The Obvious-Work-Around Edition Friday, January 15, 2016

How Malware Developers Could Bypass Mac’s Gatekeeper Without Really Trying, by Dan Goodin, Ars Technica

In September, Ars reported a drop-dead simple exploit that completely bypassed an OS X security feature known as Gatekeeper. Apple shipped a fix, but now the security researcher who discovered the original vulnerability said he found an equally obvious work-around.

Patrick Wardle said the security fix consisted of blacklisting a small number of known files he privately reported to Apple that could be repackaged to install malicious software on Macs, even when Gatekeeper is set to its most restrictive setting. Wardle was able to revive his attack with little effort by finding a new Apple trusted file that hadn't been blocked by the Apple update. In other words, it was precisely the same attack as before, except it used a new, previously unblocked Apple-trusted file. Notably, that file was offered by security company Kaspersky Lab. Late on Thursday, Apple released an update blocking that file, too.

Internet Of Stupid Things

Nest Thermostat Glitch Leaves Users In The Cold, by Nick Bilton, New York Times

The Nest Learning Thermostat is dead to me, literally. Last week, my once-beloved “smart” thermostat suffered from a mysterious software bug that drained its battery and sent our home into a chill in the middle of the night.


Pendo Is A Beautiful, Thoughtful Way To Be More Organized, by Jeff Brynes, AppAdvice

Busy people are often looking for ways to make productivity easier. Dictating notes is a pretty common task, but what if you could dictate something and have it automatically converted into a Calendar event or contact? With Pendo – Write Notes, List To-Dos, Plan Calendar & Share Ideas, you can do exactly that and more.

The App That Never Forgets A Wild Night Out: Upshot Creates Shared Photo Albums Among Friends - And Deletes It A Week Later, by Stacy Liberatore, Daily Mail


Apple Reminds Developers To Start Using The Renewed Security Certificate, by Rich Edmonds, iMore

Apple has sent out a reminder to developers to update their dated security certifications for Apple Wallet, Safari push notifications or Safari extensions by February 14. The new Apple trusted certificate will expire in February 2023 and developers are strongly urged to include their renewed intermediate certificate, as well as their website push certificate in new Safari Push Notification package signatures by the aforementioned date.

Response To Apple's Announcement, by f.lux

Today we call on Apple to allow us to release f.lux on iOS, to open up access to the features announced this week, and to support our goal of furthering research in sleep and chronobiology.


Apple’s Slowing iPhone Sales Take Bite Out Of Suppliers’ Revenues, by Eva Dou, Wall Street Journal

Companies that make parts for Apple Inc. are warning of lower first-half revenue this year, in a sign of slowing sales of the latest iPhones.

Apple May Be On Hook For $8 Billion In Taxes After Europe Probe, by Adam Stariano, Bloomberg

The world’s largest company could owe more than $8 billion in back taxes as a result of a European Commission investigation into its tax policies, according to an analysis by Bloomberg Intelligence. Apple, which has said it will appeal an adverse ruling, is being scrutinized by regulators who have accused the iPhone maker of using subsidiaries in Ireland to avoid paying taxes on revenue generated outside the U.S.

Pew Report: Your Privacy For A Price? It Depends, by Michelle Quinn, San Jose Mercury News

Bottom of the Page

Young enough to want to stay up late to watch some TV. Old enough to start falling asleep at 9.30pm.


Thanks for reading.