Feeds

* Posts by Mike Bell

469 posts • joined 3 Aug 2007

Page:

Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks

Mike Bell
Bronze badge

When you enable 2FA, accept the invitation to print out the nicely formatted recovery key. That's what it's for.

0
0
Mike Bell
Bronze badge

Apple 'rolled out' 2-factor authentication a long long time ago. My Apple ID has been secured this way for ages.

More pertinently, and topically, is that Apple are being more reactive now when someone logs in via a device like a Windows PC. They're starting to send e-mail notifications when this happens.

They've also now introduced a means on your account of devising a clutch of app-specific passwords for third party apps that do not support 2FA. Which, they say, will be "required" come 1 October 2014.

0
0

iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!

Mike Bell
Bronze badge

Re: WebGL Demo

@Dave

It's probably down to my clunky old graphics card on my PC.

0
0
Mike Bell
Bronze badge

Re: WebGL Demo

No luck for me in Chrome (Windows) or Safari (OS X).

Nor this demo in Chrome. But it does look lovely in Safari (OS X) with Web GL enabled. Safari has been able to render Web GL for a long time, with the relevant (developer) preferences set.

1
2

Bonking with Apple has POUNDED mobe operators' wallets

Mike Bell
Bronze badge

Re: Third Party

If Apple Pay proves to be a big success, which I suspect it will, my guess is that other mobile devices will be able to do the same thing with the same kit. Why? Well, it seems that Apple Pay will be making use of an existing tokenising technology devised by the payment processing industry, and there's no good reason why other parties can't get involved in principle.

The big card issuers / payment processors trust Apple's implementation of fingerprint authorisation and cryptogram production (for a variety of reasons, including the use of a secure element outside of OS space). As I see it, the likes of Samsung, for example, could devise their own similar capability and form agreements with the banks in order to use the same terminal equipment.

I don't see a technical barrier, other than the manufacturer's ability to convince the banks that it's secure. As for any legal barriers (e.g. exclusivity by contract), I don't know.

2
0

THREE QUARTERS of Android mobes open to web page spy bug

Mike Bell
Bronze badge

Other than saying 'time to upgrade' what are people expected to do?

Yes, it's a problem. Especially for people with phones that aren't capable of being upgraded. Or those with manufacturers who roll out updates very slowly.

15
0

Apple Pay is a tidy payday for Apple with 0.15% cut, sources say

Mike Bell
Bronze badge

Re: This is nothing unusual

@nsld

Have a read of this. Note the bit that says "Apple will not be handling the tokenization — the credit networks like Visa and MasterCard will be doing so".

A bit more about the tokens, and how they relate to you and the payment processor (not Apple) is described here.

The card information that you may (or may not) already have stored in iTunes just provides an easy means of getting your payment credentials registered in the first place.

0
0
Mike Bell
Bronze badge

Re: This is nothing unusual

At the risk of labouring a point... If you wave your iphone at a pay point in MacDonalds, and Apple don't know you're in MacDonalds, they don't know you've just bought a Big Mac, and they don't know how much you spent on that Big Mac, what is there for Apple to 'aggregate' and monetise? Pray tell.

Apple will happily sit back and just let the monthly 'royalty cheques' from the card companies roll in.

2
0
Mike Bell
Bronze badge

Re: This is nothing unusual

Of course apple won't track the actual payment but it will track the activity either side to analyse shopping habits and that data is valuable, again they have been doing that for years as does everyone else.

That is in direct contradiction to what Apple stated at their keynote event:

We are not in the business of collecting your data. And so when you go to a physical location and use Apple Pay, Apple doesn't know what you bought, where you bought it, or how much you paid for it. The transaction is between you, the merchant and your bank.

If the above statement is true, they have no means of doing what you say. The new tokenisation technology will not allow that to happen.

5
1
Mike Bell
Bronze badge

Re: what's the date today?

@Yet Another Cowardly Anonymous Mouthpiece

Not 'everybody else on the internet' is making the ludicrous claims that you hold dear to your heart.

Samsung make good stuff, but they don't make iPhones. E.g. the fingerprint sensor on the iPhone is light years against Samsung's rather antiquated implementation. To the best of my knowledge, Samsung do not have an agreement with major card issuers to partake in fingerprint-authenticated payments.

This tedious 'Apple just copy Samsung' crap is trollish nonsense. Give it up already.

15
12
Mike Bell
Bronze badge

Re: what's the date today?

You forgot the tinfoil hat.

Apple talked this up in their recent presentation of Apple Pay. A differentiator that sets them apart from the likes of Google. If that was a lie, don't you think the card issuers would have something to say about that? And what would be the benefit to Apple in any case? There's nothing in it for them to track the kind of purchases that you make. That's not their business model.

12
4

Hackers pop Brazil newspaper to root home routers

Mike Bell
Bronze badge

Concerned users should probably put a decent strong password into their routers first and foremost. While good old Internet Explorer / Iframes have played their part here, a weakly protected router is an easy target for all manner of possible attacks. Most routers have an http login page, so they're just another regular resource to be used on the local network, and the IP address is going to be 192.168.0.1 most of the time, so it's not exactly hard to guess.

The problem lies fair and square with the router manufacturer, though. They should not allow such easy access out of the box, and the great majority of consumers won't have a clue about the risk. They certainly won't be reading The Register and tampering with browser plugins as a safety measure.

2
0

Apple's Watch is basically electric perfume

Mike Bell
Bronze badge

Re: Surprisingly disappointing

I was surprisingly disappointed by the live stream of he event, which was a complete dog's dinner. Breaking up all the time, and some Chinese bird overdubbing everything for a good part of it. A complete cock-up, basically.

As to the product line up, the watch was a pretty big thing. I'll never use one myself, but I can see that a lot of effort has gone into it. You're being a little unfair when you say you've "seen it all before". The fact is, you haven't. You haven't seen a bunch of card providers team up with a mobile manufacturer to conduct payments secured by a fingerprint, to give just one example.

Apple do this kind of thing a couple or three times a year. 'New' products come along rarely. Software changes rather more often. And product upgrades somewhere in between. That's how they manage things year after year.

3
10

Payment security bods: Nice pay-by-bonk (hint: NO ONE uses it) on iPhone 6, Apple

Mike Bell
Bronze badge

"To use Apple Pay you take a photo of your credit card to enrol it in the system. Hmm, Apple, photos and security ??? :)"

The chances of such a photo being uploaded anywhere are about as likely as the photo being retained when you use the phone's camera in the App Store app to scan a gift card. i.e. zero.

1
0

Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch

Mike Bell
Bronze badge

Re: Two important differences for Apple Pay

Nor are they taking a cut from the transaction

The rumour is that Apple will be getting a small kick-back from each Apple Pay transaction. However, that will come out of the transaction fee levied at the retailer. And since Apple have negotiated lower transaction fees for Apple Pay, neither the consumer or retailer should pay any more.

Easy money for Apple.

0
0
Mike Bell
Bronze badge

Re: Says it is for right handers only

Unsurprisingly, there is such an option.

0
0

Why Apple had to craft a pocket-busting 5.5in Plus-sized iPhone 6 (thank LG, Samsung etc)

Mike Bell
Bronze badge

Re: NFC? . . . .

Fingerprint?

The iPhone, nor any corporation it connects to, stores a 'copy' of a fingerprint. The iPhone stores a hash of the fingerprint in its secure enclave. A bit like good websites never store users' passwords in a database - they store a hash that is only good for verification purposes when a subsequent password is entered. The hash can't be used to reconstruct any particular fingerprint.

6
0
Mike Bell
Bronze badge

Re: NFC? . . . .

No, it's not the same NFC tech, as the user is authenticated by a combination of device and fingerprint.

Apple have convinced card issuers that this is secure. But what about something like the iPhone replacing an Oyster Card? There would be little joy in having to muck about with fingerprints when going through a busy ticket barrier, for example.

1
2

Before I Go To Sleep turns out tense enough to keep you awake ...

Mike Bell
Bronze badge

It's rubbish. Slow, boring and gushingly sentimental at the end. I nearly cried in the cinema, not because it tugged at my emotions, but because I'd wasted 15 quid. Wish I'd seen The Expendables 3 instead, and that's saying something!

0
0

New software ported from Windows to Mac! You'll never guess what. Yes, it's spyware

Mike Bell
Bronze badge

Re: More hints please

It's low risk now because it's not widely distributed

Source, please.

Any software that can keylog or open a remote shell is pretty dangerous. But if the user doesn't allow it to be installed, it's not dangerous at all. As I mentioned above, the malware description does not state what user interaction, if any, is required for it to run, e.g. whether they will be prompted by the OS to elevate permissions to do an install.

There's tons of malware out there on the web. I've lost count of the number of times I've seen a web page drop some failed executable right into my trash folder on OS X.

0
0
Mike Bell
Bronze badge

Re: More hints please

Rather seems to assume there a a zero day exploit available

No, it doesn't. It's just a bit short on detail. They've described the sneaky way that its download is triggered, and what happens when it's executed, but they don't say how it gets executed and what's required in order for that to happen. In particular, whether or not the user is prompted by the OS to accept the install. Maybe that's why they describe it as category 1 low risk.

3
2

Don't bother with Apple's 9 Sept hype-day: Someone's GONE AND BLABBED IT ALL

Mike Bell
Bronze badge

Re: Le Sigh

The banks have reportedly agreed to lower transaction fees when this comes into being, because authentication will be bolstered by fingerprint recognition. That can only be a good thing for retailers.

0
3
Mike Bell
Bronze badge

Re: Will Apple be taking their usual...

No.

1
3

Mac security packages range from peachy to rancid – antivirus tests

Mike Bell
Bronze badge

Tips

Don't install Flash. It's an awful risk to take. OS X will insist that you're using the latest version of Flash before it allows it to run, but you'll be safer if you don't install it at all.

Don't install Java unless you really need it (most people don't need it). Again, a 3rd party train wreck that's had a long history of vulnerabilities.

Use the latest version of OS X. Set the security settings so that apps may only be installed that originate from the Mac App Store and identified developers.

To the best of my knowledge there are no OS X 'viruses' in the wild. There's always the chance of you installing malware (naughty software that does things it oughtn't to), so be careful about what you do install and where you get it from.

I've read many many times that if you follow these basic precautions, you won't need antivirus software hogging your machine cycles on OS X.

5
2

NUDE SELFIE CLOUD PERV menace: Apple 2FA? Sweet FA, more like

Mike Bell
Bronze badge

Re: "if you forget your password [..] all your iTunes purchases are gone, forever

That's why they go to the trouble of giving you a thumping great recovery key. If a user is too stupid to remember his password, and he's too dumb to print out his recovery key and put it in a safe place, he deserves a lot more than losing his iTunes purchases.

3
5

Hot Celebrity? Stash of SELFIES where you're wearing sweet FA? Get 2FA. Now

Mike Bell
Bronze badge

Re: Two-factor auth for Find My iPhone?

and if you don't have a "real phone" ?

Information is listed here. It would seem that you have the option of registering any SMS-capable phone as one of your trusted devices as part of setting up 2-factor authentication.

0
0
Mike Bell
Bronze badge

Breach or not?

"None of the cases we have investigated has resulted from any breach in any of Apple's systems including iCloud or Find My iPhone."

When is a breach not a breach? When you can successfully guess someone's password?

If Apple have "discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions", it still sounds like a breach to me .

8
0
Mike Bell
Bronze badge

Re: Two-factor auth for Find My iPhone?

Two-factor authentication typically relies on a separate secure channel, such as SMS or a telephone call. If you're using Find My iPhone, it's because you've lost your iPhone, so that second channel isn't available to you.

When I've seen Apple's 2-factor authentication swing into action - e.g when changing passwords, once enabled - you may use any authorised device, which may be an iPad or iMac, as the source of the acknowledgment.

1
0

Apple 'fesses up: Rejected from the App Store, dev? THIS is why

Mike Bell
Bronze badge

Re: WTF

Actually, the developer guidelines are extremely transparent and comprehensive. Probably always have been.

2
0

Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM

Mike Bell
Bronze badge

Re: It's just mathematical equivalency - @Mike Bell

IIRC it was Feynman's supervisor who came up with the idea that there's just a single electron. I'm not saying it's a valid description of reality, but is an indication that there are many seemingly odd theories bandied around.

There are different interpretations of Many Worlds. I'm giving you one now: Everything that could be, ever has been, and ever will be simply is. 'Splitting into different universes' is a succinct and decidedly human description of events that I've heard used many times. Given that neither you nor I really know what's going on, I wouldn't get too hung up on metaphysical descriptions of reality.

As to us being simulations in a computer, did I say it was a particular type of computer? With a creator? Or that it exists in any real sense that you would understand? No. I am suggesting that any physical rules - even the particular weird ones we see around us - could be invoked in a simulation. The 'design' of such a 'computer' could be far simpler than the reality - or multiple realities - that it generates Something that William of Ockham might have appreciated.

0
0
Mike Bell
Bronze badge

Re: It's just mathematical equivalency

Electrons don't do a quick calculation before deciding how much energy to emit as a photon when changing orbitals.

You don't know that for sure. Some theorists believe that is exactly what happens. In particular, all the possible places that an electron could go contribute to the place that it does go. And in Many Worlds, it goes everywhere, splitting into different universes with each opportunity. I even heard a theory that there is actually (whatever actually means) only one electron in the entire universe, and we see its work all around us.

I've long wrestled with the idea of whether or not the universe is simply its description. i.e. it's nothing but maths. My gut feeling says it's more than that. But who really knows. You and I are as likely to be simulations in a relatively dumb computing device. That would certainly account for much of the strangeness that goes on, as anything can be done in software.

2
0

HUGE iPAD? Maybe. HUGE ADVERTS? That's for SURE

Mike Bell
Bronze badge

Re: "Now you can deliver highly engaging ads ..."

The ads perhaps won't be quite as engaging as the advertisers want if consumers tick that privacy option in iOS that limits ad tracking. I can't think of any sane person who would leave that option unselected.

1
0

Apple promises to lift Curse of the Drained iPhone 5 Battery

Mike Bell
Bronze badge

Re: surely just pop the back off and change the battery for a new one.....

@psychonaut

Oh do quit whining. You have your opinion; I have mine.

I get it. You're the kind of person who enjoys tinkering with things. Get yourself a Meccano DIY smartphone for your ultimate enjoyment. Be my guest. Meanwhile, the world seems to struggle by with the most popular phone effectively being a sealed unit. A unit that is warranted in its entirety. There are definite pros in having sealed memory, tamper-proof enclaves etc. but they don't appeal to the tinkerer's mindset, or the kind of person who enjoys 'fixing' things. Again, fine. I could fix the clutch on my car if I wanted to, but I've got better things to do with my time, and I'll take my car somewhere where they have the proper equipment to do the job.

1
4
Mike Bell
Bronze badge

Re: surely just pop the back off and change the battery for a new one.....

The difference being that iPhone batteries are warranted. Whereas your cheap Chinese knock-off battery won't be.

I used to have a crappy phone that I could split in two by hand for the joy of sticking bits in it. I don't care for that kind of nonsense any more.

1
11
Mike Bell
Bronze badge

Re: @Lost all faith...

Bluetooth is probably enabled by default after each iPhone upgrade because it (Bluetooth LE) consumes very little power indeed. I never turn it off because it hardly affects power consumption, and when it is on it can be very useful, e.g. for tethering to another device.

Likewise for GPS. Which is a means to an end. Some people without a life might like to know the position and strength of GPS satellites, but others just prefer that their phone knows roughly where it is.

Why would I need to add a bluetooth or WiFi state widget to the screen when they are already there by default? And can be activated/deactivated by a simple swipe up from the bottom of the screen?

2
6

Super Cali signs a kill-switch, campaigners say it's atrocious

Mike Bell
Bronze badge

@DropBear

Unless the draft legislation has been changed, it will be illegal for anyone to use the kill switch without the device owner's express permission. Not to say they couldn't, but it would not be legal for them to do so.

@others

Blowing SIM lines or disrupting cell communications would not necessarily kill a phone's communication facilities. Just wander into Starbucks and use WiFi to talk to your chums.

0
1

Fast And Furious 6 cammer thrown in slammer for nearly three years

Mike Bell
Bronze badge

Re: Who?

People on zero-hours contracts? Poor people, generally? I know a few of them. They don't mind watching shit quality movies on their lap-tops so long as they are free. They wouldn't stump up £1.50, though, so that's a new one to me.

1
3

True fact: 1 in 4 Brits are now TERRORISTS

Mike Bell
Bronze badge

Graphic plays it down

It's worse than that! The core of that graphic (25%) is way too small compared with the area of the whole (100%).

2
0

What a pain in the mass! Euro craft Rosetta to poke its probe in 10-BILLION-tonne comet

Mike Bell
Bronze badge

Re: Chuck-a-duck

Philae has a cold gas thruster. But it will, more or less, throw itself at the comet.

0
0
Mike Bell
Bronze badge

Re: Orbit

@mtp: The clue is in the word suffix. 'gee' pertains to the Earth, as in geography, geosynchronous etc. Since the comet orbits the Sun, not the Earth, apogee is not relevant to the orbital perturbation that you mention. Whereas aphelion most certainly is.

Apogee: furthest point from the Earth

Aphelion: furthest point from the Sun

Perigee: closest approach to the Earth

Perihelion: closest approach to the Sun

5
0
Mike Bell
Bronze badge

Re: ...a mass of 10 billion tonnes...

Nearly everyone uses a billion to refer to 10^9 these days.

As is the case in this article.

A lump of ice with a volume of one cubic kilometre has a mass of 10^9 tonnes. The comet is only about 10 times this size, and its density won't be wildly different from that of ice, so its mass will be about 10 x 10^9 tonnes. Or ten billion tonnes, as people say these days.

4
2

TRIANGULAR orbits will help Rosetta to get up close with Comet 67P

Mike Bell
Bronze badge

It's not in orbit as such... yet. Currently, it's undergoing a series of hyperbolic trajectory manoeuvres. Without regular thrusts it would currently leave the comet behind.

When it descends much nearer the comet's surface, it will be put into a roughly elliptical orbit. I imagine the gravitational field will be pretty variable so that would require a good bit of knowledge / number crunching / thrusts to keep things that way.

1
0

Giving your old Tesco Hudl to Auntie June? READ THIS FIRST

Mike Bell
Bronze badge

Not all the features of a high end device are required on a bargain basement tablet. But a wipe operation that doesn't do the job is less than a feature. It's a bug. And a pernicious one at that.

17
2
Mike Bell
Bronze badge

Oops.

It might be an idea to encrypt all data by default. Then the wipe process merely involves destroying the private encryption key, which takes no time at all. Like my iPad does.

6
10

Rosetta's comet 67P/Churyumov-Gerasimenko is one FUGLY space rock

Mike Bell
Bronze badge

The Rosetta NavCam photos aren't the greatest quality, compared with something from its narrow angle camera. When you see it properly, it does have a certain rugged beauty about it.

In my opinion, it's a pity that ESA aren't being more forthcoming with the data. Anyone remember the heady days of Hayabusa in 2005? The Japanese released fantastic pics on a daily basis as they approached asteroid 25143 Itokawa.

1
0

No more turning over a USB thing, then turning it over again to plug it in: Reversible socket ready for lift off

Mike Bell
Bronze badge

Re: It'll be good in about 5 years time...

But haven't the EU recently mandated the use of the inferior micro-USB connector for phone chargers? A bad decision that will stick one in the eye of your 5 years.

1
5

HUMAN RACE PERIL: Not nukes, it'll be AI that kills us off, warns Musk

Mike Bell
Bronze badge
Terminator

Re: I don't buy it

Jeez. Don't any of you guys watch the Terminator movies?

0
0
Mike Bell
Bronze badge
Terminator

Re: or we wait until the batteries go flat or catch fire

Yeah, right. They tried that with Skynet, and look what happened.

4
0

Fiendishly complex password app extension ships for iOS 8

Mike Bell
Bronze badge

@AC

I tend to agree. This, and other iOS password managers, were created before Apple rolled out iCloud keychain to the masses. I have a similar password manager, but I rarely use it these days.

0
0

Page: