Apple’s Official Response To The FBI Is Here!

In the last few weeks, the news has been awash with a single topic when it comes to technology, Security. Brought to life by a judge ordering Apple to unlock an iPhone, a move which has split America almost down the middle. The time has finally come and you can now read Apple’s official response.

Apple’s lawyer, Theodore Boutrous, wrote that “Apple is a private company that does not own or possess the phone at issue, has no connection to the data that may or may not exist on the phone”. This argument is a fair one, Apple has already said that they would comply and provide the information to the FBI if someone hadn’t changed the passcode.

Supreme Court Justice John Paul Stevens argued back in 1977 that “if the All Writs Act confers authority to order persons to aid the Government the performance of its duties… it provides a sweeping grant of authority entirely without precedent in our Nation’s history”.

Apple is continuing to argue with these points saying that their use of the All Writs Act even goes as far as breaking Apple’s First and Fifth Amendment rights. They argue that having to hire anywhere from six to ten engineers to work on this project for months, and maybe longer if more phone unlocks are ordered, would be an undue and overly burdensome task. Referring to the aforementioned changing of the passcode, Boutrous stated that the FBI haven’t even asked other agencies for their support, saying:

“Here, by contrast, the government has failed to demonstrate that the requested order was absolutely necessary to effectuate the search warrant, including that it exhausted all other avenues for recovering information. Indeed, the FBI foreclosed one such avenue when, without consulting Apple or reviewing its public guidance regarding iOS, the government changed the iCloud password associated with an attacker’s account, thereby preventing the phone from initiating an automatic iCloud back-up. See supra II.C. Moreover, the government has not made any showing that it sought or received technical assistance from other federal agencies with expertise in digital forensics, which assistance might obviate the need to conscript Apple to create the back door it now seeks.”

With the legal proceedings only set to continue, it could be a while before we see this case end but one thing is for certain. This case is more than likely to bring about a change in how companies, governments and even people think when it comes to their digital security.

Cybersecurity Experts Urge Parents to Boycott VTech Toys After Hack

VTech is a company which specializes in electronics devices, baby monitors, toys and other equipment aimed at children. During my youth, I remember VTech being the main source of educational laptops for children in the Argos catalogue. Since then, technology has progressed at a rapid pace, and VTech now produces a huge range of smart devices including tablets. Back in late November, the company’s Learning Lodge gateway was compromised due to poor security and almost 6.4 million children’s details were exposed by a hacker. This is a shocking revelation and exemplifies the importance of being incredibly careful with your personal information. Recently, a VTech spokeswoman made some very worrying comments which suggest the company has a fairly incompetent attitude towards user data:

“Since learning about the hack of its databases, VTech has worked hard to enhance the security of its websites and services and to safeguard customer information,”

“But no company that operates online can provide a 100% guarantee that it won’t be hacked.”

“The Learning Lodge terms and conditions, like the T&Cs for many online sites and services, simply recognise that fact by limiting the company’s liability for the acts of third parties such as hackers.”

“Such limitations are commonplace on the web.”

As you might expect, this has been heavily criticized by industry experts, and consumers requiring peace-of-mind about their personal information. The latest terms were flagged by a  blog by the Australian security specialist Troy Hunt. He lambasted the company and said:

“You acknowledge and agree that you assume full responsibility for your use of the site and any software or firmware downloaded.”

“You acknowledge and agree that any information you send or receive during your use of the site may not be secure and may be intercepted or later acquired by unauthorised parties.”

“You acknowledge and agree that your use of the site and any software or firmware downloaded there from is at your own risk.”

“If [VTech] honestly feel they’re not up to the task of protecting personal information, then perhaps put that on the box and allow consumers to consciously take their chances rather than implicitly opting into the ‘zero accountability’ clause.”

I have to echo the thoughts of Troy Hunt, and cannot believe VTech isn’t updating their security infrastructure after such a massive attack. If you value your children’s data, then it’s probably the most sensible idea to avoid using VTech’s online services.

Image courtesy of Threatpost.com

Dell Sorry and Rushes To Fix Security Issue

Yesterday we reported on a security issue that came pre-installed on Dell machines, resulting in a potential security risk to both your details and opening up your system into being tricked about if a website is ‘secure’ or not. It would seem that they have been quick and keen to fix this issue, releasing information on how to fix the problem on machines.

First up, if you are using a Dell machine we recommend you use the test site that’s been set up. If this website appears fine, with a padlock in your browser, without displaying a warning then it means that your computer is currently running the eDellRoot certificate.

In order to remove it, you can either use the following process listed below or you can use the uninstaller app provided here. If you want to remove it manually then follow the steps below:

  1. Go to the start menu, type “mmc” and press enter
  2. Go to File -> Add/Remove Snap
  3. Pick certificates and press add
  4. Choose computer account and press next
  5. Choose local computer and press finish
  6. Press Ok
  7. Expand Certificates and Trusted Root Certification Authorities
  8. Pick the certificates folder and check to see if eDellRoot is present
  9. If eDellRoot is present, right click and press delete.

If you want to see the full steps listed provided by Dell you can find the file here. With these steps, you can ensure one less threat to your machine and as such your digital life. It will be interesting to see how Dell reacts to this issue and moves forward in the coming weeks.

“We’ll Do a Better Job Next Time”, NVIDIA Admitting Defeat

 

Over the last few weeks we’ve all heard of the scandal relating to the 3.5GB VRAM buffer on the GTX 970 graphics cards. Yes, the card comes with 4GB, but the last 512mb is extremely slow compared to the rest. Well today, NVIDIA’s Jen-Hsun, came forward to elaborate on this unfortunate turn of events.

“We invented a new memory architecture in Maxwell. This new capability was created so that reduced-configurations of Maxwell can have a larger framebuffer – i.e., so that GTX 970 is not limited to 3GB, and can have an additional 1GB. GTX 970 is a 4GB card. However, the upper 512MB of the additional 1GB is segmented and has reduced bandwidth. This is a good design because we were able to add an additional 1GB for GTX 970 and our software engineers can keep less frequently used data in the 512MB segment. 

Unfortunately, we failed to communicate this internally to our marketing team, and externally to reviewers at launch.”

So they tried to push the boundaries with as little as possible, resulting in a very fast and usable 3.5GB VRAM, but failed to tell anyone outside of the company of this groundbreaking memory architecture; something that could have played so well to their advantage has seemed to have backfired.

“The 4GB of memory on GTX 970 is used and useful to achieve the performance you are enjoying. And as ever, our engineers will continue to enhance game performance that you can regularly download using GeForce Experience. This new feature of Maxwell should have been clearly detailed from the beginning. We won’t let this happen again. We’ll do a better job next time.”

Good guys NVIDIA for admitting defeat, let’s hope future driver updates will increase the speed of the last 512mb.

Have you returned or received any form of refund for your GTX 970? Are you content with the performance and think this has been blown massively out of proportion by a small population? Let us know on Facebook and our Forums.

Thanks to NVIDIA for sharing this with us.