#532 Apple Secures Your Sensitive Data, Teaching a Young Boy About Science, Hackers Getting Hacked, Serenity Caldwell from iMore on Home Automation

Live show will be on Saturday at 3pm Pacific Time on 25 July as I’ll be on vacation on Sunday. There will be no live show on Sunday 2 July. I was on the SMR Podcast on Episode #262 entitled Little Community and the Daily Tech News Show Episode 2538 entitled Amazon is Past Its Prime Day this week. Learn how I lost all my Apple Watch activity data but that it was because Apple really does protect our private data. I’ve started teaching a young boy a bit about electricity and magnetism and it’s making a difference to him and his mom. Bart joins us but JUST to talk security. He tells about the hackers getting hacked this week, gives us some Security Lite and Important Security News. Then for Chit Chat Across the Pond we’re be joined by Serenity Caldwell from imore.com.


itunes
mp3 download


Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday July 19, 2015 and this is show number 532. This week’s show is going to be formatted a little bit differently. I’ve got a couple of stories for you, then Bart is going to join us but JUST to talk security with us. He’s going to talk about the hackers getting hacked this week, give us some Security Lite and Important Security News. Then for Chit Chat Across the Pond we’ll be joined by Serenity Caldwell from iMore. Next week Bart will be back to join us along with Steve Sheridan for a special episode of Chit Chat Across the Pond.

Before I forget, next week’s live show will be on SATURDAY, not Sunday at 3pm Pacific Time. I’m going on vacation for a week (I know, “what’s vacation when you’re retired?” And “didn’t you just get back from India?”) so I wont’ be around on Sunday. Allister Jenks will be doing the show that will air the weekend of August 2nd so there will be NO live show on August 2nd. If you’ve been meaning to do a recording for the show, dust off that microphone and send it in! You can send them to me and I’ll forward them on to Allister for inclusion in the show. If you buy the NosillaCast App, you will get notifications of these changes!

Before we get started I wanted to tell you about a couple of shows I was on this week. First I was on the SMR Podcast on Episode #262 entitled Little Community. Robb was out so I joined Rod Simmons and Chris Ashley and we had such a blast! If you haven’t heard the show before go check it out, what a great geek time. On Thursday I was on the Daily Tech News Show Episode 2538 entitled Amazon is Past Its Prime Day. Tom and I talked about whether the desktop Office suite is dead, go check it out. Ok, now let’s jump into the show!

Blog Posts

Apple Really Does Protect Your Health Data

I Wonder What Would Happen If…

Clarify

image_capture showing the tricky item in the bottom cornerI’m a member of a local user group in town but I don’t attend the meetings. I do like to read people’s questions that they send in email though mostly because I just enjoy the heck out of knowing the answer to a problem and helping someone along the way. This week a gentleman named Michael was complaining about Apple Photos and how he HAD to use it and how he couldn’t use iPhoto any more. I explained in one response that iPhoto is still there and you can still use it. He explained back that his workflow has been stolen by Photos though because Photos keeps opening. I suspected the problem was that his default setting was to open Photos when inserting his memory card, camera, or phone. I explained that simply changing the behavior in Image Capture would fix his problem. He wrote back that it didn’t work.

I finally did what I should have done in the first place. I whipped open Clarify, inserted a memory card, opened Image Capture, took 3 screenshots, put an arrow pointing to the upwards-facing teeny tiny disclosure triangle that lets you see the control of what happens when you insert a device, and showed him that you could indeed still choose iPhoto to open. I put a couple of words in to explain that you do have to insert the device to be able to get access to these controls.

This wasn’t a masterpiece I really needed to post online so I simply went to Edit and chose Copy Document to Clipboard and chose Text and Images, and then pasted it into the email and hit send. This took far less time than I’d spent with Michael going back and forth in words! I wanted to read to you what he wrote back:

Ahhhhh, Thank you Allison : ) Yes I did try the Image Capture thing in response to your first email, but I *think* I may have not had the SD card plugged in at the time, and perhaps it sets the options per device? Either way, your illustrations were perfect THANK YOU. How wonderfully kind of you, your patience penetrated my frustration, you’re awesome. Have I said thank you enough? Just in case: THANK YOU AGAIN!

If that isn’t a good enough testimonial, I don’t know what will get you to go over the clarify-it.com and download the free trial for Mac or Windows or both.

Security With Bart

Security Medium – When the Hackers get Hacked

An Italian security company called Hacking Team were themselves hacked, and 400GB of data exfiltrated. It takes time to analyse that much data, so there has been a steady stream of revelations since the new of the hack broke on the 6th of July, and that stream is still on-going.

Because this is a story that is likely to run and run, Ars Technica have created a “series” for the story on their site – basically, a single page where they continue to list all their stories related to the hack – http://arstechnica.com/series/hackingteamhacked/

Practical Consequences of the Hack – VULNERABILITIES!

So far, four zero-days have been found in the leaked data:

All these Flash problems, hot on the heals of other Flash problems, have had an effect on the IT community as a whole, and re-invigorated the debate on Flash.

Software makers like Apple and FireFox again blocked vulnerable versions of Flash, protecting users, and highlighting the issue at the same time. The web was full of people describing how easy it is now to live without Flash, and FaceBook’s new Chief Security Officer went so far as to call on all the browser manufacturers to get together and choose a date on which they will all disable Flash. System76, a PC maker who sell computers running Ubuntu went so far as to announce that they are abandoning Flash because it is just too dangerous.

Links:

There has also been an un-related development regarding Flash’s future – it has been revealed that Adobe has been working with Google to harden Flash, making it more difficult to turn bugs into usable exploits. There have been two architectural changes made to Flash that would have neutered most of the recent flash exploits:

  1. (only on Chrome today, but coming to all versions of Flash later this summer) heap partitioning – storing different kinds of data in separate regions of memory provides protection against both buffer-overflow and use-after-free exploits. Both have featured in recent Flash zero-days.
  2. Adobe has also added protections around Vector objects, a part of Flash’s internals that has been successfully exploited in the recent past

More details: http://arstechnica.com/security/2015/07/zero-day-attacks-exploiting-flash-just-got-harder-thanks-to-new-defenses/

Political Fallout

Although not nearly as significant as the Snowden revelations, this hack gives us mere citizens a view into the kind of private-sector companies our governments are paying to do their dirty work for them (with our money!). These private companies are normally shrouded in secrecy, though they do of course publicly insist they are very ethical and would never provide services to repressive regimes or terrorists or anything like that.

We now know this private firm was selling hacking tools to all sorts of governments and groups, not just western ones, in places like Egypt, Russia, Saudi Arabia, Bahrain, the United Arab Emirates, Azerbaijan, Kazakhstan, and Uzbekistan.

We can now see how these companies pay hackers big money for zero-day exploits, which they then keep secret from the software vendors, preventing them from getting patched, and ensuring ordinary people like us are vulnerable to their dubious customers for as long as possible.

These revelations raise questions like whether it is appropriate for western governments to use tax payer money to keep citizens intentionally insecure.

It’s important to note that this company is not some kind of one-off, they are just one example of an entire secretive industry that’s providing these kinds of services to governments and other groups all around the world.

Some ‘highlights’:

Security Light

Important Security Updates:

Important Security News:

Notable Breaches:

Suggested Reading:

Chit Chat Across the Pond

Serenity Caldwell of iMore joins us to talk Home Automation. Questions I asked Serenity include:

Can you give us a state of the union on Home Automation?

  • Is there a standard yet?
  • Is it too soon to get into it?
  • Still time for only baby steps?
  • Explain HomeKit to me
  • What did we hope would be announced at WWDC and what really happened?
  • Can you talk to why Apple requires certification for HomeKit products?
    • I’ve heard about end-to-end hardware encryption – can you explain? And things WEREN’T encrypted before HomeKit?
  • What devices have you used so far that you recommend?
  • How do you feel about locks in Home Automation?
    • Queasy feeling or can be trusted?

    You’re a roller derby fanatic, and been disappointed in whether you get credit for your workouts from Apple Watch, why doesn’t “other” work for that?

    Plugs: http://imore.com, @settern on Twitter, settern on Instagram and The Incomparable Podcast with Jason Snell at theincomparable.com

    That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

    Leave a Reply

    Your email address will not be published.

    Scroll to top