Archive for the ‘Apple’ Category

Quick and dirty updates.

Wednesday, August 30th, 2023

The Elvis gun went for $199,750. I don’t know if that’s inclusive of the bidder’s premium. (Previously.)

I wrote a while back about the criminal charges against Thomas Moyer, Apple’s security head and the somewhat related (I think) case against former Santa Clara County Sheriff Laurie Smith.

I missed, however, that the case against Moyer was dismissed in 2021.

But: a California appellate court reinstated the charges last week.

Friday’s opinion, written by Justice Daniel Bromberg, joined by Justices Adrienne Grover and Cynthia Lie, claimed that the evidence presented to the grand jury was “sufficient to raise a reasonable suspicion of such bribery.”

Appellate decision here. Interesting quote:

During the relevant time frame, the Santa Clara County Sheriff’s Office rarely issued CCW licenses. Indeed, the office’s practice was to not even process an application for a CCW license absent a special instruction to do so. Only Sheriff Laurie Smith and a small number of others in the Sheriff’s Office had the authority to give such instructions. One of those individuals was Rick Sung, who appears to have run Sheriff Smith’s 2018 re-election campaign and after the election became the undersheriff, second in command to the sheriff. Undersheriff Sung also had authority to place license applications on hold even after licenses were signed by the sheriff.

Obit watch: May 5, 2023.

Friday, May 5th, 2023

Katie Cotton, former Apple PR head.

“She was formidable and tough and very protective of both Apple’s brand and Steve, particularly when he got sick,” Walt Mossberg, a former technology columnist for The Wall Street Journal, said in a phone interview, referring to Mr. Jobs’s diagnosis of pancreatic cancer in 2004. He added: “She was one of the few people he trusted implicitly. He listened to her. She could pull him back from something he intended to do or say.”

Ms. Cotton also chose which reporters could speak to Mr. Jobs (even though he would occasionally speak, on his own, to journalists he knew well). In 1997 she invited a Newsweek reporter, Katie Hafner, to watch the first commercial in Apple’s new “Think Different” advertising campaign, along with Mr. Jobs.
A tribute to “the crazy ones, the misfits, the rebels and the troublemakers,” a narrator intoned as the commercial opened with a still picture of Mr. Jobs holding an apple in his left hand and continued with clips of people who changed the world, among them Albert Einstein, Pablo Picasso, John Lennon, the Rev. Dr. Martin Luther King Jr., Thomas Edison and Muhammad Ali.
“I looked over and Steve was crying,” Ms. Hafner, who wrote about Apple for Newsweek and later for The New York Times, said in a phone interview. “I looked at Katie and I couldn’t tell if she was moved or feeling triumphant — I don’t know — but I was filled with admiration for her, because she knew how to play this and to give me access.”
Richard Stengel, a former managing editor of Time magazine, said in an email that Mr. Jobs “would call me five or six times in a day to tell me I should do a story or not,” and that Ms. Cotton would “frequently call right after and gently apologize or pull back something he had said.” He added, “She was very loyal, but she saw him in an unvarnished way.”

She was 57.

Random gun-related crankery.

Thursday, September 8th, 2022

I like watches.

But not in the way other people do. I’m not so much into the expensive high-end mechanical watches (I think they’re cool, but not $180,000 cool) but weird digital watches. I’ve actually worn two Casio Triple Sensors and am on my second moon phase and tide watch.

Yes, I do find it increasingly hard to justify watches when my phone pretty much does every possible function I could want. But I digress. Trust me, I’m going somewhere.

Did you know Garmin makes a watch with Applied Ballistics software built-in? Yeah, really. It’s $1,600.

“So?”

The Apple Watch Ultra is $800. Apple claims that they already have a full-blown recreational dive computer on it. I’m wondering: what will the Garmin watch do that the Apple Ultra won’t? Other than battery life: the Garmin has a solar cell which boosts battery life before recharging.

How long do you think it’s going to be before we start seeing advanced ballistic apps that run well on the Ultra? My guess is not too long. You’ll probably need a smartphone to set up and load cartridge profiles and such, but if I’m reading Garmin’s marketing right the same thing applies.

I’ve said before: I like Apple stuff in my personal life because it just works. My work computer is a Mac (full-time employees have a choice between Mac and PC), but the machines I work on are UNIX boxes with a thick layer of Python slathered all over them. I’ve worked professionally with PCs and Windows servers before, and would do it again for money. When it comes to the platform wars, I am a conscientious objector.

I’m just thinking: I haven’t bought an Apple Watch before now because the value proposition hasn’t quite been there for me. But it is getting closer to being there, especially looking at the new Ultra.

(If I don’t buy one before that time: continuous blood glucose monitoring is the one thing that absolutely would push me over the edge. Unfortunately, it feels like that’s one of those things that’s been five years away for the past 20 years.)

DEFCON 30 notes.

Monday, August 15th, 2022

Lawrence (who I hope is feeling better) pinged me over the weekend about missing DEFCON 30 coverage. (At least, that’s what I think he was pinging me about: his email was kind of cryptic.)

There are some things going on here.

One is that, as I said last week, I was in a mood. It takes a lot of time and effort to pull together the preliminary list of DEFCON panels, the day to day coverage, and the post-DEFCON writeups. That effort is even harder now, because Twitter has pretty much removed the ability to view more than a couple of a person’s tweets without being signed in. I just didn’t have it in me last week.

Which kind of leads to the second reason: it just doesn’t seem that my DEFCON coverage gets the level of engagement that justifies the effort. As far as I can tell, people just aren’t all that interested in it. That may be (probably is) a flaw on my part as a writer, it may be that my audience just isn’t interested in computer security subjects, or it may be that I’m completely misreading what people are interested in.

It also feels like DEFCON has moved beyond me in the post-Wuhan Flu world. It used to feel like a gathering of one of my tribes. Now, it costs $360 (“with a processing fee of $9.66 added to online orders”). Masks are required. And supposedly, you may run into trouble with the hotel if you want to bring a legal firearm. (Hattip: McThag.) They’re also still doing that weird “semi-hybrid” model again, and I’m just not willing to spend a bunch of time hanging out on Discord.

(I’m pretty sure I stayed at that “s–tball” Travelodge on my last DEFCON trip. “they just want their $56 per night and prefer you to not leave used heroin works in the potted plants outside” seems pretty accurate.)

The last thing is: I’ve seen almost no other coverage or discussion of DEFCON 30 this year. At least not in the places I’d expect to see it: Wired, ArsTechnica, or HackerNews. ThreatGrid did a round-up post this morning if you want a different take than mine, but other than that, I’ve seen nothing.

I went and checked the schedule (which you can find here: I haven’t found the media server yet.) One thing that is really nice is that they’ve added much more information to the schedule entries, including links and references where available.

And…there just are not a lot of presentations this year that I find interesting. I can see why people would be interested in “Computer Hacks in the Russia-Ukraine War“, but at only 20 minutes, I have questions.

Maybe “Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)” because Bluetooth, but that’s not so much breaking Bluetooth as it is pretending to be a legit Bluetooth device.

The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks” and “Process injection: breaking all macOS security layers with a single vulnerability” probably have some relevance to Apple folks. So does “The hitchhacker’s guide to iPhone Lightning & JTAG hacking“. And I can see the interest in “Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal“, but I don’t have a Starlink terminal to play with.

“You’re Muted Rooted” has the Zoom thing going for it. I’ll confess to a small amount of interest in “HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!” and no interest at all in this year’s “Hippy, please.” one.

“Defeating Moving Elements in High Security Keys” does sort of get my attention. And that’s the last thing that does.

It just feels smaller and less interesting. Perhaps DEFCON is still finding their footing again after the last two years. I don’t know. I also don’t know if I’m going to do anything next year.

You’re going down in flames, you tax-fattened hyena! (#77 in a series)

Friday, December 17th, 2021

This is a couple days old, but I missed it. Hattip to Mike the Musicologist.

Santa Clara County Sheriff Laurie Smith was formally accused of “willful and corrupt misconduct” by a civil grand jury that had investigated the embattled official.

Court documents filed Tuesday revealed that jurors accused Smith of seven corruption-related acts, including favoritism and improperly issuing concealed-carry weapons permits.

Six involve ongoing criminal indictments alleging Smith engaged in political favoritism and traded favors by leveraging her control over issuing concealed-carry weapons permits.
The seventh accuses her of failing to cooperate with the county law-enforcement auditor in an investigation into negligence allegations stemming from a 2018 jail inmate’s injury that led to a $10 million county settlement, the Mercury News reported.

The articles I’ve read don’t say, but I’m 99 44/100ths percent sure that this is related to the Apple scandal that I wrote about a while back.

Now, I am not a lawyer, I am not a California lawyer, and I am especially not Perry Mason. (They renewed that crap for a second season? What is wrong with people?)

But, as I understand it, the “civil grand jury” indictments are not criminal. The “civil grand jury” in California is chartered to investigate “actions or performance of city, county agencies or public officials.”

The jurisdiction of the Civil Grand Jury is limited by statute and includes the following:

  • Consideration of evidence of misconduct against public officials to determine whether to present formal accusations requesting their removal from office
  • Inquiry into the condition and management of public prisons within the county
  • Investigation and report on the operations, accounts, and records of the officers, departments, or functions of the county including those operations, accounts, and records of any special legislative district or other district in the county pursuant to state law for which the officers of the county are serving in their ex officio capacity as officers of the districts
  • May investigate the books and records of any incorporated city or joint powers agency located in the county

So this isn’t the equivalent of criminal charges, but it is a grand jury saying “We think you’re corrupt as fark”.

It also has the authority to launch the process of removing an elected official from office. Accusations can be taken to trial by district attorneys.

More from KRON4:

Count 1: Illegally issuing concealed carry weapon permits (CCW) to VIP’s
Count 2: Failing to properly investigate whether non-VIP’s should receive CCW permits
Count 3: Keeping non-VIP CCW applications pending indefinitely
Count 4: Illegally accepting suite tickets, food, and drinks at Sharks game
Count 5: Failing to report Sharks game gifts on financial documents
Count 6: Committing perjury by failing to disclose Sharks game gifts
Count 7: Failing to cooperate with internal affairs investigation surrounding treatment of Andrew Hogan

How do you like them Apples?

Tuesday, November 24th, 2020

This is another one of those weird intersections.

Apple’s head of security, Thomas Moyer, was indicted last week along with three other people. The others were Harpreet Chadha (an insurance broker), Santa Clara Undersheriff Rick Sung and Captain James Jensen.

Why is this weird? Because it is also a gun thing, and you don’t often see “Apple” and “guns” together.

Specifically:

Sung—second in rank only to Sheriff Laurie Smith in the sheriff’s office—is accused of deliberately holding back four concealed carry weapons (CCW) permits for Apple’s security team until the Cupertino-based corporation agreed to donate 200 iPads worth about $75,000 to the Sheriff’s Office, Rosen said. Sung and Jensen allegedly worked together to solicit the exchange of CCW permits for the tech donation from Apple.

In another incident, Sung “extracted” a promise from Chadha for $6,000 worth of luxury box suites at a San Jose Sharks game on Valentine’s Day, 2019, before issuing Chadha a CCW permit, [DA Jeff] Rosen said.
“Sheriff Laurie Smith’s family members and some of her biggest supporters held a celebration of her reelection as sheriff in Chadha’s suite,” Rosen said.

All of this is part of an ongoing investigation into Sheriff Smith’s office. Captain Jensen was previously indicted in August:

The original August conspiracy and bribery indictment alleges Jensen, political fundraiser Christopher Schumb, attorney Harpaul Nahal and local gun-maker Michael Nichols — the other three people indicted– arranged to get up to a dozen concealed-carry weapons permits to the executive security firm AS Solution, in exchange for $90,000 in donations to support Smith’s contentious re-election bid against former undersheriff John Hirokawa.

Obit watch: February 21, 2020.

Friday, February 21st, 2020

I can’t put this one any better than the paper of record did:

Sy Sperling, Founder of Hair Club for Men (and Also a Client), Dies at 78

Several people sent me obits for Lawrence Tesler:

Mr. Tesler worked at a number of Silicon Valley’s most important companies, including Apple under Steve Jobs. But it was as a young researcher for Xerox at its Palo Alto Research Center in the 1970s that he did his most significant work: helping to develop today’s style of computer interaction based on a graphical desktop metaphor and a mouse.
Early in his Xerox career (he began there in 1973), Mr. Tesler and another researcher, Tim Mott, developed a program known as Gypsy, which did away with the restrictive modes that had made text editing complicated. For example, until Gypsy, most text-editing software had one mode for entering text and another for editing it.

The Gypsy program offered such innovations as the “cut and paste” analogy for moving blocks of text and the ability to select text by dragging the cursor through it while holding down a mouse button. It also shared with an earlier Xerox editor, Bravo, what became known as “what you see is what you get” printing (or WYSIWYG), a phrase Mr. Tesler used to describe a computer display that mirrored printed output.

It was Mr. Tesler who gave Mr. Jobs the celebrated demonstration of the Xerox Alto computer and the Smalltalk software system that would come to influence the design of Apple’s Lisa personal computer and then its Macintosh.

The NYT ran a nice obit for Kellye Nakahara Wallett. There’s also a very good tribute to her on Ken Levine’s blog.

Esther Scott, actress. (“Boys N the Hood”)

Ja’Net DuBois, “Willona Woods” on “Good Times” and co-writer and performer of the theme for “The Jeffersons”.

Bonnie MacLean, another one of the 1960s San Francisco psychedelic poster artists.

Black Hat/DEFCON 27 links: August 9, 2019.

Friday, August 9th, 2019

Some more stuff I’ve stumbled across from Black Hat:

I expect to be somewhere between slightly and highly busy this weekend, so updates will be catch as catch can. It might be Monday before I can pull more stuff together, but I’ll try as best as I can to get updates before then.

Black Hat/DEFCON 27 links: August 8, 2019.

Thursday, August 8th, 2019

So here’s the first round of stuff from Black Hat and DEFCON 27. I apologize that I’m just posting links, but I haven’t had time to really digest any of these presentations, and I want to get the links up while they are still semi-timely:

  • “Look, No Hands! — The Remote, Interaction-less Attack Surface of the iPhone” by Natalie Silvanovich. Slides here. Google Project Zero blog post here.
  • “Bypassing the Maginot Line: Remotely Exploit the Hardware Decoder on Smartphone” by Xiling Gong and Peter Pi. White paper here. Slides here. Blog post here.
  • “Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)” by Sean Metcalf and Mark Morowczynski. Slides here.
  • “Reverse Engineering WhatsApp Encryption for Chat Manipulation and More” by Roman Zaikin and Oded Vanunu. Slides here.

I think it’s still early for today’s Black Hat and DEFCON presentations. I may try to get another post up tonight.

DEFCON 27/Black Hat 2019 preliminary notes.

Thursday, August 1st, 2019

DEFCON 27 starts a little later than I’m used to this year (August 8th, so a week from today.) Black Hat 2019 starts August 7th. Black Hat schedule is here. DEFCON schedule is here.

Again this year, I’m not going. While I feel like I’m moving closer to the point where I’m ready to return (expenses paid or expenses unpaid) I’m not quite where I want to be yet to go on my own dime. And as far as the company paying for me to go…not this year, for reasons I won’t go into. (Nothing bad. At least I don’t think so. Just don’t want to run my mouth about internal stuff.)

So, as usual: what would I go to, if I were going?

Let’s look at the DEFCON schedule first.

(more…)

Here in my car…

Thursday, July 5th, 2018

I bought a new to me car last Saturday. It’s a 2006 Honda Accord EX-L that had 82,000 miles on it (not bad, in my opinion, for a 12 year old car) and has quite few features I like: leather interior, sun roof, cabin air filter, power seats, and even seat heaters for that one month a year when those are actually useful in Texas. (Also ABS. I’m not clear on whether it has traction control or not. I checked the Honda-Tech VIN decoder and while it is useful, it doesn’t talk about traction control.)

Now that I have the car, I splurged on a couple of things. I got a dashcam for it: the Papago GoSafe 535, which is what the Wirecutter currently recommends. That one has gone up by about $13 in the couple of days since I ordered it, and it really wasn’t my first choice. I wanted the Spy Tec G1W-C, which was a previous Wirecutter choice that I bought for my mother’s car and have been happy with. But by the time I was ready to order, Amazon had sold out of the Spy Tec.

My other splurge item was a LELink Bluetooth Low Energy BLE OBD-II car diagnostic tool. Why? Several reasons:

(more…)

Random jumbled notes: August 6, 2017.

Wednesday, September 6th, 2017

I had no idea Tillman Fertitta could command that kind of money. (Also: the Rockets are worth more than the Clippers? And $85 million to $2.2 billion over 24 years? That’s an APR of about 14.5%, if I ran the numbers right. Anyone want to check me? ETA: Actually, I think I left a “0” off when I was doing the calculation the first time: it looks more like a 26% APR. ETA again: No, I was right the first time. I haven’t had enough coffee this morning.)

Speaking of return on investment, here’s a stock tip from WCD: sell this one short.

Over the past decade, the DNA laboratory in the office of […] chief medical examiner emerged as a pioneer in analyzing the most complicated evidence from crime scenes. It developed two techniques, which went beyond standard practice at the F.B.I. and other public labs, for making identifications from DNA samples that were tiny or that contained a mix of more than one person’s genetic material.

Now these DNA analysis methods are under the microscope, with scientists questioning their validity. In court testimony, a former lab official said she was fired for criticizing one method, and a former member of the […] Commission on Forensic Science said he had been wrong when he approved their use. The first expert witness allowed by a judge to examine the software source code behind one technique recently concluded that its accuracy “should be seriously questioned.”

A coalition of defense lawyers is asking the […] inspector general’s office — the designated watchdog for the state’s crime labs — to launch an inquiry into the use of the disputed analysis methods in thousands of criminal cases. While the inspector general has no jurisdiction over the court system, any finding of flaws with the DNA analysis could prompt an avalanche of litigation. Previous convictions could be revisited if the flawed evidence can be shown to have made a difference in the outcome.

“Oh, man, you’re not writing about the APD crime lab again, are you?” Actually, I’m not: this time, it’s the New York City DNA lab.

I still really would like to read an “explain like I’m five” piece from someone who really knows DNA and DNA testing. On the one hand, nobody (myself included) wants innocent people to go to jail. On the other hand, it increasingly seems to me like a lot of these issues resolve around subtle and sometimes disputed interpretations of statistics and statistical data.

This also points up something that I keep thinking about, and deserves a longer essay: how do we, and how should we, validate scientific investigative techniques used in criminal prosecution? It isn’t just DNA: how did comparative bullet-lead analysis ever become accepted? Or bite-mark analysis?

And what do we currently think we know, that ain’t necessarily so? Is there statistical evidence that supports the use of drug dogs, or is it possible that this is a “Clever Hans” phenomena? Has anybody ever done a controlled study?

The great Cardinals scandal of 2015 was only the tip of the iceberg when it comes to high-tech sports cheating. (I know there’s a lot of biology and chemistry involved, but for some reason I don’t think of doping as “high-tech”.)

I’ve got a vague idea for a book series about a white hat computer security expert who specializes in investigating technological sports cheating: hacking other teams databases, abusing smart watches, maybe drone surveillance of practices, tapping into sideline radio communications…sort of a Myron Bolitar meets hacker riff. If anybody wants to take this idea, feel free.