new web technologies

Apple iCloud Attacked; Experts Point Finger At Chinese Government

For Apple, China has been a great many things. Vendor. Partner. Customer. Competitor. Now perhaps one more thing can go on the list: Attacker. 

Following Friday's debut of the latest iPhone 6 in China, hackers spent the weekend targeting Apple’s iCloud data storage service. Apple acknowledged that it has suffered "intermittent organized network attacks" trying to glean user data when they sign in to iCloud. 

As for who the perpetrator may be, security experts have one prime suspect in mind: the Chinese government

Because surveillance. 

China May Be "In The Middle"

The attacks appear to be of the “man in the middle” variety, a type that steps in between users and the sites they're trying to access. Because these attacks relay data in both directions—to the users and to the legitimate site—people often don't realize that a stranger is eavesdropping or pilfering their login information. 

See also: In The U.S., The Feds Are A Bigger Threat To Your Phone Than Malware

A representative for security monitoring website GreatFire told The New York Times that the attack was either conducted by the Chinese authorities or parties sanctioned by them. The host servers for the attacks are only accessible by the Chinese government, the source said, or by state-run telecommunications providers. 

“You think you are getting information directly from Apple, but in fact the authorities are passing information between you and Apple, and snooping on it the whole way," said the GreatFire rep. Google, Yahoo and Microsoft have all suffered similar exploits for the same reason. 

Michael Sutton, vice president for threat research at security firm Zscaler, seems convinced of the Chinese government's involvement in the hack. “Evidence suggests this attack originated in the core backbone of the Chinese Internet,” Sutton told The NYT, "and [it] would be hard to pull off if it was not done by a central authority like the Chinese government." 

See also: Let's Clear Up Apple's Cloudy Photo Stream

Previously, Apple's cloud security hit the news when nude photos of celebrities Jennifer Lawrence, Kate Upton and others were stolen and circulated on the Internet. Like that case, this security breach does not appear to come from a systemic vulnerability or specific security hole. 

For now, Apple updated its site to help users understand how they can protect themselves. The company offers advice on what clues users should look for in Safari, Chrome, Firefox and other major web browsers to ensure their connections are safe. It updated that page was updated today. 

The iPhone 6's launch in China had been reportedly held up for a month due to regulatory issues stemming from security concerns. 

Lead photo by Lewis Tse Pui Lung for Shutterstock

Date: Tue, 21 Oct 2014 07:38:15 -0700
Author: :: Category: Mobile

back to top

Marissa Mayer's New Plan For Yahoo Looks A Lot Like Her Old Plan For Yahoo

Yahoo CEO Marissa Mayer has spent close to two and a half years at the helm without articulating any particularly clear strategy for revitalizing the hodgepodge of a Web company. Now, pressured by activist shareholders who want her to cut costs and send its Alibaba-IPO windfall back to investors, Mayer has basically announced that she plans to ... do more of what she's been doing.

During the company's quarterly earnings call on Tuesday, Mayer defended her strategy of acquiring startups—the majority of whose apps and services almost immediately vanished without a trace. Since Mayer took the helm in 2012, Yahoo has spent $1.6 billion on acquisitions. Most of that went to snap up social blogging platform Tumblr ($1.1 billion) and mobile analytics company Flurry (presumably somewhere around $300 million).

See also: Yahoo: Destroyer Of Startups

Mayer said her acquisitions have brought in talent, building-block technologies or "strategic" companies that complement or expand Yahoo's other businesses. Tumblr and Flurry stand out as strategic plays in this scheme. She noted, for instance, that Yahoo and Tumblr now attract a billion "monthly average users," meaning people who visit the sites at least once a month.

The Yahoo chief added said the infusion of startup employees has bolstered the teams working on Yahoo's mobile products, while other purchases have brought in key technologies for one of the company's four "pillars"—search, communications, digital magazines and video.

In recent months, Yahoo has been on a buying spree to bolster its mobile and advertising business; it's picked up six related startups since March, plus two others in photo and document management. Yahoo competes with Google and Facebook in ads, two companies with growing dominance in online and mobile advertising.

Connecting The Dots

A chart to ease investor concerns over Mayer's purchasing strategy.

Mayer was quick to draw a connection between her investments and Yahoo's unexpectedly strong third-quarter financial results. Mobile revenue more than doubled year-over-year, she said. Native advertising was strong, accounting for $65 million in revenue for the company this quarter. 

"We achieved this revenue growth through strong growth in our new areas of investment—mobile, social, native and video—despite industry headwinds in some of our large, legacy businesses," Mayer said in a statement to investors.  

Mayer also touched on cost-cutting strategies including closing eight offices, letting go of 2,000 poor-performing employees, and sunsetting more than 65 products.

Wolves At The Door

Mayer's defensive plans are partly in response to activist investor Starboard LP, which recently sent a letter to Yahoo encouraging it to merge with similarly struggling Internet giant AOL. Yahoo and Mayer are facing pressure to turn the company around as questions about her leadership grow.

“We all came here to return in iconic company to greatness,” Mayer said on the call. “We’ve come really far, very fast.”

Lead photo by Fortune Live Media

Date: Tue, 21 Oct 2014 04:39:20 -0700
Author: :: Category: Web

back to top

How To Stop Apple From Tracking You In Mac OS X Yosemite

Not comfortable in Apple's Spotlight? Here's how to exit, stage left. 

The latest version of Apple's operating software for its Mac computers, OS X Yosemite, turns out to be just a bit leaky where some of your personal information is concerned. Yosemite, it turns out, is configured by default to send local-search terms and your location information back to Apple and its third-party search partners.

See also: What's Apple Going To Do With All Its Loose Ends?

Apple acknowledged that it does glean some information from Spotlight, the Mac's built-in search tool for finding files in your computer or conducting online searches. But it denies that it uses any personally identifiable information itself and says it only passes along very general data to partners like Microsoft.

But maybe you don't want to take any chances. So here's how to shut down the tracking—a simple process, although one that's not exactly obvious.

How To Turn Off Spotlight Snooping

To prevent your Mac from transmitting Spotlight search data, take these steps (courtesy of, a site set up by security researcher Landon Fuller):

Disable “Spotlight Suggestions” and “Bing Web Searches” in System Preferences > Spotlight > Search Results.

Safari also has a “Spotlight Suggestions” setting that is separate from Spotlight’s “Spotlight Suggestions.” This uses the same mechanism as Spotlight, and if left enabled, Safari will send a copy of all search queries to Apple.

You’d be forgiven for thinking that you’d already disabled “Spotlight Suggestions,” but you’ll also need to uncheck “Include Spotlight Suggestions” in Safari > Preferences > Search.

What's Caught In The Spotlight

It's now common knowledge that companies like Google save your Internet searches for a variety of reasons, among them to tailor both services and advertising more closely to your interests. What's interesting about this case is that it involves searches on your own computer, not the Internet at large.

That can lead to unexpected results, as former Washington Post national-security reporter Barton Gellman noted Monday on Twitter:

It’s not uncommon for companies to collect user data or track behavior for purposes of “improving the service” (whatever that means). But many make the activity obvious and offer clear opt-out instructions. Apple did neither.

True, Apple does inform users about its tracking behavior—by burying the disclosure in a terms of service statement most Mac users will likely bypass. Its “About Spotlight & Privacy” terms read: “When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple.”

The company also states that if location services is on when you use Spotlight, your whereabouts will be sent to Apple too.

In a statement, Apple further clarifies its actions:

For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn't retain IP addresses from users' devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn't use a persistent identifier, so a user's search history can't be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.

We also worked closely with Microsoft to protect our users' privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users' IP addresses.

Washington Post writer and independent security researcher Ashkan Soltani called the Spotlight leakage was “probably the worst example of ‘privacy by design’ I’ve seen yet.”

Lead photo by Sasha Kargaltsev

Date: Tue, 21 Oct 2014 02:52:08 -0700
Author: :: Category: Web

back to top

Apple Pay: I'm Not Impressed

I know, I know. We're all supposed to be celebrating the miracle of Apple Pay right now. That's too bad.

After conducting several transactions with Apple's new payments service, my conclusion is that Apple Pay makes the same mistake that several past attempts at reinventing payments made: It doesn't solve any real problems for consumers.

Problem No. 1: Getting Set Up

To use Apple Pay to pay in stores, you need an iPhone 6 or 6 Plus that's been upgraded to iOS 8.1. There are many reasons you might not want to upgrade to 8.1—but you have no choice if you want to use Apple Pay.

See also: The Tough Reality For Mobile Payments: Getting Them Right Is Really Hard

The iPhone 6 line has an NFC radio chip inside, which is required for contactless payments. Older phones will be able to pair with an Apple Watch for payments when that device comes out next year. For now, it's the 6 or nothing.

Once you do, the process of setting up Apple Pay and adding a card via the Passbook app is reasonably straightforward. One of my cards was already in iTunes; I added another using my iPhone's camera. I was stymied, however, when I tried to add my business credit card—apparently some types of cards, even from banks that are loudly touting their Apple Pay support via email blasts and Twitter ads, don't work with the service yet.

In both cases, Apple Pay displayed the wrong image for my card in Passbook—which seems especially absurd, since it scanned my card to add it in the first place. This is probably my bank's fault. It's still confusing, since the image is meant to signal at a glance which card I'm using.

Problem No. 2: Finding A Store

So, where do you go to use Apple Pay? Good question. Apple has said it has more than 200,000 locations, including some familiar names like McDonald's and Walgreens. But beyond memorizing a list of Apple's partners, how are you supposed to find a store that takes Apple Pay?

See also: Where You Can Check Out Apple Pay Today

Apple recommends looking for a contactless-payment logo or an Apple Pay logo. We did see the radio-wave logo in several stores, but at least in the San Francisco locations we checked, the Apple Pay logo doesn't seem to have made it out into the wild yet. That will require a very slow process of retailers working with their payment processors to update their equipment and signage.

Until then, it's more or less guesswork. Boy Genius Report has found a clever workaround: Use the MasterCard Nearby app's directory of contactless-payments to look up stores. (These locations will generally take Visa and American Express, too.)

PayPal, by contrast, shows a directory of nearby locations that accept mobile payments. (Square used to, as well, in its now-abandoned Wallet app.)

It's kind of silly that Apple doesn't have an app for that. Why not make searching for Apple Pay locations an option within Apple Maps—or build it into Spotlight Search?

Problem No. 3: Dealing With The Cashier

In my experience, training varied wildly from store to store. Before the launch of Apple Pay, I asked a cashier at my local Walgreens if she'd heard about it. She hadn't. On Monday, the day of launch, another cashier told me flatly "No" when I asked if that store was taking Apple Pay. A colleague corrected him.

At McDonald's, a cashier was aware of Apple Pay but didn't seem that excited about it.

At Panera Bread, my experience was different. The cashier knew about Apple Pay and talked about it effusively, pointing out the new payment terminals that he said had arrived just that morning. He guided me through the process, explaining that you had to keep your finger on the Touch ID button and tap the terminal at the same time.

See also: You Can't Actually Use Apple Pay To Buy A Latte At Starbucks

At a nearby Starbucks, I quizzed a barista about Apple Pay. He hadn't heard about it and was pretty sure Starbucks couldn't take it. That was the right answer, despite Apple CEO Tim Cook flashing the Starbucks logo on a screen at an event last week. Starbucks isn't using Apple Pay for in-store payments—only online transactions. And even those aren't available yet.

Problem No. 4: It's No Better Than Swiping

The reality of Apple Pay is this: Take your phone out. Hold your finger down. Tap. Wait for a notification on your phone. Get a paper receipt.

It turns out that that's not much easier than the old way: Take your credit card out. Swipe. Get a paper receipt.

You'll note that I didn't mention signing anything. For most transactions under $50, Visa and MasterCard have programs that don't require a signature. It speeds lines and the risk is low enough that banks and merchants aren't worried about fraud. Most of the same big retailers who sign up for Apple Pay, particularly in food service, already use these programs.

See also: PayPal Slams Apple In Full-Page Newspaper Ads

I saw this reality reflected in the lines at Walgreens, McDonald's, and Panera. I was the only one using Apple Pay. No one seemed particularly interested in what I was doing with my phone. I was just buying stuff, after all.

And that's the main problem with Apple Pay: It's not particularly faster than swiping a credit card. It doesn't offer additional rewards or savings. I'm using the same credit card I was before.

Maddeningly, it doesn't even do very obvious things that you'd expect it to. At Walgreens and Panera, I had to supply a phone number for those stores' loyalty programs. I have a Passbook card for my Walgreens Balance Rewards program, but it's not integrated into Apple Pay—and it turns out to be far faster to punch my phone number into the terminal than try to have the cashier scan my phone. (It seems like the scanners at Walgreens have trouble reading the barcode off a phone's reflective screen.)

I did feel confident that my card was safe. With new credit-card breaches making headlines every month, I'd be inclined to use Apple Pay at vulnerable stores like Target and Home Depot for that reason alone. (Or Staples, for that matter.) But fear is a lousy motivator.

There will be a big reason to use Apple Pay a year from now. It's called the liability shift. Starting October 2015, banks will require merchants to stop accepting swiped credit and debit cards, unless they want to assume the risk of fraudulent transactions. Instead, we'll have to use newly issued cards with chips inside—or new systems like Apple Pay.

The problem with chip cards is that they're slow—noticeably slower than swiping. But swiping won't be an option at most retailers. There will be chaos at the cash registers as people get used to the new system. That makes next year a very good time to get people to try out Apple Pay.

Apple Pay has a separate service for making purchases within apps. That's definitely interesting, though it requires developers to rewrite their apps—so that will take time to play out as well.

For the next 12 months, Apple has time to work out the kinks, advertise it more thoroughly, create tools for finding stores, get merchants to train their staff, and add coupons, discounts, and loyalty programs to the service.

But right here, right now, there's not much about Apple Pay that makes it worth the bother.

Photo of Owen Thomas by Adriana Lee for ReadWrite; photos of Apple Pay courtesy of McDonald's

Date: Tue, 21 Oct 2014 01:38:24 -0700
Author: :: Category: Mobile

back to top

Google Has A New Answer To Apple's Beats Music

Everything is better when it’s handcrafted—apparently even music. Google is unleashing digital DJs and playlists based on moods and circumstances on its Google Play Music app as part of its integration of Songza, which Google acquired earlier this year.

See also: Get Ready For The Streaming-Music Die-Off

On Tuesday, the company announced that Google Play Music subscribers can now choose music playlists keyed to a particular time of day, certain feelings, or a specific activity. These "radio stations" are put together individually by Google’s “team of music experts”—a group that apparently includes ethnomusicologists as well as DJs, musicians and music critics, because everything is better when ethnomusicologists are involved.

If that approach sounds familiar, that might be Beats Music, the streaming service created by music industry legends Dr. Dre and Jimmy Iovine. (Apple acquired that service and the related headphone maker Beats Electronics for $3 billion in May.) When Beats Music launched back in January, my then-colleague Taylor Hatmaker thought its features blew away algorithm-based rivals like Pandora and Spotify.

See also: Beats Music Review: Finally, A Digital DJ That Knows Its Stuff

Google's now betting on the human touch, too. When subscribers boot up the Google Play Music app, they'll be prompted to tell Google a mood or a moment, which could be something like "at the gym," or "summer BBQ." Each station can be downloaded for offline listening. The company also revamped the "Listen Now" page, which includes suggestions for stations based on an individual's music history. Previously, Google would let people create stations from a song or playlist, similar to other services.

The hand-selected, mood-based playlists will be available for subscribers in the U.S. and Canada today. The "Listen Now" page is available everywhere on Android, iOS, and the Web.

Google Play Music may face additional hurdles if it's looking to keep up with its rival. Apple is reportedly planning to relaunch Beats Music at just $5 per month, about half of the $9.99 Google Play Music costs (roughly the industry standard).

Lead photo by Michael Dorausch; other images courtesy of Google

Date: Tue, 21 Oct 2014 11:25:32 -0700
Author: :: Category: Play

back to top