I was on three podcasts this week about the Apple announcements – check them out: the Daily Tech News Show with Scott Johnson and Veronica Belmont , the Mac Roundtable, and the SMR Podcast. I also did a guest Screencast for Don McAllister’s ScreenCasts Online all about Drop Shadow and AppDelete; watch the trailer at screenscastsonline.com. I describe how Apple gave me a fix (workaround) to my AppleTV problem, and I discuss our Sadomasochistic Relationship with Apple. Change the default behavior of a whole bunch of things in OSX using the GUI interface in donation ware Deeper from titanium.free.fr, makers of the awesome utility OnyX. In Chit Chat Across the Pond Bart breaks down the celebrity photo leaks and explains what actually happened and then after Security Lite he gives us a history lesson on World War I and how he used Google Earth to map out the progression over time of the defenses of Belgium, the National Redoubt. Read along and download the Google Earth file to play along as you listen at https://www.bartbusschots.ie/s/2014/09/14/antwerp-belgiums-national-redoubt
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday September 14, 2014 and this is show number 488. Well THIS has been a fun week, right? I’m actually not going to talk about the new iPhone 6, 6 Plus and Apple Watch, because I did three, count them THREE podcasts about it on Tuesday! It was grueling but after watching the 2 hour keynote (and enjoying the heck out of the streaming hiccups and the Chinese language translation) from 10-12, then I was on the Daily Tech News Show with Scott Johnson and Veronica Belmont at 1:30, then believe it or not we did a new Mac Roundtable from 3-5, I took a break for dinner, and then jumped back on Skype to do an episode of the SMR Podcast. The boys asked Terrance Gaines and I to come on to do the announcements justice. We finished up around 10pm and then I went outside, laid down on the patio and had some bourbon. I put links in the shownotes to all the shows – they’re equally fun and completely different so go check them all out!
As if that weren’t ENOUGH fun, I did a guest Screencast for Don McAllister’s ScreenCasts Online all about Drop Shadow and AppDelete. You can go watch the trailer to get you excited about it over at the link in the shownotes to screenscastsonline.com show number 469. I’ve been a busy little geek this week!
A while ago I mentioned a problem I was having with taking screenshots where when I shrank them up to fit on a web page, the quality degraded dramatically. I also mentioned that when I do the same thing inside Clarify, the screenshots look much better in their web-safe sizes. This week I contacted Trevor over at BlueMango Learning to ask him if he’s using some secret sauce, and all I got out of him was that he’s using a “high-quality resizing algorithm”. I’m not sure what he’s doing but it really does work so much better to use Clarify to take a screenshot, right click on it to resize, and then hold down the option key while you click the arrow and you can save it to disk. Heck, while you’re at it, have I mentioned it’s a great place to add some annotations too? Maybe throw in an arrow, a box, a circle or some text? I use Clarify for things way beyond their original intention because it’s just that good. Go download a free trial at clarify-it.com today!
Chit Chat Across the Pond – Time 27:40
The Celebrity Photo Leaks:
- A nice summary of the important points by Nik Cubrilovic – https://www.nikcub.com/posts/notes-on-the-celebrity-data-theft/
- Initially, people ASUMED the celeb photos were stolen using a (now fixed) vulnerability in the iCloud backup service. The service was not rate-limiting password guesses, so it could be used to brute-force weak passwords – http://thenextweb.com/apple/2014/09/01/this-could-be-the-apple-icloud-flaw-that-led-to-celebrity-photos-being-leaked/
- Apple investigated and released a statement saying they were targeted attacks and did not involved security vulnerabilities (my interpretation is that it was social engineering of some sort) – http://www.apple.com/pr/library/2014/09/02Apple-Media-Advisory.html
- Apple promise security improvements to iCloud – email notifications on iCloud restore (like those you already get on password restore and when a new device connects to your account), and more use of 2FA – http://www.macobserver.com/tmo/article/apple-ceo-says-better-icloud-security-coming-soon
- Unsurprisingly – cyber criminals soon capitalise on the lust of the masses and use the leaked photos to bait people into infecting themselves with all sorts of malware – http://arstechnica.com/security/2014/09/celeb-nude-photos-now-being-used-as-bait-by-internet-criminals/
- Related – how to enable 2FA – http://www.imore.com/how-enable-two-step-verification-your-apple-icloud-account
- Related – Ars do a piece describing how you can attack iPhones to extract data (key points, unless you are running an out-of-date version of iOS, need physical access and the phone’s unlock code or an iCloud password to extract data) – http://arstechnica.com/features/2014/09/ipwned-mining-iphones-icloud-for-personal-data-is-terrifying-simple/
- Related – Zdiarski release blog post describing how iOS 8 fixes many, but not all, of the weaknesses outlined in his recent paper – http://www.zdziarski.com/blog/?p=3820
- the web was awash with victim shaming – it’s not OK to blame the victims in any crime, and it’s not OK to go look up the photos because they exist. Dan Kaminsky lays out the why quite well – http://dankaminsky.com/2014/09/03/not-safe-for-not-working-on/
- The web was also awash with people giving bad advice – the worst of which was to stop backing up to iCloud. Security is all about balancing risks. Is the risk of your iCloud backup being compromised zero? Nope. Is the risk of catastrophic data loss zero? Nope! You have to balance those risks rationally, and I think the risk of data loss is far greater, so I think it’s dangerous to tell people to stop backing up automatically to iCloud – Gruber puts it well – http://daringfireball.net/2014/09/security_tradeoffs
Lessons to take away:
- always update to the latest iOS
- use strong passwords (defends against brute-force attacks)
- lie in your security questions (makes unauthorised password recovery harder)
- enable 2FA – our Apple IDs protect a LOT!
Important Security Updates:
- Patch Tuesday has been and gone with updates from MS & Adobe patching Flash, AIR, Windows, IE, Lync and more – http://krebsonsecurity.com/2014/09/critical-fixes-for-adobe-microsoft-software/
- FireFox makes it to version 32 – http://nakedsecurity.sophos.com/2014/09/03/firefox-32-0-fixes-holes-shakes-out-some-old-ssl-certs-introduces-certificate-pinning/
Important Security News:
- Security research reveals major privacy issues with Grindr App – you can locate every user! (supposed to only show how far away a user is, but API allows you to ask that Q for any point on earth, allowing triangulation) – if you live in a country where homosexuality is illegal or in danger of getting you beaten or killed, this could be a REALLY big deal – http://nakedsecurity.sophos.com/2014/09/01/grindr-app-has-privacy-issues-whos-surprised/
- MS vow to clean up Windows Store – http://nakedsecurity.sophos.com/2014/09/01/microsoft-vows-to-clean-away-misleading-apps-from-its-windows-store/
- List of 4.9 million Google usernames & passwords hits the web – Google say there was no compromise, likely a phishing DB – http://arstechnica.com/security/2014/09/google-no-compromise-likely-massive-phishing-database/
- WordPress preemptively resets 100K accounts that match those on the Gmail list: http://thenextweb.com/insider/2014/09/13/wordpress-preemptively-resets-100000-accounts-precaution-recent-gmail-password-leaks/
- * Microsoft held in contempt as they appeal decision by US court to oder MS to hand over data in a Dublin (Ireland) data centre – this case will have MASSIVE implications – one to watch – http://nakedsecurity.sophos.com/2014/09/11/microsoft-held-in-contempt-while-it-appeals-court-decision-in-customer-email-case/
- * Naked security explain why clicking on unsubscribe links in spam is a really bad idea – http://nakedsecurity.sophos.com/2014/09/04/5-things-you-should-know-about-email-unsubscribe-links-before-clicking/
- * demo of how you can use the cool Flir IR camera for iPhone to steal people’s PINS (and how to avoid your PIN being stolen) – http://www.macobserver.com/tmo/cool_stuff_found/post/how-to-use-a-flir-camera-to-steal-a-pin-code-and-how-to-stop-it
- Yahoo begins to share the extent of the pressure the US government put on online companies to facilitate their over-reaching surveillance – they were threatened with fines of a $0.25M EACH DAY – http://nakedsecurity.sophos.com/2014/09/12/us-government-threatened-yahoo-with-daily-250000-fines-over-user-data/
- New CA law makes it illegal to slip in a clause banning people from giving negative reviews (nick-named the Yelp Bill) – http://nakedsecurity.sophos.com/2014/09/12/yelp-bill-protects-californians-from-getting-pants-sued-off-over-reviews/
- International study finds 85% of mobile apps do not provide users with adequate information on the privacy implications of using the app – http://nakedsecurity.sophos.com/2014/09/12/85-of-apps-not-up-to-scratch-on-privacy-study-finds/
- Google nudge people away from old insecure browsers by reverting them to the old Google Search page – http://nakedsecurity.sophos.com/2014/09/05/why-is-google-sending-insecure-browsers-back-in-time/
Main Topic – Mapping Belgium’s National Redoubt with Google Earth – Time 51:34
I’m working in a large project which I hope to have ready at the end of the month in time for the 100th anniversary of the WW1 siege of Antwerp. I’m working on mapping the city’s key infrastructure as it was in 1914. The city has changed a lot, so that means mapping the massive fortifications around the city, the network of navigable rivers and canals, of railways, and city’s docks.
This project became practical when I discovered two things:
1) that McMaster university has creative commons copies of the 1911 Ordnance survey 1:100,000 scale maps for all of Belgium
2) you can overlay images in Google maps
This allows you to use Google Earth as a time machine!
While working on this bigger project I got very interested in the history of Belgium’s national redoubt, so I decided to do a separate project on that, and that’s today’s topic.
Read the post and follow along with Google Earth here while you listen: https://www.bartbusschots.ie/s/2014/09/14/antwerp-belgiums-national-redoubt
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at firstname.lastname@example.org, follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.