantage of the power of Apple silicon, the team’s testing showed dramatic performance boosts on these new systems. When comparing a variety of common tasks on a MacBook Air 2019 (Intel chip) vs a Macbook Air 2020 with M1, across the board, most scenarios showed a minimum 2x speed improvement on the M1 system. Some tests were dramatically higher, including an image resampling scenario that produced speed results more than 20x faster.

Comparing Privacy Policies: Clubhouse Versus Twitter

Clubhouse and Twitter Spaces are the newest entries to the audio space, but they both do different things with your data. Matt Binder examined their privacy policies.

The two platforms’ approaches to data storage really speak to a major difference in their intended uses. It seems Twitter users will be able to Spaces for more permanent content that they can repurpose for other platforms and mediums; whereas Clubhouse rooms will live strictly in the moment.

I don’t want to spoil the article but it sounds like Clubhouse audio recordings are more ephemeral.

iPhone ‘Call Recorder’ App Leaked User Conversations

An iPhone app called Call Recorder lets users record their phone call conversations. But a recently discovered bug leaked those calls.

But using a readily available proxy tool like Burp Suite, Prakash could view and modify the network traffic going in and out of the app. That meant he could replace his phone number registered with the app with the phone number of another app user, and access their recordings on his phone.

A new version of the app was submitted to Apple’s app store on Saturday. The release notes said the app update was to “patch a security report.”

Cryptee Adds DOCX Support for File Editing

Hot on the heels of its big 3.0 update, the next announcement for Cryptee is support for DOCX uploading and editing. You can also export documents as DOCX, making Cryptee a viable cloud-based private alternative to Microsoft Word and Google Docs. However, there is an extra security bonus to Cryptee:

A little known fact about docx files is that, due to the fact that they support macros, and other ways to execute code in them, they are commonly used by malicious third parties to distribute and spread malware viruses. Cryptee does not run / execute macros while opening docx files, allowing you to open / edit / save DOCX files safely, without having to worry about your computer getting infected.

Mac App Electrum Wallet With Backdoor Spotted in Wild

An Electrum wallet with a backdoor has been spotted in the wild by ConfiantIntel. They noticed that it’s another example of a piece of malware notarized by Apple. Link to tweet thread below.

These fake wallets were introduced during a Malvertising attack our security team discovered early this week, involving the hacking of a Major SSP. The hackers redirected the victims to https://electrum-4.github[.]io/ asking them to install an update of the electrum wallet.

In a separate tweet, it looks like one of Patrick Wardle’s tools can detect it.

Microsoft Adds M1 Support to Visual Studio Code

Microsoft announced on Friday support for M1 Macs for its Visual Studio Code software.

We are happy to announce our first release of stable Apple Silicon builds this iteration. Users on Macs with M1 chips can now use VS Code without emulation with Rosetta, and will notice better performance and longer battery life when running VS Code. Thanks to the community for self-hosting with the Insiders build and reporting issues early in the iteration.

Satechi Releases USB-C Multi-Port Adapter

Satechi announced on Thursday the launch of a USB-C multi-port dock. It has USB-C PD charging, HDMI and VGA display ports, USB-A data ports, SD card slots, and Gigabit Ethernet, with two detachable USB-C cables – perfect for on-the-go or docked at your desk. Compatible devices include: 2020/2019/2018/2017/2016 MacBook Pro, 2020/2018 MacBook Air, 2020/2018 iPad Pro, 2019/2017 iMac, iMac Pro, 2015/2016/2017 MacBook, Microsoft Surface Laptop 3/Surface Pro 7/Go, Google PixelBook Go, ChromeBook, Samsung Galaxy Tab Pro S, HP Spectre Convertible, Razer Blade, Huawei Matebook and more USB-C devices. It costs US$99.99 but with the code MULTIPORT20 you can get 20% off. Valid until March 15.

47,000 iOS Apps Have Misconfigured Cloud Servers

Researchers at Zimperium analyzed 1.3 million Android and iOS apps to detect common cloud misconfigurations. They found that nearly 84,000 Android apps and 47,000 iOS apps have errors.

The researchers found almost 84,000 Android apps and nearly 47,000 iOS apps using public cloud services—like Amazon Web Services, Google Cloud, or Microsoft Azure—in their backend as opposed to running their own servers. Of those, the researchers found misconfigurations in 14 percent of those totals—11,877 Android apps and 6,608 iOS apps—exposing users’ personal information, passwords, and even medical information.

Google Reveals Plan to End Third-Party Cookies

Google wrote a post updating its plans for its Privacy Sandbox project. Its goal is to make third-party cookies obsolete.

we are confident that with continued iteration and feedback, privacy-preserving and open-standard mechanisms like the Privacy Sandbox can sustain a healthy, ad-supported web in a way that will render third-party cookies obsolete.

Once these approaches have addressed the needs of users, publishers, and advertisers, and we have developed the tools to mitigate workarounds, we plan to phase out support for third-party cookies in Chrome.

I don’t know what the new “open standards” will be, but I’m definitely skeptical given the nature of Google’s advertising business. Will there be a new first-party tracking technique? Update: Here’s why the EFF thinks it’s a terrible idea.

AWS Announces Ethereum on Amazon Managed Blockchain

Amazon Web Services announced on Wednesday the general availability of Ethereum on Amazon Managed Blockchain.

With Amazon Managed Blockchain, customers get secure networking, encryption at rest and transport, secure access to the network via standard open-source Ethereum APIs, fast and reliable syncs to the Ethereum blockchain, and durable elastic storage for ledger data. Amazon Managed Blockchain monitors node health, replaces unhealthy nodes, and automates Ethereum software upgrades, improving the availability of customers’ Ethereum infrastructure.

Brave Prepares to Launch the Brave Search Engine

Private browser Brave is getting ready to launch its own branded search engine with its acquisition of Cliqz.

The former Cliqz dev team, who had subsequently been working on Tailcat, are moving to Brave as part of the acquisition. The engineering team is led by Dr Josep M Pujol — who is quoted in Brave’s PR saying it’s “excited to be working on the only real private search/browser alternative to Big Tech”.

Interesting move, and I look forward to more private search engines.