Reader Mark Wilson writes: Today, WikiLeaks published the third installment of its Vault 7 CIA leaks. We've already had the Year Zero files which revealed a number of exploits for popular hardware and software, and the Dark Matter batch which focused on Mac and iPhone exploits. Now we have Marble to look at. A collection of 676 source code files, the Marble cache reveals details of the CIA's Marble Framework tool, used to hide the true source of CIA malware, and sometimes going as far as appearing to originate from countries other than the US. The source code for Marble Framework is tiny -- WikiLeaks has provided it in a zip file that's only around 0.5MB. WikiLeaks explains that the tool is used by the CIA to hide the fact that it is behind malware attacks that are unleashed on targets: "Marble is used to hamper forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA. Marble does this by hiding ("obfuscating") text fragments used in CIA malware from visual inspection. This is the digital equivalent of a specialized CIA tool to place covers over the english language text on U.S. produced weapons systems before giving them to insurgents secretly backed by the CIA. Marble forms part of the CIA's anti-forensics approach and the CIA's Core Library of malware code."

Apple today began rolling out iOS 10.3, the latest point update to its mobile operating system. iOS 10.3 brings with it several new features, chief among which is a new file system -- called the Apple File System (APFS). From a report: It's a file system that was originally announced at WWDC last year, and it's designed with the iPhone, iPad, Apple Watch, Mac, and Apple TV in mind. Apple has been using its 31-year-old Hierarchical File System (HFS) for iOS devices so far. It was originally designed for Macs with floppy or hard disks, and not for modern mobile devices with solid state storage. Even its successor, HFS+, still doesn't address the needs of these mobile devices enough. Apple's new APFS is designed to scale across these new types of devices and take advantage of flash or SSD storage. It's also engineered with encryption as a primary feature, and even supports features like snapshots so restoring files on a Mac or even an iOS device might get a lot easier in the future.

Earlier this week, a hacker group claimed that it had access to 250 million iCloud accounts. The hackers, who called themselves part of Turkish Crime Family group, threatened to reset passwords of all the iCloud accounts and remotely wipe those iPhones. Apple could stop them, they said, if it paid them a ransom by April 7. In a statement, Apple said, "the alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services," and that it is working with law enforcement officials to identify the hackers. Now, ZDNet reports that it obtained a set of credentials from the hacker group and was able to verify some of the claims. From the article: ZDNet obtained a set of 54 credentials from the hacker group for verification. All the 54 accounts were valid, based on a check using the site's password reset function. These accounts include "icloud.com," dating back to 2011, and legacy "me.com" and "mac.com" domains from as early as 2000. The list of credentials contained just email addresses and plain-text passwords, separated by a colon, which according to Troy Hunt, data breach expert and owner of notification site Have I Been Pwned, makes it likely that the data "could be aggregated from various sources." We started working to contact each person, one by one, to confirm their password. Most of the accounts are no longer registered with iMessage and could not be immediately reached. However, 10 people in total confirmed that their passwords were accurate, and as a result have now been changed.

According to the U.S. Patent and Trademark Office, Apple has filed a patent for an "Electronic accessory device." It describes a "thin" accessory that contains traditional laptop hardware like a large display, physical keyboard, GPU, ports and more -- all of which is powered by an iPhone or iPad. The device powering the hardware would fit into a slot built into the accessory. AppleInsider reports: While the accessory can take many forms, the document for the most part remains limited in scope to housings that mimic laptop form factors. In some embodiments, for example, the accessory includes a port shaped to accommodate a host iPhone or iPad. Located in the base portion, this slot might also incorporate a communications interface and a means of power transfer, perhaps Lightning or a Smart Connector. Alternatively, a host device might transfer data and commands to the accessory via Wi-Fi, Bluetooth or other wireless protocol. Onboard memory modules would further extend an iOS device's capabilities. Though the document fails to delve into details, accessory memory would presumably allow an iPhone or iPad to write and read app data. In other cases, a secondary operating system or firmware might be installed to imitate a laptop environment or store laptop-ready versions of iOS apps. In addition to crunching numbers, a host device might also double as a touch input. For example, an iPhone positioned below the accessory's keyboard can serve as the unit's multitouch touchpad, complete with Force Touch input and haptic feedback. Coincidentally, the surface area of a 5.5-inch iPhone 7 Plus is very similar to that of the enlarged trackpad on Apple's new MacBook Pro models. Some embodiments also allow for the accessory to carry an internal GPU, helping a host device power the larger display or facilitate graphics rendering not possible on iPhone or iPad alone. Since the accessory is technically powered by iOS, its built-in display is touch-capable, an oft-requested feature for Mac. Alternatively, certain embodiments have an iPad serving as the accessory's screen, with keyboard, memory, GPU and other operating guts located in the attached base portion. This latter design resembles a beefed up version of Apple's Smart Case for iPad.

WikiLeaks said on Thursday morning it will release new documents it claims are from the Central Intelligence Agency which show the CIA had the capability to bug iPhones and Macs even if their operating systems have been deleted and replaced. From a report on Motherboard: "These documents explain the techniques used by CIA to gain 'persistenc'' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware," WikiLeaks stated in a press release. EFI and UEFI is the core firmware for Macs, the Mac equivalent to the Bios for PCs. By targeting the UEFI, hackers can compromise Macs and the infection persists even after the operating system is re-installed. The documents are mostly from last decade, except a couple that are dated 2012 and 2013. While the documents are somewhat dated at this point, they show how the CIA was perhaps ahead of the curve in finding new ways to hacking and compromising Macs, according to Pedro Vilaca, a security researcher who's been studying Apple computers for years. Judging from the documents, Vilaca told Motherboard in an online chat, it "looks like CIA were very early adopters of attacks on EFI."

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.

Audacity, a popular open-source and cross-platform audio editor, has received a "maintenance" update that brings several improvements. Dubbed v2.1.3, the biggest new addition appears to be support for Windows 10 OS. For Mac users, Audacity now works in tandem with the Magic Mouse. "We now support Trackpad and Magic Mouse horizontal scroll without SHIFT key and Trackpad pinch and expand to zoom at the pointer," the release note says. We also have new "Scrub Ruler" and "Scrub Toolbar" scrubbing options in the application now. Read the full changelog here.

Apple paid no income tax to New Zealand's Inland Revenue Department for the last 10 years, according to an article shared by sit1963nz, prompting calls for the company to "do the right thing" even from some American-based Apple users. From the New Zealand Herald: Bryan Chaffin of The Mac Observer, an Apple community blog site founded in 1998...wrote that Apple was the largest taxpayer in the United States, but 'pays next to nothing in most parts of the world... [L]ocal taxes matter. Roads matter. Schools matter. Housing authorities matter. Health care matters. Regulation enforcement matters. All of the things that support civil society matter. Apple's profits are made possible by that civil society, and the company should contribute its fair share.'"
Apple's accounts "show apparent income tax payments of $37 million," according to an earlier article, "but a close reading shows this sum was actually sent abroad to the Australian Tax Office, an arrangement that has been in place since at least 2007. Had Apple reported the same healthy profit margin in New Zealand as it did for its operations globally it would have paid $356 million in taxes over the period."

"It is absolutely extraordinary that they are able to get away with paying zero tax in this country," said Green Party co-leader James Shaw. "I really like Apple products -- they're incredibly innovative -- but it looks like their tax department is even more innovative than their product designers."

The Raspberry Pi has outsold the Commodore 64 by selling north of 12.5 million boards in five years, becoming the world's third best-selling general purpose computer. "The Commodore 64, had, until recently, the distinction of being the third most popular general purpose computing platform," Eben Upton told a crowd at the fifth birthday party. "That's what I'm here to celebrate," he said, "we are now the third most popular general purpose computing platform after the Mac and PC." The MagPi Magazine reports: The Raspberry Pi Model 3 is the best-selling Raspberry Pi. This chart shows that Raspberry Pi 3 has accounted for almost a third of all Raspberry Pi boards sold. The Model 3 sits next to its immediate predecessor, the Raspberry Pi 2B+ (which has the same board shape but a slightly slower CPU). These two boards account for over half of all Raspberry Pi boards sold. The rest of the sales are between older models. The original Model A accounts for just 2 percent of sales. So keep one if you've got it as they're pretty rare. We should point out, before the Commodore fan club arrives, that there are discrepancies in the total number of sales of the C64. The 12.5 million figure comes from an analysis of serial numbers. This article by Michael Steil explains in detail why the 12.5 million number is accurate. We hold it to be the most accurate analysis of Commodore 64 sales (other opinions are available).

Hennepin County District Judge Gary Larson has issued a search warrant to Edina, Minnesota police to collect information on people who searched for variations of a crime victim's name on Google from Dec. 1 through Jan. 7. Google would be required to provide Edina police with basic contact information for people targeted by the warrant, as well as Social Security numbers, account and payment information, and IP and MAC addresses. StarTribune reports: Information on the warrant first emerged through a blog post by public records researcher Tony Webster. Edina police declined to comment Thursday on the warrant, saying it is part of an ongoing investigation. Detective David Lindman outlined the case in his application for the search warrant: In early January, two account holders with SPIRE Credit Union reported to police that $28,500 had been stolen from a line of credit associated with one of their accounts, according to court documents. Edina investigators learned that the suspect or suspects provided the credit union with the account holder's name, date of birth and Social Security number. In addition, the suspect faxed a forged U.S. passport with a photo of someone who looked like the account holder but wasn't. Investigators ran an image search of the account holder's name on Google and found the photo used on the forged passport. Other search engines did not turn up the photo. According to the warrant application, Lindman said he had reason to believe the suspect used Google to find a picture of the person they believed to be the account holder. Larson signed off on the search warrant on Feb. 1. According to court documents, Lindman served it about 20 minutes later.

A new Kickstarter campaign aims to expand the iPhone's functionality with its "Eye Smart iPhone Case," which features a fully functional Android device built into the case itself. The campaign was launched on March 1 and has already raised over $100,000. Mac Rumors reports: An always-on 5-inch AMOLED display is built into the case, which runs the Android 7.1 Nougat operating system. The case connects to the iPhone using its Lightning port to enable file transfers, power delivery, and more. A microSD card slot provides up to 256GB of storage for holding photos, videos, and other media, all of which is accessible using the Android file explorer. A built-in 2,800 mAh battery provides additional charge to the iPhone, and the Eye case itself supports Qi wireless charging. Two SIM card slots are included, and higher-end models support 4G LTE connectivity, so up to three phone numbers can be used with an iPhone. Android exclusive features, like native call recording, the file explorer, customization, file transfers, and Android apps are all made available to iPhone users via the Eye case. A 3.5mm headphone jack lets iPhone owners with an iPhone 7 or an iPhone 7 Plus to use wired headphones with the device, and the Eye case includes NFC, an IR blaster and receiver for controlling TVs and other devices, and a car mount. It's available for the iPhone 6 and later, and will allegedly be available for the new wave of iPhones coming in 2017 within a month of their release. The Smart iPhone Case is available for a Super early bird pledge of $95, with prices going up for 4G connectivity. The estimated retail price is between $189 and $229.

After WikiLeaks revealed data exposing information about the CIA's arsenal of hacking tools, Intel Security has released a tool that allows users to check if their computer's low-level system firmware has been modified and contains unauthorized code. PCWorld reports: The release comes after CIA documents leaked Tuesday revealed that the agency has developed EFI (Extensible Firmware Interface) rootkits for Apple's Macbooks. The documents from CIA's Embedded Development Branch (EDB) mention an OS X "implant" called DerStarke that includes a kernel code injection module dubbed Bokor and an EFI persistence module called DarkMatter. In addition to DarkMatter, there is a second project in the CIA EDB documents called QuarkMatter that is also described as a "Mac OS X EFI implant which uses an EFI driver stored on the EFI system partition to provide persistence to an arbitrary kernel implant." The Advanced Threat Research team at Intel Security has created a new module for its existing CHIPSEC open-source framework to detect rogue EFI binaries. CHIPSEC consists of a set of command-line tools that use low-level interfaces to analyze a system's hardware, firmware, and platform components. It can be run from Windows, Linux, macOS, and even from an EFI shell. The new CHIPSEC module allows the user to take a clean EFI image from the computer manufacturer, extract its contents and build a whitelist of the binary files inside. It can then compare that list against the system's current EFI or against an EFI image previously extracted from a system.

New submitter cryptizard writes: Modern Android and iOS versions include a technology called MAC address randomization to prevent passive tracking of users as they move from location to location. Unfortunately, researchers have revealed that this technology is implemented sporadically by device manufacturers and is often deployed with significant flaws that allow it to be easily defeated. A research paper [published by U.S. Naval Academy researchers] highlights a number of flaws in both Android and iOS that allow an adversary to track users even when their phones are using randomized MAC addresses. Most significantly, they demonstrate that a flaw in the way wireless chipsets handle low-level control messages can be exploited to track 100% of devices, regardless of manufacturer or operating system.

Google has launched Chrome 57 for Windows, Mac, and Linux. From a report on VentureBeat: Among the additions is CSS Grid Layout, API improvements, and other new features for developers. You can update to the latest version now using the browser's built-in silent updater, or download it directly from google.com/chrome. Chrome is arguably more than a browser: With over 1 billion users, it's a major platform that web developers have to consider. In fact, with Chrome's regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available. Chrome 57 implements CSS Grid Layout, a two-dimensional grid-based layout system for responsive user interface design. Elements within the grid can be specified to span multiple columns or rows, plus they can also be named so that layout code is easier to understand. The goal is to give developers more granular control, especially as websites are increasingly accessed on various screen sizes, so they can slowly move away from complex code that is difficult to maintain.

Sony has officially pushed out the PlayStation 4.5 System Update, codenamed "Susuke," which brings a new Boost Mode for PS4 Pro owners and lets PS4 owners download and install games directly to USB 3.0 hard drives up to 8TB in size. The INQUIRER reports: PS4 Pro owners are also being treated to a new Boost Mode, will offer improved performance for PS4 games released before the Pro console. "This feature has been designed to provide better performance for select legacy titles that have not been patched to take advantage of the PS4 Pro's faster CPU and its faster and double-sized GPU," Sony said in a blog post. "This can provide a noticeable frame rate boost to some games with variable frame rates, and can provide frame rate stability for games that are programmed to run at 30 Hz or 60 Hz." The PS 4.5 update brings an improved 2D mode to owners of Sony's PlayStation VR headset, which the firm claims will improve the resolution of the system screen displayed on your TV is significantly better when you're out of VR mode. The resolution of Cinematic Mode on PlayStation VR is also getting a boost, with Sony noting "if your PS VR screen size is set to Small or Medium, the frame rate of content viewed in Cinematic Mode goes up from 90Hz to 120Hz with this update." Other new features include added support for voice chat when using Remote Play on Windows, Mac or an Xperia device, an 'Off Console' icon that tells gamers when a friend is logged in but away from their device and updates to the PS Messages and PS Communities apps on iOS and Android.

An anonymous reader quotes Network World's report about new statistics from analytics vendor Net Applications: From March 2015 to February 2017, the use of Microsoft's IE and Edge on Windows personal computers plummeted. Two years ago, the browsers were run by 62% of Windows PC owners; last month, the figure had fallen by more than half, to just 27%. Simultaneous with the decline of IE has been the rise of Chrome. The user share of Google's browser -- its share of all browsers on all operating systems -- more than doubled in the last two years, jumping from 25% in March 2015 to 59.5% last month. Along the way, Chrome supplanted IE to become the world's most-used browser...

In the last 24 months, Mozilla's Firefox -- the other major browser alternative to Chrome for macOS users -- has barely budged, losing just two-tenths of a percentage point in user share. [And] in March 2015, an estimated 69% of all Mac owners used Safari to go online. But by last month, that number had dropped to 56%, a drop of 13 percentage points -- representing a decline of nearly a fifth of the share of two years prior.

"We want to create a Linux version of Skype that is as feature rich as the existing Skype on desktop and mobile platforms," read Thursday's announcement from Microsoft's Skype team. "Today, we're pleased to announce that we are ready to take the next step and promote Skype for Linux from Alpha to Beta." They're promising more than just better performance and bug fixes. "We have been listening to you and added in some of your top requests." Slashdot reader BrianFagioli shares the list:

• One-to-one video calls can be made from Linux to Skype users on the latest versions of Skype for Android, iOS, Windows, and Mac.
• Calls to mobiles and landlines with Skype credit.
• Linux users can now view shared screens from other Skype desktop clients (Windows 7.33 and above, Mac 7.46 and above).
• Unity launcher now shows the number of unread conversations.
• Online contacts in contact list now include Away and Do Not Disturb statuses.

Apple is losing its grip on American classrooms, which technology companies have long used to hook students on their brands for life. From a report on MacRumors: According to research company Futuresource Consulting, in 2016 the number of devices in American classrooms that run iOS and macOS fell to third place behind both Google-powered laptops and Windows devices. Out of 12.6 million mobile devices shipped to primary and secondary schools in the U.S., Chromebooks accounted for 58 percent of the market, up from 50 percent in 2015. Meanwhile, school shipments of iPads and Mac laptops fell to 19 percent, from about 25 percent, over the same period, while Microsoft Windows laptops and tablets stayed relatively stable at about 22 percent.

BrianFagioli quotes a report from BetaNews: As more and more consumers buy Mac computers, evildoers will have increased incentive to write malware for macOS. Luckily, users of Apple's operating system that choose to use Google Chrome for web surfing will soon be safer. You see, the search giant is improving its Safe Browsing initiative to better warn macOS users of malicious websites and attempts to alter browser settings. "As part of this next step towards reducing macOS-specific malware and unwanted software, Safe Browsing is focusing on two common abuses of browsing experiences: unwanted ad injection, and manipulation of Chrome user settings, specifically the start page, home page, and default search engine. Users deserve full control of their browsing experience and Unwanted Software Policy violations hurt that experience," says Google. The search giant further explains, "The recently released Chrome Settings API for Mac gives developers the tools to make sure users stay in control of their Chrome settings. From here on, the Settings Overrides API will be the only approved path for making changes to Chrome settings on Mac OSX, like it currently is on Windows. Also, developers should know that only extensions hosted in the Chrome Web Store are allowed to make changes to Chrome settings. Starting March 31 2017, Chrome and Safe Browsing will warn users about software that attempts to modify Chrome settings without using the API."

Apple said today it will kick off this year's Worldwide Developers Conference on June 5. Much like every year, the developer conference is the place where we can expect to see what's coming to iOS, macOS, watchOS, and tvOS later this year. This year, the event is being held in a different venue: the McEnery Convention Center in San Jose, the original home of WWDC. John Gruber, writing for DaringFireball: First, announcing early really helps people who have to travel long distances to attend, particularly those from outside the U.S. The San Jose Convention Center is the original home of WWDC -- that's where it was held from 1988 through 2002. (WWDC 2002 was the year Steve Jobs held a funeral for Mac OS 9 during the keynote.) San Jose is way closer to Apple headquarters. San Francisco is about an hour drive from 1 Infinite Loop. The San Jose Convention Center is only five minutes away from Apple's new campus. Schiller emphasized to me that this is a big deal: more Apple employees from more teams will be present, simply because they won't have to devote an entire day to being there. (This could be a particular boon to WWDC's developer labs, where attendees can get precious face time with Apple's engineers.)