That so called ‘data breach’ of iCloud? Didn’t happen

Long time readers of this blog pretty much know that I am not a big fan of Apple. While I do think they have some good products, I don’t like the way they treat their customers (like infants who need coddling, for the most part) nor do I like the perceived ‘premium’ that is Apple when, in fact, they aren’t any better than, say, HP or Sony.  So, when I heard about the data breach, err, alleged data breach of iCould, I was, initially, in the ‘huh, how about that…how are they gonna get past this?’ mode.

Well, it’s really very simple.  They aren’t 100% at fault. They do shoulder SOME responsibility, but, for the most part, the ‘breach’ was really nothing more than some phishing, luck and a brute force exploitation of something that Apple fixed as soon as it was known to the public.

First, the problem: a number of celebs, apparently, enjoy photographing themselves and, perhaps, partners in compromising poses in the nude. Now, that’s their business, not mine, but…to do so on an iPHONE!? C’mon. So, these iPhones were backing the photos up to iCloud.  My guess is that most of these people did not know this was the case. Some, perhaps, did and then deleted the photos. Problem was that pesky iPhone backup. The photos were there. Whatever the cause, these photos were up on iCloud in a space that was accessible if you knew where and how to get there.

Next, the back door.  When you get an iPhone, you have to set it up. One of the things you set up-or not-is the Find My iPhone feature.  You use your Apple ID and Password for this.  Problem is, and unlike other services or even other parts of Apple, there was no cutoff to the number of guesses for the password. IF you know the ID, you could take forever to guess the password. And, that is, very likely, how access happened. The perpetrator thanked ‘all of those who helped’, so he/she probably had many people hacking away at a few specific targets. Once they got in, they got what appears to be iPhone backup files.

Apple swiftly fixed the problem with the password by limiting the number of guesses allowed.

Now, while this is still a crime and not a laughing matter, I do have to wonder why the mainstream press made this out to be such a huge deal. It isn’t. Yes, I am sorry Jennifer Lawrence’s photos went public, I’d be pissed too, but…the press had other pressing things to report. 

That said, there are things you can do to protect your photos and data. And, remember, things like this can happen no matter what phone or device or service you use. These people did take advantage of a weakness in the Apple ecosystem. But, it could have happened purely by social means as well. So, what can you do?

First, enable two factor authentication. Depending on what service you use, this means a password and some other means, like identifying a photo, biometrics, whatever. Check into what your service offers.

Second, disable the auto upload of photos on your device. Apple enables it by default on the iPhone. Android, does not and neither does Windows Phone.

Third, check the privacy settings on the service.

If you must take ‘fun’ photos of an adult nature, don’t use a smartphone. Use a real camera.  Protect the media you store them on.  NEVER upload them. Once uploaded, there is always that chance they get out to the public. A disgruntled employee, a weakness in the system, poor passwords, you name it, it could happen.

Lastly, NEVER use identifiable email addresses. Create a cryptic email address at, Yahoo! or even GMAIL. Use that for your password recovery or even your account’s email. That way, most people won’t bother to try to break it.

So, there you have it.  Apple’s reliance on Microsoft’s Azure cloud platform and Amazon’s AWS gives them rock solid foundations. They have made big strides in the front end as well. The steps they have taken to make the iPhone both safe and easy to use made this entire fiasco very unlikely to be anything other than what it was…a lucky hit by a few with nothing else better to do. Cut Apple some slack here.

The Great Half-Byte Blog Robot Challenge

Ok, people, you have that awesome Arduino or Arduino clone.  What are you doing with it? Doing something other than making an LED blink or getting temperature readings from a DHT-11? Well, here’s something:  The Great Half-Byte Blog Robot Challenge.  During the months  of September and October, we challenge you to build a robot using the common ATMega328. It doesn’t have to be a genuine Arduino, but should include the same bootloader and be software compatible—that means being able to load up the code in the Arduino IDE, along with any necessary libraries, and download to another without any changes.

The robot itself should have at least two wheels and enough intelligence to sense when it has hit an object and then go the opposite direction. You can use any commonly available components, including ultrasonic sensors, infrared, etc.

The challenge will run from September 7 through October 7. Submit your entries to this blog by leaving a comment below. Your entry should contain: text description of your robot, how you built it, parts, and any code (which you can zip up and upload to your favorite Drop Box, OneDrive, GoogleDrive,etc. Leave a link to the file in the comments. Photos should be put a photo sharing site, like Flikr, and linked back here.

We will judge the entries by originality, appearance, simplicity and code.  The top five entries will be featured on the blog. 

Please do not start until September 7, 2014. 

Have fun!

Hacking the Half-Byte Console and Tiny Basic v2 (or, making Tiny Basic tell me the temperature)

WP_20140826_22_19_55_ProI had one main goal in mind when I designed the Half-Byte Console: to bring together parent and child in a learning experience. Now that the console is a reality and a few are out in the wild, I want it to do other things.  So, I thought ‘what can this do that isn’t expensive and would be easy to add to the Tiny Basic as well?’

Looking around my office, I see a DHT-11 temperature and humidity sensor. Ah ha! These are cheap, just a few dollars each.  They are also easy to access in code and, with only three pins, easy to connect.  So, this is the Half-Byte Console’s first hack: measuring indoor environment.

The DHT-11 has three pins: +5, data and Ground (-).  I chose to use D5 on the console as it is safe to use and won’t interfere with video or the keyboard.  Plus, it is easy to get to on the board. I loaded the example sketch and changed the pin reference to make sure it worked. It did. WP_20140826_22_20_22_Pro

Next, I added support for the sensor to Tiny Basic.  I am working on Version 2 and this support will be part of that release (which should be ready very soon.)

Support comes in the form of two functions:

  • x=Temp(1)
  • x=Humidity (1)

The parameter for Temp actually has meaning: if the parameter is a zero, the temperature is returned as Celsius. If it is a 1, it is returned as Fahrenheit. Any non-zero parameter defaults to Fahrenheit.WP_20140826_22_20_46_Pro

So, now the console can do something useful.  I’m anxious to get the release of Tiny Basic out and see what you all can do with this new functionality.  I am going to post more on the new features of Tiny Basic (hint…more graphics, LIST is fixed…)

In the mean time, if you have any suggestions for Tiny Basic, please let me know in the comments.

Moore’s Law–Infographic style

Moore’s Law…it’s more or less dictated the state of the art for semiconductors for the last forty years. Check it out…
NOTE I have been asked by to remove the link and graphic, temporarily, from the blog. They will notify us when they have reposted and apologize for any inconvenience.

Bad, bad Lero…err, USB…baddest USB in the whole town

USB. We all use it. It is ubiquitous these days. Our phones use it for power and to transfer data to and from the phone to a computer. Our keyboards, mice, mobile devices, external hard disks, cameras, you name it, it probably has a USB port.  Even some of our power outlets in the wall have them.  So, why am I saying something you already know? Well, two gentlemen at SRS Labs have ‘discovered’ something that many of us probably knew, but just didn’t want to admit.

usb-drive-2What’s that, you say?

Well, unless the USB device is a simple power adapter, it contains a tiny little computer.  Yep, the two dollar USB Thumb drive is, in fact, a full fledged little computer. It has a CPU, internal memory, firmware (the OS or software that makes it all work, including the complicated USB protocol itself) and, of course, the gigs of memory that you bought it for. So, what does this mean? 

Well, for the vast majority of things, it means little.  However, there is a significant portion of USB devices-mainly the aforementioned two dollar thumb drive-that contain EEPROM instead ROM.

EEPROM is erasable programmable read only memory. It is a type of ROM that can, with the right combination of hardware and software, have its memory replaced-something standard ROM cannot do.  ROM, or READ ONLY MEMORY, is a write once memory. That is, once you have ‘burned’ or uploaded whatever you want to put in it, it cannot be changed. So, you better get it right the first time.  Which is why, I’m guessing, that some of the lower cost drives use EEPROM instead of ROM.  Perhaps the same chips are used in two or three memory sizes. It is easier to re-burn an EEPROM with different parameters than to purchase unused ROMS, go through the hassle of burning them, etc.   EEPROMS are just convenient.

So, what, exactly does this mean? So what if they used EEPROM, what does that have to do with me?

Simple: YOUR USB device COULD be hacked and its firmware changed to accomplish something more nefarious than just saving your Leonard Nimoy musical collection. 

For example, say that two dollar thumb drive was intercepted at some point before it got to the store. It’s firmware changed so that when you plug it in, it makes a copy of itself on your computer. It plants something in your operating system that allows it to copy itself back to other USB drives. Oh, it also could record your keystrokes. Or, perhaps, it could encrypt your data. Bottom line is that you don’t know what it could do.

One concern is that the device, if compromised, could actually overwrite your computer’s operating system.  Now, the chances of this happening are astronomical. I chuckled when I heard it, but…it is not out of the realm of possibilities.  So, maybe unplug the thumb drive before you shut the computer down, if you do that.

Now, before you go throw them all away, consider this:  there’s been no known exploits.  Most USB devices likely use real ROM-certainly the firmware in that Seagate you bought is in ROM. The chances of your computer actually being able to re-program other USB devices is likely slim. These embedded computers are limited in what they can do.

I, personally, am not too concerned about this, but I will think twice about grabbing that freebie drive or getting them at the Dollar General or Five Below. (Note: those are two fine stores, but some of the merchandise may not be as fine. They cannot control distribution from end to end. Just saying)

The two researchers are presenting their findings at the Black Hat conference this week. I will follow up this post with any additional information they present.

Steven Nichols has a typical story that came out this past week regarding BadUSB. Have a gander here.

Half-Byte Tiny Basic Type In Game: Invader

WP_20140719_003Yep, I use ‘Invader’ a lot. Here’s a version, just for Half-Byte Tiny Basic. It features Wii Nunchuck support, sound and AWESOME graphics! Just awesome!

100 CLS
110 X=0:Y=0:D=1:Z=75
120 LINE 0,38,79,38,1
130 B=9:C=5:U=4:V=0
140 CURSOR 0,7:?”Score:”;
150 GOSUB 800
160 GOSUB 900
170 P=PAD(3)
180 IF P=1 S=1
185 IF P=1 TONE 1024,100
190 IF S=1 GOSUB 700
290 GOTO 150
700 CURSOR B,U:?CHR(142);
710 DELAY Z:CURSOR B,U:?”  “;
720 U=U-1
730 IF U<1 IF B<>X U=4:S=0
740 IF U<1 IF B=X GOSUB 1000
800 CURSOR B,C:?CHR(151);
910 X=X+D:IF X>17 D=-1:X=17
920 CURSOR X,Y:?”  “;
930 IF X<2 D=1:X=2
1000 CURSOR B,U:?”*”;:DELAY 3*X:CURSOR B,U:?” “;:DELAY 3*Z:?”*”;:DELAY 3*Z:CURSOR B,U:?” “;
1010 S=0:V=V+100
1020 CURSOR 0,7:?”Score:”,V;
1030 U=4
1040 TONE 2,400

There’s room let to add code to move your ‘tank’ and, perhaps, have the moon guy shoot back.

It is a simple little, but I found it a bit difficult to shoot the moon guy.  The rules are simple: use the ‘Z’ button on the Wii Nunchuck to fire a missile at the moon guy. You get 100 points for each hit. Play continues until you get bored.  Tinker with the code, add more gameplay and share it with us.

Have fun!

Half-Byte Console, now available

We have kits and an assembled and tested unit for sale on our eBay store.

For information on the Programmer’s Kit, click here.

For information on Half-Byte Tiny Basic, click here.

For sample HB Tiny Basic code, click here.