blottsie writes: McAfee, who founded of one of the first companies to offer antivirus software, claimed on CNN and Russia Today, as well as in a Business Insider column, that he could bypass the advanced encryption protecting the phone without Apple's help. But he lied in these interviews, he said in an interview with the Daily Dot, to "get a shitload of public attention."

An anonymous reader writes: Apple users were targeted in the first known Mac ransomware campaign. Hackers targeted Transmission, which is one of the most popular Mac applications used to download software, videos, music, and other data from the BitTorrent peer-to-peer information sharing network. As per this forum post (English screenshot of warning), OS X detected malware called OSX.KeRanger.A. This is the first one in the wild that is functional as it encrypts your files and seeks a ransom. An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs.

An anonymous reader writes: After almost a year of development, bug fixing and cleanup, BorgBackup 1.0.0 has been released. BorgBackup is a fork of the Attic-Backup project — a deduplicating, compressing, encrypting and authenticating backup program for Linux, FreeBSD, Mac OS X and other unixoid operating systems (Windows may also work using CygWin, but that is rather experimental/unsupported). It works on 32bit as well as on 64bit platforms, x86/x64 and ARM CPUs (maybe as well on others, but these are the tested ones). For Linux, FreeBSD and Mac OS X, there are single-file binaries which can be just copied onto a system and contain everything needed (Python, libraries, BorgBackup itself). Of course, it can be also installed from source. BorgBackup is FOSS (BSD License) and implemented in Python 3 (91%), speed critical parts are in C or Cython (9%).

Mr.Intel writes with the Guardian's report that : San Bernadino D.A. has a novel argument for why Apple should be forced to provide the FBI with tools to decrypt the iPhone once used by mass-shooter Syed Rizwan Farook: a "dormant cyber pathogen," he says, could have been unleashed by the county's electronic infrastructure, and only by examining the phone's content can any really be sure. From the article: The questionable claim comes from Ramos's amicus brief in the case, filed with the US District Court on Thursday afternoon. In it, Ramos supports the FBI's argument that Apple should be compelled to build a one-use version of its operating system to load on to the seized phone – used by the mass-murderer, but still technically property of his employer, San Bernardino county – in order to weaken the security and allow the Government to brute-force the shooter's passcode. ... Ramos said: 'The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network. The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino County's infrastructure and poses a continuing threat to the citizens of San Bernardino County'.

An anonymous reader writes: Microsoft, just like Google, Apple, and Mozilla, is part of the CA/BForum, an organization of web browser vendors and certification authorities (CAs). As a browser vendor, Microsoft maintains a list of authorized CAs and their respective root certificates. According to a message on the CA/BForum, there was an error on the server that was running a CRM application that managed this list of trusted certificates and the adjacent details regarding each certificate and CA. The data is lost forever and Microsoft is now asking CAs to resend their most recent audits. Currently a lot of certs are broken in Edge and IE. Microsoft says that it lost audit data for 147 root certificates, which resulted in many SSL/TLS certificates showing errors inside the company's products.

An anonymous reader writes: It's been almost a year now since Oculus announced that the consumer version of the Rift virtual-reality headset would only support Windows PCs at launch -- a turnaround from development kits that worked fine on Mac and Linux boxes. Now, according to Oculus co-founder Palmer Luckey, it "is up to Apple" to change that state of affairs. Specifically, "if they ever release a good computer, we will do it," he told Shacknews recently. Basically, Luckey continued, even the highest-end Mac you can buy would not provide an enjoyable experience on the final Rift hardware, which is significantly more powerful than early development kits. "It just boils down to the fact that Apple doesn't prioritize high-end GPUs," he said. "You can buy a $6,000 Mac Pro with the top-of-the-line AMD FirePro D700, and it still doesn't match our recommended specs."

HughPickens.com writes: Cyrus Farivar reports at ArsTechnica that Congressman David Jolly has introduced the "No Taxpayer Support for Apple Act," a bill that would forbid federal agencies from purchasing Apple products until the company cooperates with the federal court order to assist the unlocking of a seized iPhone 5C associated with the San Bernardino terrorist attack. "Taxpayers should not be subsidizing a company that refuses to cooperate in a terror investigation that left 14 Americans dead on American soil," said Jolly, who announced in 2015 that he's running for Senate, joining the crowded GOP primary field to replace Sen. Marco Rubio. "Following the horrific events of September 11, 2001, every citizen and every company was willing to do whatever it took to side with law enforcement and defeat terror. It's time Apple shows that same conviction to further protect our nation today." Jolly's bill echoes a call from Donald Trump last month to boycott Apple until it agrees to assist the FBI. Not to fear, GovTrack gives Jolly's bill a 1% chance of being enacted.

New submitter Kurast writes with this article at Boing Boing: Code is speech: critical court rulings from the early history of the Electronic Frontier Foundation held that code was a form of expressive speech, protected by the First Amendment. The EFF has just submitted an amicus brief in support of Apple in its fight against the FBI, representing 46 "technologists, researchers and cryptographers," laying out the case that the First Amendment means that Apple can't be forced to utter speech to the government's command, and they especially can't be forced to sign and endorse that speech. In a "deep dive" post, EFF's Andrew Crocker and Jamie Williams take you through the argument, step by step. (You can follow along by reading the brief itself (PDF), too.)

An anonymous reader writes: Famed cryptographer and Turing Award winner, Adi Shamir, has an interesting if not surprising take on Apple's current legal tussle with the FBI. While speaking on a panel at RSA Conference 2016 earlier this week, the man who helped co-invent the vaunted RSA algorithm (he's the 'S' in RSA) explained why he sides with the FBI as it pertains to the San Bernardino shooter's locked iPhone. It has nothing to do with placing trapdoors on millions of phones around the world," Shamir explained. "This is a case where it's clear those people are guilty. They are dead; their constitutional rights are not involved. This is a major crime where 14 people were killed. The phone is intact. All of this aligns in favor of the FBI." Shamir continued, "even though Apple has helped in countless cases, they decided not to comply this time. My advice is that they comply this time and wait for a better test case to fight where the case is not so clearly in favor of the FBI."

Patrick O'Neill writes: While Apple continues to resist a court order requiring it to help the FBI access a terrorist's phone, another major tech company took a strange and unexpected step away from encryption. Amazon has removed device encryption from the operating system that powers its Kindle e-reader, Fire Phone, Fire Tablet, and Fire TV devices. The change, which took effect in Fire OS 5, affects millions of users.

Lucas123 writes: In its rush to gather information, the FBI blew its chance to retrieve data from the iPhone of one of the San Bernardino terrorists when it ordered his iCloud passcode to be reset shortly after the attacks. Now in its fervor to force Apple to create software that can break its own encryption algorithm, the FBI may be opening a security hole to federal agencies. Over the past four years, the federal government has largely shifted its use of mobile devices from Blackberry to iPhones. One major reason for that is -- you guessed it -- the strong native security. If Apple creates an iPhone skeleton key, it not only threatens the public's privacy, but the security of the federal government as well.

New submitter eedwardsjr writes: If you've ever wanted to pay just by saying something out loud, then Hands Free is the way to go. Google has released to the public a new app called Hands Free, which lets people pay for items in stores by simply telling the cashier, "I'll pay with Google." The app, available for Android and iOS, is only being piloted in a few locations in the San Francisco area, including some McDonald's and Papa John's restaurants. Hands Free works by tracking your location using Wi-Fi and other sensors in your smartphone to detect whether you're near a participating store. After you say "I'll pay with Google," the cashier confirms your identity by using your initials and the photo you've loaded onto the Hands Free app.

An anonymous reader writes: Nobody likes being monitored. But even if you suspected your company is following your activities on the iPhone, would you know where to check? In the next iteration of its smartphone operating system, iOS 9.3, Apple is looking to make this an easier task. According to Reddit user MaGNeTiX, the latest beta of iOS 9.3 has a message telling users their iPhone is being supervised. The message is as prominent as can be, both on the device's lock screen and in the About section. "This iPhone is managed by your organization," the message on the lock screen says. And in the About screen, you get a little more detail, with a message saying your iPhone's supervisor can monitor your Internet traffic and locate your device.

itwbennett writes: Representative Darrell Issa, a California Republican and former car-alarm entrepreneur, has suggested that the FBI try unlocking mass shooter Syed Rizwan Farook by copying the hard drive and running password attempts until they find the correct password. Bruce Sewell, Apple's senior vice president and general counsel, said during a congressional hearing that, although the company doesn't know the condition of the shooter's iPhone, Issa's approach may work.

blottsie writes: In a series of court battles in the late 1990s and early 2000s, Cindy Cohn represented plaintiffs challenging restrictions on DVD copying and the publication of cryptographic code. In all three cases—Bernstein v. United States, Universal City Studios v. Reimerdes, and Junger v. Daley—federal courts held that computer code merited protection under the First Amendment. Cohn, now the executive director of the Electronic Frontier Foundation, endorsed Apple's repeated citations of her cases in its fight against a court order to unlock a terrorism suspect's iPhone for the FBI. But she said that the controversial iPhone-unlocking order impinged even further on Apple's free-speech rights than the restrictions in her cases.

The Washington Post reports that Apple has prevailed for the moment in its fight with the FBI over the agency's demand that Apple help them break the security of an iPhone — but not in the California case about the phone belonging to San Bernadino shooter Syed Rizwan Farook -- that more famous case, as we mentioned the other day, is of course not the only case with a phone the FBI would like to peek into. New York federal judge James Orenstein scoffs in his 50-page decision at government arguments that Apple should be compelled to produce a software solution that would give them full access to content of the phone belonging to a drug dealer's phone. [Orenstein] found that the All Writs Act does not apply in instances where Congress had the opportunity but failed to create an authority for the government to get the type of help it was seeking, such as having firms ensure they have a way to obtain data from encrypted phones.

He also found that ordering Apple to help the government by extracting data from the iPhone- which belonged to a drug dealer --would place an unreasonable burden on the company....

He also expressed concern about conferring too much authority in the government. "Nothing in the government's arguments suggests any principled limit on how far a court may go in requiring a person or company to violate the most deeply-rooted values to provide assistance to the government the court deems necessary," he said. Whether the same logic will prevail in California is yet unclear; the New York decision is not binding on any other court.

Apple's lawyer, Ted Olson, explained in an interview with CNN that what the government is asking Apple to do is "limitless." Olson explained that if the tool that the government wants is created, any judge anywhere could essentially order to list to any customer's conversation, track location, and much more. The lawyer likened it to an Orwellian "big brother" type society. When pressed about how Apple could potentially help fight terrorism by creating a tool to access locked devices, Olson explained that while Apple will help the government defeat terrorism in every way that it can, it can't be done by breaking the Constitution.

An anonymous reader writes: After researchers discovered that SHA-1 can be decrypted, Mozilla, together with Microsoft and Google, said they will no longer "trust" SHA-1-based certificates issued after January 1, 2016, and later stop supporting any type of SHA-1 certificates after June 30, 2016, or January 1, 2017. The foundation went back on its word this week, when Symantec begged Mozilla to allow it to issue nine new certificates for one of its clients, Worldpay PLC, which forgot to request these certificates before January 1. Symantec got what it wanted. Fortunately, other companies like Microsoft, Apple, or Google didn't cave under the pressure.

San Bernardino police chief, Jarrod Burguan, who was part of the investigation into the two shooters who killed 14 during a mass shooting event last December, says there probably isn't any useful information on Syed Farook's government-issued phone. "I'll be honest with you, I think there is a reasonably good chance that there is nothing of any value on the phone," Burguan said. Burguan is siding with the FBI, though, which is seeking to compel Apple to build custom software to allow law enforcement to extract data from Farook's phone. "This is an effort to leave no stone unturned in the investigation," Burguan told NPR. "To allow this phone to sit there, and not make an effort to get the information or the data that may be inside of that phone is simply not fair to the victims or the families."

mi writes: Though loudly resisting the American government's attempts to make it help break into the phone of a dead scumbag, Apple is very accommodating of the Chinese government's attempts to keep tabs on the citizenry's communications. Apple has censored apps that wouldn't pass muster with the Chinese government, moved local user data onto servers operated by the state-owned China Telecom, and submitted to Chinese audits. According to James Lewis, senior fellow at the Center for Strategic and International Studies in Washington, "I can't imagine the Chinese would tolerate end-to-end encryption or a refusal to cooperate with their police, particularly in a terrorism case." Why the accommodation there?