All Your Hash are Belong to Apple: /usr/libexec/gkoverride

I happened to notice a process running for a split second: /usr/libexec/gkovverride. Little Snitch was asking if it should have access to connect to Apple. This appears to be a new Yosemite thing, as others aren’t seeing it in older versions of OSX. Naturally, my curiosity took over and I had to take a closer look at this binary. A brief skim through the disassembly makes it appear that gkoverride is invoked by the Security framework, and takes hashes of binaries in question (via the commandline), then sends the hashes to Apple, waits for a response, then returns a yes/no response (via stdout) presumably as to whether the binary should be allowed to run.

I poked around some of gkovverride’s caches, and also found mention of Google Chrome. I’ve never used Chrome, but the cache seemed to have Google’s public key identifier (which they use to sign the binary, I assume) in it. I haven’t had time to hunt down when gkoverride specifically gets invoked, but this occurred during a package installation. I’ll have to disassemble Security framework for more details. So upon an initial glance, it looks as though gkoverride may get triggered when new binaries are installed or initially run, to see if they’ve been white/blacklisted. What bothers me about this is that OSX seems to be sharing hashes of your binaries with Apple, and calling home. What bothers me more is that Apple likely now has a complete inventory of binaries I’ve installed on my machine, identified by the same IP address that  my iCloud and other accounts connect from; therefore, personally identifiable.

When I have some more time, I’ll have a look at Security framework, why it’s calling gkoverride, and take a look at the hashes itself to see if it’s something that malware might be able to spoof.

Update:

Upon having a look at Security.framework, it looks like this is an opaque whitelist override. I’m still looking into what conditions trigger it. It would seem that it would be more privacy conscious for OSX to download a whitelist override list every once in a while, rather than send hashes of your binaries to Apple – or at least ask.

NOTE: Someone sent me this link, which seems to explain it pretty well.

http://indiestack.com/2014/10/gatekeepers-opaque-whitelist/

Someone else has quickly written a little replacement for gkoverride that prompts the user, without sending anything to Apple.

https://github.com/parrotgeek1/gkoverride/blob/master/gkoverride.c

 

Disclaimer:

I’ve only had a little bit of time to look into all of this, so I’m naturally still investigating as time permits… some of this information could turn out to be wrong, so take it with a grain of salt… or better yet, take a look at it yourself and draw some conclusions.

Posted in Forensics, Security | Comments Off

Photography Gallery Online

After much refining and careful selection, I’ve gathered the courage to place my photography on public exhibit. I’ve posted my latest three galleries on my new photography website. I’ve also partnered with a trusted lab to deliver fine art prints and metal prints. To view my galleries, please visit http://photography.zdziarski.com.

Posted in Photography | Comments Off

Features I’d like to see from Nikon

If Nikon is indeed working on advanced firmware options, I’d pay good to have these:

– A bulb lock that locks the shutter down until I press it again, and starts a timer on the screen. Canon M cameras do this.

– The ability to view the image and histogram of the long exposure I’m taking while its exposing; this can help immensely with certain long exposures where you’re uncertain about shutter time. Canon M cameras do this too.

– Support for exposure times beyond 30 seconds

– A way to delete white balance presets

– If I am taking an HDR photo at different shutter speeds, have the camera process it all in one shutter, and have different exposures save as they achieve their exposure levels.

– Electronic Front Curtain should work when using exposure delay mode

Posted in General, Photography | Comments Off

Mystery

Mystery

Mystery

The Northern Lights making a grand entrance over Kirkjufell Mountain. A small, ten minute window opened up between hail storms that night as we fought to see the Aurora for the first time in our life. We were not disappointed. Nikon D800E, 14mm, f/2.8, ISO 1600, 15s.

White Balance Tricks and Embracing High ISO Noise

To develop this shot, I used a Sodium Lamp white balance in DxO (this is somewhere around 2450K), which helped to bring out the blue-green of the sky while simultaneously cutting back the peach colors caused by light pollution from the nearby town of Grundarfjörður. Not much editing went into this shot at all. I applied some clarity with Topaz to add some definition, some minor dodging for shading and to bring out the reflection of the Aurora on the ground, and some sharpening. I used very minor noise reduction on the print edit, as most noise doesn’t show up in print, even at ISO 1600. Stronger noise reduction was used for the screen edit.

With a night shot like this, your first thought is probably to use noise reduction, but I say save it for last, and tread very lightly with it. Overdoing your noise reduction in print is the best way to get banding and other strange patterns appearing. Banding occurs because you have very strong gradients of clean, solid colors appearing next to each other… this happens when you apply too much noise reduction, or by blurring the sky. I’ve had to go back into a bunch of old photos and actually add noise to get rid of banding I created myself. Fixing it is usually done using either the Add Noise filter, or by masking a Splatter filter on top of problem areas.

Continue reading

Posted in Photography | Comments Off

The Best 150mm Filters in my Bag

Some of these are obscure, so if you’re a wide angle enthusiast, you may want to consider looking up these great filters.

Cavision CPL: Cavision makes an excellent 2mm 150x150mm square circular polarizer. It filters out unwanted polarized light, but unlike most CPLs, doesn’t filter out desirable non-polarized light. Therefore it isn’t overly dark like other CPLs, and gives you better quality color tones. This is a glass filter, not resin, and is therefore fragile. Because it is a circular polarizer (and not a linear polarizer), it works with auto-focus.

Formatt-Hitech Firecrest NDs: I have the ND3.0 and ND1.8, however they are available in all varieties up to 16 stops. These are the best NDs I’ve used so far, and are almost spot on true to color, at least as far as I’ve tested to 20 minute exposures. The ND3.0 is ever so slightly warm, but not nearly to the degree that other filters are (some of which are almost red in color). Virtually no additional color correction is needed with these filters.

Continue reading

Posted in Photography | Comments Off

Grey Card Control Test: Formatt-Hitech’s new Firecrest ND 3.0

firecrest-blk“Firecrest ND is a revolutionary new type of ND filter from Formatt-Hitech. Rather than dyed resin, Firecrest is a carbon metallic coating used to create hyper neutral NDs. The filters are made from 2mm thick Schott Superwite glass, and the multicoating is bonded in the middle to increase scratch resistance. Firecrest Filters are neutral across all spectrums, including UV, visible, and infrared.” – Formatt-Hitech

I’ve just received my Firecrest ND 3.0 (10-stop), shipped from the manufacturer in the UK. These are so new that you won’t find them in stores yet. I had originally contacted Formatt-Hitech after suffering terrible color cast problems with their previous generation resin neutral density filters. These new filters are 2mm thick glass, not resin, and use a completely different coating process that supposedly helps keep colors neutral across long exposures. They come in a very nice box with a large plastic case (although I use the OneSixFive filter bag instead). Being glass, you’ll need to be very careful with it; they will break.

This is the first of a few tests I’ll be running against this filter to see how it holds up. For the grey card test, I taped a grey card to the wall and shot it both with and without the filter. The first exposure took 1s, and the exposure with the filter took 17:04. First I did this with white balance set to auto, and the second set I did with a cloudy white balance. Both sets were shot indoors to get a nice long exposure with consistent lighting.

Continue reading

Posted in Photography | Comments Off

Shooting Starscapes

Starry Cabin SMThis was my first go-around with starscapes after reading this most excellent primer by a local New England photographer. That title shot of Hopewell Cape ironically is where my wife and I spent a small part of our honeymoon, so I have to go back and try this.

Once I get this technique down, I’ve been planning to make the five hour trip to shoot the Quoddy Lighthouse, as well as the Pemaquid Lighthouse and some others at night; eventually, I’ll make it back up to New Brunswick too.

The photo to your left is a winter cabin up in the Maine mountains; you can see the smoke from a burning wood fire on this cold winter night, and small night ski lights going on a mountain away. Temperatures were approaching -20 F when this photo was taken. While terrible for skin (dress warm!), cold weather makes for some of the clearest night skies. The Lovejoy comet is also showing this week, and so I’m hoping to catch it one of these nights.

This is a blended three-shot exposure; Sky: ISO 3200 @ 30s, Cabin: ISO 2000 @ 8m, Windows: ISO 2000 @ 30s. I used a flashlight to set the focus to infinity by reaching outside of the max focusing range of this lens. I then had to refocus on the cabin in order to take the cabin and window shots, as the depth of field at f/2.8 is quite shallow; if you don’t refocus then you end up with a blurry foreground. I then blended these exposures in Photoshop. Nothing fancy here, I just used masks and painted/blended everything by hand. You could do an HDR of sorts, too if you wanted. I ran each shot through camera raw, adjusting the exposure specifically for the part of the photo I was concentrating on. The sky exposure had a lot of contrast, noise reduction, and low blacks. I then took each exposure and just pasted it into a document, then masked each one over the other where I wanted it.  I also did some minor dodging and burning and used some basic filters, such as Topaz DeNoise (noise reduction), Topaz Clarity, Topaz Clean, Nik Low Key w/Mask, and Nik Sharpener 2 to finish the photo. I’m pretty happy with how it turned out!

Continue reading

Posted in Photography | Comments Off

A Meta-Data Resilient, Self-Funding “Dark” Internet Mail Idea

I’m still reading the specs on DIME, but already it’s leaving a bad taste in my mouth. It feels like it’s more or less trying to band-aid an already broken anonymous mail system, that really isn’t anonymous at all, and leaves far too much metadata lying around. Even with DIME, it looks like too much information is still exposed to be NSA proof (like sender and recipient domain names), and with all of the new moving parts, it leaves a rather large attack surface. It feels more as if DIME gives you plausible deniability, but not necessarily NSA proof anonymity, especially in light of TAO, and the likelihood at least one end of the conversation will be compromised or compelled by FISA. I could be wrong, but it at least got me thinking about what my idea of an Internet dark mail system would look like.

Let me throw this idea out there for you. We all want to be able to just write an email, then throw it anonymously into some large vortex where it will magically and anonymously end up in the recipient’s hands, right? What’s preventing that from being a reality? Well, a few things.

Continue reading

Posted in Forensics, Security | Comments Off

Split Toning: When People Appreciate Fine Processing Over Fine Photography

I appreciate straight forward photography with minimal processing (you know, real photography), but most online photography communities ironically prefer over-processed imagery that borders more on the side of “art”, rather than photography (and hey, lets keep calling it photography so people think we’re gods). In such cases, nothing is quite as useful for making fauxtography that everyone will drool over as split toning. If you want to impress the boogers out of social network photographers, you need split toning in your toolbox. Both DxO and Photoshop support this technique, and many photographers have made a living creating fake works of art with it. To give an example, I took my two favorite Kirkjufell photos (which you can find in my blog) and applied the following split-toning techniques:

Step #1 (DxO): Sepia Gold / Sepia Terra Split-Tone, apply Agfa Precise film from Film Pack. Load into Photoshop.
Step #2 (Photoshop): Split tone in Camera Raw, 261 @ 22 Saturation, 360 @ 15 Saturation. Low-Key mask with Nik, adjust brightness.

Voila, you now have amazing looking photos that don’t really exist, and never really happened… but people on the Internet will drool over. It’s better than Instagram! You’ll find many fauxtographers lean toward a magenta split-tone, but personally if I’m going to wreck a perfectly good photo, I prefer to do it with golden overtones. Magenta is over-done in my opinion. For that “classic” look, it’s much better to puke gold tones all over your photos.

Golden SM

Continue reading

Posted in Photography | Comments Off

Color Accuracy Differences: Nikon D810 vs. Canon 5D III

My wife and I took a few photos of this old church in west Iceland. She shoots a Canon 5D III, while I shoot a Nikon D810. Upon developing them (using the same, simplistic workflow in DxO), I was surprised at just how different the colors were between the two photos. Granted, different lenses (Canon 24-105, vs. Sigma 35mm DG A), different focal lengths (40mm vs. 35mm), aperture (f/5.6, vs f/8), etc.. this isn’t a lab test… but IMO reproducing color accuracy in a lab versus in the real-world is very different; you shouldn’t need a lab to get color accurate results. Here, the Nikon D810 (highlighted in red) is much more color accurate than the Canon was. The canon recorded the blue hues to be much darker and more saturated than they actually were. The clouds and sky also got a much darker blue cast to it, where the Nikon rendered the grays and the whites in the snow accurately. The rock wall ended up with a green cast as well, where the Nikon version brought out more of the grays and yellows. My initial thought is that the cameras chose a different white balance (both were set to auto), however there seems to be more going on than just that, as trying to correct the image didn’t resolve the color discrepancies.

You can correct the Canon, of course… but that is extra work, multiplied by hundreds of photos we both took on this trip. Just something to keep in mind about the difference in color tonality between the two brands. I may follow up later with some lab-style tests; I’m sure in a lab the two are much closer, even though there are a lot of tests out there that still show noticeable differences. In the real-world, however, it comes down to more than just the sensor. The camera’s build in white balance logic, metering, and even ISO selection (if set to auto) come into play here. Strangely, the Canon was grainier than the Nikon, yet the Canon image was shot at ISO 100, whereas the Nikon was set to ISO 250. Part of this was likely that I had to raise the shadows of the Canon image more, as it shot a darker overall image. This too may have been responsible for some of the cast.

Mountain Prayers Comparison

Posted in Photography | Comments Off