A Man Just Acquired Hard Drive full of Apple Secrets Documents

This sound weird, but it's the truth. One of Apple Store Geniuses just handed over to a customer, a complete Time Machine backup of the Apple Store’s internal file server, filed with highly classified/confidential Apple Store documents.

This man went to Apple Store to fix his Time Capsule and the Apple Store's Genuises after repairing the Time Capsule, accidentally gave him the hard drive believing it was his old dead hard drive.

When he got home and plugged the HDD into a USB to see if he could retrieve his old files, he saw something else..... a working disk containing a Full Time Machine Backup of Apple Retail Store Server, packed with highly classified documents dating from late 2009 to May 2011.

“confidential docs, internal manuals, Apple’s sales technics, an Apple store work checklist, products layout, time schedules, pictures and videos of Apple corporate activities that only Apple employees can see, videos of store meetings, business structure and much much much more.”

According the Cult of Mac, the unidentified tipster contacted them (Cult of Mac) and offered to hand over the hard drive to them if they could pay for it, but they rejected the offer, saying they do not pay for stories, confidential informations, iPhone prototypes etc. and advised him to return the hard drive to Apple.

Below are some screen shots of the files the man found on the hard drive, trust me they are for real.

The volumes in question were called “/Volumes/apple store/Backups.backupdb/teamserver/2009-11-23-095346/HD1/Server Users” & “/Volumes/apple store/Backups.backupdb/teamserver/2011-05-18-141707/HD1/Users/admin”.

Source: Cult of Mac

Hackers gain unauthorized access into Linux source code site

As Linux fans know, there are two kinds of hackers: the good guys who develop free software, such as the Linux kernel, and the bad guys who break into computers.

The bad guys paid the good guys an unwelcome visit earlier this month, breaking into the Kernel.org website that is home to the Linux project. They gained root access to a server known as Hera and ultimately compromised "a number of servers in the kernel.org infrastructure," according to a note on the kernel.org website Wednesday.

Administrators of the website learned of the problem Sunday and soon discovered a number of bad things were happening on their servers. Files were modified, a malicious program was added to the server's startup scripts and some user data was logged.

Kernel.org's owners have contacted law enforcement in the U.S. and Europe and are in the process of reinstalling the site's infrastructure and figuring out what happened.

They think that the hackers may have stolen a user's login credentials to break into the system, and the site is making each of its 448 users change their passwords and SSH (Secure Shell) keys.

The hack is worrying because Kernel.org is the place where Linux distributors download the source code for the widely used operating system's kernel. But Kernel.org's note says that, even with root access, it would be difficult for a hacker to slip malicious source code into the Linux kernel without it being noticed. That's because Linux's change-tracking system takes a cryptographic hash of each file at the time it is published.

So once a component of the Linux kernel has been written and published to Kernel.org, "it is not possible to change the old versions without it being noticed," the Kernel.org note said.

This kind of compromise has become disturbingly common. In January, servers used by the Fedora project -- the community version of Red Hat Enterprise Linux -- were hacked. And around the same time another open-source software development site called SourceForge was also broken into.

Hackers has obtain Google certificate, could hijack Gmail accounts

Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said.

Criminals could use the certificate to conduct "man-in-the-middle" attacks targeting users of Gmail, Google's search engine or any other service operated by the Mountain View, Calif. company.

"This is a wildcard for any of the Google domains," said Roel Schouwenberg, senior malware researcher with Kaspersky Lab, in an email interview Monday.

"[Attackers] could poison DNS, present their site with the fake cert and bingo, they have the user's credentials," said Andrew Storms, director of security operations at nCircle Security.

Man-in-the-middle attacks could also be launched via spam messages with links leading to a site posing as, say, the real Gmail. If recipients surfed to that link, their account login username and password could be hijacked.

Details of the certificate were posted on Pastebin.com last Saturday. Pastebin.com is a public site where developers -- including hackers -- often post source code samples.

According to Schouwenberg, the SSL (secure socket layer) certificate is valid, and was issued by DigiNotar, a Dutch certificate authority, or CA. DigiNotar was acquired earlier this year by Chicago-based Vasco, which bills itself on its site as "a world leader in strong authentication."

Vasco did not reply to a request for comment.

Security researcher and Tor developer Jacob Applebaum confirmed that the certificate was valid in an email answer to Computerworld questions, as did noted SSL researcher Moxie Marlinspike on Twitter. "Yep, just verified the signature, that pastebin *.google.com certificate is real," said Marlinspike.

Because the certificate is valid, a browser would not display a warning message if its user went to a website signed with the certificate.

It's unclear whether the certificate was obtained because of a lack of oversight by DigiNotar or through a breach of the company's certificate issuing website.

Schouwenberg urged the company to provide more information as soon as possible.

"Given their ties to the government and financial sectors it's extremely important we find out the scope of the breach as quickly as possible," Schouwenberg said. The situation was reminiscent of a breach last March, when a hacker obtained certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo.

Then, Comodo said that nine certificates had been fraudulently issued after attackers used an account assigned to a company partner in southern Europe.

Initially, Comodo argued that Iran's government may have been involved in the theft. Days later, however, a solo Iranian hacker claimed responsibility for stealing the SSL certificates.

Kaspersky's Schouwenberg said "nation-state involvement is the most plausible explanation" for the acquisition of the DigiNotar-issued certificate.

"For one [thing], there's the type of information being looked for -- from Google users," said Schouwenberg. "This hints towards an intelligence operation rather than anything else. Secondly, this type of attack only works when the attacker has some control over the network, but not over the actual machine."

Others were more skeptical because of the claim that a single hacker pulled off the Comodo heist.

"I think it might still be a stretch to attribute this to the Iranian government," said Marlinspike on Twitter shortly before 4 p.m. ET. "We all know how that went last time."

The google.com certificate has not yet been revoked by DigiNotar -- the first step to blocking its use -- even though it was issued July 10.

Last March, browser makers, including Google, Microsoft and Mozilla, rushed out updates that added the stolen Comodo certificates to their applications' blacklists.

Storms said he expected Google to quickly update Chrome, and that Microsoft, Mozilla and other would do the same some time later. "I suspect that if asked [Microsoft and Mozilla] will also issue updates, as there is already a precedent," said Storms.

How to Improve your Windows Laptop Battery Life

Are you tired of poor battery life from your Windows laptop? If so, we're here to help. Our battery-saving tips will help you get the most out of your laptop's battery, so you can leave the power adapter in your bag a little longer.


1. Use Windows power plans (schemes)
Begin with the most aggressive battery-saving options and customize the power plan as you go. In Windows 7, start with "Maximum Battery Life" and adjust the settings to your preferences. These settings will tell Windows to adjust the brightness when running on battery, when to dim the display, when to turn off the display, and when to put the computer to sleep.

2. Advanced power settings
While adjusting power plans, click on "Change advanced power settings" and set the period of inactivity before Windows turns off the hard disk. Also, enable hibernation so when you walk away from your laptop for an extended period of time, your laptop will turn off. Hibernation differs from sleep in that hibernation saves your work to the hard disk and actually shuts off the computer. Sleep saves your work to RAM and turns off the display and hard disk, but draws more power so it can be quickly resumed. We recommend experimenting with the other advanced settings to get the best results for your needs.

3. Disable networking
If you're not using Bluetooth or Wi-Fi, turn them off. Most laptops either have a physical button or a key combination that will allow you to quickly enable or disable them. If your laptop doesn't have a shortcut button, the Windows Key + X keyboard shortcut will bring up the Windows Mobility Center. The WMC provides quick access to some mobile settings, including Wi-Fi.

4. Reduce CPU usage
Turn off automatic tasks and programs to keep the processor from running things you don't need. A really good program for disabling startup programs is called AutoRuns for Windows. You can also use MSConfig, which is already included with Windows. Just type "msconfig.exe" in the search box of Windows Vista/7 or in the run box of Windows XP.

Also, try to keep the laptop's vents clear of dust or other obstructions so the processor doesn't overheat. Blankets and pillows are notorious for overheating a laptop, so try to find a flat surface to use your laptop on. If the CPU overheats, the laptop will use more power to run the fans that cool it.

5. Reduce hard disk usage
The more your laptop's hard disk has to work, the more power it will have to use. Defragging the hard disk will reduce the time it takes to find files, thus minimizing disk usage. Also, to prevent your system from using the hard disk for virtual memory, consider maxing out the memory in your laptop. Lastly, if you can afford it, consider upgrading to an SSD drive. An SSD drive consumes less power than standard hard-disk drives, weighs less, and will also give your laptop a considerable performance boost.

6. Battery maintenance tips
About every 2 months, try to clean the metal contacts on the battery and your laptop with a cotton swab and rubbing alcohol. This will help prevent dirt and corrosion from affecting battery performance. If you own a laptop with a NiMH battery, recalibrate the battery every now and then by letting the battery run all the way down, then charging it all the way up. Lithium ion batteries don't have the same memory effects as nickel metal hydride batteries so there's no need to condition one. In fact, manufacturers encourage users to top off a lithium ion battery frequently and to avoid completely discharging it.

7. Optical drives and USB ports
If you have an optical drive in your laptop, disable it in Device Manager. Optical drives, even when they're not spinning discs, are power hogs. If you want to watch movies on your laptop, try getting a digital copy onto your hard drive instead. Watching a movie directly from the hard disk uses less power than watching a DVD from the optical drive. Finally, avoid using expansion slots or USB ports, when trying to conserve battery life. Remove all unused peripherals, including external hard drives, keyboards, and mice, which all draw power from your laptop.

That's it. The next time you're in class, at a meeting, or sitting in an airplane, keep these battery-saving tips in mind. Better yet, implement some or all of these tips beforehand, so you'll be ready to go.

Offline Abilities now available on Gmail, Google Docs

After months of delay, Google this week will let people use Gmail, Google Docs, and Google Calendar even when they're offline, a key feature for making the company's cloud-computing vision more practical.

The company is a powerful proponent of the Web-based services, but the practical reality is there are plenty of times when Google's vision falls victim to the practical limits of Internet access. For Google's services to fully compete with Microsoft Office, it must work even in Internet dead zones like subways, airplanes, and rural regions.

And Google knows it. It's been testing the technology in-house and now is meeting its most recent summer deadline for release.

"Gmail, Calendar, and Docs are three of the key apps people really want to use," said Rajen Sheth, a Google group product manager. "This is something we really wanted to bring offline."

Offline Gmail lets people read and write messages (including with address autocompletion), respond to others' messages, apply labels and stars, and archive messages, said Alex Gawley, a Google senior product manager. Of course, none of the actions taken offline do anything outside a person's computer until a network connection is established and the software synchronizes with Google servers again.

The features work with Google Apps, the subscription service that combines Gmail, Google Docs, Calendar, and other services. And IT staff can install the features remotely on employee computers using Chrome's administrative policies.

Caveats
There are a lot of caveats, though, at this early stage of the process:

• The offline features initially will only be available to users of Google's Chrome browser, installed through the Chrome Web Store. Google does plan broader browser support when the others support necessary Web-app features, Sheth said.

• People will be able only to read word processing documents and spreadsheets. That means no editing of either and no use of presentations at all--again, for now. "The first priority is to get Docs' [feature to] read and write offline," Sheth said

• For offline Gmail, people will have to use a separate Web application, not the regular Gmail Web app. That means people will have to switch back and forth and use a different interface. The Web application got its start from the Gmail app for tablets and looks very similar.

• Offline Gmail stores about the last three to seven days' worth of e-mail, depending on how much people have, and all starred messages, but right now people can't set it so they can cache all messages, for example, from their boss or with a certain label.

• For offline calendars, people can read them offline and respond to RSVPs, but not create new calendar entries.

Gmail Offline is a separate Web app that runs only in Chrome for now. It stores about three to seven days' worth of messages right now and lets people read, write, and organize messages even when there's no Internet connection.

Naturally, though, the offline features fit into Google's plan of releasing technology then improving it as fast as possible.


Iterate often
"This is the first step," Sheth said. "We wanted to get something that meets core needs of users and then iterate."

Offline access also is critical to the success of Chromebooks, the laptops that use Google's browser-based operating system called Chrome OS. Without offline productivity apps, Chromebooks' utility drops significantly for those who plan to use it as more than a machine that stays put in an office or school.

The offline features will work with Chromebooks, Sheth said.

The Gmail Offline app, once installed, can be launched like any other Chrome app from Chrome's new-tab page. That app will be available today, Google said.

The offline access for Google Calendar and Google Docs is added directly to those Web applications, but isn't enabled until people check a box in the Calendar or Docs settings section. Those apps just need to be installed from the Chrome Web store then clicked once to enable. They're set to arrive gradually during this week, starting today.

Years ago, the company had enabled offline access to the applications using in-house technology called Gears. This time it's trying a different route that uses a variety of Web standards--some descended from Gears--but some proprietary elements of Chrome, at least for now.

Among the standards in use are IndexedDB, which is used to run the database that stores the data, and HTML5's App Cache, which lets the Web app run from a computing device, not just from the Web itself.

And necessary technology that's only in Chrome includes background pages, which lets the Gmail Offline app constantly keep in sync with a user's Gmail archive. Of course, that uses more memory.

Also on the road map: better offline mobile support.

"Mobile is a key area of investment for Google," Sheth said, pointing to apps for Gmail, Calendar, and Docs. "We're going to continue to evolve the mobile apps we have."