搜索结果：iCloud

This supplement documents the intellectual trajectory that led to the Category Mistake framework and the Forward-In-Time-Only (FITO) analysis presented in our recent arXiv papers. The ideas crystallized over fifteen years of research, conversation, and engineering practice -- beginning with a 2014 Stanford EE380 lecture on the physics of time in computing, sharpened through a 2016 email exchange with Leslie Lamport following a Papers We Love presentation of his seminal 1978 paper, and matured through the development of Open Atomic Ethernet (OAE). This document traces the concept development from its origins in the physics of entanglement and background-free time, through the recognition that Lamport's "happened-before" relation embeds a category mistake, to the practical engineering consequences documented in "Why iCloud Fails" and "What Distributed Computing Got Wrong." It is intended as archival supplementary material for future arXiv submission.

Internet privacy is increasingly important on the modern Internet. Users are looking to control the trail of data that they leave behind on the systems that they interact with. Multi-Party Relay (MPR) architectures lower the traditional barriers to adoption of privacy enhancing technologies on the Internet. MPRs are unique from legacy architectures in that they are able to offer privacy guarantees without paying significant performance penalties. Apple's iCloud Private Relay is a recently deployed MPR service, creating the potential for widespread consumer adoption of the architecture. However, many current Internet-scale systems are designed based on assumptions that may no longer hold for users of privacy enhancing systems like Private Relay. There are inherent tensions between systems that rely on data about users -- estimated location of a user based on their IP address, for example -- and the trend towards a more private Internet. This work studies a core function that is widely used to control network and application behavior, IP geolocation, in the context of iCloud Private Relay usage. We study the location accuracy of popular IP geolocation services compared against the pu

Smartphone manufacturer provided default features (e.g., default location services, iCloud, Google Assistant, ad tracking) enhance the usability and extend the functionality of these devices. Prior studies have highlighted smartphone vulnerabilities and how users' data can be harvested without their knowledge. However, little is known about manufacturer provided default features in this regard -- their usability concerning configuring them during usage, and how users perceive them with regards to privacy. To bridge this gap, we conducted a task-based study with 27 Android and iOS smartphone users in order to learn about their perceptions, concerns and practices, and to understand the usability of these features with regards to privacy. We explored the following: users' awareness of these features, why and when do they change the settings of these features, the challenges they face while configuring these features, and finally the mitigation strategies they adopt. Our findings reveal that users of both platforms have limited awareness of these features and their privacy implications. Awareness of these features does not imply that a user can easily locate and adjust them when needed

Apple recently published its first Beta of the iCloud Private Relay, a privacy protection service with promises resembling the ones of VPNs. The architecture consists of two layers (ingress and egress), operated by disjoint providers. The service is directly integrated into Apple's operating systems and therefore provides a low entry level barrier for a large user base. It seems to be set up for major adoption with its relatively moderate entry-level price. This paper analyzes the iCloud Private Relay from a network perspective and its effect on the Internet and future measurement-based research. We perform EDNS0 Client Subnet DNS queries to collect ingress relay addresses and find 1586 IPv4 addresses. Supplementary RIPE Atlas DNS measurements reveal 1575 IPv6 addresses. Knowledge about these addresses helps to passively detect clients communicating through the relay network. According to our scans, from January through April, ingress addresses grew by 20%. The analysis of our scans through the relay network verifies Apple's claim of rotating egress addresses. Nevertheless, it reveals that ingress and egress relays can be located in the same autonomous system, thus sharing similar

The email system is the central battleground against phishing and social engineering attacks, and yet email providers still face key challenges to authenticate incoming emails. As a result, attackers can apply spoofing techniques to impersonate a trusted entity to conduct highly deceptive phishing attacks. In this work, we study email spoofing to answer three key questions: (1) How do email providers detect and handle forged emails? (2) Under what conditions can forged emails penetrate the defense to reach user inbox? (3) Once the forged email gets in, how email providers warn users? Is the warning truly effective? We answer these questions through end-to-end measurements on 35 popular email providers (used by billions of users), and extensive user studies (N = 913) that consist of both simulated and real-world phishing experiments. We have four key findings. First, most popular email providers have the necessary protocols to detect spoofing, but still allow forged emails to get into user inbox (e.g., Yahoo Mail, iCloud, Gmail). Second, once a forged email gets in, most email providers have no warnings for users, particularly on mobile email apps. Some providers (e.g., Gmail Inbox)

File synchronization services such as Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc., are becoming increasingly popular in today's always-connected world. A popular alternative to the aforementioned services is BitTorrent Sync. This is a decentralized/cloudless file synchronization service and is gaining significant popularity among Internet users with privacy concerns over where their data is stored and who has the ability to access it. The focus of this paper is the remote recovery of digital evidence pertaining to files identified as being accessed or stored on a suspect's computer or mobile device. A methodology for the identification, investigation, recovery and verification of such remote digital evidence is outlined. Finally, a proof-of-concept remote evidence recovery from BitTorrent Sync shared folder highlighting a number of potential scenarios for the recovery and verification of such evidence.

The recent introduction of Find My app by Apple will open a large window of opportunities for whistleblowers. Based on a short range Bluetooth signals, an EC P-224 encryption, and an end-to-end encrypted manner using iCloud Keychain, Find My app is probably the first application broadcasting a large number of anonymous public key on this scale. Hence, this new Apple's application may introduce a revolution in secret communication, if we divert it from its primordial use and transform it into a powerful tool to put in the hands of whistleblowers. By using Find My app and an entity authentication protocol based on artificial intelligence, our goal is to make mass surveillance and kleptographic backdoors ineffective in the lifting of the whistleblower's anonymity. However, in some case, Find my app may also be a powerful tool in the hands of dictatorships governments in their fight against whistleblowers and political adversaries. Thus, the aim of this paper is to show with simple examples, how these two previous situation can happen.

High availability is no longer just a business continuity concern. Users are increasingly dependant on devices that consume and produce data in ever increasing volumes. A popular solution is to have a central repository which each device accesses after centrally managed authentication. This model of use is facilitated by cloud based file synchronisation services such as Dropbox, OneDrive, Google Drive and Apple iCloud. Cloud architecture allows the provisioning of storage space with "always-on" access. Recent concerns over unauthorised access to third party systems and large scale exposure of private data have made an alternative solution desirable. These events have caused users to assess their own security practices and the level of trust placed in third party storage services. One option is BitTorrent Sync, a cloudless synchronisation utility provides data availability and redundancy. This utility replicates files stored in shares to remote peers with access controlled by keys and permissions. While lacking the economies brought about by scale, complete control over data access has made this a popular solution. The ability to replicate data without oversight introduces risk of a

Oblivious RAM (ORAM) protocols are powerful techniques that hide a client's data as well as access patterns from untrusted service providers. We present an oblivious cloud storage system, ObliviSync, that specifically targets one of the most widely-used personal cloud storage paradigms: synchronization and backup services, popular examples of which are Dropbox, iCloud Drive, and Google Drive. This setting provides a unique opportunity because the above privacy properties can be achieved with a simpler form of ORAM called write-only ORAM, which allows for dramatically increased efficiency compared to related work. Our solution is asymptotically optimal and practically efficient, with a small constant overhead of approximately 4x compared with non-private file storage, depending only on the total data size and parameters chosen according to the usage rate, and not on the number or size of individual files. Our construction also offers protection against timing-channel attacks, which has not been previously considered in ORAM protocols. We built and evaluated a full implementation of ObliviSync that supports multiple simultaneous read-only clients and a single concurrent read/write cl

While personal cloud storage services such as Dropbox, OneDrive, Google Drive and iCloud have become very popular in recent years, these services offer few security guarantees to users. These cloud services are aimed at end users, whose applications often assume a local file system storage, and thus require strongly consistent data. In addition, users usually access these services using personal computers and portable devices such as phones and tablets, which are upload bandwidth constrained and in many cases battery powered. Unity is a system that provides confidentiality, integrity, durability and strong consistency while minimizing the upload bandwidth of its clients. We find that Unity consumes minimal upload bandwidth for compute-heavy workload compared to NFS and Dropbox, while uses similar amount of upload bandwidth for write-heavy workload relative to NBD. Although read-heavy workload tends to consume more upload bandwidth with Unity, it is no more than an eighth of the size of blocks replicated and there is much room for optimization. Moreover, Unity provides flexibility to maintain multiple DEs to provide scalability for multiple devices to concurrently access the data wi

The volume of personal information and data most Internet users find themselves amassing is ever increasing and the fast pace of the modern world results in most requiring instant access to their files. Millions of these users turn to cloud based file synchronisation services, such as Dropbox, Microsoft Skydrive, Apple iCloud and Google Drive, to enable "always-on" access to their most up-to-date data from any computer or mobile device with an Internet connection. The prevalence of recent articles covering various invasion of privacy issues and data protection breaches in the media has caused many to review their online security practices with their personal information. To provide an alternative to cloud based file backup and synchronisation, BitTorrent Inc. released an alternative cloudless file backup and synchronisation service, named BitTorrent Sync to alpha testers in April 2013. BitTorrent Sync's popularity rose dramatically throughout 2013, reaching over two million active users by the end of the year. This paper outlines a number of scenarios where the network investigation of the service may prove invaluable as part of a digital forensic investigation. An investigation me

As a fundamental communicative service, email is playing an important role in both individual and corporate communications, which also makes it one of the most frequently attack vectors. An email's authenticity is based on an authentication chain involving multiple protocols, roles and services, the inconsistency among which creates security threats. Thus, it depends on the weakest link of the chain, as any failed part can break the whole chain-based defense. This paper systematically analyzes the transmission of an email and identifies a series of new attacks capable of bypassing SPF, DKIM, DMARC and user-interface protections. In particular, by conducting a "cocktail" joint attack, more realistic emails can be forged to penetrate the celebrated email services, such as Gmail and Outlook. We conduct a large-scale experiment on 30 popular email services and 23 email clients, and find that all of them are vulnerable to certain types of new attacks. We have duly reported the identified vulnerabilities to the related email service providers, and received positive responses from 11 of them, including Gmail, Yahoo, iCloud and Alibaba. Furthermore, we propose key mitigating measures to de

A new technique could solve one of the biggest challenges in making future computer chips from ultrathin materials。 Researchers found that coating molybdenum disulfide with oxygen or fluorine lets manufacturers remove just the top layer of atoms much more safely during plasma processing。 The result is a cleaner, more controlled path toward smaller

On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs. Given the complexity of today's OSes, less clear is whether such isolation is effective against different kind of cross-app resource access attacks (called XARA in our research). To better understand the problem, on the less-studied Apple platforms, we conducted a systematic security analysis on MAC OS~X and iOS. Our research leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Stores, to gain unauthorized access to other apps' sensitive data. More specifically, we found that the inter-app interaction services, including the keychain, WebSocket and NSConnection on OS~X and URL Scheme on the MAC OS and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote. Further, the design of the app sandbox on OS~X was found to be vulnerable, exposing an app's private directory to the sandboxed malware that hijacks its Apple Bundle ID. As a result,

Although it's on the smaller side, this electric vehicle is not very chill

Scientists have found that staple-shaped particles can tangle together to create a material that is both strong and flexible。 Unlike conventional materials, these particles can be locked into a sturdy structure or rapidly unraveled using vibrations。 The unusual behavior could open the door to recyclable buildings, reconfigurable structures, and eve

Astronomers may be closing in on a long-standing cosmic mystery: why some of the universe’s biggest galaxies seem to have far fewer stars than expected。 Using NASA- and JAXA-supported XRISM observations of a galaxy called NGC 4151, researchers found strong evidence that supermassive black holes can unleash powerful winds that blow away the raw mate

A bold claim that the universe’s accelerating expansion was an illusion has been put to the test—and failed。 Researchers found that the study behind the controversy made key mistakes when analyzing supernova data。 After revisiting the evidence, astronomers concluded that cosmic acceleration remains as strong as ever

Using the Keck Observatory, astronomers measured the spins of dozens of giant planets and brown dwarfs orbiting distant stars。 They found that giant planets can spin faster than much more massive brown dwarfs, challenging simple assumptions about mass and rotation。 The results suggest that magnetic fields and formation processes play a major role i