How much you really walk at CES, and the many faces of CES. We start playing our CES interviews with Mophie announcing their new Juice Packs for the iPhone 6 and 6+. Next we talked to the Lowes Innovation Labs about their OSHBot Robot and their virtual reality home improvement system using the Oculus Rift. I give my view on how maybe the Z-Wave Alliance could make home automation all play together. Allister Jenks gives us a tutorial (made with Clarify) on how to add Flickr to your WordPress website at http://zkarj.clarify-it.com/d/9g4rwa. In Chit Chat Across the Pond Bart starts explaining DNS to us in Taming the Terminal Part 27 of n.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday January 11, 2015 and this is show number 505.
Steve and I conducted THIRTY SEVEN interviews at CES. We’re struggling with how to get the content to you without overwhelming you and yet not taking forever to get them all out. I think what we’ve settled on is that Steve will render all the videos and get them up on Youtube, and then I’ll spoon feed them out on the blog throughout the coming weeks. On the podcast we’ll play the audio from those interviews that work well in audio only. There are some that are so visual that I’ll talk about them on the podcast but suggest you go watch rather than listen. For example there’s one of a guy riding a motocross bike by using his arms and legs with no bike there at all. Cool thing but the video really makes the interview. We’d better dig in and get started!
Everyone is excited that Mophie has finally come out with the Juice Packs for the iPhone 6 and 6+. They sure could have done a better job with the naming convention. How many people do you think will buy the Juice Pack Plus for their iPhone 6+’s and then find out it only fits the 6? Anyway, before you go out and buy a Mophie, you might want to stay tuned for an interview next week with Mobee who has a solution set that might be even better for you than the Mophie.
You can hear in this interview how weird the Oculus Rift was, the video is worth watching too so you can se how dorky I was! Check it out at lowesinnovationlabs.com
That’s enough interviews for this week. There’s lots more to come, Steve’s encoding like a maniac so if you want to watch the videos early just go over to Podfeet.com and get a head start.
Yesterday our good friend and frequent contributor and sometimes host of the NosillaCast, Allister Jenks told me about a cool plugin for WordPress that lets you embed your Flickr stream onto your website. He thought it might be fun for me. If you only want to have Flickr embedded on a single page, you only need the plugin called Flickr Justified. If you want to embed it onto the sidebar though you also need one called Shortcode Widget. As soon as I heard there were plugins into plugins I panicked and told him it was too hard. You know where this is going, right?
Allister undid his own installation, then launched Clarify and ran through the installation steps again so he could take screen snapshots, add some lovely rounded rectangle red boxes to highlight where I should be looking, and even one oval to really get fancy. He added a couple of sequence steps where things needed to be done in a certain order, then dropped in titles to the steps and added a short bit of explanations on each step. When he was done he pushed the share to Clarify-it.com website and he had a link to send me with perfect instructions. I followed along and it worked exactly as he showed me and I had no confusion in how to follow his steps.
I’m including a link in the shownotes to Allister’s How to Add Flickr to Your Sidebar tutorial over on clarify-it.com for you to enjoy. If you would like to be able to help people like this, or just get them off your back from asking the same questions over and over again, head over to clarify-it.com and give their free trial a spin. When you go to buy, remember you can buy it for Mac or Windows or even a slider license!
Chit Chat Across the Pond – Time: 23:45
Followup 1 – Did North Korea Hack Sony? Make up your own mind:
- The case AGAINST it having been North Korea (by Bruce Schneier) – http://www.theatlantic.com/international/archive/2014/12/did-north-korea-really-attack-sony/383973/
- The case FOR it having been North Korea (by Brian Krebs) – http://krebsonsecurity.com/2014/12/the-case-for-n-koreas-role-in-sony-hack/
- FBI Director James Comey said in a speech that North Korea ‘got sloppy’, exposing their involvement – http://arstechnica.com/security/2015/01/fbi-director-says-sony-hackers-got-sloppy-exposed-north-korea-connection/
Important Security Updates
Important Security News
- Apple used their ability to push updates to OS X pro-actively for the first time this month, patching a nasty bug in NTP – http://arstechnica.com/apple/2014/12/apple-automatically-patches-macs-to-fix-severe-ntp-security-flaw/
- gogo in-air wifi provider discovered clumsily forging *.google.com SSL certs – they say they are just trying to break into SSL for load balancing, but once you break SSL you break SSL – IMO this is a Man in the Middle attack, and the hail of criticism is 100% justified. You don’t need to know WHAT people are doing to manage bandwidth – http://arstechnica.com/security/2015/01/gogo-issues-fake-https-certificate-to-users-visiting-youtube/
- MoonPig take down their spectacularly badly designed API after 17 months of ignoring reports from a security researcher – https://nakedsecurity.sophos.com/2015/01/07/moonpig-takes-down-customer-data-leaking-apps-after-vulnerability-found/
- Security researcher finds a bug in how browsers deal with HTTP Strict Transport Security (HSTS) allowing tracking of users even when using private browsing modes – FireFox have already issued a partial patch, expect more browser updates to follow. Researchers have dubbed this new technique ‘HSTS super-cookies’ – http://arstechnica.com/security/2015/01/browsing-in-privacy-mode-super-cookies-can-track-you-anyway/
- Security researchers found a way to circumvent rate limiting on iCloud login attempts – this enabled brute-force attacks, but does not by-pass passwords – your best defence is still a strong password – http://www.macobserver.com/tmo/article/new-icloud-vulnerability-claims-to-circumvent-failed-password-limit-and-2-f – Apple have patched fixed the problem – http://www.intego.com/mac-security-blog/apple-patches-brute-force-password-cracking-security-hole-in-icloud/
- It seems that at least one member of the ‘Lizard Squad’ who rained on a lot of people’s Christmases by DDOSing gaming networks has been arrested – https://nakedsecurity.sophos.com/2015/01/01/have-the-cops-busted-one-of-the-lizard-squad/ – related: Brian Krebs has a long history with this group, some relevant posts for more context: http://krebsonsecurity.com/2014/12/cowards-attack-sony-playstation-microsoft-xbox-networks/, http://krebsonsecurity.com/2014/12/whos-in-the-lizard-squad/ & http://krebsonsecurity.com/2014/12/lizard-kids-a-long-trail-of-fail/
- RELATED – the Lizard Stresser (the DDOS platform that took out Sony & Microsoft’s gaming networks over Christmas) uses hacked home routers to execute the attacks – http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
- RELATED – the Lizard Stresser DDOSed 8chan – http://arstechnica.com/security/2015/01/8chan-related-sites-go-down-in-lizard-squad-powered-ddos/
- Twitter’s lack of a business plan bites again – users are now having brands added to their follow list against their will – http://www.macobserver.com/tmo/article/twitter-goes-over-to-dark-side-decides-who-youll-follow (RELATED – Twitter reportedly planning to have video ads auto-play a 6 second preview – http://adage.com/article/digital/twitter-s-video-plans-include-autoplay-ad-previews/296522/)
- Microsoft stops publishing advanced notification of patches to everyone who does not pay – https://nakedsecurity.sophos.com/2015/01/09/microsoft-discontinues-advance-notification-service-but-why/
- Spotlight opens images in emails even when a user configures Mail.app not to open images – this minor bug has been ridiculously over-reported. If you didn’t change the setting in Mail.app, this does not affect you, and that’s the vast majority of people! Also, this is being reported as exposing “private information”, that seems utterly OTT, it lets spammers know if an email was opened, and from what IP. I.e. it tells spammers exactly what they already know each time we open an email with an embedded image. Apple should fix this of course, but there is some serious crying of wolf going on here IMO – http://arstechnica.com/security/2015/01/spotlight-search-in-yosemite-exposes-private-user-details-to-spammers/
- Computer Researchers have reported on a very interesting hack that can allow an attacker with physical access to your computer to alter the firmware and hence create a very sticky root kit. Apple are reportedly already working on a fix. This is the kind of very theoretical stuff you really shouldn’t panic about BTW (oh, and it’s been given the cutesy name ‘Thunderstrike’, because it uses Thunderbolt, and all bugs seem to need a cute name these days) – https://nakedsecurity.sophos.com/2015/01/09/thunderstrike-new-mac-ueberrootkit-could-own-your-apple-forever%e2%80%8f/ & http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/
- A zero-day in almost all Asus routers has been reported. Thankfully the vulnerability requires the attacker to be on your network, so it’s not as bad as it could be. There is no patch yet, but all Asus router users should keep an eye out for a firmware update in the near future – http://arstechnica.com/security/2015/01/got-an-asus-router-someone-on-your-network-can-probably-hack-it/
- A great infographic from Information is Beautiful showing the relative scales of recent breaches: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/static/
- Banks reporting breach in some Chick-fil-A outlets – http://arstechnica.com/security/2014/12/us-banks-trace-credit-fraud-to-chick-fil-a-locales-in-possible-data-breach/
- OneStopParking.com appear to have been hit by the same gang that got so much card data from Target – http://krebsonsecurity.com/2014/12/target-hackers-hit-onestopparking-com/
- The UK’s Immobilise National Property Register website has been patched, having been vulnerable for a year, allowing would-be burglars to find the addresses for any valuables they might want to steal – https://nakedsecurity.sophos.com/2015/01/08/goldmine-for-burglars-hole-closed-in-immobilise-national-property-register/
- Latest Snowden revelation – NSA has VPNs in a ‘vulcan death grip’ – http://arstechnica.com/tech-policy/2014/12/nsa-has-vpns-in-vulcan-death-grip-no-really-thats-what-they-call-it/
- * Der Spiegel reports that NSA can access all Skype traffic – http://arstechnica.com/tech-policy/2014/12/newly-published-nsa-documents-show-agency-could-grab-all-skype-traffic/
- A good article describing the new secure-by-default Dark Mail system Levar Levinson is working on (among others) – http://arstechnica.com/security/2015/01/lavabit-founder-wants-to-make-dark-e-mail-secure-by-default/
- A cool list of sites that let you track cyber attacks in (near)real-time – http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/
- Can malware really cause terrible physical damage? YES! – https://nakedsecurity.sophos.com/2014/12/29/can-malware-and-hackers-really-cause-giant-physical-disasters/
- A journalist targeted by the Obama administration is suing the US government for using the USPS network to hack her computers – http://arstechnica.com/tech-policy/2015/01/going-postal-reporter-sues-government-for-spying-from-usps-network/
- US Hotels, led by the Marriot, are fighting to legalise wifi blocking so they can create a monopoly on wifi within their hotels – http://boingboing.net/2014/12/31/marriott-hotels-plans-to-block.html
- Google cause some controversy by releasing proof of concept code for a zero-day bug in Windows 8.1. They gave MS 90 days to fix the bug before releasing the full details (the bug is ‘only’ a privilege escalation bug, so there is no need to panic, but it is still serious) – https://nakedsecurity.sophos.com/2015/01/03/zero-day-in-windows-8-1-disclosed-by-google/
- FTC suing data broker for selling payday loan data to scammers – http://krebsonsecurity.com/2014/12/payday-loan-network-sold-info-to-scammers/
- A look inside CryptoWall 2.0, the next generation of ransomware: http://arstechnica.com/information-technology/2015/01/inside-cryptowall-2-0-ransomware-professional-edition/
Taming the Terminal Part 27 of n: DNS https://www.bartbusschots.ie/s/2015/01/10/taming-the-terminal-part-27-of-n-dns/
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at firstname.lastname@example.org, follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.