The Fixing-Krack Edition Tuesday, October 17, 2017

KRACK, The WPA2 Exploit That Kills Wi-Fi Security, And What You Need To Know Right Now, by Jerry Hildenbrand, iMore

Apple has told iMore that KRACK has already been fixed in the beta versions of iOS, macOS, watchOS, and tvOS, and that AirPort routers and Time Capusules don't appear to be vulnerable too the exploit.


To be honest, for the next couple of days there aren't a ton of public options available to you. We're not going to tell you how it works or where to find more information on how exactly the attack works. But we can tell you what you can (and should do) to stay as safe as possible.

How The KRACK Attack Destroys Nearly All Wi-Fi Security, by Sean Gallagher, Ars Technica

While Windows and iOS devices are immune to one flavor of the attack, they are susceptible to others. And all major operating systems are vulnerable to at least one form of the KRACK attack. And in an addendum posted today, the researchers noted that things are worse than they appeared at the time the paper was written:

Falling Through The KRACKs, by Matthew Green

One of the problems with IEEE is that the standards are highly complex and get made via a closed-door process of private meetings. More importantly, even after the fact, they’re hard for ordinary security researchers to access. Go ahead and google for the IETF TLS or IPSec specifications — you’ll find detailed protocol documentation at the top of your Google results. Now go try to Google for the 802.11i standards. I wish you luck.


The second problem is that the IEEE standards are poorly specified. As the KRACK paper points out, there is no formal description of the 802.11i handshake state machine. This means that implementers have to implement their code using scraps of pseudocode scattered around the standards document. It happens that this pseudocode leads to the broken implementation that enables KRACK. So that’s bad too.

Battery Repairs

Apple Still Offering Free Delayed Battery Repairs For Some 2012 And Early 2013 MacBook Pros, by Joe Rossignol, MacRumors

If you own a 15-inch MacBook Pro with Retina display released in Mid 2012 or Early 2013, and your notebook qualifies for battery service, the repair should be free if you are willing to wait for around one month.

Incredibly Innovative

We See India As A Very Long-term Opportunity: Apple’s Eddy Cue, by Anirban Sen, Livemint

"First of all, the iPhone is 10 years old. That is the last decade. The iPad came after that and the Watch came after that. So, I disagree vehemently with that and I think we’ve been incredibly innovative. That doesn’t even take into account the work that has been done on the Mac, iOS and MacOS, from that standpoint where I think we’ve led the market. When you think of the products that we’ve built over time, you own a lot of them. And you just assume that every year was a new product. But it wasn’t. You can’t do revolutionary new products, every two months or six months or whatever. They take time."

Apple Answers Sen. Al Franken’s Privacy Concerns Over Face ID, by Marguerite Reardon, CNET

Apple published a white paper in September answering many of the same questions, such as how much of your face's image the company actually stores, how long it saves the image and what apps can use Face ID. In its response to Franken, Apple reiterated points it made in the white paper, explicitly pointing out the phone doesn't store or send biometric information.

Apple Explored Buying A Medical-clinic Start-up As Part Of A Bigger Push Into Health Care, by Christina Farr , CNBC

Apple has considered an expansion into health care clinics, and had talks to buy a start-up called Crossover Health, which works with big employers to build and run on-site medical clinics, according to three sources familiar.

Crossover Health is one of a small number of companies that specialize in working with self-insured employers to provide medical and wellness services on or near to campus. Among its clients are Apple and Facebook.

Silencing The Tweets

One Person’s History Of Twitter, From Beginning To End, by Mike Monteiro, Medium

Twitter was built at the tail end of that era. Their goal was giving everyone a voice. They were so obsessed with giving everyone a voice that they never stopped to wonder what would happen when everyone got one. And they never asked themselves what everyone meant. That’s Twitter’s original sin. Like Oppenheimer, Twitter was so obsessed with splitting the atom they never stopped to think what we’d do with it.

Twitter, which was conceived and built by a room of privileged white boys (some of them my friends!), never considered the possibility that they were building a bomb. To this day, Jack Dorsey doesn’t realize the size of the bomb he’s sitting on. Or if he does, he believes it’s metaphorical. It’s not. He is utterly unprepared for the burden he’s found himself responsible for.


AirDroid For iOS Launches: Easy File Transfers Across All Platforms, by Gary Ng, iPhone In Canada

The app allows you to transfer any file wirelessly and remotely between iOS, Android, Mac and PC computers, with “one click”.

‘Nude’ App Uses CoreML To Automatically Detect & Protect Intimate Photos On An iPhone, by Ben Lovejoy, 9to5Mac

A new app aims to automatically scan your iPhone for nudes, moving them to a protected vault in the app and then deleting them from both the camera roll and iCloud.

Bottom of the Page

I may be romanticizing the past, but I seemed to have enjoyed Usenet more than Twitter and Facebook combined.


Thanks for reading.