vivo | Villeroy & Boch Group Kitchenware by Muhammad Amir Ayub

I'm still alive, I guess. Anyways, I got some kitchenware stuff to sell. I personally use them and they're definitely of good quality. You can either buy them from this site or go to my eBay page too.

Use the code 0AMQREB to get 20% off.

iOS 12 Requires Biometrics Before Autofilling Passwords by Muhammad Amir Ayub

From iMore:

While Apple introduced iCloud Keychain year ago, the lack of any authentication check always prevented me from using it. I just never wanted to have to worry about handing my phone to a stranger in an emergency or even a friend at a conference and also handing them all my logins and credit cards.

iPhone X introduced Face ID as an authentication check, and that was great… but only for iPhone X. Now, iOS 12 adds Touch ID to the system as well, and that means iCloud Keychain is finally a first-class password manager.

If you’re already using a third-party password manager, Apple’s integrating those into the auto-fill system as well, so now it’s win/win all around.

This wasn't mentioned in the previous article I quoted from, but this is something new I've definitely noticed and appreciate. Before, if someone had already unlocked your device, they'd have the access to your passwords because there was no added layer of security before it autofills passwords. Now, you'd have to authenticate with biometrics first (either Touch ID/Face ID) before  iOS fills in the password.

And finally, you can control your flashlight via Siri!

Third-Party macOS Security Tools Vulnerable to Malware Code-Signing Bypasses (since 2007) by Muhammad Amir Ayub

From Macrumors:

Hackers have had an “easy way” to get certain malware past signature checks in third-party security tools since Apple’s OS X Leopard operating system in 2007, according to a detailed new report today by Ars Technica. Researchers discovered that hackers could essentially trick the security tools — designed to sniff out suspiciously signed software — into thinking the malware was officially signed by Apple while they in fact hid malicious software.


The researchers said that the signature bypassing method is so “easy” and “trivial” that pretty much any hacker who discovered it could pass off malicious code as an app that appeared to be signed by Apple.


Developer Patrick Wardle spoke on the topic, explaining that the bypass was due to ambiguous documentation and comments provided by Apple regarding the use of publicly available programming interfaces that make digital signature checks function: “To be clear, this is not a vulnerability or bug in Apple’s code... basically just unclear/confusing documentation that led to people using their API incorrectly.” It’s also not an issue exclusive to Apple and macOS third-party security tools, as Wardle pointed out: “If a hacker wants to bypass your tool and targets it directly, they will win.”

For its part, Apple was said to have stated on March 20 that it did not see the bypass as a security issue that needed to be directly addressed. On March 29, the company updated its documentation to be more clear on the matter, stating that “third-party developers will need to do additional work to verify that all of the identities in a universal binary are the same if they want to present a meaningful result.”

It looks like a case where human engineering fooled the so-called security programs (and not helped by Apple's usually not so helpful documentation). All the more reasons that for the Mac, trusting the built in security is the way to go for the most part. You've already paid a premium for the hardware.

Try out Backblaze for free and protect your precious files.