All Your Hash are Belong to Apple: /usr/libexec/gkoverride

I happened to notice a process running for a split second: /usr/libexec/gkovverride. Little Snitch was asking if it should have access to connect to Apple. This appears to be a new Yosemite thing, as others aren’t seeing it in older versions of OSX. Naturally, my curiosity took over and I had to take a closer look at this binary. A brief skim through the disassembly makes it appear that gkoverride is invoked by the Security framework, and takes hashes of binaries in question (via the commandline), then sends the hashes to Apple, waits for a response, then returns a yes/no response (via stdout) presumably as to whether the binary should be allowed to run.

I poked around some of gkovverride’s caches, and also found mention of Google Chrome. I’ve never used Chrome, but the cache seemed to have Google’s public key identifier (which they use to sign the binary, I assume) in it. I haven’t had time to hunt down when gkoverride specifically gets invoked, but this occurred during a package installation. I’ll have to disassemble Security framework for more details. So upon an initial glance, it looks as though gkoverride may get triggered when new binaries are installed or initially run, to see if they’ve been white/blacklisted. What bothers me about this is that OSX seems to be sharing hashes of your binaries with Apple, and calling home. What bothers me more is that Apple likely now has a complete inventory of binaries I’ve installed on my machine, identified by the same IP address that  my iCloud and other accounts connect from; therefore, personally identifiable.

Continue reading All Your Hash are Belong to Apple: /usr/libexec/gkoverride

Features I’d like to see from Nikon

If Nikon is indeed working on advanced firmware options, I’d pay good to have these:

  • A bulb lock that locks the shutter down until I press it again, and starts a timer on the screen. Canon M cameras do this.
  • The ability to view the image and histogram of the long exposure I’m taking while its exposing; this can help immensely with certain long exposures where you’re uncertain about shutter time. Canon M cameras do this too.
  • Support for exposure times beyond 30 seconds
  • A way to delete white balance presets
  • If I am taking an HDR photo at different shutter speeds, have the camera process it all in one shutter, and have different exposures save as they achieve their exposure levels.
  • Electronic Front Curtain should work when using exposure delay mode

Mystery: Processing the Aurora Borealis

Mystery

Mystery

The Northern Lights making a grand entrance over Kirkjufell Mountain. A small, ten minute window opened up between hail storms that night as we fought to see the Aurora for the first time in our life. We were not disappointed. Nikon D800E, 14mm, f/2.8, ISO 1600, 15s.

My wife and I have been hunting the Aurora Borealis for two years now. In Norway 2013, we encountered a series of snowstorms for two weeks. We missed the Aurora, but captured some fantastic winter photography. This year, we headed for Iceland and Norway, and saw the Aurora in both. This shot was taken in Iceland at the iconic Kirkjufell Mountain. We didn’t have time to hike to the waterfall, because hail storms hit us every 5-10 minutes; it would then clear for a little while, then the storms would circle back around. Fortunately, we got some fantastic shots of the Aurora, and got the storms approaching the mountain as a bonus.

White Balance Tricks and Embracing High ISO Noise

To develop this shot, I used a Sodium Lamp white balance in DxO (this is somewhere around 2450K in Photoshop CC). This helped to bring out the blue-green of the sky while simultaneously cutting back the peach colors caused by light pollution from the nearby town of Grundarfjörður (I kept one shot with the peachy hues, as it’s still quite beautiful). Not much editing went into this shot at all. I applied some clarity with Topaz to add some definition, some minor dodging for shading and to bring out the reflection of the Aurora on the ground, and some sharpening. I used very minor noise reduction on the print edit, as most noise doesn’t show up in print, even at ISO 1600. Stronger noise reduction was used for the screen edit.

With a night shot like this, your first thought is probably to use noise reduction, but I say save it for last, and tread very lightly with it. Overdoing your noise reduction in print is the best way to get banding and other strange patterns appearing. Banding occurs because you have very strong gradients of clean, solid colors appearing next to each other… this happens when you apply too much noise reduction, or by blurring the sky. Printers simply can’t render this without banding. Here’s a secret: neither can your screen, except that your screen has built-in dithering, which basically adds noise to your colors.

Continue reading Mystery: Processing the Aurora Borealis

The Best 150mm Filters in my Bag

Some of these are obscure, so if you’re a wide angle enthusiast, you may want to consider looking up these great filters.

Cavision CPL: Cavision makes an excellent 2mm 150x150mm square circular polarizer. It filters out unwanted polarized light, but unlike most CPLs, doesn’t filter out desirable non-polarized light. Therefore it isn’t overly dark like other CPLs, and gives you better quality color tones. This is a glass filter, not resin, and is therefore fragile. Because it is a circular polarizer (and not a linear polarizer), it works with auto-focus.

Formatt-Hitech Firecrest NDs: I have the ND3.0 and ND1.8, however they are available in all varieties up to 16 stops. These are the best NDs I’ve used so far, and are almost spot on true to color, at least as far as I’ve tested to 20 minute exposures. The ND3.0 is ever so slightly warm, but not nearly to the degree that other filters are (some of which are almost red in color). Virtually no additional color correction is needed with these filters.

Continue reading The Best 150mm Filters in my Bag

Grey Card Control Test: Formatt-Hitech’s new Firecrest ND 3.0

firecrest-blk“Firecrest ND is a revolutionary new type of ND filter from Formatt-Hitech. Rather than dyed resin, Firecrest is a carbon metallic coating used to create hyper neutral NDs. The filters are made from 2mm thick Schott Superwite glass, and the multicoating is bonded in the middle to increase scratch resistance. Firecrest Filters are neutral across all spectrums, including UV, visible, and infrared.” – Formatt-Hitech

I’ve just received my Firecrest ND 3.0 (10-stop), shipped from the manufacturer in the UK. These are so new that you won’t find them in stores yet. I had originally contacted Formatt-Hitech after suffering terrible color cast problems with their previous generation resin neutral density filters. These new filters are 2mm thick glass, not resin, and use a completely different coating process that supposedly helps keep colors neutral across long exposures. They come in a very nice box with a large plastic case (although I use the OneSixFive filter bag instead). Being glass, you’ll need to be very careful with it; they will break.

This is the first of a few tests I’ll be running against this filter to see how it holds up. For the grey card test, I taped a grey card to the wall and shot it both with and without the filter. The first exposure took 1s, and the exposure with the filter took 17:04. First I did this with white balance set to auto, and the second set I did with a cloudy white balance. Both sets were shot indoors to get a nice long exposure with consistent lighting.

Continue reading Grey Card Control Test: Formatt-Hitech’s new Firecrest ND 3.0

Shooting Starscapes

Starry Cabin SMThis was my first go around with starscapes after reading this most excellent primer by a local New England photographer. That title shot of Hopewell Cape ironically is where my wife and I spent a small part of our honeymoon, so I have to go back and try this.

Once I get this technique down, I’ve been planning to make the five hour trip to shoot the Quoddy Lighthouse, as well as the Pemaquid Lighthouse and some others at night; eventually, I’ll make it back up to New Brunswick too.

The photo to your left is a winter cabin up in the Maine mountains; you can see the smoke from a burning wood fire on this cold winter night, and small night ski lights going on a mountain away. Temperatures were approaching -20 F when this photo was taken. While terrible for skin (dress warm!), cold weather makes for some of the clearest night skies. The Lovejoy comet is also showing this week, and so I’m hoping to catch it one of these nights.

This is a blended three-shot exposure; Sky: ISO 3200 @ 30s, Cabin: ISO 2000 @ 8m, Windows: ISO 2000 @ 30s. I used a flashlight to set the focus to infinity by reaching outside of the max focusing range of this lens. I then had to refocus on the cabin in order to take the cabin and window shots, as the depth of field at f/2.8 is quite shallow; if you don’t refocus then you end up with a blurry foreground. I then blended these exposures in Photoshop. Nothing fancy here, I just used masks and painted/blended everything by hand. You could do an HDR of sorts, too if you wanted. I ran each shot through camera raw, adjusting the exposure specifically for the part of the photo I was concentrating on. The sky exposure had a lot of contrast, noise reduction, and low blacks. I then took each exposure and just pasted it into a document, then masked each one over the other where I wanted it.  I also did some minor dodging and burning and used some basic filters, such as Topaz DeNoise (noise reduction), Topaz Clarity, Topaz Clean, Nik Low Key w/Mask, and Nik Sharpener 2 to finish the photo. I’m pretty happy with how it turned out!

Continue reading Shooting Starscapes

A Meta-Data Resilient, Self-Funding “Dark” Internet Mail Idea

I’m still reading the specs on DIME, but already it’s leaving a bad taste in my mouth. It feels like it’s more or less trying to band-aid an already broken anonymous mail system, that really isn’t anonymous at all, and leaves far too much metadata lying around. Even with DIME, it looks like too much information is still exposed to be NSA proof (like sender and recipient domain names), and with all of the new moving parts, it leaves a rather large attack surface. It feels more as if DIME gives you plausible deniability, but not necessarily NSA proof anonymity, especially in light of TAO, and the likelihood at least one end of the conversation will be compromised or compelled by FISA. I could be wrong, but it at least got me thinking about what my idea of an Internet dark mail system would look like.

Let me throw this idea out there for you. We all want to be able to just write an email, then throw it anonymously into some large vortex where it will magically and anonymously end up in the recipient’s hands, right? What’s preventing that from being a reality? Well, a few things.

Continue reading A Meta-Data Resilient, Self-Funding “Dark” Internet Mail Idea

Split Toning: When People Appreciate Fine Processing Over Fine Photography

I appreciate straight forward photography with minimal processing (you know, real photography), but most online photography communities ironically prefer over-processed imagery that borders more on the side of “art”, rather than photography (and hey, lets keep calling it photography so people think we’re gods). In such cases, nothing is quite as useful for making fauxtography that everyone will drool over as split toning. If you want to impress the boogers out of social network photographers, you need split toning in your toolbox. Both DxO and Photoshop support this technique, and many photographers have made a living creating fake works of art with it. To give an example, I took my two favorite Kirkjufell photos (which you can find in my blog) and applied the following split-toning techniques:

Step #1 (DxO): Sepia Gold / Sepia Terra Split-Tone, apply Agfa Precise film from Film Pack. Load into Photoshop.
Step #2 (Photoshop): Split tone in Camera Raw, 261 @ 22 Saturation, 360 @ 15 Saturation. Low-Key mask with Nik, adjust brightness.

Voila, you now have amazing looking photos that don’t really exist, and never really happened… but people on the Internet will drool over. It’s better than Instagram! You’ll find many fauxtographers lean toward a magenta split-tone, but personally if I’m going to wreck a perfectly good photo, I prefer to do it with golden overtones. Magenta is over-done in my opinion. For that “classic” look, it’s much better to puke gold tones all over your photos.

Golden SM

Continue reading Split Toning: When People Appreciate Fine Processing Over Fine Photography

Some of Jess’ Best from Norway and Iceland

It’s been raining for the past 24 hours in Tromsø, so I’ve had some time to develop my wife’s camera reel. She really nailed some great shots. I’m jealous of her version of my “Mountain Prayers” shot. I had my 35mm on at the time; she shot it at 24mm. A photographer once said you should either shoot water real slow, or shoot it real fast. I shoot mine slow and silky. Jess shoots her water fast. I think part of the reason is so that she can run fast when furious ocean tides are about to engulf us. We teetered in dangerous territory at Djupilon, a volcanic beach, when the tide was inbound. Very large (10ft+) waves came crashing in suddenly out of nowhere. She did a great job of capturing some of the shots.

Beach Mountains SM

Continue reading Some of Jess’ Best from Norway and Iceland

Norway’s Lofoten Islands

Day #1:

We stretched a four hour trip through the Lofoten Islands into about seven hours, stopping everywhere to take photos. We had a few good hours of sunlight, as the sunrise and sunset are very close together. After sunset, a nice long twilight gave us some fantastic dark light to work with. The fog perfectly textured nearly every photo we took. My 70-200mm f/2.8 came in extremely handy, and is what I used for almost every photo below. If you’re going to drive through Lofoten, I strongly recommend using this focal length. After a long, five hour party with about a dozen friends from Reine, Moskenes, and Sørvågen, we made it back to the cabin to await the northern lights. If they don’t show up tonight, we’ll keep watching.

Getaway SM

Continue reading Norway’s Lofoten Islands

Our Iceland Adventure

Day #1:
Ever since visiting Norway last year, it’s been in my heart to visit Iceland. I’ve spent the past year looking at photos of Kirkjufell mountain and the Aurora Borealis, in anticipation for this year’s trip through Scandinavia. Day #1 of a two-week expedition through Iceland and Norway was well spent. With no sleep for 36 hours, my wife and I somehow managed to find some of the most beautiful parts of Grundarfjörður (pronounced just as it looks – like a jumble of letters that don’t make any sense), a small fishing village in western Iceland. Over the next few days, we’ll be exploring and branching out, as well as meeting a local professional photographer for a photo tour of some of his favorite spots. There’s really no word other than magical to describe Iceland, and its beauty. Waterfalls everywhere you look, old lava fields now growing moss, giant towering mountains – it’s intimidating in a way that makes you feel small to nature; it’s an amazing feeling. Dinner tonight? Fish soup, lamb filet, and Skyr.

Many of these photos were taken during a very long sunrise, on a day accompanied by high winds, freak hail storms, and a number of other threats from nature. We had to fight hard to get crisp photos today. This involved numerous shots, tripod spikes, and a lot of patience. It was worth it.

(Most of these photos have been moved to my photography site)

Continue reading Our Iceland Adventure

What You Need to Know About WireLurker

Mobile Security company Palo Alto Networks has released a new white paper titled WireLurker: A New Era in iOS and OS X Malware. I’ve gone through their findings, and also managed to get a hold of the WireLurker malware to examine it first-hand (thanks to Claud Xiao from Palo Alto Networks, who sent them to me). Here’s the quick and dirty about WireLurker; what you need to know, what it does, what it doesn’t do, and how to protect yourself.

How it Works

WireLurker is a trojan that has reportedly been circulated in a number of Chinese pirated software (warez) distributions. It targets 64-bit Mac OS X machines, as there doesn’t appear to be a 32-bit slice. When the user installs or runs the pirated software, WireLurker waits until it has root, and then gets installed into the operating system as a system daemon. The daemon uses libimobiledevice. It sits and waits for an iOS device to be connected to the desktop, and then abuses the trusted pairing relationship your desktop has with it to read its serial number, phone number, iTunes store identifier, and other identifying information, which it then sends to a remote server. It also attempts to install malicious copies of otherwise benign looking apps onto the device itself. If the device is jailbroken and has afc2 enabled, a much more malicious piece of software gets installed onto the device, which reads and extracts identifying information from your iMessage history, address book, and other files on the device.

WireLurker appears to be most concerned with identifying the device owners, rather than stealing a significant amount of content or performing destructive actions on the device. In other words, WireLurker seems to be targeting the identities of Chinese software pirates.

Continue reading What You Need to Know About WireLurker

Yosemite Could Easily Support LTE-Enabled MacBooks in the Future

With Yosemite’s release comes a lot of brand new code from Apple, and much to be explored. As you would expect, much of Yosemite’s codebase is shared with iOS 8. With this includes cellular capabilities, which could make it very easy for Apple to support cellular data on the desktop platform. Yosemite does currently support hotspot tethering, but the overlap in codebase could also support something else in the future: MacBooks with integrated LTE functionality.

Apple’s recent announcement of an “Apple SIM” went largely unnoticed, and while convenient for new iPad owners, is quite an undertaking for a product that has already saturated the market. On the other hand, you don’t buy your laptops from Verizon or AT&T, nor would anyone want to buy a laptop that was tied to a particular cellular carrier. The Apple SIM makes much more sense if Apple’s ultimate game is to release a MacBook Air with the ability to subscribe to any cellular network.

This morning, I decided to have a look into Apple’s new download continuity manager (nsurlsessiond),which led me to also look at networkdfindmydeviced and other daemons, on both Yosemite and iOS 8. Both codebases are virtually identical, with the cellular components simply compiled out of Yosemite’s build. Here are some examples.

Continue reading Yosemite Could Easily Support LTE-Enabled MacBooks in the Future

Damage Warning on C-SLIDE Webcam Covers for Laptops

About a year ago, I installed some of those little C-SLIDE plastic sliding webcam covers (from @WebcamCovers) on all of our laptops in the house (the kind that are now ubiquitous and private branded by everybody). This week, I had to take one of the laptops in for repair at Apple due to problems with the LCD. There were about a dozen horizontal lines at the top, and a small cone shaped black spot in the middle of the LCD directly underneath the iSight camera. The total repair was over $600 (talk about a markup).

In chatting with the Apple tech (I refuse to call them geniuses), he felt the most likely cause was a pressure crack inside the LCD. Given the machine was only a couple years old, and treated with care, we determined the most likely cause was the added pressure created by the little stick on sliding cov when you close the notebook. Even if you close it gently, the magnets create a pull on the top of the notebook screen. Additionally, even after it’s closed, all of the pressure on the LCD, thanks to the camera cover, is now concentrated on the small area in the center of the notebook, instead of distributed across the entire panel. This means that even while its in your laptop case, any pressure on the lid is focused on one small area of the LCD. The plastic sliding camera covers are very convenient, however it looks as though over the long term, they have the potential to cause severe damage to your laptop screen, even if you care for your machines. I would advise avoiding them and look into solutions that do not interfere with the amount of pressure distributed across the LCD.

As it happens, @WebcamCovers admits that their own products cause damage “when pressure is applied”, however what they don’t tell you is that, even if you don’t abuse your notebook, the “pressure” applied from normal use alone over a prolonged period of time, can cause damage to your notebook’s LCD. In comparison, the little $5 piece of plastic is not worth the risk IMO for a $600 screen. EFF has some good alternatives on their website: stickers that can easily be peeled back and forth, and will re-adhere with no problems. If you care about causing damage to your laptop, I’d recommend looking at this alternative, or others, instead.

NOTE: @WebcamCovers has ignored my request to have the damage caused by their product reimbursed.

Preliminary Findings on Whisper

At the suggestion of @kashhill, I did a brief analysis of the Whisper iOS application, which appears to be at the height of controversy with respect to user privacy. My preliminary observations follow. Note, I am only looking at the technical aspects of the application, and make no political conclusions about the motivations of the company. I do not see any horribly underhanded malicious code in the application, although it is a large application and my analysis was brief. In spite of this, the Whisper app does not appear to be a social networking application with analytics; it appears to be an analytics and user acquisition application that also happens to have a social networking component. With this come a few concerns about privacy and anonymity.

Continue reading Preliminary Findings on Whisper

Disk Analyzer: Zero Free Space on Your iOS Device

Screen Shot 2014-10-16 at 11.44.05 AM

Interested in the low level statistics of your iOS device’s disk, such as inode consumption and other file system metrics? Disk Analyzer allows you to view and work with your device’s used and free space and partition statistics. This simple little tool provides all the information about your device’s disk in simple, user friendly display. An ideal tool for businesses and enterprises.

In addition to analyzing your disk space, Disk Analyzer provides an advanced tool that can overwrite the free space on your device. Turn on Advanced Options in Settings to activate this feature, and a “Zero Free Space” button will appear in the application.

Now Available! Click Here to view in iTunes

How App Store Apps are Hacked on Non-Jailbroken Phones

(And Why Self-Expiring Messaging Apps Aren’t Trustworthy)

This brief post will show you how hackers are able to download an App Store application, patch the binary, and upload it to a non-jailbroken device using its original App ID, without the device being aware that anything is amiss – this can be done with a $99 developer certificate from Apple and [optionally] an $89 disassembler. Also, with a $299 enterprise enrollment, a modified application can be loaded onto any iOS device, without first registering its UDID (great for black bag jobs and the intelligence community).

Now, it’s been known for quite sometime in the iPhone development community that you can sign application binaries using your own dev certificate. Nobody’s taken the time to write up exactly how people are doing this, so I thought I would explain it. This isn’t considered a security vulnerability, although it could certainly be used to load a malicious copycat application onto someone’s iPhone (with physical access). This is more a byproduct of developer signing rights on a device, after it’s been enabled with a custom developer profile. What this should be is a lesson to developers (such as Snapchat, and others who rely on client-side logic) that the client application cannot be trusted for critical program logic. What does this mean for non-technical readers? In plain English, it means that Snapchat, as well as any other self-expiring messaging app in the App Store, can be hacked (by the recipient) to not expire the photos and messages you send them. This should be a no-brainer, but it seems there is a lot of confusion about this, hence the technical explanation.

As a developer, putting your access control on the client side is taboo. Most developers understand that applications can be “hacked” on jailbroken devices to manipulate the program, but very few realize it can be done on non-jailbroken devices too. There are numerous jailbreak tweaks for unlimited skips in Pandora, to prevent Snapchat messages from expiring, and even to add favorites in your mentions on TweetBot. The ability to hack applications is why (the good) applications do it all server-side. Certain types of apps, however, are designed in such a way that they depend on client logic to enforce access controls. Take Snapchat, for example, whose expiring messages require that the client make photos inaccessible after a certain period of time. These types of applications put the end-user at risk in the sense that they are more likely to send compromising content to a party that they don’t necessarily trust – thinking, at least, that the message has to expire.

Continue reading How App Store Apps are Hacked on Non-Jailbroken Phones

Why the D810 Was Worth the Upgrade from a D800/D800E

I recently upgraded my D800 to a D810, with my other camera being a D800E. I am thoroughly satisfied with my decision, not only because of the improvement in image quality from not having an OLP filter, but also for a number of other reasons, that are also leading me to consider upgrading my D800E as well. There are a lot of obvious new features that you can read about on other sites, but it’s the small details that have gone unnoticed that I am particularly thrilled about.

Continue reading Why the D810 Was Worth the Upgrade from a D800/D800E