Tag Archives: Apple

If you did not know about this – you should be very worried.

A few hours ago it was discovered that Apple’s FaceTime app allows anyone to connect to any Apple device that supports FaceTime and hear their audio without the person ever accepting the call. What’s worse (debatably?) is that it is incredibly easy to do this.

Listen-in on any remote Apple device in 4 steps

1.) Start a FaceTime call with someone
2.) While the call is “connecting”, quickly swipe up on the FaceTime menu
3.) Click on the “+ Add Person”
4.) Add your own phone number/contact

What happens at this point is that the call is “bridged” and a remote audio line is open to the destination Apple device.

Yes – really! You have now turned the remote Apple device into a remote audio tap/bug. You can choose to keep a 2-way audio channel, or mute it from your side.

Update #1: Apparently it works on Mac OS Mojave too.

Temporary Fix – disable FaceTime

As of right now, until Apple patches this, the only fix is to disable FaceTime:

iOS

1.) open “Settings”
2.) click on “FaceTime”
3.) toggle it “off” (green toggle -> to white)

Mac OS Mojave

1.) open “FaceTime” app
2.) press “command + K”
or
2.) click on the top-left menu bar with the app name “FaceTime”, and select “Turn FaceTime Off”

You need to connect to a Cisco AnyConnect (or Juniper Pulse Connect) VPN, and you cannot stand the default client for a variety of reasons (slow connects, crashes, unable to start, pointless pop-up notifications, crashes, pid-loss, etc), and so, you look for alternatives.

You find OpenConnect – the perfect solution, only to realize that the 3rd-party GUI is basically broken and actually doesn’t work (last checked on 8-14-17) with 2-Factor authentication (ex: Duo).

At this point, you can run OpenConnect from a terminal, which works, but you have to keep the terminal open and you have to wrap the long command in a shell script.

Or, you can use my little solution which seems to work perfectly.

OpenConnect GUI - Connected

OpenConnect GUI - Disconnected

Everything you need to get started is on GitHub:
https://github.com/ventz/openconnect-gui-menu-bar

Continue Reading →The perfect OpenConnect GUI Menu Bar App with 2FA/Duo support – for Mac OS X

Lately, we have seen some really bad vulnerabilities in regards to SSL (Heartbleed) and Bash (later dubbed “Shellshock”), along with some slightly “lighter” linux/open source ones.

In September of this year, Google first discovered a fallback attack for SSL v3.0, and they wrote published a paper on it: https://www.openssl.org/~bodo/ssl-poodle.pdf.
Today, it was officially confirmed that SSL version 3.0 is no longer secure, and thus, it is no longer recommended in client software (ex: web browsers, mail clients, etc…) or server software (ex: apache, postfix, etc…).
This was dubbed the “POODLE” vulnerability, and given CVE-2014-3566

A “POODLE attack” can be used against any website or browser that still supports SSLv3.
Browsers and websites need to turn off SSLv3 as soon as possible in order to avoid compromising sensitive/private information. Even though a really small percent of servers/browsers are vulnerable (mozilla estimates 0.3% of the internet), that is quite large in the total number of users.

How can I check if my browser is Vulnerable?
The guys at dshield setup this nice browser check: https://sslv3.dshield.org:444/index.html For checking your browser, use: https://www.poodletest.com

Poodletest was first mentioned to me by Curtis Wilcox.
Continue Reading →OpenSSL – SSL 3.0 Poodle Vulnerability

Disclaimer: I wrote this myself and posted it first on PinStack.com. Then I posted it on CrackBerry.com. I am re-posting it here because I think it will benefit people, and I would like to save a copy of it.

[I am going at this from truly personal experience, along with some background so that you know what kind of an user I am. If you are interested in the specs and overall usage, there are thousands of reviews. I hope that people will appreciate this a bit more than a typical “i used it, it made phone calls, it lasted 12 hours, the screen is small, the back over heated, the keyboard was amazing, it’s not an iPhone or Android and there are no apps” review]

First – a bit of background about me and cellphones: to call myself a cellphone enthusiast/a power user, or someone who is obsessed with cellphones would be kind of like calling Tiger Woods “ok at golf” or the Bugatti Veyron “faster than a honda”. To give you some quick numbers: I’ve gone though >30 phones in ~4 years (many many more since the early part of 2000), I have switched through each major US carrier about ~5 times, and in the whole process, I have only paid a cancellation fee twice. [Please note that I have really toned this down lately – mostly because carriers like Samsung have found a way to push a new device every 3-4 months without doing anything exciting and ground breaking.]

Continue Reading →1 Week (so far) with the BlackBerry Q10!

Apple has always been known for their innovation and technology. I recently read an article about how they don’t believe in a “for the people by the people” model, but instead follow one that’s “for the professionals by the professionals”. This has both positive and negative outcomes. Everything that apple produces is extremely clean, professional, and very well polished. However, it forces them to be selective, limited, and exclusive, which is all negative when it comes to the internet. Freedom of expression simply does not exist within Apple. You might think you are free to express yourself, but only according to how, when, and where Apple tells you to.

With this information in the back of your mind, Apple recently sued Amazon for calling its app store Appstore. It has publicly lectured competitors to “create their own original technology, not steal ours”.

Then Apple turned around and blatantly stole Greg Hughes’, Wi-Fi Sync App — but only after first rejecting it from the Apple App Store. Infact, they not only stole the idea/concept and name, but they also ripped off the icon. Greg has sold his app in the Cydia app store at $9.99 and he has reportedly sold over 50,000 copies in the last year. Can you imagine how many more copies he would have sold in the regular Apple App Store? Greg has also reported that when his app was rejected from the Apple store, a developer from Apple called him to tell him how great his app was and how the entire Apple dev team was extremely impressed with it.

I think that Apple needs to decide where they stand. If they truly believe in copyright and patents, they have to use the same stick when judging themselves. They cannot steal other’s work, and then turn around and preach how you should not steal innovation, designs, and code.

If you want to read the full article, you can find it at: http://www.theregister.co.uk/2011/06/08/apple_copies_rejected_app/

Let me preface this with the fact that, you just can’t do this unless your iphone is jailbroken. For the non-curious, stop reading here.

This one came about as I was recently forced at work to switch from using the Unix email system to the hosted Exchange solution, in order for our calendars to be centrally accessible by everyone. Details aside, after adding my exchange to my iPhone (since I am trying to keep my blackberry off BES), I realized that the color schemes absolutely suck. From somewhere, it decided that purple was the best color, and I couldn’t change it. After aimlessly searching through the Calendar.app on the iPhone for a color changing option, I came to the realization that there was no way to do it. Luckily, my iphone was jailbroken, and there are plenty of ways to do this with a little background work. I found this amazing article: http://chriscarey.com/wordpress/2009/02/10/how-to-modify-iphone-calendar-colors-with-sqlite3/

To summarize it, in case the article disappears:

Start by ssh-ing into your phone

One tip that I can give, if you don’t have sqlite3 on your iphone (which you wouldn’t by default), is to scp the file to your computer, apply the changes, and scp it back to the iPhone.

Here are the RGB Values for the Standard Colors:

Red = (181,0,13)

Orange = (229,98,0)

Green = (47,141,0)

Blue = (15,77,140)

Purple = (103,10,108)

So, with the line:

I was able to make my default calendar (the Exchange one) RED — which portrayes the “important” notion and it’s easily visible.

Hope this helps everyone who is trying to accomplish this. Don’t forget to close and re-start your Calendar.app. If you don’t have a jailbroken iPhone, you can change your non-exchange calendars by syncing them to the iCal app, and changing the color back, and syncing them.

There have been many interesting things happening in technology lately, but I’ve been really busy lately, and I just haven’t had time to post interesting articles. That said, there was an article about ATT and the iPhone that really caught my attention. The article started with:

“As the carrier with the highest number of dropped calls, lowest customer satisfaction rating, and smallest 3G coverage area, AT&Ts lifeblood over the last few years has been its iPhone exclusivity.”

This is the first thing that caught my attention. Everyone praises how reliable ATT is. They say that the dropped calls are really minimum and that the 3G coverage is very large. Finally, they say that customers are perfectly satisfied. From my opinion, first of all, I’ve never ever had as many dropped calls on all the carriers combined, as I’ve had with ATT. Second of all, the customer service is terrible. Now that said, I had the business customer service, from which only 30% of the people are incompetent. The last thing is about the 3G — I personally do believe that they have a “relatively large” 3G coverage, but the 3G coverage is extremely poor in quality, very unreliable, and 5bars could mean a 2MB/s download or a 200KB/s download.

The next part in the article said:

“AT&T CEO Randall Stephenson spoke about the issue at an investor conference in New York, saying it’s unlikely the customer base will drop AT&T just because the iPhone goes to another carrier. He said that 2/3 of all iPhone owners were previous AT&T customers. So somehow this Stephenson guy thinks 1/3 is a small number, and if 1/3 of all iPhone owners dropped AT&T it wouldn’t be a problem. Umm, most people would disagree with that.”

Are you crazy? First of all, you think losing 1/3 of your customers is OK? This should tell you once again how much ATT cares about their customers. Second of all — I think ATT will lose a lot more than 1/3 of their customers. What Randall is assuming is that the other 2/3 will stay because they are “happy”. The main problem here is that nothing better existed at the time. This has drastically changed. The reality is that 2/3 or more of the people would’ve already left, if it wasn’t for the iPhone.

“Now, of course, no one is expecting that the moment a Verizon iPhone arrives, there will be a mass exodus of AT&T customers.”

From Verizon alone? – no. From Verizon, T-Mobile, and others — Yes. The point is, when there are alternatives, especially cheaper ones (T-Mobile), people will gladly make the switch.

And at last, my favorite part:

“By all metrics it is the worst of the four major carriers in the US. And Stephenson just doesn’t get it. Of the millions of people who now have an iPhone in the US, 33% of them were not AT&T customers before. That’s a big number.”

What’s interesting about that is that it’s 33% of one million! Yes, ATT just said it’s OK to lose 330,000 customers. The second part, and my personal favorite because I’ve been saying this for a long time — ATT is the worst carrier by all metrics!

All this said, something you should know about me: I’ve used all 4 major carriers in the US, at least twice each. I’ve also owned 3 iPhones (1 on Tmobile), 3 blackberries, 3 treos, >5 other smart phones, and a few other regular phones. I personally HATE ATT. And yes, I own an iPad too.

If you want to read the article, you can find it at:

http://www.tgdaily.com/mobility-brief/51659-att-not-worried-about-loss-of-iphone-exclusivity