Daily Archives: September 16, 2020

Apple burns developer goodwill with surprise release of iOS 14 – giving them one day to update their apps without any clear instructions

Posted on by

developer relations have hit another sour note. At the company’s hardware event on Tuesday, where it announced new Apple Watch devices and iPads, Apple surprised developers with the news that it would be releasing the updated versions of its major software platforms, iOS 14, iPad OS 14, watchOS 7 and tvOS 14 on September 16, giving them less than a day to prepare.

The unexpected and accelerated timeline left many developers scrambling to ready their apps for App Review and has complicated developers’ plans for the iOS 14 launch day.

 

Some, like popular podcast player, Overcast, simply informed its users that its planned iOS 14 features won’t be ready.

Others are less forgiving, noting that Apple’s decision to release iOS 14 without looping in the developer community has added, as developer Steve Troughton-Smith put it, “a whole lot of unnecessary stress on developers in an otherwise stressful year.”

In addition, Apple’s decision impacts those developers who choose to wait to support iOS 14.

Typically, developers will often leverage an iOS launch day to promote their apps’ new features via press releases, blog posts and social media. News coverage from app review sites may even include roundups of notable updates to favorite apps, or highlight those apps that have taken advantage of new iOS features in interesting ways.

This year, instead, the developer community can’t worry about chasing press and accolades, as they now have to get their app ready for the iOS 14 update ahead of schedule.

Source: Apple burns developer goodwill with surprise release of iOS 14 | TechCrunch

Spotify blasts Apple One service as ‘anti-competitive’, wants regulators to act

Posted on by

In a statement, the streaming service argued Apple One will “deprive consumers by favoring its own services” and urged regulators to take action against what it perceives to be “anti-competitive behavior”.

Announced yesterday at Cupertino’s Time Flies launch event, Apple One bundles the firm’s various subscription services into a single monthly payment. The product is organised into several tiers, with the base Individual subscription retailing at £14.95 ($14.95), and including Apple Music, TV+, Arcade, and 50GB of iCloud storage. For £5 or $5 more, you can share that subscription with up to five people.

There’s also a Premier package, which costs £29.95 ($29.95) per month. In addition to the aforementioned services, this bundles Apple’s new Fitness+ product as well as News+.

In comparison, combining Netflix’s standard plan, which supports HD streaming, as well as Spotify Premium, costs roughly £20. Adding Google Play Pass and 100GB of Google One storage brings that total to £27.

This is not the first time Spotify has called upon the anvil of regulation against Apple. In June, the European Commission commenced investigations against the Apple, following complaints from Spotify about Apple’s in-app payment policies, which it alleged are designed to give an unfair advantage to its own products, like Apple Music.

The previous year, Spotify began a PR blitz called “Time to Play Fair“, again centred on the App Store payment rules and Apple’s 30 per cent cut, which it claims are driving up costs for its customers.

Source: Sounds like Spotify and Epic have been chatting: Music streamer blasts Apple One service as ‘anti-competitive’ • The Register

Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)

Posted on by

Last month, Microsoft patched a very interesting vulnerability that would allow an attacker with a foothold on your internal network to essentially become Domain Admin with one click. All that is required is for a connection to the Domain Controller to be possible from the attacker’s viewpoint.

Secura’s security expert Tom Tervoort previously discovered a less severe Netlogon vulnerability last year that allowed workstations to be taken over, but the attacker required a Person-in-the-Middle (PitM) position for that to work. Now, he discovered this second, much more severe (CVSS score: 10.0) vulnerability in the protocol. By forging an authentication token for specific Netlogon functionality, he was able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.

The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol, which among other things can be used to update computer passwords. This flaw allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.

Secura urges everybody to install the patch on all their domain controllers as fast as possible. Please refer to Microsoft’s advisory. We published a test tool on Github, which you can download here: https://github.com/SecuraBV/CVE-2020-1472 that can tell you whether a domain controller is vulnerable or not.

If you are interested in the technical details behind this pretty unique vulnerability and how it was discovered, download the whitepaper here.

Source: [Blog] Zerologon: instantly become domain admin by subverting Netlogon cryptography (CVE-2020-1472)

Gods & Monsters Isn’t The First Time Monster Energy Has Been Annoying About Naming Rights – unbelievable that you can trademark an actual word!

Posted on by

Monster Beverage tried to stop Ubisoft from trademarking the name “Gods & Monsters” earlier this year to prevent confusion between its brand of highly caffeinated sodas and the upcoming action adventure game. It turns out this is the sort of thing Monster does a lot.

Monster routinely challenges “monster”-related trademarks, including, tactical gear, ice cream, and dog treats.

The news about Gods & Monsters, which Ubisoft announced earlier this month had been renamed Immortals: Fenyx Rising, was first reported by TechRaptor based on publicly available filings with the U.S. Patent and Trademark Office. In a 186-page filing dated April 3, Monster argued in part that the Gods & Monsters name would conflict with its own because of the drink company’s involvement in sponsoring esports teams, tournaments, as well as actual video games. Surely you’ve heard of Monster Energy Supercross: The Official Videogame?

“[Monster] has built up, at great expense and effort, valuable goodwill in its MONSTER Marks and has developed strong common law rights in its MONSTER Marks,” the company wrote. Ubisoft responded a month later with a much briefer eight-page filing denying Monster’s claims.

One of Monster Energy’s claims against Ubisoft’s Gods & Monsters trademark.
One of Monster Energy’s claims against Ubisoft’s Gods & Monsters trademark.
Screenshot: Kotaku

The publisher has also claimed that the name change from Gods & Monsters to the inscrutable Immortals: Fenyx Rising was entirely its own idea. “The change of name was entirely because of the vision of the game,” game director Julien Galloudec told VGC in an interview last week. He went on:

The game changed a lot, to the point where we felt we needed a new name to be better aligned with that updated vision, so that’s where we decided to change to Immortals Fenyx Rising, a name that combines the notion of the timeless aspect of the Greek mythology with the immortals. And also I like the new era, Fenyx, and adjoining that epic adventure.

Ubisoft did not respond to a request for comment.

A quick search on the Trademark Office website reveals 25 current pending notices of opposition to other companies using the name “Monster.” The cases range from disputes with other food and beverage companies to seemingly completely unrelated businesses like toy manufacturers.

For example, Monster took issue with Nikko Toys’ line of remote control Mega Monster trucks because it, too, has at one time or another plastered its logo on the sides of toy cars. The company even went after someone trying to sell dog treats called “Monster Bully Sticks,” to which the maker of those dog treats basically responded that it is unlikely anyone would confuse a giant beef tendon for dogs to chew on with a can of Monster Energy.

The brand’s tagline is “Unleash the Beast.” A more appropriate one might be, “Unleash the lawyers.”

Source: Gods & Monsters Isn’t The First Time Monster Energy Has Been Annoying About Naming Rights

Net neutrality lives… in Europe, anyway: Top court supports open internet rules, snubs telcos and ISPs

Posted on by

Europe’s top court has decided that the continent’s network neutrality rules will stand, rejecting challenges from the telecoms industry.

In a ruling [PDF] on Tuesday, the Court of Justice of the European Union (CJEU) decided that “the requirements to protect internet users’ rights and to treat traffic in a non-discriminatory manner preclude an internet access provider from favouring certain applications and services.”

Or, in other words, people come before telco business models. And that includes the edge case of “zero tariff” arrangements where data caps don’t apply to specific apps or services that the ISP or telco designates. Picture a broadband provider allowing, say, Netflix streams to not count toward subscribers’ monthly download limits, which squeezes Netflix’s competitors out of the market. Blocking access to, traffic slowdowns of, and “fast lanes” for specific applications are also out.

The decision was welcomed by consumer-rights groups and internet companies, though ISPs and telcos are disappointed: they feel the net neutrality rules are too restrictive, and prevent them from bringing in new revenue to replace falling income from traditional telephone lines.

The judgment came after a Hungarian court asked for guidance when one of its telcos, Telenor Magyarorszag, offered a zero-tariff option to subscribers. The country’s technology regulator said that approach broke Europe’s net neutrality rules, which were passed back in 2015, and the telco challenged its decision.

It is, to the best of our knowledge, the first time the CJEU has weighed in on the open internet. Interest in the case was made clear by the number of comments from countries’ governments that were submitted to the court for review: Austria, the Czech Republic, Finland, Germany, the Netherlands, Romania, and Slovenia all weighed in.

[…]

The court said its interpretation of the relevant regulations was that no company had the right to limit people’s right to an open internet and that people exercised those rights “via their internet access service.”

[…]

And, just to stick the knife in, it argued that any “measures blocking or slowing down traffic are based not on objectively different technical quality of service requirements for specific categories of traffic, but on commercial considerations, those measures must in themselves be regarded as incompatible with Article 3(3).”

In essence, Europe’s top court decided that money does not come before people’s rights. In the United States, meanwhile, the issue of net neutrality has everything to do with money.

[…]

Source: Net neutrality lives… in Europe, anyway: Top court supports open internet rules, snubs telcos and ISPs • The Register