Jump to content

Search the Community

Showing results for tags 'apple'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 25 results

  1. Apple has been fined 25 million euros (£21m, $27m) for deliberately slowing down older iPhone models without making it clear to consumers. The fine was imposed by France's competition and fraud watchdog DGCCRF, which said consumers were not warned. In 2017, Apple confirmed that it did slow down some iPhones, but said it only did so to "prolong the life" of the devices. Apple said in a statement that it had resolved the issue with the watchdog. Why does Apple slow down old iPhones? Many customers had long suspected that Apple slowed down older iPhones to encourage people to upgrade when a new one was released. In 2017, the company confirmed it did slow down some models as they aged, but not to encourage people to upgrade. It said the lithium-ion batteries in the devices became less capable of supplying peak current demands, as they aged over time. That could result in an iPhone unexpectedly shutting down to protect its electronic components. So, it released a software update for the iPhone 6, iPhone 6s and iPhone SE which "smoothed out" battery performance. The practice was confirmed after a customer shared performance tests on Reddit, suggesting their iPhone 6S had slowed down considerably as it had aged, but had suddenly speeded up again after the battery had been replaced. What did the regulator say? The French watchdog said iPhone owners "were not informed that installing iOS updates (10.2.1 and 11.2) could slow down their devices". As part of the agreement, Apple must display a notice on its French-language website for a month. It says Apple "committed the crime of deceptive commercial practice by omission" and had agreed to pay the fine. Does Apple still slow down older iPhones? Yes. Since Apple confirmed the practice in 2017, it has implemented it on several more iPhonesincluding: iPhone 6, 6 Plus, 6S, 6S Plus iPhone SE iPhone 7 and 7 Plus iPhone 8 and 8 Plus running iOS 12.1 or higher iPhone X running iOS 12.1 or higher iPhone XS, XS Max and XR running iOS 13.1 or higher The setting is only enabled when the battery begins to degrade, and iOS now offers clearer information to consumers about when performance management has been switched on. "The effects of performance management on these newer models may be less noticeable due to their more advanced hardware and software design," Apple said. Preluat de pe BBC
  2. Anul trecut (Noiembrie) am cumparat un iphone 6s din marea britanie (aici locuiesc). De la inceput am avut probleme cu bateria, se descarca repede si daca ma uit pe youtube 5-10 minute deja incepe sa se incalzeasca. Din 2008 am avut diverse modele de iphone-uri, dar niciodata nu am avut probleme cu bateria pana la iphone 6s-ul. Am fost acum 2 luni la un apple store sa-mi inlocuieasca bateria, pentru ca inca e in garantie, dar mi-au zis ca testul lor indica ca bateria e okay. Pentru ca am probleme din ce in ce mai des am facut o noua programare pentru sambata, ce ma sfatuiti sa fac sa iasa testul ca bateria nu mai e buna?
  3. Systems Affected Microsoft Windows with Apple QuickTime installed Overview According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1] (link is external) Description All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1] (link is external) The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows. [2] (link is external) [3] (link is external) Impact Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems. Solution Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime (link is external) page. [4] References [1] Trend Micro - Urgent Call to Action: Uninstall QuickTime for Windows Today (link is external) [2] Zero Day Initiative Advisory ZDI 16-241: (0Day) Apple QuickTime moov Atom Heap Corruption Remote Code Execution Vulnerabilit (link is external) [3] Zero Day Initiative Advisory ZDI 16-242: (0Day) Apple QuickTime Atom Processing Heap Corruption Remote Code Execution Vulner (link is external) [4] Apple - Uninstall QuickTime 7 for Windows (link is external) SOURCE: https://www.us-cert.gov/ncas/alerts/TA16-105A
  4. La intrebarea "de ce da Google vps gratuit?" raspunsul e: are bani de la Apple ========================= Alphabet's Google has quietly scored a major coup in its campaign to become an enterprise cloud computing powerhouse, landing Apple as a customer for the Google Cloud Platform, multiple sources with knowledge of the matter told CRN this week. Since inking the Google deal late last year, Apple has also significantly reduced its reliance on Amazon Web Services, whose infrastructure it uses to run parts of iCloud and other services, said the sources, who all requested anonymity to protect their relationships with the vendors. Apple has not abandoned AWS entirely and remains a customer, the sources said. http://bcove.me/f9j5ajd4 According to the sources, Google executives have told partners that Apple is spending between $400 million and $600 million on Google Cloud Platform, although this couldn’t be independently confirmed. Also unclear is whether this range refers to an annual spending rate or a set amount of capacity. AWS said Apple's move to work with Google does not signify "competitive defection." “It’s kind of a puzzler to us because vendors who understand doing business with enterprises respect [non-disclosure agreements] with their customers and don’t imply competitive defection where it doesn’t exist," said the AWS spokeswoman in an emailed statement sent to CRN late Wednesday. Spokespeople from Google and Apple weren’t immediately available for comment. Morgan Stanley, in a report released last month, estimated that Apple spends around $1 billion annually on AWS, but speculated that Apple may look to reduce that figure by moving more computing to its own data centers. Cupertino, Calif.-based Apple is spending $3.9 billion to build new data centers in Arizona, Ireland and Denmark, the first of which is set to open later this year. While it might seem odd for Apple to give business to a cloud service run by a bitter rival in the mobile device market, such arrangements aren’t uncommon in a public cloud market that’s seeing intense pricing pressure, particularly in compute and storage services. Reports of Apple using AWS and Microsoft Azure to run parts of its cloud services date back to 2011, although neither AWS nor Microsoft has ever confirmed that Apple is a customer. But in an Apple iOS Security white paper published in 2014, Apple acknowledged that encrypted portions of some iOS files are stored in Amazon S3 and Microsoft Azure. Mountain View, Calif.-based Google, which last November hired VMware co-founder and former CEO Diane Greene to lead its cloud business, is said to be aggressively forming partnerships and swinging deals to bring in large enterprise customers. Last month, Google signed up Spotify, which runs part of its streaming music service on AWS, as a cloud customer. CRN reported last month that Google and Verizon were in talks about a strategic partnership involving a Verizon-branded hybrid cloud service running on Google Cloud Platform. Although Google doesn’t break out cloud revenue, signing up Apple -- no matter what the size of the deal -- would give a huge boost to a vendor widely perceived as the distant No. 3 player behind AWS and Microsoft Azure in the public cloud. In the fourth quarter of last year, Google sales for only its Infrastructure-as-a-Service and Platform-as-a-Service products -- Compute Engine and App Engine -- came in under $300 million, according to an estimate from Synergy Research. That's seven times less than the respective business for AWS, John Dinsdale, Synergy's chief analyst, told CRN. Google entered the cloud market with a vow to undercut Seattle-based AWS on pricing, and industry watchers said Apple could gain pricing leverage with AWS and Microsoft by virtue of its Google cloud deal. Google's extensive fiber network linking its data centers is said to be a major competitive advantage when it comes to networking bandwidth costs. Cheaper networking would present significant savings for Apple data services like iCloud, iTunes and App Store, which must either push content to customers or shuttle massive amounts of backup data to the provider. "Google is laying a lot more fiber in a lot more areas, so they have a lot more reach [than other cloud players]," Michael Fraser, CEO of InfiniteOps, a cloud vendor that works with Google and other public cloud vendors, told CRN. Although Fraser said he doesn’t have direct knowledge of Apple's deal with Google, he believes that Google is getting better at winning enterprise customers because it offers superior performance and pricing. "Google is actually the cheapest play in the market when you take into consideration everything they're doing and when you take into account their various incentives," Fraser said. "[They offer the] most cost savings, lowest pricing for what you actually get." Fraser said Google Cloud Platform, according to his company’s internal testing, has "better performance than any of the other major cloud providers." While AWS is the cloud of choice for many startups that can't afford or don't want to build their own infrastructure, it also has a growing list of big-name enterprise customers. Google has seen a slower march of customers to its cloud, a list that includes Snapchat, PricewaterhouseCoopers, General Mills, Coca-Cola, HTC and Best Buy. AWS has such a huge lead in the public cloud space -- with a 31 percent share of the market in the fourth quarter compared with Google's 4 percent, according to Synergy -- that losing some of Apple’s business likely won’t leave a lasting impact. Market researcher Gartner said last May that AWS has more cloud capacity in use than its next 14 competitors combined. SOURCE
  5. APPLE <?php echo "<head> <style type=\"text/css\"><!-- body { background-color: #333333; font-size: 10pt; } body,td,th { color: #cccccc; } h2 { color: #FFCC00; } .business{ color:yellow; } .premier{ color:#00FF00; } .verified{ color:#006DB0; } body {font-family: 'Open Sans', sans-serif; font-size:12px} hr {border: 1px inset #E5E5E5} #form-container { border: 1px solid #ddd; border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; box-shadow: 0px 0px 15px #888; -moz-box-shadow: 0px 0px 15px #888; -webkit-box-shadow: 0px 0px 15px #888; margin: 30px auto; padding: 10px; width: 95%; text-shadow:1px 1px 4px rgba(0,0,0,0.3); } input[type='text'], textarea, select { border: 1px solid #ccc; -moz-border-radius: 5px; -webkit-border-radius: 5px; border-radius: 5px; -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, .15) inset; -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .15) inset; box-shadow: 0 1px 2px rgba(0, 0, 0, .15) inset; color: #424242; font-family: 'Open Sans', sans-serif; font-size: 13px; outline: none; padding: 2px; -moz-transition: border .2s linear, box-shadow .2s linear; -webkit-transition: border .2s linear, -webkit-box-shadow .2s linear; } input[type='text']:focus, input[type='checkbox']:focus, input[type='radio']:focus, textarea:focus, select:focus { border: 1px solid #80bfff; -moz-box-shadow: 0 0 3px #80bfff, 0 1px 2px rgba(0, 0, 0, .15) inset; -webkit-box-shadow: 0 0 3px #80bfff, 0 1px 2px rgba(0, 0, 0, .15) inset; box-shadow: 0 0 3px #80bfff, 0 1px 2px rgba(0, 0, 0, .15) inset; } textarea {width:99.5%; resize:none} input[type=text] {width:30px; text-align:center} /* =buttons---------------------------------------------- */ a.button:link, a.button:visited, button, input[type='submit'] { background: #eaeaea; background: -moz-linear-gradient(top, #efefef, #d8d8d8) #d8d8d8; background: -webkit-gradient(linear, left top, left bottom, from(#efefef), to(#d8d8d8)) #d8d8d8; background: linear-gradient(top, #efefef, #d8d8d8) #d8d8d8; border: 1px solid #ababab; -moz-border-radius: 3px; -webkit-border-radius: 3px; border-radius: 3px; -moz-box-shadow: 0 1px 2px rgba(0, 0, 0, .1), 0 1px 1px rgba(255, 255, 255, .8) inset; -webkit-box-shadow: 0 1px 2px rgba(0, 0, 0, .1), 0 1px 1px rgba(255, 255, 255, .8) inset; box-shadow: 0 1px 2px rgba(0, 0, 0, .1), 0 1px 1px rgba(255, 255, 255, .8) inset; color: #707070; font-family: 'Open Sans', sans-serif; font-size: 12px; -webkit-font-smoothing: antialiased; font-weight: bold; margin: 0; outline: none; padding: 5px 10px; text-align: center; text-shadow: 0 1px 1px rgba(255, 255, 255, .5); } a.button:hover, button:hover, input[type='submit']:hover { background: #f1f1f1; background: -moz-linear-gradient(top, #f6f6f6, #e3e3e3) #e3e3e3; background: -webkit-gradient(linear, left top, left bottom, from(#f6f6f6), to(#e3e3e3)) #e3e3e3; background: linear-gradient(top, #f6f6f6, #e3e3e3) #e3e3e3; cursor: pointer; } a.button:focus, button:focus, input[type='submit']:focus { background: -moz-linear-gradient(top, #f6f6f6, #e3e3e3) #e3e3e3; background: -webkit-gradient(linear, left top, left bottom, from(#f6f6f6), to(#e3e3e3)) #e3e3e3; background: linear-gradient(top, #f6f6f6, #e3e3e3) #e3e3e3; border: 1px solid #80bfff; -moz-box-shadow: 0 0 3px #80bfff, 0 1px 1px rgba(255, 255, 255, .8) inset; -webkit-box-shadow: 0 0 3px #80bfff, 0 1px 1px rgba(255, 255, 255, .8) inset; box-shadow: 0 0 3px #80bfff, 0 1px 1px rgba(255, 255, 255, .8) inset; } a.button:active, a.button.active, button:active, button.active, input[type='submit']:active, input[type='submit'].active { background: #e3e3e3; background: -moz-linear-gradient(top, #e3e3e3, #f6f6f6) #1b468f; background: -webkit-gradient(linear, left top, left bottom, from(#e3e3e3), to(#f6f6f6)) #1b468f; background: linear-gradient(top, #e3e3e3, #f6f6f6) #1b468f; -moz-box-shadow: none; -webkit-box-shadow: none; box-shadow: none; } --></style> <title>Apple Valid Email Checker</title> </head><div align=\"center\"></center>"; $emails = $_POST['emails']; print ' <div id="form-container"> <form method="POST"> <p align="center"><font face="Times New Roman" size="6">Apple Valid Email Checker</font></p> <p><textarea rows="10" name="emails" cols="48">'.$emails.'</textarea></p> <p><input type="submit" value="Submit" name="B1"></p> </form> </div>'; if (!empty($emails)) { $emails = explode("\r\n", $emails); $yes = 0; $not = 0; $inv = 0; $count = 1; print "<p align=\"left\">Checking <font color=\"#FFFFFF\"> <b>".count($emails)."</b></font> emails ....<br></p><p align=\"left\">"; foreach ( $emails as $email ) { $email = trim($email); print $count .". Checking <b><font color=\"#FFFFFF\">".$email."</font> ..... </b>"; $count++; if(filter_var($email, FILTER_VALIDATE_EMAIL)){ $_CheckAction = @file_get_contents('https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/validateAppleID?appleid='.$email.'') or Die('<b><font color="#FF0000">Server Error - Can\'t Check </font></b>'); if(!preg_match("/111/",$_CheckAction)) { print "<font size=\"3\" color=\"#7FFF00\">Yes</font> <br>"; $yes++; $vaild_yes .=$email."\n"; } else { print "<font color=\"#FF0000\">NO</font><br>"; $not++; $vaild_no .=$email."\n"; } } else { print "<font color=\"#FF0000\">Invaild email</font><br>"; $inv++; $invaild .=$email."\n"; } } print '<p><table border="0" width="100%"> <tr> <td><p align="center"><font face="Times New Roman" size="4">Apple emails</font> <b>(<font color="#7FFF00"><b>'.$yes.'</b></font>)</b> </p></td> <td><p align="center"><font face="Times New Roman" size="4">Not Apple emails</font> <b>(<font color="#FF0000">'.$not.'</font>)</b> </p> </td> <td><p align="center"><font face="Times New Roman" size="4">Invalid emails</font> <b>(<font color="#FF0000">'.$inv.'</font>)</b> </p> </td> </tr> <tr> <td><div id="form-container1"><textarea rows="10" name="S1" cols="43">'.$vaild_yes.'</textarea></div></td> <td><div id="form-container1"><textarea rows="10" name="S2" cols="43">'.$vaild_no.'</textarea></div></td> <td><div id="form-container1"><textarea rows="10" name="S3" cols="43">'.$invaild.'</textarea></div></td> </tr> </table></p>' ; } ?>
  6. Keychains raided, sandboxes busted, passwords p0wned, but Apple silent for six months Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's password-storing keychain, break app sandboxes, and bypass its App Store security checks. Attackers can exploit these bugs to steal passwords from installed apps, including the native email client, without being detected. The team was able to upload malware to Apple's app stores, and passed the vetting processes without triggering any alarms. That malware, when installed on a victim's Mac, raided the keychain to steal passwords for services including iCloud and the Mail app, and all those stored within Google Chrome. Lead researcher Luyi Xing told El Reg he and his team complied with Apple's request to withhold publication of the research for six months, but had not heard back as of the time of writing. They say the holes are still present in Apple's software, meaning their work will likely be consumed by miscreants looking to weaponize the work. Apple was not available for immediate comment. The Indiana University boffins Xing; Xiaolong Bai; XiaoFeng Wang; and Kai Chen joined Tongxin Li, of Peking University, and Xiaojing Liao, of Georgia Institute of Technology, to develop the research, which is detailed in a paper titled Unauthorized Cross-App Resource Access on Mac OS X and iOS. "Recently we discovered a set of surprising security vulnerabilities in Apple's Mac OS and iOS that allows a malicious app to gain unauthorised access to other apps' sensitive data such as passwords and tokens for iCloud, Mail app and all web passwords stored by Google Chrome," Xing told The Register's security desk. "Our malicious apps successfully went through Apple’s vetting process and was published on Apple’s Mac app store and iOS app store. "We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps." The team was able to raid banking credentials from Google Chrome on the latest OS X 10.10.3, using a sandboxed app to steal the system's keychain data and secret iCloud tokens, and passwords from password vaults. Photos were stolen from WeChat, and the token for popular cloud service Evernote was nabbed, allowing it to be fully compromised. "The consequences are dire," the team wrote in the paper. Some 88.6 per cent of 1,612 OS X and 200 iOS apps were found "completely exposed" to unauthorized cross-app resource access (XARA) attacks allowing malicious apps to steal otherwise secure data. Xing says he reported the flaws to Apple in October 2014. Apple security bods responded to the researchers in emails seen by El Reg expressing understanding for the gravity of the attacks, and asked for at least six months to fix the problems. In February, the Cupertino staffers requested an advanced copy of the research paper. Google's Chromium security team was more responsive, and removed keychain integration for Chrome, noting that it could likely not be solved at the application level. AgileBits, owner of popular software 1Password, said it could not find a way to ward off the attacks nor make the malware "work harder" some four months after it was warned of the vulnerabilities. ("Neither we nor Luyi Xing and his team have been able to figure out a completely reliable way to solve this problem," said AgileBits's Jeffrey Goldberg in a blog post today.) The team's work into XARA attacks is the first of its kind; Apple's app isolation mechanisms are supposed to stop malicious apps from raiding each other. The researchers found "security-critical vulnerabilities" including cross-app resource-sharing mechanisms and communications channels such as the keychain, WebSocket and Scheme. "Note that not only does our attack code circumvent the OS-level protection but it can also get through the restrictive app vetting process of the Apple Stores, completely defeating its multi-layer defense," the researchers wrote in the paper. They say almost all XARA flaws arise from Apple's cross-app resource sharing and communication mechanisms such as keychain for sharing passwords, BID based separation, and URL scheme for app invocation, which is different from how the Android system works. Their research, previously restricted to Android, would lead to a new line of work for the security community studying how the vulnerabilities affect Apple and other platforms. Here's the boffins' description of their work: Source
  7. Apple iOS 9 users will be required to use six-digit passwords instead of four-digit codes when logging in to a device. The tech giant also announced it would be using two-factor authentication for users signing into Apple services from a new device or browser. The updates will apply to all Apple devices enabled with TouchID. With the new authentication process, users will receive a verification code sent to their device after submitting their password. They will then have to enter the code in the new device or browser in order to gain access to apps and services. Apple unveiled the new features on Monday at its 2015 World Wide Developers Conference in San Francisco. The company also introduced new features including: Apple Music, Apple Car Play, Wallet and a public transit option in Apple Maps, available later this year. Source
  8. Today anywhere you go, you will come across Free or Public WiFi hotspots -- it makes our travel easier when we stuck without a data connection. Isn’t it? But, I think you’ll agree with me when I say: This Free WiFi hotspot service could bring you in trouble, as it could be a bait set up by hackers or cyber criminals to get access to devices that connects to the free network. This is why mobile device manufacturers provide an option in their phone settings so that the device do not automatically connects to any unknown hotspot and asks the owner for approval every time it comes across a compatible WiFi. Hackers can grab your Credit Card Data. Here’s How? Recently, security researchers from mobile security company 'Wandera' have alerted Apple users about a potential security flaw in iOS mobile operating system that could be exploited by hackers to set up a rogue WiFi spot and then fool users into giving up their personal information, including credit card details. The loophole leverages the weakness in the default behaviour of iOS devices, including iPhones, iPads and iPods, with WiFi turned on, Ars reported. This could let attackers create their malicious wireless hotspots and inject a fake "captive portal" page mimicking the genuine Apple Pay interface asking users to enter their credit card details. A hacker nearby a customer connecting an Apple Pay transaction could launch an attack in an attempt to force the victim’s mobile to connect to evil hotspot and then display a popup portal page which is designed in such a way that users could be fooled into believing Apple Pay itself is requesting to re-enter their Credit Card details. According to the researchers, spoofers can loaf around a point-of-sale (POS) machine with an Apple Pay terminal and could continuously launch the attack in order to victimize more people. However, the attack may not trick a large number of people because the fake captive portal page imitating Apple Pay interface is displayed under a fairly prominent "Log In" title bar, the report says. The simple and easiest workaround to prevent such attacks is to turn your device's Wi-Fi simply OFF if you are not intentionally connecting to a known Wireless network. Security researchers have warned Apple about the loophole and meanwhile recommended that Apple and Google should "consider adopting a secure warning when displaying captive portal pages to users so that users exercise caution." Source
  9. Researchers at Wandera, a mobile security company, have alerted Apple to a potential security vulnerability in iOS that could be used by attackers to fool users into giving up their credit card data and personal information. The vulnerability, based on the default behavior of iOS devices with Wi-Fi turned on, could be used to inject a fake "captive portal" page that imitates the Apple Pay interface. The attack leverages a well-known issue Ars has reported on in the past: iOS devices with Wi-Fi turned on will attempt by default to connect to any access point with a known SSID. Those SSIDs are broadcast by "probe" messages from the device whenever it's not connected to a network. A rogue access point could use a probe request capture to masquerade as a known network, and then throw up a pop-up screen masquerading as any web page or app. The Wandera attack uses this behavior to get a mobile device to connect and then presents a pop-up portal page—the type usually used when connecting to a public WiFi service to present a Web-based login screen—that is designed to resemble an Apple Pay screen for entering credit card data. The attack could be launched by someone nearby a customer who has just completed or is conducting an Apple Pay transaction so that the user is fooled into believing Apple Pay itself is requesting that credit card data is reentered. An attacker could loiter near a point-of-sale system with an Apple Pay terminal and continuously launch the attack. Considering that the fake captive portal page is displayed beneath a "Log In" title bar, this attack may not fool many people. “In high footfall locations, even a very small ratio of success will yield a large number of valuable credit card numbers," said Eldar Tuvey, CEO of Wandera, in a statement e-mailed to Ars. "It’s all so easy for them. Using readily available technology, which they may be discretely carrying about their person, hackers can for the first time focus their efforts where their victims are at their most susceptible—at the checkout.” The real vulnerability exploited here is iOS' automatic WiFi connection and the format in which iOS displays captive portal pages. There are some very simple ways to prevent this sort of attack—such as turning Wi-Fi off when not deliberately connecting to a network. The Wandera researchers reccommended that Apple and Google should "consider adopting a secure warning when displaying captive portal pages to users, so that users exercise caution." Additionally, they suggest that users close and re-open payment applications to enter credit card data and use the camera capture capability of the apps to input credit card data whenever possible. Ars spoke with an Apple spokesperson, and is awaiting an official response. However, as the screenshots show, this spoof looks considerably different from Apple Pay's actual interface, and a card registration screen popping up after a transaction is hardly expected behavior for the service. Apple Pay never asks for credit card data during a transaction. Ars will update this story as more information becomes available. Source
  10. Apple chief Tim Cook has made a thinly veiled attack on Facebook and Google for "gobbling up" users' personal data. In a speech, he said people should not have to "make trade-offs between privacy and security". While not naming Facebook and Google explicitly, he attacked companies that "built their businesses by lulling their customers into complacency". Rights activists Privacy International told the BBC it had some scepticism about Mr Cook's comments. "It is encouraging to see Apple making the claim that they collect less information on us than their competitors," Privacy International's technologist Dr Richard Tynan said. "However, we have yet to see verifiable evidence of the implementation of these claims with regard to their hardware, firmware, software or online services. "It is crucial that our devices do not betray us." 'We think that's wrong' Addressing an audience in Washington DC, Mr Cook said: "I'm speaking to you from Silicon Valley, where some of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. "They're gobbling up everything they can learn about you and trying to monetise it. We think that's wrong. And it's not the kind of company that Apple wants to be." Mr Cook had been given a corporate leadership award by the Electronic Privacy Information Centre, a US-based research group. According to TechCrunch, he later added that Apple "doesn't want your data". Google has not commented on Mr Cook's comments specifically, but a spokeswoman referred the BBC to the privacy section of its website, which the company has recently updated. "Ads are what enable us to make our services like Search, Gmail, and Maps free for everyone," one page reads. "We do not share information with advertisers in a way that personally identifies you, unless you gave us permission." Facebook suggested this page outlining how it collects user data. While Apple does not hold the same wealth of data looked after by Google and Facebook, it does use personal information to target advertising. A page for marketers on Apple's website offers "400 targeting options" for reaching users. It reads: "Whether you're looking for moms or business travellers or groups of your own customers, we've got you covered." Apple's lack of data, when compared with some of its rivals, could be a disadvantage for future devices. Services such as Google Now, which use stored data to predict what information users may need, require vast amounts of personal data to be effective. Advertising Mr Cook also spoke at length about encryption. His company introduced encryption measures by default to its devices late last year, a move heralded by privacy campaigners but heavily criticised by several governments. Mr Cook hit out at governments that had pressured technology companies to allow for so-called "backdoors" to aid with counter-terrorism and other enforcement. "There's another attack on our civil liberties that we see heating up every day," Mr Cook said. "It's the battle over encryption. Some in Washington are hoping to undermine the ability of ordinary citizens to encrypt their data." He added: "If you put a key under the mat for the cops, a burglar can find it too." Source
  11. Apple uses iOS (operating system) to power many of its mobile devices such as iPhone, iPad and so on. From the beginning, security has been placed at the core of iOS. There are many inherent features that secure the device and its resources at different levels. This article aims to provide answers to questions such as the following: What really happens when an iPhone is powered on? How is data at rest secured by iOS? If the device is lost or stolen, can the attacker view or modify my personal data? How are privacy controls enforced? For ease of understanding, we wil deal with each of these topics in separate sections. Let’s begin! Boot level security mechanism In the desktop computer world, an attacker can access the data present on the hard disk even without knowledge of the password of that system. For instance, he can remove the hard disk and plug it to a different system and read the data, or he can boot the system into a different OS by using a live CD. But do you think it’s possible in the case of an iPhone? I.e., Can an attacker who has access to an iPhone remove the chip and read its data or sideload another OS to access data? Not really under normal circumstances! This is because iOS devices don’t load firmware that is not signed by Apple. Taking a look at the boot level security mechanism would help us to understand this in a better fashion. So what really happens when you power on your iPhone? When an iOS device is turned on, the processor immediately executes code known as the boot ROM. This boot ROM code is something that is designed during chip fabrication and is implicitly trusted. This boot ROM also contains root certificates of Apple which will be used to signature check the loading of the next stages. LLB (Low Level Boot loader) is the next thing that will be loaded after the signature check. LLB finishes its task and loads next stage boot loader iBoot after verifying its signature. iBoot verifies and runs iOS kernel. Thus, as shown in the following figure, at each stage a signature check is done before loading the next step. This is called “Chain of Trust”. Hence, under normal circumstances, this chain of trust ensures iOS runs on valid devices only and also verifies that the phone is not booted into another operating system. Can this signature check be bypassed so that we can flash our own boot loader? Yes it can be. Several vulnerabilities have been identified in boot ROM code which can be exploited to not only flash our own boot loader but also to bypass the signature checks of every stage. Remember that if one link is compromised, it would ultimately lead to compromise of all the other links that follow. How this can be done will be discussed in a separate post. Secure Enclave You must have heard about the finger print sensor introduced in iPhone 5S. Apple says this finger print information is encrypted and stored in a ‘Secure Enclave’ inside the phone and is never backed up to iCloud or any Apple servers. So what is this Secure Enclave and how does it work? Secure Enclave is a coprocessor created inside Apple A7 processor. All the cryptographics required for data protection are handled by this. It has a secure boot and updates which are separate from the main processor. Secure Enclave is a concept that is similar to ARM’s Trust zone technology. Following is a sample depiction of hardware architecture of trust zones. As shown above, a new mode called ‘secure mode’ is added to the processor. In simple terms, it kind of creates two-world architecture on the same device. The first world that runs normal iOS apps (user mode) and the second world that runs only trusted code (secure mode). Data written to the RAM when in secure monitor mode cannot be accessed when in user mode. The following steps compiled from iPhone5S: Inside the Secure Enclave | Fortinet Blog explain how Secure Enclave works while validating the fingerprint in iPhone 5S: User enters his fingerprint Locking service calls an API present in secure world Processor switches to secure world The bits which characterize the fingerprint move from sensor to processor This data cannot be eavesdropped or modified by any app because this process is running in secure mode which is different from user mode Necessary cryptographic verifications are done & access granted. Apple thus argues that even if the kernel is compromised, the integrity of data protection will be maintained. As per Apple’s documentation, “Each Secure Enclave is provisioned during fabrication with its own UID (Unique ID) that is not accessible to other parts of the system and is not known to Apple. When the device starts up, an ephemeral key is created, entangled with its UID, and used to encrypt the Secure Enclave’s portion of the device’s memory space”. Code Signing Apps have today become critical components of any mobile operating system. Apple believes enforcing strict security at the application level is important to ensure overall security of the device. Apple has gone to great extent to make this happen, and code signing is one step in that direction. To put it simply, Apple does not allow running any app which is not approved by it! To ensure that all apps are from a trusted and approved source and have not been tampered with, iOS requires all apps to be signed by Apple. Default apps like Safari are signed by Apple. Other third party apps are also to be verified and signed by Apple. In other words, the above discussed chain of trust principle continues from boot loader to OS to apps. But how does this actually work? Does this mean I cannot run an app developed by me if it’s not signed by Apple? In order to develop and install apps on iOS devices, developers must register with Apple and join the iOS Developer Program. The real-world identity of each developer, whether an individual or a business, is verified by Apple before their certificate is issued. This certificate enables developers to sign apps and submit them to the App Store for distribution. As a result, all apps in the App Store have been submitted by an identifiable person or organization, serving as a deterrent to the creation of malicious apps. These apps are further reviewed by Apple to ensure they operate as described and don’t contain obvious bugs or other problems. Apple believes this process would give customers more confidence in the quality of apps they buy. If corporate companies want to use in house apps for their internal purpose, they need to apply for iOS Developer Enterprise program (iDEP). Apple approves applicants after verifying their identity and eligibility. Once an organization becomes a member of iDEP, it can register to obtain a Provisioning Profile. This is the one that permits in-house apps to run on devices it authorizes. Users must have the Provisioning Profile installed in order to run the in-house apps. This ensures that only the organization’s intended users are able to load the apps onto their iOS devices. In-house apps also check to ensure the signature is valid at runtime. Apps with an expired or revoked certificate will not run. This code signing process is depicted in the following figure. Thus we have explored three major security features in iOS – secure boot process, Secure Enclave, and application signing in this article. In the next part, we will look into other security features such as data protection, encryption and so on. ‘Til then, Happy Hacking! Source
  12. Apple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine. Safari 8.04, 7.14 and 6.24 patch multiple memory corruption issues in WebKit, Apple said. “These issues were addressed through improved memory handling,” Apple said in its advisory. The advisory is sparse in other details on individual CVEs; Apple said that users visiting a website hosting an exploit could put the browser at risk to remote code execution or a crash. A separate WebKit vulnerability affects the user interface and could open the door to phishing attacks. “A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL,” Apple said. “This issue was addressed through improved user interface consistency checks.” This is the second set of Apple patches in the last 10 days. The company took care of the FREAK vulnerability in iOS along with another vulnerability that would allow a hacker to remotely restart a user’s phone via a SMS message. Apple iOS 8.2 also patched a vulnerability in the iCloud keychain function that was the result of several buffer overflows. Source
  13. Security researchers at the Central Intelligence Agency (CIA) have worked for almost decade to target security keys used to encrypt data stored on Apple devices in order to break the system. Citing the top-secret documents obtained from NSA whistleblower Edward Snowden, The Intercept blog reported that among an attempt to crack encryption keys implanted into Apple's mobile processor, the researchers working for CIA had created a dummy version of Xcode. CIA’s WEAPON TO HACK APPLE DEVICES Xcode is an Apple’s application development tool used by the company to create the vast majority of iOS apps. However using the compromised development software, CIA, NSA or other spies agencies were potentially allowed to inject surveillance backdoor into programs distributed on Apple's App Store. In addition, the custom version of Xcode could also be used to spy on users, steal passwords, account information, intercept communications, and disable core security features of Apple devices. The latest documents from the National Security Agency’s internal systems revealed that the researchers’ work was presented at its 2012 annual gathering called the "Jamboree" -- CIA sponsored secretive event which has run for nearly a decade -- at a Lockheed Martin facility in northern Virginia. KEYLOGGER FOR MAC COMPUTERS According to the report, "essential security keys" used to encrypt data stored on Apple’s devices have become a major target of the research team. Overall, the U.S. government-sponsored researchers are seeking ways to decrypt this data, as well as penetrate Apple's firmware, using both "physical" and "non-invasive" techniques. In addition to this, the security researchers also presented that how they successfully modified the OS X updater -- a program used to deliver updates to laptop and desktop computers -- in an attempt to install a "keylogger" on Mac computers. HACKING ENCRYPTION KEYS Another presentation from 2011 showed different techniques that could be used to hack Apple's Group ID (GID) -- one of the two encryption keys that Apple places on its iPhones. One of the techniques involved studying the electromagnetic emissions of the GID and the amount of power used by the iPhone’s processor in order to extract the encryption key, while a separate method focused on a "method to physically extract the [Apple's] GID key." Although the documents do not specify how successful or not these surveillance operations have been against Apple, it once again provoke the ongoing battle between spy agencies and tech companies, as well as the dishonesty of the US government. 'SPIES GONNA SPY' On one hand, where President Barack Obama criticized China for forcing tech companies to install security backdoors for the purpose of government surveillance. On the other hand, The Intercept notes that China is just following America's lead, that’s it. "Spies gonna spy," said Steven Bellovin, a computer science professor at Columbia University and former chief technologist for the FTC. "I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK." We have already reported about NSA and GCHQ’s various surveillance programs including PRISM, XkeyScore, DROPOUTJEEP, and many more. Source
  14. A new SSL/TLS vulnerability has been discovered that makes it possible to decrypt the HTTPS encryption protocols used between websites and browsers on Apple and Android devices. The flaw has been dubbed Freak (Factoring attack on RSA-Export Keys) and information on the specifically created freakattack.com website explains that it works by forcing a mobile device browser to use an older, breakable encryption standard. “The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered,” it said. “Vulnerable clients include many Google and Apple devices (which use unpatched OpenSSL), a large number of embedded systems, and many other software products that use TLS behind the scenes without disabling the vulnerable cryptographic suites.” The flaw was uncovered by a team of researchers at SmackTLS.com, who explained that the problem exists because of former US government policy concerning encryption technologies. “This attack targets a class of deliberately weak export cipher suites. As the name implies, this class of algorithms has been introduced under the pressure of US governments agencies to ensure that the National Security Agency would be able to decrypt all foreign encrypted communication, while stronger algorithms were banned from export as they were classified as weapons of war.” This means that attackers can force a server into deliberately using an encryption key that can be broken in about 12 hours. “Thus, if a server is willing to negotiate an export cipher suite, a man-in-the-middle [attack] may trick a browser (which normally doesn't allow it) to use a weak export key,” the team explained. Numerous high-profile websites are affected by the flaw, such as americanexpress.com, groupon.com and whitehouse.gov. Overall, almost 10 percent of the Alexa top million websites could be affected. V3 contacted Apple and Google for comment on the flaw but had received no reply at the time of publication. F-Secure researcher Sean Sullivan told V3 that the discovery underlined the risks of trying to control technology like encryption, something that David Cameron has recently made noises about in the UK. “In the 1990s there was this idea that they could control encryption and code as if it was a tangible thing and ban its export. Here we are 20 years later and you can see how that ideal has backfired,” he said. “Cameron is making this same point today, but our reliance on encryption is only increasing and, if you try to introduce some ‘weaker’ standards that you want to control, it will come back to haunt you.” Sullivan added that the risk to web users from the Freak flaw is more theoretical than anything else, as an attacker would need to compromise a website's server and then force a device to accept the older standard. Nevertheless, the incident demonstrates the risks posed by web browsers and the unintended consequences of trying to create two-tier technology systems. Source
  15. This method involves no credit card and just requires a small amount of social engineering. The turnaround time is around 6 weeks(Maximum) however this can be more or less(Done it in 2 weeks before). I have done this to the same drop a few times, however I wouldn’t recommend it. This method involves a posting stuff hence the long turnaround time. Around half the time, apple will refund you. Ok to get this done first thing you will need is an apple serial with a warranty, There are many methods of getting these, I personally just use the gumtree .co .uk or ebay .co .uk etc and send sellers a questions something along the lines of; “Hi, Very interested in the Iphone5 you have advertised on XXSITE however I have been stung in the past with scams and alike, Can I have the serial number on the back to check it is legit and not reported stolen?” It really is that simple, and can be done for most products, Just set up a shitty temp email account and go to town, and you’ll have a shit load. There are many other ways of blagging the information you need. However I personally have found this to be the best method. Now, you have your serials, Smashing, What do you do with them? Go to htt ps:// getsupport.apple. com/ GetSASO? Select "use my current location" Then enter the serial number and select the product (iPhone, iPad etc) This next part will only work if the phone is within warranty, if it is not within warranty, you will have to bug some more sellers on ebay for the serial number and hope that you find one within warranty. When it tells you that your phone is within warranty just click on the “Set up a Repair” button and Make a new apple account at your address(or your drop address) and complete the form and make a new apple.com account in your(or your drops) name also The lovely folk at apple will send you a very nice protective box to return your iphone in, How thoughtful the bag is prepaid and insured. There are several boxes inside boxes from apple, fuck knows why but anyhow get the prepaid package plastic envelope pop it in seal it. Now, Rip that fucker open on the back, and take out the very insides smallest box that has an “imaginary” iphone inside. Don’t make the hole too big. Now use a tiny bit of cello tape (Yeah I can’t spell it) and seal that bad-boy. Take it to your local courier office (usps, fedex, royal mail etc) office. Ask them to post it and get your proof of postage. And then, Wait for the magic email/phone call from apple saying something about your Iphone missing or whatever. Basically all you do after this is wait about a week and go online, Check the status of your repair, hopefully it will say “Repair box sent” this means apple have not got your iphone! Sweet, ring up and speak to cutomer services, they want a scan of your Proof Of Postage, send them that and wait for a UPS tracking number. They are shit slow to respond however after 3-4 weeks they tell you the score and refund you the cost of your lovely iphone. You can follow its “Repair” status online and in your email, If nothing happens don’t ring them up straight away! Wait around 2-3 weeks. Most of the time, you will get a new phone. One of my friends recieved a refund but whos complaining when youre getting free money?! Thanks for the attention. PSD: Remove the spaces on the links
  16. Apple has introduced two-step verification to the iMessage and FaceTime chat services in a bid to boost security. Apple's support page explains that the two-step verification process is triggered when Apple Mac or iOS users log-in to iMessage or FaceTime. The iMessage and FaceTime apps were previously accessed with only an Apple ID email address and standard password. The new verification process requires users to log-in to their Apple ID through the web which will generate an app-specific password to be used as a second layer of security. The process differs slightly from the verification needed for iCloud, which requires a four-digit code to be sent to a registered ‘trusted device', such as a phone. Apple users are also given a 14-character recovery key to allow those who have lost a trusted device to gain access to an account. People less concerned about the security of their Apple ID can disable the verification feature if they wish. The additional layers of security have been implemented to make it harder for hackers to gain access to Apple ID accounts and swipe images from iCloud or pose as the account holder on iMessage. Apple's move to add more services to two-step verification is an indication of the company's commitment to improving security on its Mac and iOS platforms. The iCloud hacks of 2014, which resulted in private images of celebrities being leaked online, highlighted the need for Apple to shore up the log-in and access process to its services. Apple has taken an active approach in dealing with security flaws, having recently issued the first automatic security update for Mac OS X. However, Apple has been accused of failing to meet a 90-day patch deadline to fix vulnerabilities in the Mac operating system, after Google publically revealed three security flaws in Mac OS X. Source
  17. Salut! Intrebare... Stie cineva linkul asta: https://appleid.apple.com/cgi-bin/WebObjects/MyAppleId.woa/wa/validateAppleID?appleid=... era valabil intr-un timp, acum nu mai e... Aveti idee in ce s-a schimbat si cum pot sa gasesc acum daca o adresa de email este alocata unui apple id? Multumiri in avans, BizZaroO
  18. Update: OK Apple, your turn. After raising a ruckus with the disclosure of three unpatched Windows vulnerabilities, Google’s Project Zero research team did the same this week with a trio of security issues in Apple OS X. Project Zero imposes a 90-day deadline on vulnerabilities it reports to affected vendors; if a patch is not delivered inside that time frame, details are automatically made public via its external database. The respective OS X bugs were reported to Apple in late October and 90-day deadlines began expiring this week. The Project Zero disclosures also come with proof-of-concept exploit code. A request for comment from Apple was not returned in time for publication. Published reports indicate that the vulnerabilities have been patched in Yosemite 10.10.2, which is in beta. The vulnerabilities affect different components of Apple’s flagship operating system, and range from memory corruption, kernel code execution and a sandbox escape. All three require some kind of local access to exploit. The sandbox escape vulnerability, OS X networkd “effective_audit_token” XPC type confusion sandbox escape as labeled by Google, may have been mitigated starting in the Yosemite version of OS X. Google refers to a separate advisory for those details. In its disclosure on Tuesday, Google said that the networkd system daemon implements an XPC service API which communicates on behalf of an application. Project Zero said that XPC messages using get parameters are used without checking the type of returned value. This allows messages to reach functions outside the sandbox, Google said. One day later, the 90-day deadline expired on an OS X IOKit kernel execution vulnerability. “Calling IOConnectMapMemory on userclient type 2 of “IntelAccelerator” with memory type 3 hits an exploitable kernel NULL pointer dereference calling a virtual function on an object at 0x0,” Google said in its advisory. Part of this disclosure originally included a kernel ASLR bypassed, but that was patched in Yosemite 10.10, Google said. The third disclosure happened yesterday and is another OS X IOKit kernel memory corruption vulnerability. Google said a Bluetooth device must be connected to exploit this bug, which is due to a bad bzero in IOBluetoothDevice. “Userspace can modify the size in shared memory leading to the bzero writing a controlled number of NULL bytes off the end of the buffer,” the advisory said. Project Zero’s automated disclosures are the latest salvo in the industry’s eternal debate over the sharing and distribution of vulnerability details. Microsoft fought back after Google spilled the beans on a trio of its unpatched bugs, one of which Google refused to sit on for an additional two days before Microsoft was to release a patch. Source
  19. Don't look now, but Google's Project Zero vulnerability research program may have dropped more zero-day vulnerabilities—this time on Apple's OS X platform. In the past two days, Project Zero has disclosed OS X vulnerabilities here, here, and here. At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What's more, the first vulnerability, the one involving the "networkd 'effective_audit_token' XPC," may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn't make this explicit and Apple doesn't publicly discuss security matters with reporters. Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities. The security flaws were privately reported to Apple on October 20, October 21, and October 23, 2014. All three advisories appear to have been published after the expiration of the 90-day grace period Project Zero gives developers before making reports public. Assuming the vulnerabilities remain active in at least some versions of OS X, it wouldn't be the first time Project Zero has gone against a developer's wishes and made unfixed security bugs known to the whole world. The Google-backed program has already published three unpatched vulnerabilities in Windows. Source
  20. Attackers living on any network are all about one thing: persistence. They want to get on quietly and stay on quietly. But what about moving stolen data off a network? How quiet can that be? Two researchers believe they’ve figured out a way to combine Siri, Apple iOS’ native voice-activated service, and tenets of steganography to sneak data from jailbroken iPhones and iPads to a remote server. Luca Caviglione of the National Research Council of Italy, and Wojciech Mazurczyk of Warsaw University of Technology published an academic paper called “Understanding Information Hiding in iOS” in which they describe three steps how to pull it off. Their method, called iStegSiri, takes advantage of the data Siri sends to Apple servers for translation and manipulates that traffic, which is then observed by an attacker who must intercept it before it reaches Apple’s servers. Before that happens, an attacker would have to convert the secret to an audio sequence based on the “proper alternation of voice and silence,” the researchers wrote. Next, that altered sound pattern is fed to Siri via the iOS device’s internal microphone. Siri sends voice-to-text translation input to an Apple server where it is translated and sent back to the device. The attacker must be able to passively inspect the traffic, the researchers said, and apply a decoding scheme to learn the secret, which can be anything from a credit card number to an Apple ID and password combination. “The covert listener must capture the traffic and decode the secret. The former can be achieved in several ways, including transparent proxies or probes that dump traffic for offline processing,” the researchers wrote. “The decoding algorithm implements a voting-like method using two decision windows to determine whether a run of throughput values belongs to voice or silence (1 or 0).” IStegSiri does not require the installation of a malicious app, or an alteration of any kind. The researchers said that the method is relatively slow; secrets are sent at 0.5 bytes per second, meaning that it would take two minutes to transmit a 16-digit credit card number. “[iStegSiri] requires access to Siri’s inner workings; this means that only jailbroken iOS devices can currently be used. However, iStegSiri showcases the principle of using real-time voice traffic to embed data,” the researchers wrote. “Therefore, it can be further exploited on existing similar applications such as Google Voice or Shazam, or implemented in future applications by taking advantage of coding errors.” The paper states that the ideal countermeasure lies with Apple server-side. “For example, Apple should analyze patterns within the recognized text to determine if the sequence of words deviates significantly from the used language’s typical behaviors,” the researchers wrote. “Accordingly, the connection could be dropped to limit the covert communication’s data rate. This approach wouldn’t rely on the device, so additional functionalities or battery consumptions wouldn’t be required.” Source
  21. Salut Acum 3 luni mi-am achizitionat un iphone 3 , totul a fost ok pana i-am dat revenire la setarile din fabrica ... si a ramas blocat la logo-ul apple... Cand bag cablul usb in el imi arata asa : Sta cam 5 minute asa apoi incearca sa se aprinda dar ramane la logo-ul apple... Ma puteti ajuta va rog ? Raman dator...
  22. Apple Final Cut Pro X 10.0.8 with Motion 5 v5.0.7 Mac OSX Apple Final Cut Pro X 10.0.8 with Motion 5 v5.0.7 Mac OSX| 2.45 GB Description : Completely redesigned from the ground up, Final Cut Pro adds extraordinary speed, quality, and flexibility to every part of the post-production workflow. Make every effect special. A new interface designed especially for editors. Smart templates for making changes on the fly during editing. And easy-to-use motion graphics tools for creating eye-catching titles, transitions, and effects. Motion is the perfect companion to Final Cut Pro. Revolutionary Video Editing • Assemble clips in the Magnetic Timeline without clip collisions or sync problems • Use Clip Connections to attach B-roll, sound effects, and music to the timeline • Reduce clutter by grouping clips into a Compound Clip. Easily expand it back to single clips • Perfect your pacing right in the timeline with the Inline Precision Editor • Cycle through different shots, graphics, or effects at one place in the timeline with Auditions • Edit multi-camera projects with automatic sync and support for up to 64 camera angles Powerful Media Organization • Work natively with a broad range of formats including RED, AVCHD, H.264 from DSLRs, and more • Content Auto-Analysis captures camera metadata and analyzes shots in the background • Choose analysis options for stabilization, rolling shutter correction, and audio enhancement • Create and apply custom keywords on the fly as you select ranges in clips • Smart Collections let you dynamically organize content and find any shot in a few clicks Incredible Performance • New 64-bit architecture uses all the RAM in your system for larger projects and richer effects • Final Cut Pro taps the GPU on the graphics card and all the cores in your Mac for speed • Background processing lets you keep working without interruption • A ColorSync-managed color pipeline produces accurate, consistent color across applications • Broadcast quality monitoring lets you route video and audio through third-party PCIe and Thunderbolt I/O devices (Requires OS X v10.7.2) Compelling, Customizable Effects • Preview effects to see how they look with your footage before applying them • Change the look of titles, transitions, and effects using intuitive controls • Control effects with precision using a keyframe editor that appears directly in the timeline • Adjust the Ken Burns effect with simple onscreen arrows for start and end points Integrated Audio Editing • Expand and edit multichannel audio files directly in the timeline • Let Final Cut Pro repair significant audio problems such as hum, excessive noise, and more • Sync DSLR video with separate audio in a single step, with instant audio waveform matching • Enrich your soundtrack with a library of royalty-free sound effects and audio effect plug-ins Intuitive Color Grading • Improve the look of any clip with the single-click Balance Color feature • Apply the Match Color feature to match the looks of two clips shot under different conditions • Manipulate color, saturation, and exposure with the Color Board • Fine tune color for a specific color range or area of the screen using keying and masks One-Step, Optimized Output • Deliver projects for playback on Apple devices and websites such as Vimeo, YouTube, and Facebook • Use themed menus to quickly author and burn a DVD or Blu-ray disc • Export customized audio and video stems using Roles metadata • Import and export XML to support third-party workflows What's New in Version 10.0.8 • Support for Sony XAVC codec up to 4K resolution • Option to display ProRes Log C files from ARRI ALEXA cameras with standard Rec. 709 color and contrast levels • Resolves an issue where some third-party effects generated green frames during render • Resolves performance issues that could occur with certain titles and effects • Time reversed clips render in the background • Ability to use key commands to adjust Clip Appearance settings in the timeline • Ability to view reel number metadata located in the timecode track of video files • Mono audio files in a surround project export with correct volume levels • Drop zones no longer reset to the first frame of video after application restart • Fixes a performance issue which resulted from selecting multiple ranges on a single clip • Fixes an issue where the Play Around function did not work properly on certain clips when viewed through external video devices Motion 5.0.7 This update improves overall stability, performance, and compatibility. Updates include: -Resolves an issue where some third-party effects generated green frames during render -Fixes a stability issue when splitting layers in the timeline -Fixes an issue where launching a plug-in with a check box could require multiple clicks -Fixes a stability issue with CoreMelt plug-ins This update is recommended for all users of Motion. System Requirements: 2GB of RAM (4GB recommended), OpenCL-capable graphics card or Intel HD Graphics 3000 or later, 256MB of VRAM (512MB of VRAM recommended), display with 1280-by-768 resolution or higher, 2.4GB of disk space. OS X v10.6.8 or OS X v10.7.5 or OS X v10.8.3 or later. Broadcast quality monitoring requires OS X v10.7.5 or later and compatible third-party device. Some features require Internet access; additional fees may apply. Blu-ray recorder required for burning Blu-ray discs. DOWNLOAD LINKS: http://u19822771.letitbit.net/download/81345.8e42daba1bc25da90ebca2c03d6f/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part1.rar.html http://u19822771.letitbit.net/download/78976.76cf5f098b6b94b8d7a14f7853f3/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part2.rar.html http://u19822771.letitbit.net/download/19488.1f518ab7fcc2d02c5bd5c7aaf830/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part3.rar.html http://rapidgator.net/file/7f92b8eff19676ad4bbc0e71a1fcaa49/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part1.rar.html http://rapidgator.net/file/0e542f8f55dcb6cfa1326d71951fb619/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part2.rar.html http://rapidgator.net/file/44f9801d7cb6a4483da6343a024d5274/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part3.rar.html http://www.uploadable.ch/file/bsjfsEe4bwDG/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part1.rar http://www.uploadable.ch/file/YUdqbztJwGb3/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part2.rar http://www.uploadable.ch/file/JwbwDfURwqWf/118.Final.Cut.Pro.X.10.0.8.with.Motionv5.0.7.part3.rar
  23. Apple Mavericks 10.9.0.Gold Master MACOSX-MONEY Apple Mavericks 10.9.0.Gold Master MACOSX-MONEY | 4.97 GB The Gold Master version of OS X Mavericks http://www.apple.com/uk/osx/preview/advanced-technologies.html INSTALLATION INFORMATION This is not a bootable disk , if you want to make it bootable there are unsupported ways via google, but the original is not bootable so nor is this Install as an upgrade is the best bet and how we tested, enjoy and give love to apple DOWNLOAD LINKS: http://u19822771.letitbit.net/download/53766.54c947f4c974978f239f5597a01e/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part1.rar.html http://u19822771.letitbit.net/download/93526.96c98f18d873e26815296b57cd6b/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part2.rar.html http://u19822771.letitbit.net/download/54886.515a76c507cf0669f554a6b8c813/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part3.rar.html http://u19822771.letitbit.net/download/70838.745b19ec79382a71c148ef64cac4/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part4.rar.html http://u19822771.letitbit.net/download/04911.01bcbeafe70ef6c4e85e6d672916/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part5.rar.html http://uploaded.net/file/3k59lhbr/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part1.rar http://uploaded.net/file/9ud1z8yg/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part2.rar http://uploaded.net/file/8mn82x0j/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part3.rar http://uploaded.net/file/7lo6179j/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part4.rar http://uploaded.net/file/4usxw91a/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part5.rar http://rapidgator.net/file/e7340ea22d1e113dc83d732297615572/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part1.rar.html http://rapidgator.net/file/3dd2a99f7f2390d32d40082bedf6ff9b/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part2.rar.html http://rapidgator.net/file/64d973aa2054b6408871753048ef53cc/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part3.rar.html http://rapidgator.net/file/44ee683035c61593c8fa10116af9006b/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part4.rar.html http://rapidgator.net/file/cb92af4d3032f07f5998684dd212b7c0/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part5.rar.html http://www.uploadable.ch/file/RdF2EYKsyTgk/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part1.rar http://www.uploadable.ch/file/smzBPfkzNdFp/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part2.rar http://www.uploadable.ch/file/jYdu8Q2E5SnG/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part3.rar http://www.uploadable.ch/file/WRV3yRDk7SFv/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part4.rar http://www.uploadable.ch/file/sqJ3K8rffees/Apple_Mavericks_10.9.0.Gold_Master_MACOSX-MONEY.part5.rar
  24. Recent au tot aparut diverse informatii cu privire la urmatorul model de iPhone. Ca inginerii si designerii de la Apple sunt extrem de secretosi cand vine vorba despre produsele la care lucreaza, nu mai incape nicio indoiala. Cu toate acestea, silueta mult-asteptatului iPhone 5 pare sa se contureze in ochii milioanelor de fani si pasionatilor de tehnologie. Daca urmatorul iGadget va arata insa asa cum este prezentat in imaginile de mai jos, cea mai admirata companie americana va inregistra vanzari record. Un designer independent, citat de Business Insider, a prezentat cateva fotografii in care este ilustrat conceptul iPhone 5. De unde a obtinut insa Frederico Ciccarese interesantele schite nu stim cu exactitate, caci acesta i-a rugat pe jurnalistii site-ului american sa pastreze confidentialitatea. Pozele prezentate mai jos ilustreaza un smartphone total diferit de iPhone 4S, ultimul prototip de la Apple, lansat in octombrie 2011. Schitele dezvaluie un telefon usor curbat, argintiu, dotat cu camera centrala, cu un ecran mai mare decat iPhone 4S si cu un logo luminat printr-un led. Ramane de vazut insa daca realitatea va intrece fictiunea. iPhone 5 ii va lasa muti de uimire pe fanii Apple. Schimbare la 180 de grade GALERIE FOTO - www.InCont.ro
×
×
  • Create New...