@gamingonlinux Does this mean that I'll finally be able to play #StardewValley on my #iPhone or #iPad with mods?

@zak @zenbrowser : a still unfixed vulnerability: if NOT using Touch ID, on some websites you may be able to sign in using a passkey WITHOUT authenticating locally - using biometrics or your passcode (screen unlock code).

‍ This vulnerability also exists WITH Touch ID set up, provided that "Password Autofill" is disabled.

BTW this vulnerability also permits access to:
• https://icloud.com
• https://account.apple.com
(When asked to provide your fingerprint, tap the X at the top right and tap in the "Email" field one more time).

This is a HUGE risk for people who do not want to use biometrics: if a thief grabs their iPhone when unlocked, or watches them enter their passcode and later steals their iPhone, the thief can use ALL of the owner's passwords and some of their passkeys stored in the "Passwords" app (formerly known as iCloud Keychain).

This increases the risks of theft as shown by WSJ's Joanna Stern in https://youtube.com/watch?v=QUYODQB_2wQ.

In addition, a (grand) child or anyone else who (shortly) borrows your iPhone/iPad may have access to more of your cloud-accounts than you're aware of.

Workaround if you don't want to use biometrics to unlock your iPhone/iPad (this does not fix any problem if a thief learns (or successfully guesses) your passcode (screen unlock PIN or password):

• Set up a Touch ID anyway, for example for your left pinky finger (if you're righthanded)

• Disable "iPhone Unlock" in "Touch ID and Passcode" (visible in the first screenshot).

• Use a safer password manager (such as KeePassium) than the Apple "Passwords" app (iCloud KeyChain).

In any case:

• Make sure that "Password Autofill" (in settings -> "Touch ID and Passcode") is set to ENABLED;

• When you enter your passcode in a public place (such as a bar, bus or train), make very sure that nobody gets to see you enter it.

N.a.v. een discussie met een Anonieme reageerder in https://security.nl/posting/879896: als je een QR-code scant, check dan altijd waar jouw browser naar toe gestuurd wordt.

(In https://www.security.nl/posting/879514/rant+-+onveiliginternetten_nl beschreef ik, naast de risico's bij http:// i.p.v. https://, de potentiële ellende bij het gebruik van URL-verkorters zoals "bit.ly" of "s.id" - zo'n verdachte bloedzuiger-domeinnaam moet je überhaupt niet willen bezoeken).

Als je op een iPhone of iPad de camera start en boven de QR-code houdt, zie je de domeinnaam van de website waar de browser naar toe gestuurd wordt als je akkoord gaat. Zie de eerste screenshot (druk op Alt in het plaatje voor meer info).

Twee problemen:

1) Je ziet *niet* of het om een https:// of om een http:// link gaat;

2) Als *niet* Safari maar een andere browser als standaard is ingesteld, zoals Firefox, zie je *in plaats van* de domeinnaam:
"Open in Firefox"
(Dan heb je dus geen idee).

De tweede screenshot is van een "app" die iedereen zélf kan maken; hoe beschreef ik vorig jaar (uitgebreid) in https://www.security.nl/posting/829026/iOS+QR-scanner%3A+DHZ%21.

Als de link met http:// begint (of zonder protocol begint, met als gevolg dat de meeste browsers er zelf http:// vóór zetten), vraagt die app of je het protocol in https:// wilt wijzigen vóórdat de link in de standaard browser wordt geopend (of, naar keuze, naar het klembord wordt gekopieerd).

@ErikSchouten73

6/10
This is the #Ipad Kensington Key Folio Pro K39357US.

This #Bluetooth chiclet #Keyboard is fantastic! It is sleek, responsive and feels modern. It also has a decent layout and doesn’t forget the right shift key like the previous Key Folio.

Once again it effortlessly connected to all of my iPaqs (111, 210, HX2495, HX2795b) and surprisingly also connected to my #Dell Axim X51V using Passkey 1234!

5/10
Next up is the #Ipad Kensington Key Folio K39294.

It’s a #Bluetooth 2.0 spill proof rubber covered #Keyboard that drove me crazy due to the right shift key being absent. LOL.

It’s connectivity was identical to the Freedom Pro. It easily connected to all of my iPaqs (111, 210, HX2495, HX2795b) and unfortunately refused to connect to any of my #Dell Axim X50 and X51 series.

2/10
Unfortunately after talking with people & reading up on the #Bluetooth protocol I learned that Bluetooth Classic (1, 2, & 3) is not compatible with the current Bluetooth LE (4, 5, etc.). I had no idea!

A new keyboard seemed doubtful and everyone I talked to suggested buying an old expensive #PocketPC or #PDA #Keyboard but then I got a great suggestion; get an old #Ipad keyboard.

Those are plentiful and cheap!