Top drawer article, Alistair. Great read.
Posts by Mike Bell
754 publicly visible posts • joined 3 Aug 2007
Sign off my IT project or I’ll PHONE your MUM
iPad AIR 2 and iPad MINI 3, 5K iMac: World feels different today – and it IS
Apple hit by INSIDER LEAK: New iPad Mini 3, iPad Air 2 blabbed
Re: I don't get the fuss
Well plenty of people have been squealing for more RAM. It will be faster. Touch ID is a tempter for me, because I hate people shoulder-surfing when I unlock my iPad. That's one of the best features of recent iPhones, implemented SO much better than the competition.
I don't give a damn about a better camera, or non-existent gimmicks like tinny stereo with a separation of a few centimetres.
So... bring it on.
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Apple's iPhone bonk to 'Pay' app launches on Monday
Re: Spending Limit + Theft
Spending limit enforcement: it's likely to work the same way that it does for contactless payments. For me, a more pertinent question is: will terminal equipment be upgraded so that higher spending limits can be agreed when a more secure (i.e. fingerprint) means of authentication is provided.
The banks will assume liability, as they do now for card payments.
Do try to keep up. When Apple Pay is activated in the UK, you'll be able to use it anywhere you see the NFC payment symbol. If, as you say, a long list of businesses 'have no current plans to deploy bonk to pay services for the iPhone', they must also have zero plans for handling NFC card payments. Which kind of flies in the face of what's actually happening in the UK.
You mention card swipe. Which is shit technology. Any thief can clone a magnetic stripe and use your card. Or they just lift your card and start buying stuff with it.
Apple Pay will require your fingerprint, which is much much harder to clone, in addition to your phone. That does not make it an attractive target for thieves.
The real benefit to the user, since you ask, is that your card information cannot be stolen from the phone, your purchases are authorised by your fingerprint, nobody can look over your shoulder to see you entering a PIN, and there's no magnetic stripe to clone.
Re: If I understand the technology correctly
@AC
Your phone knows about your card details.
Those details (which end up being stored in a 'secure element' of the phone) may be gleaned initially by scanning the card optically with its camera. Or - if you happen to have already registered a card for iTunes payments - that card is known to your phone.
You can't just go around photographing anyone's card and expect to be able to make payments with it. There's an authorisation process that must happen first - details not yet divulged. In the case of a card registered against your iTunes account, that's already authorised.
When your card gets a new expiry date, the card company will push that info out to your phone via some kind of message. Probably automatically. Details sketchy at this time.
'MYSTERIOUS PYRAMID STRUCTURE' found on COMET beyond Mars: Landing planned
Re: Can someone tell me...
The camera can sense a wider range of colours than your eye can. But this is a science mission. The camera has a variety of filters that can be used to detect specific wavelength ranges. For example, one filter with a 35nm bandwidth is specifically employed to detect iron-bearing minerals.
Space missions often take a series of images using colour filters that can be combined to give a good idea of how things might look to the human eye, but the science imaging always takes top priority.
For this particular object, from what I've heard, it's 'true' image, as you might perceive it, would be something rather like viewing a piece of coal.
'Bill Gates swallowing bike on a beach' is ideal password say boffins
Re: Mnemonics are not new
Good idea, but you should keep this kind of thing to yourself. It would be dead easy to create a rainbow table from a range of (popular) nursery rhymes using this algorithm. Just imagine how many people would end up using The Owl and the Pussy Cat went to sea as a basis for their key. Easy pickings. Wouldn't add much to the length of existing rainbow tables.
PEAK APPLE: iOS 8 SHUNNED by refusenik fanbois
Apple tries to kill iWorm: Zombie botnet feasting on Mac brains
Re: Will you make up your mind.
You thought Apple products never get viruses? You'd be right,
There are no Mac viruses. Period.
What there are, are trojans which can get installed by careless or reckless users. Just like you can install on virtually every OS. You can only help some users so much.
Unless you're a fool who downloads pirated software and then types in the obligatory admin password to complete a malware install, you don't need to hope anything.
If you are the kind of fool who downloads pirated software and then types in the obligatory admin password to complete a malware install, Xprotect should kick you up the arse before you get a chance, for this particular nasty.
Uni boffins: 'Accurate' Android AV app outperforms most rivals
MAC BOTNET uses REDDIT comments for directions
Looking like this happened by users installing pirated software. Silly, silly people.
Apple have now updated their malware definitions to protect users from themselves.
Re: Sorry, has to be said.....
@Matt,
That fanboi was almost certainly correct. Strictly speaking, no virus has ever been found running on a Mac.
As for other types of malware like trojans and worms, OS X can never be immune to these. Potentially, any piece of software that a user installs – or allows to be installed – could be malware.
If you allow unsolicited malware to be installed by entering an admin password when prompted, you are in trouble. Historically, flaws in Adobe Flash and Java have been exploited to fool users into doing this, one reason I don't install Flash or Java on my Macs.
As for this particular strain, the precise attack vector is still unknown. I read somewhere that it prompts for an admin password but can still do limited damage regardless – the truth of that would be very interesting to establish.
Google wants to KILL apps with the 'Physical Web'
Apple blacklists tech journo following explicit BENDY iPhone vid
Re: Apples response:
He [Jobs] had a point. I went to my doctor comlpaining that my shoulder hurt from going to the gym. He said "don't do it any more". Nice!
Apple's company response (as opposed to one person's quip in an email) was somewhat different. And neither said "you're holding it wrong". But commentards can always interpret history as they like.
Re: Apples response:
Actually, the oft-misquoted Apple response was "Gripping any mobile phone will result in some attenuation of its antenna performance, with certain places being worse than others depending on the placement of the antennas".
Which isn't the happiest advice in the world. But it is at least semantically correct.
Clue: Apostrophes and adverbs exist for a reason.
Apple tool: Buying an iPhone in a carpark? Find out if it's STOLEN
You dirty RAT! Hong Kong protesters infected by iOS, Android spyware
Payment security vastly improved when you DON'T ENTER your BANK DETAILS
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Re: Urrrggghhhh
The OED definition of 'slurp' has not been updated since 1993, long before mainstream adoption of the internet. Meanwhile, it has been appropriated widely in IT circles as in, for example, this 'urban definition':
To upload or download data, usually at a high rate of speed. Often used in slang to refer to illicitly gathering data -- that is, theft of somebody else's private data, trade secrets, etc.
One could reasonably expect the OED to be updated in due course, and for El Reg to be ahead of the game.
BENDY iPhone 6, you say? Pah, warp claims are bent out of shape: Consumer Reports
Bendgate backlash: Apple claims warped iPhone 6 Plus damage is 'extremely rare'
Apple nurses HealthKit apps back to life, discharges iOS 8.0.2
Re: "Key features disabled"?
No, no, no. Fanbois (and Fangirlz) are the Apple devotees. Fandroids are, as you say, slaves to the world of Android, and their commentard faction are typically identified by a certain frothing of the mouth, brought on by endless trawling of articles in which they claim to have no interest!
/Fandroid Baiting
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
I sold 10 MILLION iPhone 6es at the weekend, says Tim Cook. What did you do?
Man who predicts death of Apple does the honourable thing
[Mod note: Warning – graphic content in the LiveLeak link below. I don't know why anyone would click on it. The title of the video is: "Man aborts suicide but puts his hand on the power line." It does not end well.]
NASA's MAVEN enters Mars orbit to sniff its gas
Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring
Re: Bulk Data
Nope.
From Apple's current privacy policy:
"In the first six months of 2014, we received 250 or fewer of these [National Security Order] requests. Though we would like to be more specific, by law this is the most precise information we are currently allowed to disclose."
I wouldn't equate 250 with a large number.
In the same document:
"The vast majority of the requests Apple receives from law enforcement come from an agency working on behalf of a customer who has requested assistance locating a stolen device."
Apple's Cook: We have never allowed g-men access to Apple servers
Re: "So only users, not Apple, can grant access to law enforcement agencies."
What if you forgot your code? What if you entered your desired code incorrectly, and now have no idea what you've accidentally typed? What if your iPhone is unlocked and some joker locks it on you for laughs? Your data is safe, but beyond your own reach?
Forgot password/device disabled
You have to enter the same lock code twice, like you are often required to do when setting up a password.
You have to enter the existing lock code before you can set a new one.
...and relax.
iPhone 6: Most exquisite MOBILE? No. It is the Most Exquisite THING. EVER
Yes, most amusing.
But I suspect that if most El Reg readers were in possession of a Fabergé egg, they wouldn't have the faintest idea what do do with it, and instead swipe the top of it with a teaspoon to get at the yolk.
For what it's worth, I don't think the iPhone 6 looks particularly wondrous.
Apple flops out 2FA for iCloud in bid to stop future nude selfie leaks
Apple 'rolled out' 2-factor authentication a long long time ago. My Apple ID has been secured this way for ages.
More pertinently, and topically, is that Apple are being more reactive now when someone logs in via a device like a Windows PC. They're starting to send e-mail notifications when this happens.
They've also now introduced a means on your account of devising a clutch of app-specific passwords for third party apps that do not support 2FA. Which, they say, will be "required" come 1 October 2014.
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
Bonking with Apple has POUNDED mobe operators' wallets
Re: Third Party
If Apple Pay proves to be a big success, which I suspect it will, my guess is that other mobile devices will be able to do the same thing with the same kit. Why? Well, it seems that Apple Pay will be making use of an existing tokenising technology devised by the payment processing industry, and there's no good reason why other parties can't get involved in principle.
The big card issuers / payment processors trust Apple's implementation of fingerprint authorisation and cryptogram production (for a variety of reasons, including the use of a secure element outside of OS space). As I see it, the likes of Samsung, for example, could devise their own similar capability and form agreements with the banks in order to use the same terminal equipment.
I don't see a technical barrier, other than the manufacturer's ability to convince the banks that it's secure. As for any legal barriers (e.g. exclusivity by contract), I don't know.
THREE QUARTERS of Android mobes open to web page spy bug
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Re: This is nothing unusual
@nsld
Have a read of this. Note the bit that says "Apple will not be handling the tokenization — the credit networks like Visa and MasterCard will be doing so".
A bit more about the tokens, and how they relate to you and the payment processor (not Apple) is described here.
The card information that you may (or may not) already have stored in iTunes just provides an easy means of getting your payment credentials registered in the first place.
Re: This is nothing unusual
At the risk of labouring a point... If you wave your iphone at a pay point in MacDonalds, and Apple don't know you're in MacDonalds, they don't know you've just bought a Big Mac, and they don't know how much you spent on that Big Mac, what is there for Apple to 'aggregate' and monetise? Pray tell.
Apple will happily sit back and just let the monthly 'royalty cheques' from the card companies roll in.
Re: This is nothing unusual
Of course apple won't track the actual payment but it will track the activity either side to analyse shopping habits and that data is valuable, again they have been doing that for years as does everyone else.
That is in direct contradiction to what Apple stated at their keynote event:
We are not in the business of collecting your data. And so when you go to a physical location and use Apple Pay, Apple doesn't know what you bought, where you bought it, or how much you paid for it. The transaction is between you, the merchant and your bank.
If the above statement is true, they have no means of doing what you say. The new tokenisation technology will not allow that to happen.
Re: what's the date today?
@Yet Another Cowardly Anonymous Mouthpiece
Not 'everybody else on the internet' is making the ludicrous claims that you hold dear to your heart.
Samsung make good stuff, but they don't make iPhones. E.g. the fingerprint sensor on the iPhone is light years against Samsung's rather antiquated implementation. To the best of my knowledge, Samsung do not have an agreement with major card issuers to partake in fingerprint-authenticated payments.
This tedious 'Apple just copy Samsung' crap is trollish nonsense. Give it up already.
Hackers pop Brazil newspaper to root home routers
Concerned users should probably put a decent strong password into their routers first and foremost. While good old Internet Explorer / Iframes have played their part here, a weakly protected router is an easy target for all manner of possible attacks. Most routers have an http login page, so they're just another regular resource to be used on the local network, and the IP address is going to be 192.168.0.1 most of the time, so it's not exactly hard to guess.
The problem lies fair and square with the router manufacturer, though. They should not allow such easy access out of the box, and the great majority of consumers won't have a clue about the risk. They certainly won't be reading The Register and tampering with browser plugins as a safety measure.