The Prosecco Experience – This Week in Tech 691

Apple’s new Macs and iPads, CIA’s not-so-secret websites, Twitter voter suppression, and more.
— Apple announces new MacBook Air and Mac Mini, then blows them both away with its new iPad Pro.
— Apple will no longer tell us how many iPhones it sells.
— How to kill an iPhone with a balloon.
— Iran unmasks dozens of CIA agents with a Google search.
— Google employees stage walkout over sexual harassment
— Amazon exec mad at Washington Post for leaking new headquarters location.
— Facebook targets ads at “White Genocide Conspiracy Theorists.”
— Voter suppression on Twitter, and IRL in Georgia.
— Passcodes are officially protected by the fifth amendment (at least in Florida, and only in some cases).
— Senator proposes a bill that would jail tech CEOs for misusing consumer data.
— FCC says community broadband is an “ominous threat to the first amendment.”

Host: Leo Laporte Guests: Brian McCullough, Iain Thomson, Mike Elgan

This Week in Tech 610: Zombie Shopping Malls

United “overbooking”: what’s the real story? A murder streamed on Facebook Live. Apple sues Qualcomm, Qualcom sues Apple right back. Windows 10 Creators Update is here – are you excited for 3D Paint? The internet Archive emulates early Macs. Princeton creates an unblockable ad blocker. Nintendo stops selling the NES Classic – why? The death of the American mall.

Macs can be remotely infected with firmware malware that remains after reformatting

When companies claim their products are unhackable or invulnerable, it must be like waving a red flag in front of bulls as it practically dares security researchers to prove otherwise. Apple previously claimed that Macs were not vulnerable to the same firmware flaws that could backdoor PCs, so researchers proved they could remotely infect Macs with a firmware worm that is so tough to detect and to get rid of that they suggested it presents a toss your Mac in the trash situation.

Corey Kallenberg, Xeno Kovah and Trammell Hudson will present “Thunderstrike 2: Sith Strike” at Black Hat USA on August 6. “Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform,” they wrote in the description of their talk. “Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Macs are in fact vulnerable to many of the software-only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of.”

The researchers previously used LightEater when they presented “How Many Million BIOSes Would you Like to Infect?” After they revealed that about 80 percent of PCs have firmware vulnerabilities, Apple claimed Macs did not. But Kovah said that’s not true; he told Wired, “It turns out almost all of the attacks we found on PCs are also applicable to Macs.” In fact, the researchers said five of the six vulnerabilities studied affect Mac firmware.

Firmware runs when you first boot a machine; it launches the operating system. For Apple computers, the firmware is called the extensible firmware interface (EFI). Most people believe Apple products are superior when it comes to security, but the researchers want to “make it clear that any time you hear about EFI firmware attacks, it’s pretty much all x86 [computers].” Attackers need only a few seconds to remotely infect Mac firmware. Macs infected with Thunderstrike 2 would remain infected even if a user were to wipe the hard drive and reinstall the OS, as that doesn’t fix a firmware infection.

Read More: Macs can be remotely infected with firmware malware that remains after reformatting | PCWorld.

Apple likely to launch Mac OS X Mavericks in late October

Apple is widely expected to release OS X 10.9 Mavericks at the end of October. Anonymous sources indicate Cupertino will more than likely stick with tradition and launch the software the day after their fourth quarter earnings announcement.
The company first unveiled Mavericks during their annual developers conference back in June. A preview version of the non-cat-named software was given to developers with the promise of a general release coming sometime this fall.
Chief among the changes in Mavericks are finder tabs and enhanced multiple display support. As the name suggests, finder tabs is a browser-like tabbed environment designed to replace the multiple finder window. From here you can drag and drop between tabs and even expand it to full screen.
Multiple display support, meanwhile, brings the operating system up to level standards with Windows. Craig Federighi, Apple’s senior vice president of software engineering, said during the presentation at WWDC that users will now be able to access menus across multiple displays and activity on one monitor won’t mess with activity on another.
Elsewhere, the software is said to feature reduced power state transitions that cut down on CPU activity by up to 72 percent. It’s also capable of compressing inactive memory to free it up for other applications. Overall, Mavericks is said to include more than 200 improvements.
The most recent update to OS X came in the form of Mountain Lion back in July 2012.
via Apple likely to launch Mac OS X Mavericks in late October – TechSpot.

Tim Cook confirms: Apple spending $100 million to build new Macs in Texas

Tim Cook confirms: Apple spending 0 million to build new Macs in Texas | Ars Technica

Last week, we learned that Apple was looking to devote about $100 million to bring the manufacturing of one of its Mac product lines back to the United States. At yesterday’s Senate hearings on the company’s untaxed overseas pile of cash, Apple CEO Tim Cook confirmed that the new Mac would be manufactured in Texas. The computer will also “include components made in Illinois and Florida and rely on equipment produced in Kentucky and Michigan.”
Moving away from solid facts and into informed speculation, AllThingsD notes that longtime Apple manufacturing partner Foxconn has facilities in Texas that may be used to build the new Mac. Apple is also building a campus in Austin, Texas, indicating that the company may continue to expand in the state. The new Mac is likely to be an updated version of one of Apple’s existing product lines—a new MacBook Air refresh looks possible for the company’s Worldwide Developer Conference next month—but we don’t know which just yet.
If Apple were to move production of any of its product lines back into the country’s borders, it makes sense to start with Macs—they still sell well, but compared to the iPhone and iPad they make up a relatively small portion of Apple’s sales, and Apple has less to lose if there are hiccups. The company has been testing the waters with domestic production since at least the launch of the 2012 iMac. Some of these computers (including our 21.5-inch review unit but not our 27-inch review unit) are (or were) already being made domestically, most likely nearer to Apple’s California headquarters.
via Tim Cook confirms: Apple spending $100 million to build new Macs in Texas | Ars Technica.

New Mac virus skirts Gatekeeper, initiates creepy reverse-shell connection

A new trojan virus is targeting computers running Mac OS X and initiating an encrypted reverse-shell connection, allowing attackers potentially unfettered access to infected machines armed with basic, inbound-only firewalls. Security firm Intego appears to be the first to report on this malware and has named the backdoor virus “Pintsized”.
As of 10.7 (Lion), Mac OS X employs an anti-malware feature named “Gatekeeper” which helps deflect the “installation” of malware by utilizing what is essentially a digital signature system. It appears Pintsized has the capability to defeat this security mechanism, although exactly how it does so remains unknown. Although Gatekeeper is enabled by default, it’s worth noting it can also be disabled. Under normal circumstances, users who disable Gatekeeper would be afforded no protection against these types of attacks.
Once Pintsized is in, it phones home to hackers via an encrypted OpenSSH connection. Because the infected computer initiates the bi-lateral connection and not the remote server, Pintsized is able to bypass inbound-only firewalls, like the in-built Mac OS X firewall and the firewalls/NAT provided by most routers. This persistent shell access allows hackers to run remotely-issued commands on the infected system, some of which have been identified as clear-text Perl scripts. Thankfully for victims though, the malware author’s use of obfuscated Perl scripting makes Pintsized conceivably simple to identify.
Pintsized attempts to hide its components by posing as CUPS-related files — the Unix printing system utilized by Mac OS X. The files Intego has seen the virus generate are:
com.apple.cocoa.plist
cupsd (Mach-O binary)
com.apple.cupsd.plist
com.apple.cups.plist
com.apple.env.plist
Presumably, infected machines would attempt to load infected files on start up. Users would likely want to check for signs of the above files in the following locations:
~/Library/LaunchAgents (user launch area)
/Library/LaunchAgents
/Library/LaunchDaemons
/System/Library/LaunchAgents
/System/Library/LaunchDaemons
The payload of the virus also remains unknown, but as with many attacks, there is likely a monetary incentive. An open SSH connection opens a whole world of devious possibilities though, so users will want to get rid of Pintsized as soon as they can.
Unsurprisingly, Intego says their VirusBarrier product picks up the virus. At the time of their writing though, the firm noted XProtect was unable to detect Pintsized.
via New Mac virus skirts Gatekeeper, initiates creepy reverse-shell connection – TechSpot.

Apple says they were hacked by the same group that hit Facebook

In a rare admission on Tuesday, Apple announced they too have fallen victim to a sophisticated malware that targeted Twitter and Facebook in recently weeks. Just like the attack on Facebook, Apple says some of their employees’ computers were infected when they visited a website for software developers.
Neither company has announced which site infected their systems with malware but according to the New York Times, a person familiar with the Facebook investigation said the site in question is iPhonedevsdk and it’s still infected. It goes without saying that you probably shouldn’t visit that site, by the way.

The statement from Apple said they identified a small number of systems within the company that were infected. Those systems have since been isolated from others on the network and there was no evidence that any data was stolen. Cupertino said they are working closely with law enforcement officials to discover the source of the malware.
Officials with Twitter said attackers may have briefly had access to data from roughly 250,000 user accounts. The company quickly reset passwords of accounts that may have been compromised and alerted users. Facebook said no user data was collected when their systems were hacked. We understand that both companies are working with officials to try and track down the person(s) behind the malware.
We are told that in all three instances, a widely-publicized security hole in Oracle’s Java software is to blame. The problem was so widespread that the Department of Homeland Security advised users to disable Java until a fix was deployed.
via Apple says they were hacked by the same group that hit Facebook – TechSpot.

Looking back: the five most important Apple stories of 2012

2012 was a roller coaster of a year for Apple and those who depend on its ecosystem. It was the first full year Apple operated under CEO Tim Cook’s thumb, and there were plenty of ups and downs for Cook to ride on.
We thought we’d highlight five of the most notable Apple-related stories as we look back on the last 12 months. Some directly affect Apple’s user base more than others, but they all contributed to a company going through developmental change—on the inside and out. In chronological order…

The removal of Java from OS X Web browsers

Apple’s decision to kick Java to the curb was largely sparked by the new (and improved) Flashback malware outbreak earlier in the year. Although Flashback first made an appearance in 2011, the 2012 version took advantage of a Java vulnerability Apple left unpatched for months after Oracle released a fix. That decision to hold off on a fix wasn’t the best PR move for Apple, but the company later made up for it—at least in the eyes of security experts—by getting rid of Java in OS X browsers altogether.
“I think that the way they’ve handled Java in the browser was their biggest win in 2012,” noted Apple “hacker” Charlie Miller told Ars recently. Miller pointed out the payoff in writing Mac-specific exploits is still too low for most attackers, but Java exploits carry the benefit of being able to affect multiple platforms at once. “[A]nything Apple does to reduce Java’s install base in OS X is a security gain that still gives them some real life improvements.”

Tim Cook’s public apology for iOS 6 Maps

It’s not often Apple issues any kind of public apology for… well, anything. So when it does happen, it means some serious ish is going down in Cupertino. That was apparently the case just weeks after Apple’s release of iOS 6. Much to Apple-watchers’ surprise, the company posted an open letter in late September to its customers, signed by Tim Cook, that acknowledged Apple’s shortcomings when it came to releasing a new, Google-free version of Maps for iOS.
“At Apple, we strive to make world-class products that deliver the best experience possible to our customers,” Cook wrote. “With the launch of our new Maps last week, we fell short on this commitment. We are extremely sorry for the frustration this has caused our customers and we are doing everything we can to make Maps better.”
Since then, Apple continues to take a beating for some of the weaknesses of Maps. But according to our recent poll, almost a third of Ars readers continue to use the app over other mapping solutions on the iPhone.

The launch of the iPad mini

Some Apple-watchers thought the day would never come, but Apple launched its own smaller version of the iPad only two years after Apple cofounder Steve Jobs declared 7″ tablets to be “dead in the water.” Apple argued that the 7.85″ iPad was different from the rest of the 7″ tablet market, not just because of the OS it’s running, but also because of its 50-67 percent larger usable area.
Unsurprisingly, Apple declared the iPad mini’s launch weekend a wild success, with sales of it plus the fourth-generation iPad setting a new first-weekend iPad sales record. Indeed, the iPad mini seems to be popular enough among the masses—especially as we head into the holidays—at its cheaper $329 price point, even though many reviewers (ourselves included) cried over the lack of a “retina” class display.

Scott Forstall ushered out of Apple

Scott Forstall presenting new iOS features during Apple’s September 2012 media event.

Apple’s iOS software head Scott Forstall has always been a controversial guy. He’s notorious for being a hard worker with high standards, and he might not always be the easiest to get along with. The latter appears to be why Forstall found himself being ushered out of the higher ranks at Apple in October of 2012. A number of reports cited clashes with other Apple executives as the main reason Forstall couldn’t be kept around for much longer. Not only was Forstall allegedly at odds with Apple designer Jony Ive, he also had reported conflicts with engineering head Bob Mansfield, among others.
A little more than a month later, Cook once again hinted at this as the reason for Forstall’s exit in an interview with Bloomberg BusinessWeek. When asked about “what was wrong” with Forstall at Apple, Cook was pragmatic: “The key in the change that you’re referencing is my deep belief that collaboration is essential for innovation.”
Despite the apparent “jubilation” following Forstall’s departure, the news still came as a shock to many of us who follow the company closely. Forstall’s influence on the design and direction of iOS is nothing to sneeze at. Although he’s staying on as an advisor to Apple, the operating system may soon take a different turn now that he’s no longer in charge.

Decision to manufacture (some) Macs in the US of A

Apple’s Phil Schiller showing off the internals of a retina MacBook Pro in San Jose on October 23, 2012.

There are some jobs that have just plain never been in the US to begin with, and the kind of large-scale electronics manufacturing that Apple does through its Asian partners are some of those jobs. That hasn’t stopped the masses from calling on Apple to do at least some of its manufacturing in its home country, largely due to some of the discoveries made at Foxconn’s factories in China. In the past, the company has found some evidence of child workers, “involuntary labor,” and safety issues, not to mention a recent rash of suicides and disputes over pay in China.
That’s why it was both a relief and a surprise when Cook announced this month that Apple would begin manufacturing a line of Macs in the US beginning in 2013. He discussed the decision in his aforementioned interview with Bloomberg, as well as a TV interview with NBC News. Cook revealed Apple has been “working on” increasing its US manufacturing for some time.
“We’re really proud of it. We could have quickly maybe done just assembly, but it’s broader because we wanted to do something more substantial,” Cook told Bloomberg. “So we’ll literally invest over $100 million. This doesn’t mean that Apple will do it ourselves, but we’ll be working with people, and we’ll be investing our money.”
Of course, one line of Macs isn’t much, especially when compared against the kind of sales numbers that come from the iPhone and iPad. But the move is symbolic and could lead to increased numbers of electronics—not just from Apple—being made in the US in the future.
via Looking back: the five most important Apple stories of 2012 | Ars Technica.