iCloud or not iCloud: What Really Happened in the Nude Selfie Breach?

You’ve seen it on the internet, even on TV news shows: a number of A-list celebrities had nude selfies swiped from their phones, or their iCloud accounts. Initial thoughts pointed to iCloud, since an exploit was released a couple of days before the photos leaked which targeted Find My iPhone, part of iCloud. This exploit found that Find My iPhone wasn’t rate limited; that it didn’t block users after a certain number of failed password attempts. So the exploit used a list of the 500 most commonly used passwords, and tried them against any Apple ID. If your password was weak, well, you’d get owned. Apple patched iCloud to fix this issue two days later.

But Apple came out with a public statement, saying, “After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

So, who to believe? Some stars jumped the gun, relying on sketchy media reports suggesting that Apple was to blame, and cast aspersion – well, pizza turd – on the company:

Safari001.png

But evidence suggests that if iCloud was to blame for some of these breaches, it was not the case for all of them. Some of the stars claim the photos are fakes, while others point out that they don’t use iPhones. According to Apple, their iCloud security questions – the ones you answer to reset a forgotten password – were too easy to figure out. (Though I haven’t seen any suggestions that any of these stars found themselves locked out of their accounts, which would have happened if their passwords were reset.)

There’s lots of speculation, and one of the more interesting theories comes from Boris Gorin of FireLayers. As PC World reports, Gorin said, “The images leaked have been gradually appearing on several boards on the net prior to the post at 4chan–making it reasonable to believe they were not part of a single hack, but of several compromises that occurred over time.”

The PC World article goes on to say:

“Gorin shared a theory the celebrities may have been hacked while connected to an open public Wi-Fi network at the Emmy Awards. If they accessed their personal iCloud accounts, attackers connected to that network would have been able to intercept and capture the username and password credentials. That’s not a security flaw with iCloud and having a strong or complex password wouldn’t offer protection against transmitting that password in clear text on a public Wi-Fi network.”

So we’re stuck in a he-said-she-said loop. In this corner, Apple is saying that these people were targeted by password-reset hacks, which depended on weak security questions. Yet none of the celebrities have said that they found anything amiss when trying to log into anything with their phones or computers. (Of course, they may not want to admit that.) And in that corner, security researchers are looking at old-school man-in-the-middle hacks on public wifi networks.

What seems likely is that, as Gorin says, these were images that were slowly leaked, and that one person decided to dump all at once, to suggest that they all come from the same exploit or hack. And if so, why? Should one speculate that there is a link between this photo dump and Apple’s new product event next week? That, perhaps, a competitor contracted with some black-hat hackers to try and get Apple to have some egg on their face; or some pizza turd?

Put your tinfoil hat on, dear reader. We will probably never know the answer to this one.

One suggestion to the celebrities reading this article (there might be one or two): you have people who tell you what to say and what to wear; find someone to tell you how to keep your personal data secure. It’s not that complicated.

Update: We now know much more about this breach. There was no one single incident grabbing all the photos, a number of techniques were used, from simple figuring out the answers to security questions to forensic software, which anyone can buy for $400 (or simply torrent). Part of the fault is Apple’s, for those accounts that were accessed using the brute-force script, but not all of the accounts whose photos have been leaked were accessed in that manner.

Theater Review: The Two Gentlemen of Verona, Redux, at the Royal Shakespeare Company

About six weeks ago, I saw the RSC’s latest production of The Two Gentlemen of Verona (you can read my review of that performance). I was able to see it again today, at one of its last performances, which was also used as a camera rehearsal for tomorrow’s broadcast live to cinemas.

I suggest you see my full review of the first performance I saw to learn about this production, but I wanted to make a few comments here about seeing it a second time. As I suggested in July, it’s a shame that this play had such a short run, and that the RSC essentially ignores it on their website. It’s a bright, intelligent production, with youthful vigor and a dynamic cast. It’s a play that doesn’t take itself seriously, but that deals with both comic and serious situations.

I noted that the first part of the play was much longer than the second; seeing it again, this seemed a bit odd. This can be explained by a minor set change, but it does unbalance the experience. Seeing a first part which is around an hour and a half, then as second that’s merely 45 minutes, just feels odd.

One change I noted was in the lighting. In a scene which is set in a disco in Milan, there were bright banks of light on either side of the stage. In my first review, I said:

“Sitting on the side of the stage, I was blinded during some scenes by three bright banks of lights on the other side, one at each level of the theater. I’ve sat in that location for several plays in the theater, and never noticed the lights to be a bother.”

They didn’t use those lights this time, either because of the filming, or because they realized that they were, well, annoying.

It’s too late to see this on stage now; the last performance is tomorrow, the one that will be broadcast to cinemas. If you can, go see it. It’s a fun play, one that isn’t performed often, and one that, in this production at least, deserves more attention.

Oodles of Great Ways to Manage Email

If there’s one daily chore that cries out for automation, it’s managing your email inbox. Fortunately, there are all kinds of tools–some built into Mail.app itself, others from third-party vendors–that can help you do just that.

In my latest (collaborative) Macworld article, seven of us – myself, together with colleagues Christopher Breen, Katie Floyd, Dan Frakes, Matt Gemmell, Topher Kessler and David Sparks – discuss automation tricks we use to manage our email. I cover email rules, and using email to store my favorite tweets. Read the entire article to learn new ways to make your email more productive.

The ABCs of Lossless Music Files

Lots of people like to use lossless digital music files. These are files that reproduce exactly what is on a CD, with no loss in quality; they can even go further, offering high-resolution capabilities, with bit depths and sample rates well above that of CD.

One of the advantages of lossless files is that, when decompressed, they are bit-perfect replicas of your CDs (or digital downloads). When you rip a CD to a lossless format, then play it back, iTunes, or other software, converts the file to the exact same digital stream as was on the original CD.

This can be confusing. In a recent Ask the iTunes Guy column on Macworld, I addressed a question about that. A reader had written in:

“I read your column regularly, and really appreciated your recent explanation of AIFF, WAV, and Apple Lossless formats. But I don’t get it; how can the file size of Apple Lossless be half that of AIFF without some voodoo going on?”

My reply was:

“I received this email with the subject: Apple Lossless, Magic?. And I can understand that it can seem like there’s some voodoo in this process, but it’s actually pretty simple. (At least the concept is simple; the math behind it is a bit above my pay grade.)

“Imagine that you have a text file with, say, the complete works of William Shakespeare. This text file contains 908,774 words, and takes up 5.6 MB on disk. If I compress the file using OS X’s built-in Zip compression, the same file takes up just over 2 MB, or about 36 percent of the original file size.

“Lossless compression for audio works in a similar way. Unlike, say, AAC or MP3 files–where psychoacoustic models are used to determine which parts of the audio can be removed without affecting what you hear–lossless compression formats simply compress all of the data in a file. When played back, these files are decompressed on the fly, so the compressed data becomes audio data again, in a bit-perfect equivalent to the original. Nothing is lost, just as none of Shakespeare’s words are lost when I decompress the zipped file.”

But there’s another thing you should know about lossless files. You can convert from one lossless format to another, back and forth, without losing any data. (This, of course, assumes that you have no hard disk glitches or the like.) So, when a reader wrote me today asking some questions about AIFF files, I asked why he didn’t use Apple Lossless? He can save half the space with the same quality.

Here’s an overview of lossless audio file formats:

  • AIFF: These are files that take raw PCM (pulse-code modulation) data from a CD and wrap it in a header so it can be used on a computer. AIFF files are commonly used on Macs.
  • WAV: These are similar to AIFF files, but more commonly used on PCs.
  • Apple Lossless: This is a format that Apple created, then later released as open source, which compresses losslessly, so the resulting files take up roughly half the space of the original AIFF or WAV files.
  • FLAC: These are files in the Free Lossless Audio Codec format. iTunes does not support FLAC and probably never will.

(Note that the above are the main lossless audio formats, the ones you’ll encounter frequently. There are a few others that are not broadly supported: Monkey’s Audio (.ape), WavPack (.wv), Windows Media Audio Lossless (.wma), Shorten (.shn), etc. One could also add DSD – Direct-Stream Digital – files to the list; these are very-high-resolution files used to make super audio CDs (SACD). These are starting to be sold as digital files.)

You can rip CDs in iTunes in AIFF, WAV or Apple Lossless. You can buy music by download in FLAC and Apple Lossless, with some sites also selling AIFF and WAV files.

It’s important to note that, if you use iTunes, WAV files are problematic, since they don’t support tags or album art very well. AIFF files do, as long as you keep them in your iTunes library. When you move them, some of the metadata is lost. If you want to use lossless files with iTunes, Apple Lossless is the way to go.

But, since you can convert these files easily, and for the best metadata support, I recommend that you use Apple Lossless files. Use the free XLD, or X Lossless Decoder, to convert from one lossless format to another.

If you want to keep a library of lossless music, save the space; don’t use AIFF or WAV, because there is no difference in the audio quality (despite what some audiophiles claim). But given the low cost of storage space these days, there’s no reason any more to not rip CDs in lossless formats. They offer the same quality as CDs, and they’re flexible: you can convert them to lossy formats at any time, retaining the higher-quality originals. And iTunes can even convert them on the fly when you sync an iOS device, so you don’t overload that iPhone or iPad.

Neil Young’s Pono Player Delayed

22cdf2b7d4d78ae4cc242b136a967572_large.jpg

Neil Young’s Toberlone-shaped Pono high-resolution music player, which was supposed to be released in the fall, has been delayed until the first quarter of 2015. This product earned $6.25 million on Kickstarter, then $7 million on Crowdfunder, which is a crowd-funding investment site, so the company has around $13 million (though they don’t have all of the Crowdfunder money yet). That will earn a lot of interest between now and delivery date.

This is another setback for Pono, which has seen its CEO leave (or be fired), and those fans who ponied up money may start getting antsy. Oh, and Neil Young’s getting divorced; it’s not clear if that has anything to do with the delay…

Update: Pono has posted an update on their Kickstarter page saying:

“An article recently came out with unfounded claims suggesting PonoPlayers pre-ordered though Kickstarter would not ship until 2015.

Our team wants to reiterate our commitment to all of you: Delivery of the PonoPlayer still stands as originally expected–October 2014 or December 2014 depending on your specific player.”

The website does say Q1 2015, but perhaps that’s for people ordering now; perhaps they’ll be shipping the Kickstarter orders sooner.

Safari001.png

If that’s the case, however, they might have made it clear in their statement…

Stonehenge WAS completely round

“Every summer stewards at the ancient monument in Wiltshire water the site to keep the grass healthy and green and the earth well nourished.

But this year the hosepipe was not log enough and failed to reach the outer part of the circle – where no stones stand.

The dried out land, which couldn’t be reached, revealed marks of parched grass which were spotted by a volunteer who alerted experts.”

WTF? Decades, even centuries of archeologists didn’t find this, and all it took was a too-short watering hose? What else are scientists too dim to find…?

Stonehenge WAS completely round | Mail Online.

Discover your “Hidden” Kindle Books Page

If you’re a Kindle user, you know that you can manage your Kindle library on your Amazon account page. There’s a link that says Manage Your Kindle:

Safari002.png

This takes you to a page where you can see your content and your devices, and alter some settings related to your Kindle account page. From the Your Content section, you can choose to deliver a book to one of your devices, but you can just as easily download it from the device itself. You can also delete the book, clear the furthest page read, and more.

But there’s a secret, “hidden” Kindle page which is much more useful. Go to http://kindle.amazon.com/, sign in, and see how much more information you get.

Click Your Books, and see all your books, what your reading status is for each one (whether you’re currently reading, finished, etc.), rate books, and set whether you want your notes to be public.

One thing available from this page that you cannot access any other way is Your Highlights. This lists all the passages you’ve highlighted in all your books, and you can copy them. Since there’s no way to copy text from a Kindle book, this is a good way to get bits of text if you need them for, say, a report or article.

Firefox001.png

You can also follow people from this page, but I’ve never really felt this to be useful. Perhaps you want to follow famous authors and read their notes and highlights, or just see what your friends are reading; as long is this information is made public.

While some of the information on this page is the same as that on the Manage Your Kindle page, the main attraction here is highlights. As far as I know, this is the only way to access them in copyable form. Check out this page; you might find it useful.

LaunchBar 6.1 Released with a Sixth Superpower

LaunchBar is the first tool I install on a new Mac. I like it so much, I wrote a book about it: Take Control of LaunchBar.

As I say in my book:

“I’ve been using LaunchBar for nearly as long as it has been around on the Mac. It’s the first utility that I install on every new Mac; with LaunchBar installed, I can get on with everything else I need to do.”

In this book, I outline LaunchBar’s five superpowers: Abbreviation Search, Browsing, Sub-search, Send To and Instant Send.

Today, Objective Development has released LaunchBar 6.1, and, with it, a sixth superpower: the Staging Area.

As Objective Development points out, “Staging is a technique that allows you to create multiple selections in LaunchBar and to act on all of these items at once.” Instead of just acting on a single file in LaunchBar, you can select multiple items from any location. And then you can do things like:

  • Select multiple files and send them via email.
  • Or archive them into a ZIP file.
  • Or move them to the Trash.
  • Select a couple of songs or albums and play them in iTunes.
  • Select a series of emoji, and insert all of them in one go.
  • Send one or more files to multiple email recipients.
  • Launch a bunch of apps at once.
  • Open a number of web bookmarks.
  • Perform a web search on multiple search engines simultaneously.
  • And more.

Here’s an example. I’ve used LaunchBar to search in my iTunes library, finding a few Miles Davis songs I want to listen to. They’re each in different locations, and searching in iTunes would have taken a lot longer. Here, I just sub-searched all my Miles Davis songs; each time I found one I wanted, I pressed Shift-Down-arrow to add them to the staging area. I then pressed Shift-Right-arrow to view the staging area’s contents:

Finder001.png

I can now press Return, and send these items to iTunes, which will add them to my LaunchBar playlist.

But, as you can see in the list above, there’s so much more you can do. Grab the latest update to LaunchBar – if you already use LaunchBar, invoke the bar (most often this is by pressing Command-Space), click on the rightmost part of the bar to view the LaunchBar menu and choose Check for Updates.

If you haven’t yet used LaunchBar, grab a 30-day demo from the LaunchBar web page.

And to learn more, check out my Take Control of LaunchBar.

If you already have a copy of the book, the update for LaunchBar 6 is just about finished. We were waiting for the release of LaunchBar 6.1 to be able to finalize it.

The Next Bob Dylan Bootleg Series Release: The Complete Basement Tapes

91ZxXcnHIIL._SL1500_.jpgBack in 1967, Bob Dylan, after his motorcycle accident, holed up in Woodstock, NY, with the members of The Band, and recorded lots of music. In the basement of “Big Pink,” the house where they lived, they recorded and recorded.

In 1975, a double-album was released: The Basement Tapes. (Amazon.com, Amazon UK) With only 24 songs, eight by The Band, this was only the tip of the iceberg. Bootlegs of this music have circulated for years.

Now, in the next release in the Bootleg Series, Dylan is letting us hear all 138 songs from those sessions in The Basement Tapes Complete. (Amazon.com, Amazon UK)

The price is a bit steep: $150 in the US and £110 in the UK, but it’s a six-disc set, with extensive liner notes. There’s a cheaper download version available as well: $60, the standard price for six albums. (Amazon.com, Amazon UK)

I’ve heard the bootlegs, and I’m looking forward to this official release. If you’re a Dylan fan, you won’t want to miss this.

Now, maybe the next Bootleg Series release could cover the Blood on the Tracks period…

Review: The Complete Arkangel Shakespeare on CD

Note: This article is originally from 2006. I repost this article from time to time, because these recordings are so enjoyable that anyone interested in Shakespeare should own them.

“We might be better off with public readings of Shakespeare,” says Harold Bloom in Shakespeare: The Invention of the Human. “Ideally, of course, Shakespeare should be acted, but since he is now almost invariably poorly directed and inadequately played, it might be better to hear him well than see him badly.” (Now that I live near Stratford-upon-Avon, I have to disagree; I’ve seen many good productions of Shakespeare plays both by the RSC in Stratford, and in other theaters in the UK.)

While we cannot always find such public readings, we can listen to recorded, dramatized versions of the plays, as with this set of Shakespeare’s 38 plays (Amazon.com, Amazon UK). With a cast of hundreds, most actors from the Royal Shakespeare Company, these works come alive through a skillful combination of reading, sound effects and music. As radio used to do when dramatizing works, the Arkangel set gives you the acting and the atmosphere. While one may be a bit irked by the “original” music, a sort of Coltrane-inspired Elizabethan music – why didn’t they use actual music of the period, including that composed for Shakespeare’s plays? – the overall production quality is about as good as it gets. Each play comes in a single CD jewel case containing two or three discs, with an insert containing a synopsis and cast information, and the discs are tracked by act and scene (with a handful of scenes that are split at the end of one CD and the beginning of the next one). When I imported a few of these discs to iTunes, the Gracenote CD Database, which iTunes uses to display track information, showed precise tags for each track, including, in the case of scenes that were split, the precise line numbers for the ends and beginnings.

The quality of these performances is excellent. While the occasional actor or actress sounds less convincing that they should–which may be because these actors are trained for working on the stage, not recording in studios–most of them are top-notch. One is quickly enveloped by the atmosphere, both textual and sonorous, and the plays roll on with astounding energy and verve. The tone is that of radio: not the radio of today, of course, but the time when radio was a source of performance and drama. But there is no “old-time” sound in these productions; they are modern and vibrant.

Cast members include David Tennant (Antipholus of Syracuse in The Comedy of Errors; Henry VI; Edgar, in King Lear; the Porter, in Macbeth; Launcelot Gobbo in The Merchant of Venice; The Archbishop/Ghost of Henry VI, in Richard III; Mercutio, in Romeo and Juliet), Simon Russell Beale (Hamlet; Angelo, in Measure for Measure; Antonio, in The Tempest; Prologue and Epilogue, in The Two Noble Kinsmen), Imogen Stubbs (Ophelia, in Hamlet), Damien Lewis (Laertes, in Hamlet, Alcibiades in Timon of Athens; Valentine, in The Two Gentlemen of Verona), Jane Lapotaire (Gertrude, Hamlet; Queen Katherine, in Henry VII), Richard Griffiths (Falstaff in Henry IV parts 1 and 2), Bill Nighy (the King of France, in Henry V; Cardinal Pandolph in King John; Antonia, in The Merchant of Venice), Brian Cox (Chorus, in Henry V), Stephen Boxer (Edward IV, in Henry VI, part 3; Edward IV/ Oxford, in Richard III), Adrian Lester (Antony, in Julius Caesar; Ariel, in The Tempest), John Gielgud (John Gower, in Pericles, Prince of Tyre; Time the Chorus, in The Winter’s Tale), Joseph Fiennes (Romeo), and many other well-known Shakespearean actors, nearly all of whom have acted (and some still do) at the Royal Shakespeare Company.

The recordings use the text of the Complete Pelican Shakespeare, an excellent and very readable edition of the plays. (This edition has thick enough paper to make reading easy, unlike some others, and the texts of the plays are in two columns with notes at the bottom of each page.) While there are some minor changes in the text (listening to King John, I noticed that “God” was replaced by “Heaven” throughout), reading the plays while listening is an enlightening experience. You get the advantage of clearly knowing which character is talking (which can be difficult at times when simply listening), you can see the spelling of unfamiliar words (and check the notes), and you get the emotion and intonation that you miss when only reading. Together, the recordings and printed text provide much more immediate understanding of the works.

At just under $400, this set is expensive, for sure. However, that comes to about $10 per play, and how can you put a value on Shakespeare? For fans of the Bard, or for those interested in discovering his work more deeply, this is a worthy investment. You may want to check and see if your library has this set, at least to sample one play before purchasing, but you really can’t go wrong with actors of this caliber, impeccable production, and a huge, heavy box that will impress your friends.

(There is also a very good set of the plays from the BBC on DVD.)

Note: I don’t know who owns this company any more. Some years ago, the BBC bought them out, and was selling the set on CD and by download on their audiobook site, AudioGo. But that company went out of business. I see this set is still listed on Amazon’s sites, but I don’t know if it’s actually still in print. I do see some of these CDs at the shop at the Royal Shakespeare Company in Stratford-Upon-Avon, so someone is clearly distributing them, but I wonder if the set will be disappearing soon. It would be great if the entire set were available for download in one big digital box set…