…from:
http://www.macrumors.com/2016/03/24/apple-pulls-ios-9-3-older-devices/
[Update: Apple has released a new build of iOS 9.3 for the iPad 2 and may be planning to roll out updates for additional devices. Apple has not yet resumed signing iOS 9.3 for affected devices. ]
Apple Temporarily Pulls iOS 9.3 Update for Older iOS Devices
Thursday March 24, 2016 5:01 pm PDT by Juli Clover<http://www.macrumors.com/author/juli-clover/>
Apple has temporarily stopped offering the iOS 9.3<http://www.macrumors.com/roundup/ios-9> update for older devices like the iPad Air and earlier and the iPhone 5s<http://www.macrumors.com/roundup/iphone-5s> and earlier due to installation issues some users have experienced. On older devices, iOS 9.3 requires users to input the Apple ID and password originally used to set up the device, which can lead to the device becoming stuck at the Activation Lock screen if the original account information can't be recalled.
In a statement given to iMore<http://www.imore.com/apple-working-ios-93-fix-ipad-2>, Apple says it is working on a fix and plans to issue a new version of iOS 9.3 in the next few days. Customers with an affected device who attempt to download iOS 9.3 during this time will not be able to install the update as Apple has stopped signing it.
[activateiphoneerror]
Updating some iOS devices (iPhone 5s and earlier and iPad Air and earlier) to iOS 9.3 can require entering the Apple ID and password used to set up the device in order to complete the software update," an Apple spokesperson told iMore. "In some cases, if customers do not recall their password, their device will remain in an inactivated state until they can recover or reset their password. For these older devices, we have temporarily pulled back the update and will release an updated version of iOS 9.3 in the next few days that does not require this step."
For customers who have already installed iOS 9.3 and have gotten stuck at the Activation Lock, Apple has published a support document<https://support.apple.com/en-us/HT206203> with steps on how to solve the issue. Apple recommends removing Activation Lock via iCloud<http://www.macrumors.com/roundup/icloud> or attempting to enter an Apple ID or password through iTunes.
I had expected to see this on some news casts but it doesn’t seem to have made it:
…from:
http://www.cbc.ca/news/business/email-scam-bank-canada-1.3470840?cmp=rss
Bank of Canada warns of email scam using its name and logo
The Bank of Canada is warning Canadians about an email and social media scam using its name and logos. (Reuters)
The Bank of Canada is warning Canadians not to fall for an email scam that tries to extort money or personal information using its name.
In a press release Tuesday, it says the scams on email and social media are using its name, logos and letterhead without authorization.
It is warning consumers that it does not:
* Accept deposits from individuals.
* Collect personal or financial information via email.
* Request personal or financial information through social media.
People should not follow any links included in social media or email messages purported to be from the Bank of Canada, the bank said.
Anyone who receives such a message should delete it and contact local authorities.
The Bank of Canada is the country's central bank, meaning it sets monetary policy, issues currency and works to keep the financial system stable. The only deposits it handles are from government and financial institutions.
The real Bank of Canada can be contacted at www.bankofcanada.ca<http://www.bankofcanada.ca> or at its Public Information Office at 1-800-303-1282,
Last year, some Canadians were taken in by fraudsters who pretended to be from the Canada Revenue Agenc<http://www.cbc.ca/news/canada/windsor/canada-revenue-agency-scam-targeting-…>y and demanded "back taxes."
Cyber-criminals are increasingly sophisticated in trying to dupe users to extort money or give up personal information that can help them break into bank accounts or credit cards.
…from:
http://gizmodo.com/if-you-want-to-keep-using-your-kindle-you-need-to-upda-1…
If You Want To Keep Using Your Kindle, You Should Update It Immediately
If you own one of Amazon’s pre-2012 Kindles, listen up: there’s a critical update that you need to install if you want to keep using it, and you must do so before March 22nd.
According to an update on the company’s help community<https://www.amazon.com/gp/help/customer/forums/kindleqna/ref=cs_hc_k_anmt?i…>, a new update is required for anyone using a pre-2012 device that has not connected it to the internet since October 5th, 2015.
Customers using an outdated software version on Kindle e-readers, or that have not connected wirelessly since October 5, 2015, require an important software update by March 22, 2016, in order to continue to download Kindle books and use Kindle services.
Failure to do so, the company warns, and you won’t be able to connect to Amazon’s Cloud, access the Kindle Store, or use any other services through the device. After March 22nd, you will also have to update the device manually, by downloading the patch and updating it through your computer.
Fortunately, Amazon has provided a chart<http://www.amazon.com/gp/help/customer/display.html?nodeId=201994710&tag=gi…> that outlines which Kindles need which updates, and how to go about doing it:
Device and Year Software Version Your Device Needs Update via Wireless (2G/3G) or Wi-Fi
Kindle 1st Generation (2007) 1.2.1 Use Wireless
Kindle 2nd Generation (2009) * 2.5.8 Use Wireless
Kindle DX 2nd Generation (2009) * 2.5.8 Use Wireless
Kindle Keyboard 3rd Generation (2010) ** 3.4.2 or higher Use Wi-Fi
Kindle 4th Generation (2011) 4.1.3 or higher Use Wi-Fi
Kindle 5th Generation (2012) 4.1.3 or higher Use Wi-Fi
Kindle Touch 4th Generation (2011) ** 5.3.7.3 or higher Use Wi-Fi
Kindle Paperwhite 5th Generation (2012) ** 5.6.1.1 or higher Use Wi-Fi
Kindle Paperwhite 6th Generation (2013) No Update Needed No Update Needed
Kindle 7th Generation (2014) No Update Needed No Update Needed
Kindle Voyage 7th Generation (2014) No Update Needed No Update Needed
Kindle Paperwhite 7th Generation (2015) No Update Needed No Update Needed
The update provides a really good reminder to keep your device up to date, but also the fact that even if your books and purchases are on the cloud, you won’t always be able to reach them.
[Amazon<https://www.amazon.com/gp/help/customer/forums/kindleqna/ref=cs_hc_k_anmt?i…>, Engadget<http://www.engadget.com/2016/03/20/amazon-kindle-crucial-update/>]
…from:
http://www.engadget.com/2016/03/16/celeb-photo-hacker-charged/
Man pleads guilty to hacking celebrity accounts for photos
He admitted to phishing users for access to Gmail and iCloud accounts.
Mariella Moon , @mariella_moon
The celebrities affected by the massive nude photo leak in 2014 got some answers today. A 36-year-old man from Pennsylvania named Ryan Collins has been charged with computer hacking felony for infiltrating over 50 iCloud and 72 Gmail accounts. He has also agreed to plead guilty to one count of unauthorized access to a protected computer, according to the US Attorney's Office of the Central District of California. In his plea deal, Collins admitted to executing a phishing scheme to obtain celebs' usernames and passwords from November 2012 to September 2014. Once he got access to their accounts, he searched for and stole explicit images. In some cases, he even downloaded people's entire iCloud backups.
If you'll recall, Apple denied that the hacker exploited an iCloud flaw to access its users' accounts back then. Based on Collins' statement, the company was telling the truth. The hacker didn't take advantage of a security vulnerability: he phished his victims (who include Jennifer Lawrence, Kate Upton and many other female celebrities) or tried to guess their passwords.
That's why FBI Assistant Director David Bowdich warns:
"We continue to see both celebrities and victims from all walks of life suffer the consequences of this crime and strongly encourage users of Internet-connected devices to strengthen passwords and to be skeptical when replying to emails asking for personal information."
The feds aren't done investigating the case yet, but so far, they haven't found any evidence that Collins himself shared or uploaded the images and videos he stole. He's now facing a maximum sentence of five years in prison. If the judge agrees to both sides' recommendations, though, he could be out within 18 months.
[NOTE: if you do not have FLASH installed, you’re finished already]
You can check your FLASH version at:
https://helpx.adobe.com/flash-player.html
…you may see a message similar to this:
[cid:4876458E-FF32-41F7-87FE-8CED9BDEC423]
…after the upgrade you should see the following on the FLASH test page:
[cid:E97F04F3-F084-4F88-9F30-CB47D6EC50F1]
….from:
http://arstechnica.com/security/2016/03/adobe-issues-emergency-patch-for-ac…
Adobe issues emergency patch for actively exploited code-execution bug
Adobe has issued an emergency update for its Flash media player that patches almost two dozen critical vulnerabilities, including one that's being maliciously exploited in the wild.
"These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," Adobe officials wrote in an advisory published Thursday<https://helpx.adobe.com/security/products/flash-player/apsb16-08.html>. "Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks." The notice advises Flash users to install the update as soon as possible.
CVE-2016-1010 is the common vulnerabilities and exposures designation for an integer overflow vulnerability that allows attackers to remotely execute malicious code on vulnerable computers. Adobe credited Anton Ivanov of Kaspersky Lab with discovering the zero-day vulnerability but provided no additional details. In an e-mail, a Kaspersky representative wrote:
Today Adobe released the security bulletin APSB16-08, crediting Kaspersky Lab for reporting CVE-2016-1010. The vulnerability could potentially allow an attacker to take control of the affected system. Kaspersky Lab researchers observed the usage of this vulnerability in a very limited number of targeted attacks.
At this time, we do not have any additional details to share on these attacks as the investigation is still ongoing. Even though these attacks are rare, we recommend that everyone get the update from the Adobe site as soon as possible.
The patch brings the latest version of Flash to 21.0.0.182 for Windows and Mac and 11.2.202.577 for Linux. Google Chrome and some versions of Microsoft Internet Explorer and Edge browsers bundle their own version of Flash and will update automatically. Windows 7 users who use Flash must still update manually.
Once again, readers are advised to uninstall the Flash, Java, and Silverlight browser extensions to see if they're really necessary. For many people, they aren't, and the significantly decreased attack surface greatly lowers the chances of being visited by remote code-execution attacks. People who rely on Flash to access a company intranet or other site should consider using a dedicated browser for that purpose.
…from:
http://arstechnica.com/tech-policy/2016/02/apple-prevails-in-forced-iphone-…http://www.macworld.com/article/3039452/security/judge-strikes-down-order-f…
….others
Apple prevails in forced iPhone unlock case in New York court
Ruling: All Writs Act can't be used to achieve goal that Congress hasn't granted.
by Cyrus Farivar<http://arstechnica.com/author/cyrus-farivar/> - Feb 29, 2016 5:23pm CST
A judge in New York ruled Monday<https://www.documentcloud.org/documents/2728314-Orenstein-Order.html> in favor of Apple in a case where investigators wanted the court to compel the company to unlock a seized iPhone 5S running iOS 7, which the company does have the ability to unlock.
This case involves a drug dealer who has already pleaded guilty. It pre-dates Apple's current battle with the government over a locked iPhone 5C<http://arstechnica.com/tech-policy/2016/02/apple-fires-back-at-doj-this-is-…> that belonged to one of the shooters in the December 2015 terrorist attack in San Bernardino—that case is due to be heard in court next month in nearby Riverside, California.
By contrast, the San Bernardino case involves an iPhone 5c, running iOS 9, which Apple says it cannot unlock. In the California case, federal investigators asked for and received an unprecedented court order compelling Apple to create a new firmware to unlock the device. Last week, Apple formally challenged<http://arstechnica.com/tech-policy/2016/02/apple-fires-back-at-doj-this-is-…> that order, and the outcome is pending.
However, on both coasts, Apple is fighting the government's attempt to use the same law, known as the All Writs Act—an obscure catchall statute that dates back to the 18th Century. There are several related AWA cases involving unlocking Apple devices that remain pending nationwide.
US Magistrate Judge James Orenstein ruled that what the government was asking for went too far.
The ruling, the first of its kind on the topic, has no legal bearing on the outcome of the California case as they are proceeding in different federal judicial districts. Apple hopes, however, that that Riverside judge will be "persuaded" by the decision, according to a company executive who was granted anonymity on a call with reporters.
As the judge wrote in his Monday ruling:
In short, whatever else the AWA's "usages and principles" clause may be intended to accomplish, it cannot be a means for the executive branch to achieve a legislative goal that Congress has considered and rejected. But because such rejection can take many forms, only one of which (and arguably the least likely in most circumstances) is outright prohibition, the government's argument here is manifestly irreconcilable with the statute.
The New York case began back in October 2015, when Judge Orenstein invited Apple to tell the court why it felt that the government<http://arstechnica.com/tech-policy/2015/10/feds-since-apple-can-unlock-ipho…> could not compel it to unlock a seized phone. At the time, bringing Apple into a case like this was new.
Nine days later, defendant Jun Feng pleaded guilty<https://www.documentcloud.org/documents/2499370-jun-feng-guilty-plea.html> to one count of conspiracy to distribute and possess with intent to distribute methamphetamine. Judge Orenstein then asked the government why the issue of Apple's compliance was not pointless given the guilty plea. In the government's own filing<https://www.documentcloud.org/documents/2711972-123111286409.html#document/…>, dated October 30, 2015, prosecutors said that the investigation was not over and that it still needed data from Feng's phone.
If Feng's phone had iOS 8 or later installed—as 90 percent of iPhones do—this entire issue would likely be moot. Apple now enables full encryption by default, and the company specifically said the move happened<http://arstechnica.com/apple/2014/09/apple-expands-data-encryption-under-io…> "so it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
How far can you go?
Another key portion of the ruling showed that Judge Orenstein is particularly concerned with the government’s expansive view of this law, and addressed head-on the government’s assertion that because Apple licenses, rather than sells its software means that the company retains some amount of control over it.
As he wrote<https://www.documentcloud.org/documents/2728314-Orenstein-Order.html#docume…>:
In a world in which so many devices, not just smartphones, will be connected to the Internet of Things, the government's theory that a licensing agreement allows it to compel the manufacturers of such products to help it surveil the products' users will result in a virtually limitless expansion of the government's legal authority to surreptitiously intrude on personal privacy.
…
But the concern about whether the AWA, as construed by the government, would confer on the judiciary an overbroad authority to override individual autonomy cannot be so easily avoided in this case. Nothing in the government's arguments suggests any principled limit on how far a court may go in requiring a person or company to violate the most deeply-rooted values to provide assistance to the government the court deems necessary.
Judge Orenstein also noted that he "deliberately" asked the government during oral arguments how far its interpretation of the All Writs Act could go. Could federal authorities, for example, compel the manufacturer of lethal injection drugs to make them over corporate moral objections?
The government didn’t answer during oral arguments, but said in a later filing that it would simply depend on the circumstances, which Judge Orenstein found unsatisfying.
"If the government cannot explain why the authority it seeks here cannot be used, based on the same arguments before this court, to force private citizens to commit what they believe to be the moral equivalent of murder at the government's behest, that in itself suggests a reason to conclude that the government cannot establish a lack of unreasonable burden," he concluded.
Orenstein’s opinion parallels arguments that Apple made in its San Bernardino filing<https://www.documentcloud.org/documents/2722196-Motion-to-Vacate-Brief-and-…>just last week.
As its lawyers wrote then:
Finally, given the government’s boundless interpretation of the All Writs Act, it is hard to conceive of any limits on the orders the government could obtain in the future. For example, if Apple can be forced to write code in this case to bypass security features and create new accessibility, what is to stop the government from demanding that Apple write code to turn on the microphone in aid of government surveillance, activate the video camera, surreptitiously record conversations, or turn on location services to track the phone’s user? Nothing.
Headed for the Supreme Court?
Similarly, privacy law scholars roundly hoped that this case would exert some influence over the case pending before the court in California.
"It's a meticulous and scholarly opinion," Alex Abdo<https://www.aclu.org/bio/alex-abdo>, an attorney for the American Civil Liberties Union, told Ars. "It should be a roadmap for any court considering one of these requests from the government."
Rep. Ted Lieu<https://lieu.house.gov/> (D-Calif.), one of just four congressmen to hold a computer science degree, also applauded the ruling.
"I am very pleased with the decision, because it validates what I and others have been saying which is that Congress specifically rejected the FBI's proposal to put in backdoors to weaken encryption and now they're trying to do it through a 1789 law that is not appropriate for the situation," he told Ars.
The New York case could be appealed up to the 2nd Circuit Court of Appeals, and similarly, the California case could move up to the 9th Circuit Court of Appeals. If those appellate courts disagree with each other as to the limits of the All Writs Act, constituting a "circuit split," that probably would set the stage for a ruling at the nation's highest court.
"Ultimately, if the federal courts in California and New York disagree about how much authority the AWA gives the government to force Apple to unlock iPhones, the conflict could only be resolved by Congress clarifying the law or the Supreme Court settling it," Neil Richards<https://law.wustl.edu/faculty/pages.aspx?id=314>, a law professor at Washington University in St. Louis, told Ars.