appleinsider.com

avater, to technology in Apple's carbon-neutral product claims called a 'climate-wash'
@avater@lemmy.world avatar

They all do.

mr_tyler_durden, to apple_enthusiast in Apple's head of AI mentions iOS 17 Safari Private Browsing search in Google antitrust testimony

Was this article written with AI or just by someone who has no clue what they are talking about?

During his testimony on Thursday and Friday, Bloomberg reports Giannandrea took the time to mention a feature of Safari for iOS 17 that wasn’t reported on for its introduction. The quietly introduced feature allows users to set a different browser when using Private Browsing than the default.

“Different browser”, what they mean is “different search engine”. Even if this author was competent this article is a nothing-burger. Not sure how setting a different search engine in private mode has anything to do with the Google antitrust trial.

malloc, to apple_enthusiast in Apple uses hidden watermarks on iPhone 15 boxes to verify authenticity

A ”smart” thief will just garbage hunt through the bins of retailers, find legitimate boxes, fill those legitimate boxes with junk (or a rock), then reapply the fastening tapes.

A potential victim won’t look twice at an unopened box. They will be blinded by the whatever % off from retail cost.

It’s a nice security feature but easily defeated.

As a buyer of used phones I always open the box, check the contents, and cross check the IMEI for any carrier locks. Also check if it’s iCloud locked.

__init__, to apple_enthusiast in Apple's head of AI mentions iOS 17 Safari Private Browsing search in Google antitrust testimony

The author of this article seems confused about what is a browser and what is a search engine.

explore_broaden,

It makes the article almost impossible to read

Oka, to apple_enthusiast in Apple uses hidden watermarks on iPhone 15 boxes to verify authenticity

Doesn’t sound like it’s hidden anymore

matchphoenix,

The video shows someone shining a UV light on the iPhone 15 box to reveal watermarks and a QR code that helps verify device authenticity.

Still hidden outside of the visible light spectrum.

johnthedoe,

Makes counterfeiting just a bit more difficult. Like when money started having this. Where I lived getting one of these uv flashlight to check notes was very common back then.

minorninth, to apple_enthusiast in New malware strain stealing business data from Intel Macs

Some people say there’s no malware for macOS and that’s obviously not true.

But others say macOS has malware so it’s no better than Windows in that regard, but I don’t think that’s true either.

Look at this example. It only works if it tricks users into downloading and running an unsigned executable, bypassing sometimes multiple warnings.

ShunkW,

The thing is that Windows is still more used than osx. So naturally it’s going to be targeted more. Especially since more businesses use Windows than osx too.

I’ve come across Linux malware in my time in cyber Sec. If it exists, it’ll have malware.

scurry,

That’s true, but macs also do have more security controls, configured more sensibly by default. BitLocker, the system’s full disc encryption feature for example, is still considered a premium product reserved for more expensive editions, whereas macs, android, and iOS have had it standard and default enabled (the latter two with no option to disabled it) in current versions for years. Windows still does not require (or last I checked even offer) things like application sandboxing or runtime hardening by default (this may well have changed in the past couple of years, but I’ve heard nothing of it). While the Universal Windows Platform does have a functional permissions system, that whole platform is (as I understand it) limited to the Microsoft store (which as I understand is ignored by vendors), and the last time I looked at it, it was a mess. There are other such things. Which isn’t to say macs can’t get malware, they can, and they’ll get more malware as time goes on. There are other measures set up on Windows but not macOS, but they don’t appear to be as effective to me, and they seem to be mainly focused on reacting to specific incidents. Security-wise, the two really are not the same.

ShunkW,

Drive encryption doesn’t really matter to malware, since the disk must be decrypted to function when turned on. Also the majority of malware still runs in userland, maybe arguably more since the rise of ransomware.

I’m not sure what you mean by permissions being limited to the Microsoft store exactly, but there’s a very robust permissions system built into Windows by default. It’s just not very user friendly, and your average user wouldn’t know it exists probably.

There’s arguments on both sides about default security policies anyway, as I’ve found navigating osx systems to install software can often be a nightmare - but that could be due to my lack of experience with it directly.

Both systems have pros and cons from a security standpoint. In the corporate spaces I’ve worked in, osx security is more annoying to manage from a central point than Windows.

winky88,

As a Windows user that dabbles in Mac but is definitely not an expert, I get seriously frustrated when I try to share my screen in ??? meeting product only to have to adjust permissions and be told I probably need to restart the app (in the middle of a meeting). I’ve found other minor nags with MacOS along the same lines. They are trivial at best, but can be seriously interrupting. I agree with the high security defaults, but the UX could be improved.

redballooon,

So the argument is security by obscurity works?

Stephen304,

In the phrase “security through obscurity”, obscurity means obscuring how the system works, eg making the source code secret. Mac being less popular has nothing to do with security through obscurity. The argument is that a less deployed platform is a less valuable target, which is absolutely true.

ShunkW,

I’m not sure how you got that from my comment.

Wooster,
@Wooster@startrek.website avatar

The Mac’s biggest defense has long been that it plays second fiddle to Windows.

But with iOS, arguably, being top banana, and Mac now running iPhone software in a Mac costume, I expect a lot more in-the-crossfire vulnerabilities.

anon_water, to apple_enthusiast in Apple provides detailed reasoning behind abandoning iPhone CSAM detection
@anon_water@lemmy.ml avatar

I thought this feature has been active for years. Am I wrong?

AceFuzzLord, to apple_enthusiast in Malicious Google ads deceive Mac users into installing Atomic Stealer malware

Definitely serves people right for using gøøgl€ and not scrolling down halfway down the page to avoid all the ad links.

drspod, to apple_enthusiast in Malicious Google ads deceive Mac users into installing Atomic Stealer malware

The ads are legitimate and paid for but disguise themselves as the website or software the user is searching for.

That is not what “legitimate” means.

_bug0ut,
@_bug0ut@lemmy.world avatar

Eh, “legit” as in “paid for, payment accepted by Google, displayed in search results without proper QC.”

Duamerthrax,

A “legitimate” google ad tricked my friend into installing a version of vlc with spyware packed with it. This was a few years ago. Are tech journos just figuring this out?

The_Mixer_Dude, (edited ) to apple_enthusiast in Malicious Google ads deceive Mac users into installing Atomic Stealer malware

I like how Apple has all these virus issues and their users will go to any length to make it not appear to be Apple’s fault.

Edit: Downvotes don’t change the fact that I am right whether it upsets you or not

dpkonofa,

How is this Apple’s fault, exactly? This same attack would work just as easily on Windows or Linux.

The_Mixer_Dude,

Definitely sounds like it wouldn’t and hasn’t gotten anywhere on Linux or Windows. And if we look at the authors page we can see they may have some deep bias going on. You may want to block articles by them preemptively.

_bug0ut,
@_bug0ut@lemmy.world avatar

Probably because windows and Linux users aren’t searching for free Mac apps. While I agree that it would probably be difficult to implement an attack like this for Linux (partly because it’s Linux and partly because it’s userbase is generally more technically apt), Windows has been susceptible to viruses since the dawn of time because users just install random shit on autopilot and click through installers without checking what extra bloat is included (which is often malware disguised as an extra third party program). I don’t think I agree that this specifically is Apples fault. No one blames Windows or Linux distros for user error and poor security practices.

Google’s fault for not vetting the ads they let through? For sure. The users fault for not paying attention while installing the app and just clicking through the request to bypass Gatekeeper and then entering their system password when a pop up randomly asks for it for no discernible reason? Absolutely.

What should Apple do to fix this? Lock the machine down to the point where users aren’t allowed to have admin privileges on their own machine?

The_Mixer_Dude,

Actually it seems you may have made some mistakes in researching causes of viruses. Viruses have infected Windows machines more in the past as it is a larger target, there are far far more Windows users than Apple and Linux users by a large large margin which means you have a higher target for your attack. MacOS makes up about 7% of the operating system market at its peak and Linux hovers are 2-3% so planning a virus to affect one is not a great idea unless… Microsoft’s security started to become so strong that malware developers now have to seek the open vulnerabilities (see op). Since that’s not understood we can move on

As far as the article indicates the ad itself was not actually a Google fault whatsoever, it actually appears as a Google ad though. The malware itself is installed by other means entirely but the user themselves, the relation to Google here is that the malware already installed on the machine disguises itself as a Google ad. Really, honestly, read the article next time. This is 100% standard malware attack on an unprotected system.

_bug0ut,
@_bug0ut@lemmy.world avatar

I’m not sure where I said anything about the reason any of those platforms get viruses because you’re right, Windows was often more targeted because its footprint was massive by comparison (whole lotta end users out there, but also tons of domain controllers and enterprise systems running it) - I’m not arguing that.

AMOS itself is distributed in all kinds of ways including phishing, being bundled into crap no-name software, shady ads, tainted torrents, whatever. You still have to be tricked into downloading whatever it is that infects your machine with it.

As to this partially being Google’s fault, from the article itself:

The ads are legitimate and paid for but disguise themselves as the website or software the user is searching for.

In the given example, it sounds like the ad was for Trading View, a pretty popular stock market charting platform, but the ad itself took users to trabingviews.com and it looked like a clone or Trading View’s site or some kind of landing page that purported to be a download for a desktop client. In the Malwarebytes article I share below, the fake URL purporting to be Trading View’s website is actually tradingsview.com

I’m not exactly sure where you’re getting the idea that this was a fake ad caused by malware pre-existing. These are “legit” Google ads that are bought and paid for and not quality checked by Google before they display them.

Here’s the article directly from Malwarebytes, the folks who kindly did the write up the author of the above article is talking about:

malwarebytes.com/…/atomic-macos-stealer-delivered…

The_Mixer_Dude,

I think your should read again. You seemed to understand the parts separately but when they came together you got a bit confused

_bug0ut,
@_bug0ut@lemmy.world avatar

My guy, I don’t know what you want from me. A Google ad is purchased in a legitimate manner, but the ad itself actually links to a page where you download malware.

You answered really fast, so you clearly didn’t read the actual source material I linked at the bottom - specifically the Distribution section.

The_Mixer_Dude,

It was already explained in the original article. It’s not what you want to believe but it is the actual situation and I’m not gonna spend forever writing a response because it won’t actually change the fact of you reading things

_bug0ut,
@_bug0ut@lemmy.world avatar

The “original” article is the one I linked - the one written by the actual security researchers at MalwareBytes who did the research on this malware and then provided the detailed write up (which is what security researchers do). The one shared in the OP is referencing that article.

But it’s all good. All you had to do was tell me you can’t read and I would’ve backed out of this thread like 2 responses ago. :) Have a great night!

The_Mixer_Dude,

I mean, at the end of the day the malware is being allowed to install on the computer is it not?

_bug0ut,
@_bug0ut@lemmy.world avatar

Explicitly by the users negligence, same as any negligent user installing some freeware on windows and ending up with BonziBuddy and 34 search bars in their browser. Or alternately, by clicking “Ignore” on on an alert in their AV and proceeding with the installation anyway.

The_Mixer_Dude,

Sure but actually no as that literally wouldn’t be able to happen on windows. Windows will immediately quarantine any flagged files and they won’t be able to launch without the user having to jump through some rather extravagant hoops. Since you mentioned bonzibuddy and search bars I’m gonna go ahead and assume you haven’t looked at a Windows PC in the last 15 or more years so I guess that would explain your misunderstanding on this subject

_bug0ut, (edited )
@_bug0ut@lemmy.world avatar

My main PC is a windows PC (mainly for video games and music production). I also have a Macbook for my work as a (currently) Lead Systems Automation Engineer for a large global company (14 years in the industry, 3.5 of those was me “taking a break” and going into Infosec specifically to first do endpoint/end-user security, then moving into container and cloud security) a personal Macbook, as well as a few Linux laptops I use to write code and do other tech-related things because I prefer MacOS and Linux for that kind of work. I’m well-exposed to most operating systems and have a working knowledge of how security works, both in a professional setting as well as a personal one.

I mention BonziBuddy and search bars because they’re funny and to illustrate a simple point. The reality is that browser hijackers still very much exist (though they’re not as prevalent as they used to be because browsers themselves have become more resilient over the years - nowadays, they’re usually found in add-ons/extensions because its easier to fly under the radar that way).

For all the shady shit I’ve done on all of the above platforms, I’ve never had an issue. Specifically in Windows, Defender - which is still the de facto/standard security tool that comes bundled with Windows under the Windows Security tool suite - has not once flagged malware for me. I’ve found it with Avast and BitDefender, but Windows Defender simply isn’t great for the things I do.

I also run ClamAV on the Macbook for ad-hoc scanning of things I download prior to running them. Why? Because I’m not a negligent user and I do at least the bare minimum in regards to good security practices.

In every one of the above cases/operating systems/platforms, there is always some kind of security tooling or framework involved (whether that’s ClamAV on Mac, BitDefender or ClamAV or MalwareBytes or whatever on Windows, SELinux or AppArmor or ClamAV on Linux) that can and should be leveraged if you really want to be “safe.”

In the case of AMOS and Macs, users are purposely bypassing Gatekeeper and proceeding without knowing wtf they’re installing. As soon as Gatekeeper pops up like that, you should be on alert unless you know the software you’re installing isn’t signed, trust the source, and are willing to codesign it yourself.

You, on the other hand, clearly seem to have some kind of gripe against Macs (based off of your comments in this now far-too-long comment thread) and that kind of weird quasi-religious brand loyalty (or hatred) is a thing I’ll never understand.

The fact that you’re out on a public forum, spewing bad info/misinformation really says everything. Not that you care, but I’d have respected you more if you just admitted you were wrong and misread the bit about the Google ads. Instead, you decided to be confidently dumb and jump from hill to hill, prepared to die on each one of them.

The_Mixer_Dude,

I mean that’s a lot of words to summarize you didn’t really get what’s going on. End result there is still no grounds on which to blame Google for any of this and the only one responsible here for protecting the user is Apple. No real way to slice it otherwise but I’ll tell you this much, nobody is asking you to defend the biggest company in the world.

_bug0ut,
@_bug0ut@lemmy.world avatar

I’m not defending shit and frankly, I give up. That “a lot of words to summarize” was an offer of my credentials and experience doing engineering and information security work and you clearly showed, once again, that no one ever actually taught you how to read.

You’re either incredibly stupid or trolling for responses and I’m not interested in dealing with either any further.

The_Mixer_Dude,

Yeah you blathered on about nonsense telling me your life story as if it matters. It doesn’t, you can’t try and throw weight around trying to say you have a more legitimate background and understanding and then be absolutely wrong about something. It’s goddam insane, and you should feel bad for trying to manipulate people, it’s not going to work with me but there are plenty of other people who do read the comments and you are doing nothing more than being manipulative. So STOP

_bug0ut,
@_bug0ut@lemmy.world avatar

Alright, quiet down, dummy. Conversation’s over and the only thing you’ll find by continuing to come back here is me further insulting you for not being able to read a simple sentence, understand it, and then getting all pissy about it when someone calls you on it. Go find an actual Apple fanboy to pull your shit with.

The_Mixer_Dude,

I hate to be the one to point this out for you but, I’m not the one getting pissy. I also have resorted to insulting people. Maybe it’s time for you to reflect on this and take a break

_bug0ut,
@_bug0ut@lemmy.world avatar

An intellectually dishonest take at best. Just toss it on the pile of other undesirable qualities you’ve been shamelessly displaying in this thread.

The_Mixer_Dude,

You really need to take a deep breath and calm down

NotSpez,

I haven’t been subscribed to this community for long. I feel every apple-critical comment gets downvoted a lot, suggesting this is more of an apple_blind_fandom than an apple enthusiast community.

Why can’t we critically object to elements of things we like? Thanks for your comments, I think adding nuance and counterarguments (in a respectful way) adds to this community.

SulaymanF,

This is a really poor example of a comment to highlight an apple bias. The parent commenter is objectively wrong on the topic; OSX security is similar to Linux security.

NotSpez,

Thanks for pointing it out, I am a noob in technology so have no diea.

My point about a very strong bias still stands due to all kinds of experiences in the past though. As I said - I really think in general it is good to even be critical of products we are really fond of.

The_Mixer_Dude,

Care to elaborate on what OSX security and Linux security are?

The_Mixer_Dude,

There have been issues with Apple bot army’s on lemmy just as they have on Reddit.

The_Mixer_Dude,

Rather ironic that your post is getting downvoted

NotSpez,

It is, isn’t it? Glad that we need to worry about imaginary points even less on this site than on Reddit.

jard,
@jard@sopuli.xyz avatar

The problem is there’s nothing to criticize Apple about here. The notion that it’s Apple’s fault that people are writing malware targeting macOS is just as stupid as it being Google’s fault that people are writing Android malware. It comes across as misguided “I hate Apple”-ism that adds nothing of substance to the discussion and intrinsically can’t be discussed without it turning into some shit-flinging argument. (case in point: the 18+ comment chain that resulted)

That’s why those comments are downvoted: people are using the feature as intended to hide the visibility of low effort troll garbage. You’ll find there are plenty of threads here with people genuinely criticizing Apple and their comments are upvoted just fine.

SulaymanF,

Your numbers are off. Apple was 7% of new computer sales but the install base was close to 20% because Macs last longer than PCs.

The_Mixer_Dude,

7% is percent market sale. Not sales. Mac’s have very rapid EOL as you can’t update to newer versions for reasons of revenue so you will so you will actually see more older PCs running than anything and with Mac’s declining sales you will see fewer and fewer as time goes on especially since Intel mac’s are losing support already

SulaymanF,

No, current Macs May have rapid EOL but prior to 2015 Macs were much more upgradable and lasted longer than comparable PCs. The 20% market share was during that period.

dpkonofa,

Got it. You don’t know how to read, are too stubborn to admit you’re wrong, and are actively lying in responses. You shouldn’t be saying anything about bias…

Duamerthrax,

Windows? Are you seriously defending windows users ability to spot viruses? I guess someone’s never been the family tech support.

Earthwormjim91, (edited ) to apple_enthusiast in Malicious attackers can flood iPhone users with endless popups using a $170 tool

Gotta love modern journalism.

Such an attack is possible for a number of products like Android, but the report focuses on iPhone

You can use a flipper on any device that uses WiFi, Bluetooth, or NFC. But throwing iPhone or Apple into a headline will get clicks.

You can use a flipper for a LOT more than that too. You can steal and clone NFC chips like key fobs with them.

Roastchicken,

I agree with your statement on modern journalism, I think it is fair the website appleinsider.com focused on apple products.

Earthwormjim91,

Sure that’s fair. Just don’t bury it halfway down the article and hand wave it away.

A more honest and still clickbaity headline would be “many devices, including iPhones, susceptible to attack by this $170 device”

bigdog_00,

I mean you can, but iPhones and some Android devices are the only common devices but I’m aware of that have fast pairing. Your Nintendo switch isn’t capable of having such a fast pairing pop-up

Earthwormjim91,

Sure, but this fast pairing “ddos” is far from the only thing a flipper can do. They’re powerful little devices. They’re not limited to this little novelty attack.

bigdog_00,

Right right, nobody said it was. Just an example of what it could do, but nobody says that was all it could do

VelociCatTurd, to apple_enthusiast in Malicious attackers can flood iPhone users with endless popups using a $170 tool

Could probably do it for much cheaper than that.

Carter, to apple_enthusiast in Apple allegedly arguing iMessage isn't big enough to be EU gatekeeper service

They’re not wrong. Barely anyone uses iMessage.

jemorgan,

*outside of the US

Onse, to apple_enthusiast in Apple allegedly arguing iMessage isn't big enough to be EU gatekeeper service

tbf, Apple‘s iMessage dominance is mostly a US based phenomenon. In European countries, many people use WhatsApp and telegram. Anecdotal evidence: I don’t know anybody using iMessage.

fer0n,

Same, I don’t know anyone using iMessage and I’m deep into Apple circles.

glad_cat,

Same in France. Apple or not, it’s still mostly WhatsApp and a bit of Telegram around me. Only old iPhone users who haven’t installed anything are using iMessage because it’s the default application.

fraydabson,

I live in the states and I do not know a single person who still uses WhatsApp. Everyone uses iMessage.

fer0n,

Has WhatsApp ever been bigger than iMessage there? From what I heard it was basically SMS → iMessage

dudewitbow,

Part of the reason was because of sms pricing on thr earlier days. Sms was quickly free in the U.S, so they used sms because it was there. Many regions used whatsapp and similar to avoid sms charges in the early days. That usage habit still exists today

ericisshort,

You also have a lot of movement of people between countries in the EU, and international SMS still isn’t unlimited/free for most mobile plans worldwide.

TenderfootGungi,

People in each country used whatever everyone else is using. In the US that became text/iMessage. This was partially driven by the way cell companies charged in the US with free texts but limits on data (iMessage uses data, but it came later).

In other countries the better at the time options won out. We talk to our friends in Europe and Africa with WhatsApp.

Disgusted_Tadpole,
@Disgusted_Tadpole@lemmy.ml avatar

That’s not quite what I see in France. Many people use Whatsapp to text friends/family when they’re abroad. But everyday, I mostly see classic SMS texts (or iMessage)

Eggyhead, to apple_enthusiast in Apple allegedly arguing iMessage isn't big enough to be EU gatekeeper service
@Eggyhead@kbin.social avatar

If Apple's iMessage does fall under the DMA ruleset, it means Apple will be required to open iMessage to third-party operators.

What does this look like in practice?

Mon0, (edited )

That is not clear yet, since the law does not specify the protocol needed to make that happen. The law forces them to make the messenger interoperable while keeping features like E2E encryption. Basically like ActivitPub with more security / privacy features.

teolan,
@teolan@lemmy.world avatar

It will just force them to document and open up their APIs and protocols.

Mon0,

How would that be a feasible solution?

If they stay true to their word, they will force them to implement interoperability and not just force them to give some sort of API access.

So if you install WhatsApp their plan is that Meta must provide a seamless experience in talking to every other person even if that person is using e.g. iMessage

A new protocol for the given reason is faster implemented, more secure and better scalable then just trying to do something with existing solutions that were never designed with something like this in mind.

orrk,

all of this stuff is just API calls anyway, that’s how the internet operates, none of this is done via an analogue signal transfer

kirklennon,

What does this look like in practice?

An endless sea of spam that Apple is legally required to deliver.

TenderfootGungi,

They turn off iMessage in Europe. Or have argue it’s ability to fall back to SMS meets this. Or the industry invents a protocol that they all use and iMessage gets a new colored bubble.

dustyData,

It could mean they make iMessage compatible with RCS for fucking once. Which would actually be a good thing for all Apple users.

gdbjr,

How will it be a good thing for all Apple users since Apple users use iMessage and don’t give a crap about SMS or RCS?

Maybe it it was someone else besides google pushing RCS it might have a better adoption rate. But by this time next year google will have moved to another message app.

jemorgan,

You’re absolutely right, but the knuckle-draggers are too busy with their FOMO to hear it.

iMessage supports a dense layer of features in excess of what’s possible with the RCS standard. RCS is a decent fallback, and maybe progress could be made towards supporting it as a fallback. But the issue is that not even all Android phones enable RCS by default, meaning iMessage would have to have a fallback and a second fallback.

And honestly, the bottom line is that Apple is unlikely to prioritize implementing RCS until their customer base is asking them to do so, which they largely aren’t. The vast majority of the anger towards Apple regarding RCS is from people who don’t buy Apple phones, or from Apple’s direct competitors seeking to improve their products. Apple users (myself included) don’t really care because a marginally better SMS experience is still going to be worse than iMessage, and if I’m really looking for rich cross-platform messaging, I can use any of the dozen widely-used apps that do exactly that.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • KamenRider
  • TheResearchGuardian
  • KbinCafe
  • Socialism
  • oklahoma
  • SuperSentai
  • feritale
  • All magazines