Apple Pay Associated with Unusually High Credit Card Fraud: Fact or Fiction?

Recently the lay press has reported that in practice Apple Pay is not as secure as Apple would like us all to believe. In fact there appears to be a higher rate of credit card fraud associated with the new service.

Rich Mogull, TidBITS’ security expert took a closer look at the issue. To make a long story short the issue appears to be in the process banks follow when linking your card to your iPhone, a process the banks call “onboarding”. During the process, Apple provides the bank with the last four digits of the phone number, the device name, and the latitude and longitude of the device at the time of provisioning, rounded to whole numbers among other things. Using this information, the issuing bank will determine whether to approve adding the card to Apple Pay. The problem appears to be that if the bank does not use all the supplied information, your card could be associated with a thief’s iPhone and then they could proceed to spend your money until caught. In any case, when you register your card on your iPhone, you should receive an email notification from your bank at the email address they have on file saying your card has been registered with Apple Pay. If you receive such an email and you didn’t register you card, or don’t have an iPhone 6 or 6 plus, act fast because a thief has your number.

To understand the issue in greater depth, check out Rich’s article over at

Apple’s Spring Forward Event


This afternoon Apple had it’s Spring Forward event in San Francisco where it announced a new MacBook. The new MacBook is just 13.1 mm thick at its thickest side and weighs just 2 pounds. The new MacBook comes in three colors, silver, gold, and space gray, and uses the new Intel Core M processor. The $1299 model features 256Gb PCIe flash storage and a 1.1 GHz processor and the $1599 model has 512 Gb PCIe flash storage with a 1.2 GHz processor. Both units have a 12 inch Retina display and 8Gb internal memory.

The Force Touch trackpad is engineered to deliver a responsive, uniform click no matter where you press the surface and has haptic tactile feedback like the Apple watch. The keyboard stretches across the entire width of the unit allowing each key to be slightly wider but have less vertical travel. The keys are also more stable thanks to a butterfly switch mechanism rather than the more traditional scissor switch. Each key is lit by it’s own LED light.

More details were also given about the new Apple watch. There are 38 models in three groups with prices ranging from $349 to $17,000. The Apple watch with aluminum casing comes in 20 models depending on the band selected and size while there are 10 Stainless steel models and 8 Edition models All come in 38 or 42 mm sizes. The Apple watch goes on sale April 24 with pre-order beginning April 10.

Apple also announced a price reduction on the Apple TV which will now retail for just $69 instead of $99. The Apple TV will be the first unit to support HBO Now which allows the subscriber to watch all HBO content without having a Cable TV contract. High speed Internet is required of course and it will cost $14.99 per month.

FREAK Attack

The blogoshphere is ablaze again today with the disclosure of yet another security vulnerability in Mac OSX and iOS. To be fair this attack can also affect nearly any browser currently being used. It involves the SSL/TLS system that allows secure connections using https:// and dates back to when US Export law only allowed 512-bit encryption systems or less to be exported outside the US. That law was lifted in the late 1990’s and nearly all secure connections nowadays use 1024-bit encryption. However, most browsers kept the capability to use the less secure encryption system if the server they were connecting with requested it. The security attack dubbed FREAK uses a way to fool the browser to use the less secure 512-bit encryption system. The significance is that 512-bit encryption can be broken with as little as $100 of rentable computing power.

A patch from Apple for both Mac OSX and iOS is being prepared and should be available next week.

To read more definitive discussions of the topic follow these links:

OS X 10.10.3 beta available

Screen Shot 2015-03-02 at 3.42.26 PM

I as well as many others received an email from Apple today announcing the availability of OSX 10.10.3 beta which includes the new Photos application. If interested you need to sign up through the beta program.

Photos is the new replacement for iPhoto and Aperture. It is reported to be more capable than iPhoto, but may not have all the features a professional photographer would want and found in Aperture. The big advantage is that it makes your entire photos library available through iCloud so that photos you take on your iPad or iPhone can be edited on any of your Apple devices, and those edits are instantly seen on any of your other devices. That advantage could come at a significant price, since it’s an all or nothing deal. If you want all your photos in one library shared between all your devices including your iCloud account, you could easily exceed the 5Gb free file storage you have on iCloud. Of course you can get more space. 20 Gb is only $12/year, but 1Tb is $240; more that twice what it is on Google drive or Dropbox.

The easiest way to get around this is to split up your existing large iPhoto library into smaller ones and only share the library that has the most recent pictures you want on all your devices or share with others through iPhoto Sharing. On the other hand, $12/year is not so bad and can probably accommodate 2000 pictures or so depending on resolution.