4 Reasons Why Apple’s iBeacon Is About to Disrupt Interaction Design | Wired Design | Wired.com

4 Reasons Why Apple’s iBeacon Is About to Disrupt Interaction Design | Wired Design | Wired.com.

Estimote is right in the ballpark. Let the game begin.

Tagged with: ,
Posted in Technology

iBeacon Pioneers Estimote Raise $3.1M Seed Round | TechCrunch

iBeacon Pioneers Estimote Raise $3.1M Seed Round | TechCrunch.

In the future apps will not be designed just for smartphones. They will also be developed and installed on top of retail stores and other real world locations – like airports, museums or hospitals,” said Krzych. “We are shipping thousands of beacons per week and more than 10,000 developers around the world are already experimenting with Estimote beacons in contextual computing applications.

 

Incredible progress…

Tagged with: ,
Posted in Technology

The Estimotes have Arrived – Lets go Shopping on Mobile | Ovations Group Blog

The Estimotes have Arrived – Lets go Shopping on Mobile | Ovations Group Blog.

Great article on Estimote – you gotta love all the excitement surrounding our little beacons!

Tagged with: ,
Posted in Estimote

Getting Started with Estimote: 5 Things You Might Not Know | BEEKn

Getting Started with Estimote: 5 Things You Might Not Know | BEEKn.

Posted in Uncategorized

What is Apple’s new Secure Enclave? – Quora

TrustZone

via Apple Secure Enclave: What is Apple’s new Secure Enclave and why is it important? – Quora.

7 years in the oven – meticulously baked.

Apple has customised a highly optimised version of TrustZone and created what is now known as Secure Enclave. Apple will likely never release any specifics on what they are doing with their hardware for competitive and other reasons but the link above speaks directly of TrustZone in an attempt to provide detail on Secure Enclave.

Additional Security 

To use Touch ID you will also have to create a passcode as a backup. Only that passcode can unlock the phone if the phone is either rebooted (example full battery drain) or hasn’t been unlocked for 48 hours. This is a genius feature that is meant to set a time limit for criminals if try to find a way to circumvent the fingerprint scanner.

Touch ID Is Paradigm Changing

Apple has taken a very slow and methodical approach with the release of Touch ID.  We can see that there was a tremendous amount of amazing work that has gone into this project.  All of this convergence took over seven years of very hard work. It includes many patent applications, the acquisition of AuthenTec, the selection of the A7 processor and the integration of the TrustZone suite all baked together into what we now know as Touch ID.

This has been a long journey that has only just been made public and I am rather certain that Steve Jobs would be quite proud.

Tagged with:
Posted in Apple, iPhone

RSA warns developers not to use RSA products

A Few Thoughts on Cryptographic Engineering: RSA warns developers not to use RSA products.

… trust is deteriorating beyond belief.

I can only quote this but it is truly bondeheaded but surely the NSA is behind this to some degree. Bare in mind. RSA is now using Dual_EC_DRBG as it’s flagship random generator. The real issue is:

  • it was shown to be a just plain bad random number generator all the way back in 2006
  • the NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe.

In today’s news of the weird, RSA (a division of EMC) has recommended that developers desist from using the (allegedly) ‘backdoored’ Dual_EC_DRBG random number generator — which happens to be the default in RSA’s BSafe cryptographic toolkit. Youch.

In case you’re missing the story here, Dual_EC_DRBG (which I wrote about yesterday) is the random number generator voted most likely to be backdoored by the NSA. The story here is that — despite many valid concerns about this generator — RSA went ahead and made it the default generator used for all cryptography in its flagship cryptography library. The implications for RSA and RSA-based products are staggering. In the worst case a modestly bad but by no means worst case, the NSA may be able to intercept SSL/TLS connections made by products implemented with BSafe.

So why would RSA pick Dual_EC as the default? You got me. Not only is Dual_EC hilariously slow — which has real performance implications — it was shown to be a just plain bad random number generator all the way back in 2006. By 2007, when Shumow and Ferguson raised the possibility of a backdoor in the specification, no sensible cryptographer would go near the thing.

Tagged with: ,
Posted in Security

“Why I Hacked Apple’s TouchID”, And Still Think It Is Awesome.

TouchID

Fooling Touch ID is anything but trivial, says security boffin | iMore.

Chaos Computer Club hacker Starbug created a fake fingerprint by scanning a real one, printing it and ultimately creating a fake print by transferring it to latex rubber or wood glue. The group claims that this is proof that biometric security isn’t effective and shouldn’t be used. Starbug calls his method “very straightforward and trivial.” (emphasis added)

If you visit Marc Roger’s blog, you will find how complex it was to hack Apple’s TouchID – it is not trivial and very expensive and there is expert level knowledge needed.

The article is excellent. By far, the most relevant comment made is:

Imagine a banking application where on startup you use a fingerprint for convenience – it’s nice and quick and only needs to ensure the right person has started it. However as soon as you want to do something sensitive like check a balance or transfer some funds we kick it up a notch by asking for a two factor authentication – the fingerprint and a 4 digit pin. This combination is strong enough to protect the user against most scenarios from physical theft through to phishing attacks.

Some further considerations on the impact of the hack:

Hacking TouchID relies upon a combination of skills, existing academic research and the patience of a Crime Scene Technician.

First you have to obtain a suitable print. A suitable print needs to be unsmudged  and be a complete print of the correct finger that unlocks a phone. … So in order to “hack” your phone a thief would have to work out which finger is correct AND lift a good clean print of the correct finger … Creating the fake fingerprint is arguably the hardest part and by no means “easy.” It is a lengthy process that takes several hours and uses over a thousand dollars worth of equipment including a high resolution camera and laser printer.

Tagged with:
Posted in Apple, Privacy, Security, Technical Insight, Technology

Who doesn’t love fseventer

FS_USAGE(1) BSD General Commands Manual FS_USAGE(1)

NAME
fs_usage — report system calls and page faults related to filesystem
activity in real-time

Screen Shot 2013-09-24 at 1.00.30 PM

I think everyone loves Robert Pointon’s fseventer which is sadly lacking Mavericks developer preview compatibility. Robert claims there is a bug in Mavericks that is responsible.

fseventer (as of June 2013) does not run on the developer preview of osx 10.9 Mavericks
Arguably it’s an Apple bug in that the OS requires helper tools to be code signed even though the user may set the system prefs for apps to say otherwise. We will investigate workarounds, but it’s likely fseventer will then only support 10.7+

The nice thing though is FS_USAGE. Try sudo fs_usage…

DESCRIPTION
The fs_usage utility presents an ongoing display of system call usage information pertaining to filesystem activity. It requires root privileges due to the kernel tracing facility it uses to operate. By default the activity monitored includes all system processes except the running fs_usage process, Terminal, telnetd, sshd, rlogind, tcsh, csh and sh. These defaults can be overridden such that output is limited to include or exclude a list of processes specified by the user.

fs_usage output

Tagged with: , ,
Posted in Apple, Terminal

Mac OS X’s Hidden Archive Utility Preference Pane

OS X Archive Utility

OS X Archive Utility

This is a great way to set behaviour to OS X’s built in compression/decompression utility aptly named Archive Utility.

So typically, you can just right click a file to compress it. The compression uses a a core service in OSX called Archive Utility. It can be found here, /System/Library/CoreServices/ArchiveUtility.

Archive Utility actually has a hidden System Preferences Pane that can be triggered for installation. It’s easy to do and adds configurability.

To add the said preference pane do the following:

Navigate to /System/Library/CoreServices/, right click on Archive Utility and choose “Show Package Contents” from the contextual menu. Now open the Contents folder followed by the Resources folder and double click the Archives.prefPane file. This will trigger System Preferences to open allowing you to install the preference pane. Once it is installed you will find it in System Preferences under the “Other category.”

…enjoy

Archive Utility Prefs Pane

Tagged with:
Posted in Apple, Technology

Inside the iPhone 5s | Chipworks Blog

Inside the iPhone 5s | Chipworks Blog.

The iPhone A7 Cores are truly beefy. It’s not about the number of cores. This thing can still beat up a 4 core Samsung without a problem.

You can download Chipworks knowledge of Apple

 

Tagged with: , ,
Posted in Apple, iOS, iPhone
Follow me on Twitter
Follow

Get every new post delivered to your Inbox.

Join 245 other followers

%d bloggers like this: