I bit the bullet this week and turned on two-factor authentication for both my NosillaCast Google Account and my Apple ID. It was an “interesting” adventure in the same vein as the Chinese curse, “May you have interesting times.” The two experiences were really different and I’m not sure which one was better. In-between those two discussions we’ll cleanse our palettes with a discussion of David Sparks new Hazel Video Field Guide. After we’re done with the two-factor discussion, Bart joins us for Security Bits.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday May 29, 2016 and this is show number 577.
Before we get too far into the show I wanted to make sure I tell you about my upcoming schedule. I’m going off on vacation again, this time for a week in Palm Springs with Steve’s family. I decided that I’d abused Allister and Bart enough when I went to Hawaii so I’m going to make this work by myself this time and still not miss a show.
Next week’s show will come out early on Thursday June 2nd, so there will not be a live show on Sunday June 5th. The following week I’ll be in town for a couple of days before Sunday so we’ll be back to our regularly scheduled program. It’s going to be a bit of a pull to get shows out with only a couple of days of prep time but I’m up for the challenge and I’ve got a few things up my sleeves to make it happen.
This week on Chit Chat Across the Pond, Bart was back with Lesson 15 of Programming By Stealth, where we get into Javascript Functions. It was fun but a bit hard on Allison’s old noggin as the propeller beanie got a bit tight. Bart kept at it till we got the concepts in, though! Hope you’re enjoying that series as much as I am.
Blog Posts
Google Two-Factor Authentication – Not as Painless as I’d Hoped
Cleanse our Palettes:
Hazel Video Field Guide by MacSparky
Back to two-factor authentication:
Apple 2-Factor Authentication – Now With Fewer Paper Cuts
Security Bits
Important Security Updates
- Apple release a slew of security updates:
- iOS 9.3.2 – support.apple.com/…
- Fixes Bluetooth issues on iPhone SE
- Some 9.7" iPad Pro users experiencing 'error 56' – Apple confirmed that the problem is real, and pulled the update that one iPad model – www.imore.com/…
- OS X 10.11.5 & Security Update 2016-003 – support.apple.com/…
- Safari 9.1.1 – support.apple.com/…
- iTunes 12.4 – support.apple.com/…
- tvOS 9.2.1 – support.apple.com/…
- Watch OS 2.2.1 – support.apple.com/…
- Symantec released updates to their Symantec and Norton branded AV products across all platforms to fix a critical security vulnerability that allowed for remote code execution with admin/root privileges – www.macobserver.com/…
- Adobe have patched a remote code execution bugs in Connect for Windows – www.us-cert.gov/…
Important Security News
- Reuters are reporting that the Burr Feinstein bill is dead, and nothing more will happen in congress on encryption this year – www.reuters.com/…
- Windows 7 & 8 users beware – Microsoft have made it almost impossible not to upgrade to Windows 10, whether you want to or not. Clicking the X at the top of the upgrade prompt now ACCEPTS the upgrade! (Editorial by Bart: if have any muggle friends, warn them about this) – www.bbc.com/…
- Google have announced that they will be further cutting down on Flash in their Chrome browser this Fall – by default, Chrome will pretend not to have flash installed at all, so any site that can use HTML5 will. For sites that need flash, the user will get an option to enable Flash for that domain, and their choice will be remembered – nakedsecurity.sophos.com/…
- Research by security firm Compaas found that people are still putting sensitive data into publicly available documents on cloud services like Google Docs and Dropbox – this data can be searched for on Google, a technique known as 'Google Dorking' – be careful what you share! – arstechnica.com/…
- A Study by Stanford University finds, yet again, that phone metadata is very revealing indeed – nakedsecurity.sophos.com/…
- A US District Court Judge has rejected FireFox's request for details on the FireFox vulnerability apparently used to hack TOR users as part of a child porn investigation – nakedsecurity.sophos.com/…
- The same judge went on to exclude all evidence gathered through this hack because the government will not reveal their code – making a fair and robust defence impossible – nakedsecurity.sophos.com/…
- 5 years of DHS audits have revealed that the TSA is terrible at cyber security – www.engadget.com/…
- RELATED – the TSA handed Eric Cheng's MBP to a total stranger in LAX, neither the TSA, or the LAX Airport Police did anything to help get the computer back (Editorial by Bart: never travel with an un-encrypted computer, and always take a full backup before you travel) – www.echeng.com/…
- The crime gang behind the Tesla Crypt ransomeware have revealed the master key, allowing victims to decrypt their drives (the ransomeware product was being wound down, and a security researchers asked them to do this, and they agreed) – nakedsecurity.sophos.com/…
- Adobe will shortly be releasing an update to their Creative Cloud products to remove their reliance on Apple's Quicktime for Windows, which is not abandoned and has known security holes – blogs.adobe.com/…
- Microsoft are updating their cloud products to prevent people from using commonly used passwords – but they still have some work to do – ATM, Pa$$w0rd gets by their filter – arstechnica.com/…
Notable Breaches
- RunKeeper has acknowledged a bug that shared location data with ad services, and pushed out updates to fix the problem – arstechnica.com/…
- LinkedIn's 2012 breach just got bigger! At the time there were 'only' 6.5M hashed but not salted passwords leaked, now, there are 117M email/password combinations on sale (Editorial by Bart: if you have a LinkedIn account, and didn't change your password after the 2012 breach, you need to do so now. If you re-used that password anywhere else, you need to change it there too) – nakedsecurity.sophos.com/…
Suggested Reading
- "Why you can’t trust things you copy and paste from web pages" – nakedsecurity.sophos.com/…
- "My anti-virus is up to date so I am protected, right?" – nakedsecurity.sophos.com/…
- Misconfigured AV software endangers patient's life during a heart procedure – arstechnica.com/…
- Apple Controversially rejects app that tests if your phone has been secretly jail broken – www.intego.com/…
- Google comes under fire for defaulting to not encrypting their new Allo messaging services – arstechnica.com/…, www.buzzfeed.com/… & daringfireball.net/…
- Ransomeware hit hospital refuses to pay second ransom – nakedsecurity.sophos.com/…
That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community and our Facebook group at podfeet.com/facebook. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time except NOT NEXT WEEK, and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.
Found it interesting that Bart was schooling Allison on the lectern length for U.S. Senators. Which one is the American again?
Allison’s discussion of two factor authentication was interesting and valuable.
Term length not lectern length. I have no interest in how long any Senators lectern is.