Category: Technology


Hey Everyone,

It’s been a very busy start to the new year for our shop, we have been doing a tremendous amount of iMac and Macbook Repair over the last year and we would like to let everyone know who keeps asking, we DO repair all iMac and Macbook computers and ALL Apple products including iPod (All Models) and iPad.  Ask about getting you iMac Hard Drive replaced to a Solid State Drive (SSD) and a full tune up including internal and external cleaning.  If you’ve had your mac longer then 3 years chances are its super dusty inside and will need to be cleaned internally!

We offer a complete Mac-Tune-Up Package with Sierra OS installed and your option of a 120GB, 240GB, 480GB or 1TB SSD upgrade which will make your computer  respond much faster (apps open quicker, shorters boot/reboot times) + a HUGE LIST of apps to choose from!

We hope everyone has an awesome 2017 – All the best to you and your loved ones! – Ryan

Just a quick update for our clients in the Fraser Valley and Lower Mainland – Even though we are tucked away we have the BIGGEST selection of WHOLESALE priced accessories. All Blue tagged items take an additional 25% OFF.  The sales starts on December 14th and goes all the way until December 28th!  What does that mean?  Our already low prices are an additional 25 PERCENT OFF!  Most of the cool stuff will have the blue tag discount so get here quick before everything is sold out!  Happy Holidays and a VERY Merry Christmas to all my friends that continue to support our business!

For our iphone 5/5s/5C/6/6 Plus Customers – Mention this and get a FREE case with your cell phone screen repair!  THIS OFFER IS VALID UNTIL DECEMBER 31ST!

For anyone unlocking their smartphone or iPhone on UnlockMyPhone.ca our unlocking website, use promo code “5OFFUNLOCK” for an additonal $5 dollars off any unlock code or iPhone factory unlock!

 

For all my clients coming from Chilliwack  and Hope – there is now an incentive to come to our shop!  Not only will we beat ANY and ALL price quotes from all Chilliwack iPhone repair shops.  We guarantee our parts are real OEM and not knockoff like we have been seeing a lot of from out that way.  Ask about our free gift with purchase! (Mention this Blog Post)

One customer named Bob came in earlier today and mentioned he has been to another iPhone repair place in Chilliwack on Unsworth.  His screen lasted two days after the replacement was put in, upon further inspection, we informed Bob the part was a fake knockoff and very low quality.. The screen wasn’t even set properly and was practically coming off the LCD.  UV glue was not properly used.

At Ryan’s PC Repair Shop, we provide our customers with real original OEM parts (You get what you pay for), a 6 month warranty on the parts and labour and after sale service you can always depend on.  Ryan’s been in the industry for over 10 years and fix just about any issue you may have.

If you’ve been to another shop and they’ve told you the phones not repairable, bring it by my shop and I’ll get it working for you.  There is no charge to look at the device if its not repairable! No diagnostic fees charged ever!

600 million Apple devices contain secret backdoors, researcher claims

Apple-iconA security researcher considered to be among the foremost experts in his field says that more than a half-billion mobile devices running Apple’s latest iOS operating system contain secret backdoors.

Jonathan Zdziarski, also known by his online alias “NerveGas,” told the audience attending his Friday morning presentation at the Hackers on Planet Earth conference in New York City that around 600 million Apple devices, including iPhones and tablets, contain hidden features that allow data to be surreptitiously slurped from those devices.

During Zdziarski’s HOPE presentation, “Identifying Backdoors, Attack Points and Surveillance Mechanisms in iOS Devices,” the researcher revealed that several undocumented forensic services are installed on every new iPhone and iPad, making it easier that ever for a third-party to pull data from those devices in order to compromise a target and take hold of their personal information, including pictures, text messages, voice recordings and more.

Among the hidden functions running on iOS devices, Zdziarski said, are programs called “pcapd,” “file_relay” and “file_relay.” If used properly, he added, those programs can allow anyone with the right means and methodology to pull staggering amounts of data from a targeted phone, even when the rightful owner suspects the device is sufficiently locked.

Zdziarski has previously exploited older versions of the iOS operating system and authored several books on mobile security. Even after raising multiple questions with Apple, however, he said he has yet to figure out why, exactly, the tech giant ships iOS devices with programs that appear to do nothing other than leak digital data.

According to the slides Zdziarski presented during Friday’s talk, there’s little reason to believe the functions are used to run diagnostics or help developers.

Most services are not referenced by any known Apple software,” one slide says in part, and “the raw format of the data makes it impossible to put data back onto the phone, making useless for Genius Bar or carrier tech purposes.”

“The personal nature of the data makes it very unlikely as a debugging mechanism,” he added.

A man shows a photograph he took on his iPhone of an Apple store in Beijing

According to the researcher, evidence of the mysterious programs raises more questions than it does answers.

“Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?” he asked in one slide. “Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone? Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?”

“Apple really needs to step up and explain what these services are doing,” Zdziarski told Ars Technia on Monday after his HOPE presentation was hailed over the weekend by the conference’s attendees as a highlight of the three-day event. “I can’t come up with a better word than ‘backdoor’ to describe file relay, but I’m willing to listen to whatever other explanation Apple has. At the end of the day, though, there’s a lot of insecure stuff running on the phone giving up a lot of data that should never be given up. Apple really needs to fix that.”

Indeed, Apple responded on late Tuesday by saying that the tree functions in question are “diagnostic capabilities to help enterprise IT departments, developers and AppleCare troubleshoot issues.”

“Apple has, in a traditional sense, admitted to having back doors on the device specifically for their own use,” Zdziarski responded quickly on his blog. “Perhaps people misunderstand the term ‘back door’ due to the stigma Hollywood has given them, but I have never accused these ‘hidden access methods’ as being intended for anything malicious, and I’ve made repeated statements that I haven’t accused Apple of working with NSA. That doesn’t mean, however that the government can’t take advantage of back doors to access the same information. What does concern me is that Apple appears to be completely misleading about some of these (especially file relay), and not addressing the issues I raised on others.”

“I give Apple credit for acknowledging these services, and at least trying to give an answer to people who want to know why these services are there – prior to this, there was no documentation about file relay whatsoever, or its 44 data services to copy off personal data. They appear to be misleading about its capabilities, however, in downplaying them, and this concerns me,” he added.

On Apple’s part, the company said they have “never worked with any government agency from any country to create a backdoor in any of our products of services.”

 

Source: RT

Here’s why many people want their BlackBerrys back after switching to iOS and Android

Following the release of the original iPhone in 2007 and the subsequent launch of Android, many people with work-issued phones spent years asking for their employers to switch away from BlackBerry smartphones to more modern devices. Finally, as Apple and Google increased their focus on security and BlackBerry hit dire straights a few years ago, workers began getting what that wanted and bring your own device (BYOD) policies became more common.

More recently, however, an interesting trend is being observed: Workers want their BlackBerry’s back.

CIO’s Tom Kaneshige reports on an interesting phenomenon that we’ve heard rumblings of in the past. At companies where employees were permitted to ditch their work-issued BlackBerry phones and bring their own iPhones and Android handsets, they’re now begging their IT departments to move back to BlackBerry.

Why? It turns out there are a few reasons.

For one thing, there are privacy concerns. When workers use their own iOS and Android devices, IT departments gain access to all of their private data in addition to any corporate apps that might be on the devices. It’s never a good thing when you have to hand over a smartphone packed full of naked selfies so that IT can fix an issue with email not syncing properly.

Beyond that, IT professionals Kaneshige spoke with say they are having some serious problems with mobile device management (MDM) software, and the related on-device apps often cause issues like battery drain and device bogging.

Source: BGR

Android and Windows smartphones to get ‘kill switch’

Google and Microsoft have both revealed that they will integrate a ‘kill switch’ into the next versions of their smartphone operating systems, allowing customers to disable their devices if they are lost or stolen.

Google told Bloomberg that it will add a “factory reset protection solution” to its next version of Android

Meanwhile, Microsoft’s vice president for US government affairs, Fred Humphries, said that the company would be adding new anti-theft capabilities to its Find My Phone feature in Windows Phone before July 2015.

“With these additional features, we’re hopeful that technology – as part of a broader strategy – can help to further reduce incentives for criminals to steal smartphones in the first place,” Humphries said in a blog post.

The news comes after Apple introduced ‘activation lock’ and ‘delete phone’ to its Find My iPhone app in September 2013.

As a result, robberies involving the company’s products reportedly decreased by 19 per cent in New York in the first five months of this year. San Francisco and London have also seen Apple-related robberies drop.

New York attorney general Eric Schneiderman said the statistics illustrate the “stunning effectiveness of kill switches”, and has called for other smartphone companies to add theft-deterrence features to their devices.

US Senator Amy Klobuchar, a Minnesota Democrat, and Jose Serrano, a New York Democrat, have both introduced bills that would require phones sold in the US to include kill-switch technology.

Last summer, the Mayor of London Boris Johnson also wrote to eight companies – including Apple, Samsung and Google – stating that about 10,000 handsets are stolen every month in London, and manufacturers have a “corporate responsibility” to help tackle thefts.

“If we are to deter theft and help prevent crimes that victimise your customers and the residents and visitors to our city, we need meaningful engagement from business and a clear demonstration that your company is serious about your corporate responsibility to help solve this problem,” Mr Johnson told manufacturers.

“Each of your companies promote the security of your devices, their software and information they hold, but we expect the same effort to go into hardware security so that we can make a stolen handset inoperable and so eliminate the illicit second-hand market in these products.

“We hope you would support this objective. Customers and shareholders surely deserve to know that business cannot and must not benefit directly from smartphone theft through sales of replacement devices.”

Source: The Telegraph

Android 4.4.3 KitKat update reportedly coming soon

After a never-before-seen version of KitKat has been spotted a few days ago – version KTU65 – suggesting that Google may release at least one more KitKat update before moving to a new Android OS version, a new tweet from known developer LlabTooFeR says that Android 4.4.3 may be just around the corner, with version KTU72B identified as the upcoming software update.

“Android 4.4.3 is under testing. Build number is KTU72B,” the developer wrote. “Probably it will fix known camera bug.” This KitKat version’s code name suggests this build (dated March 13) is newer than the previous one (dated March 6,) although the developer did not share any details as to when Google will actually release it.

Similarly, it’s not clear whether the update will bring any new features, on top of the expected camera fix for the Nexus 5, and whether it will be available to other devices as well. Still, this appears to be first time these newly discovered KitKat builds are associated with “Android 4.4.3.”

The latest KitKat software version available to Android users is KOT49H (Android 4.4.2), although only some devices have been updated so far, including Nexus tablets and smartphones. A recent report said that Google will unveil Android 4.5 this summer, likely together with new Nexus devices – the company is rumored to ship at least one new tablet this year, with rumors indicating that a Nexus device with an 8.9-inch may be in the works.

Source: BGR

Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping

Hundreds of open source packages, including the Red Hat, Ubuntu, and Debian distributions of Linux, are susceptible to attacks that circumvent the most widely used technology to prevent eavesdropping on the Internet, thanks to an extremely critical vulnerability in a widely used cryptographic code library.

The bug in the GnuTLS library makes it trivial for attackers to bypass secure sockets layer (SSL) and Transport Layer Security (TLS) protections available on websites that depend on the open source package. Initial estimates included in Internet discussions such as this one indicate that more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations, but it wouldn’t be surprising if the actual number is much higher. Web applications, e-mail programs, and other code that use the library are vulnerable to exploits that allow attackers monitoring connections to silently decode encrypted traffic passing between end users and servers.

The bug is the result of commands in a section of the GnuTLS code that verify the authenticity of TLS certificates, which are often known simply as X509 certificates. The coding error, which may have been present in the code since 2005, causes critical verification checks to be terminated, drawing ironic parallels to the extremely critical “goto fail” flaw that for months put users of Apple’s iOS and OS X operating systems at risk of surreptitious eavesdropping attacks. Apple developers have since patched the bug.

“It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification,” an advisory issued by Red Hat warned. “An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker.”

GnuTLS developers published this bare-bones advisory that urges all users to upgrade to version 3.2.12. The flaw, formally indexed as CVE-2014-0092, is described by a GnuTLS developer as “an important (and at the same time embarrassing) bug discovered during an audit for Red Hat.” Debian’s advisory is here.

As was the case with last week’s critical encryption bug from Apple, the GnuTLS vulnerability is the result of someone making mistakes in source code that controls critical functions of the program. This time, instead of a single misplaced “goto fail” command, the mistakes involve errors with several “goto cleanup” calls. The GnuTLS program, in turn, prematurely terminates code sections that are supposed to establish secure TLS connections only after the other side presents a valid X509 certificate signed by a trusted source. Attackers can exploit the error by presenting vulnerable systems with a fraudulent certificate that is never rejected, despite its failure to pass routine security checks. The failure may allow attackers using a self-signed certificate to pose as the cryptographically authenticated operator of a vulnerable website and to decrypt protected communications. It’s significant that no one managed to notice such glaring errors, particularly since they were contained in code that anyone can review.

Security researchers are still studying the vulnerability and assessing its effect on the wide array of OSes and applications that depend on GnuTLS. For the moment, readers should assume that the severity is critical given the dizzying amount of downstream code that may be affected. One example: the apt-get installer some distributions of Linux use to distribute and update applications relies on GnuTLS, although exploits against the package can probably be caught by cryptographic code-signing of the downloaded program (thanks to readers for pointing out this secondary level of protection). Version 3 of lib-curl, which is distributed in Debian and Ubuntu, also depends on GnuTLS. Some Debian- and Ubuntu-based virtual private networking applications that work with Cisco Systems hardware are also affected. This list goes on and on.

Source: ArsTechnica

Samsung Group ousted from Apple’s A8 chip manufacturing

It seems Apple isn’t satisfied with the production of A-series processor based on the 20-nm process by Samsung Group.

The Cupertino could say goodbye to the Galaxy maker for it. If it happens, the doors will be opened for other partners like TSMC. Apparently, the South Korean group isn’t sufficiently fulfilling 20-nm chips demand, which will be used by Apple in the next iPhone and iPad this year.

No doubt Apple wants to get rid of Samsung deliberately. The duo has been in courtrooms for several years and counting. Although, Samsung has produced A-series processor for Apple, but it’s not a coincidence that the Cupertino based tech giant has formed a strategic partnership with TSMC.

As 2014 has just begun, according to some reports, the Taiwanese company TSMC could start supplying those A8 chipsets. It was reported earlier that TSMC will fulfill about 70% of all demands while the remaining quotient will be covered by Samsung. But that’s something, which has changed.

It appears that the yield of the preliminary testing of A8 chip by Samsung is very low compared to what Apple requires – to have some physiological advantage over rivals – 20-nm process based chipset for future iPhones and iPads.

In the meantime, TSMC may have shown more performance, then the Cupertino would have decided to invest solely on the world’s largest dedicated independent semiconductor foundry, helping the expansion of Apple products on the planet for years.

In addition, TSMC has already demonstrated that they are ready to switch from 20 to 14 nanometers, the size likely to be adopted by the A9 for iPhone 7, probably. The final farewell to Samsung could be accomplished by the middle of 2014 instead of between 2015 and 2016 as previously assumed.

Besides these ergonomics, the A8 chip would be incorporating LTE directly, according to rumors from the East and will be managed by a dedicated processor manufactured by Qualcomm. Apple seems likely to make the iPhone and the iPad compatible with all LTE frequencies on the planet, including even those that will be managed only in the future.

Source: Inferse

Bitcoins, other digital currencies stolen in massive ‘Pony’ botnet attack

Cybercriminals have infected the computers of digital currency holders, using a virus known as “Pony” to make off with account credentials, bitcoins and other digital currencies in one of the largest attacks on the technology, security services firm Trustwave said.

The attack was carried out using the “Pony” botnet, a group of infected computers that take orders from a central command-and-control server to steal private data. A small group of cybercriminals were likely behind the attack, Trustwave said.

Over 700,000 credentials, including website, email and FTP account log-ins, were stolen in the breach. The computers belonging to between 100,000 and 200,000 people were infected with the malware, Trustwave said.

The Pony botnet has been identified as the source of some other recent attacks, including the theft of some 2 million log-ins for sites like Facebook, Google and Twitter. But the latest exploit is unique due to its size and because it also targeted virtual wallets storing bitcoins and other digital currencies like Litecoins and Primecoins.

Eighty-five wallets storing the equivalent of $220,000, as of Monday, were broken into, Trustwave said. That figure is low because of the small number of people using Bitcoin now, the company said, though instances of Pony attacks against Bitcoin are likely to increase as adoption of the technology grows. The attackers behind the Pony botnet were active between last September and mid-January.

“As more people use digital currencies over time, and use digital wallets to store them, it’s likely we’ll see more attacks to capture the wallets,” said Ziv Mador, director of security research at Chicago-based Trustwave.

Most of the wallets that were broken into were unencrypted, he said.

“The motivation for stealing wallets is obviously high—they contain money,” Trustwave said in a blog post describing the attack. Stealing bitcoins might be appealing to criminals because exchanging them for another currency is easier than stealing money from a bank, Trustwave said.

There have been numerous cyberattacks directed at Bitcoin over the last year or so as its popularity grew. Last year, a piece of malware circulating over Skype was identified as running a Bitcoin mining application. Bitcoin mining is a process by which computers monitor the Bitcoin network to validate transactions.

“Like with many new technologies, malware can be an issue,” said a spokesman for the Bitcoin Foundation, a trade group that promotes the use of Bitcoin, via email. Wallet security should improve, the spokesman said, as more security features are introduced, like multisignature transactions, he said.

Digital currency users can go to this Trustwave site to see if their wallets and credentials have been stolen.

Source: PC World

Apple Fixes “Fundamental” SSL Bug in iOS 7

Apple quietly released iOS 7.06 late Friday afternoon, fixing a problem in how iOS 7 validates SSL certificates. Attackers can exploit this issue to launch a man-in-the-middle attack and eavesdrop on all user activity, experts warned.

“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” Apple said in its advisory.

Users should update immediately.

Watch Out for Eavesdroppers
As usual, Apple didn’t provide a lot of information about the issue, but security experts familiar with the vulnerability warned that attackers on the same network as the victim would be able to read secure communications. In this case, the attacker could intercept, and even modify, the messages as they pass from the user’s iOS 7 device to secured sites, such as Gmail or Facebook, or even for online banking sessions. The issue is a “fundamental bug in Apple’s SSL implementation,” said Dmitri Alperovich, CTO of CrowdStrike.

The software update is available for the current version of iOS for iPhone 4 and later, 5th generation iPod Touch, and iPad 2 and later. iOS 7.06 and iOS 6.1.6. The same flaw exists in the latest version of Mac OS X but has not yet been patched, Adam Langley, a senior engineer at Google, wrote on his ImperialViolet blog. Langley confirmed the flaw was also in iOS 7.0.4 and OS X 10.9.1

Certificate validation is critical in establishing secure sessions, as this is how a site (or a device) verifies that the information is coming from a trusted source. By validating the certificate, the bank website knows that the request is coming from the user, and is not a spoofed request by an attacker. The user’s browser also relies on the certificate to verify the response came from the bank’s servers and not from an attacker sitting in the middle and intercepting sensitive communications.

Update Devices
It appears Chrome and Firefox, which uses NSS instead of SecureTransport, aren’t affected by the vulnerability even if the underlying OS is vulnerable, Langley said. He created a test site at https://www.imperialviolet.org:1266. “If you can load an HTTPS site on port 1266 then you have this bug,” Langley said

Users should update their Apple devices as soon as possible, and when the OS X update is available, to apply that patch as well. The updates should be applied while on a trusted network, and users should really avoid accessing secure sites while on untrusted networks (especially Wi-Fi) while traveling/

“On unpatched mobile and laptop devices, set ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks,” wrote Alex Radocea, a researcher from CrowdStrike.

Considering recent concerns about the possibility of government snooping, the fact that iPhones and iPads were not validating certificates correctly can be alarming for some. “I’m not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control,” Matthew Green, a cryptography professor at Johns Hopkins University, posted on Twitter.

Check out this video from News Loop:

 

Source: PC World Security Watch