NC #548 Alternote, Flash Your iPod Classic, Extract Application Icons

Review of Alternote, an alternative GUI for Evernote from alternoteapp.com, I tell you the saga of how it took Steve and I and all of our strength to put a flash drive into an iPod Classic, Dorothy wrote a script we’re sharing with the world to extract high resolution icon image from Applications we’re calling ExtractIcons. We also have a tiny little Automator script I wrote with my very own fingers to scale those images to any size you like and append the size information onto the image title. You can download ScaleImage too! And we have Bart Busschots; with us for Security Lite.


itunes
mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, one of the fine podcasts in the Podfeet Podcast Empire hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday November 8, 2015 and this is show number 548.

I have to say, whoever was in charge of reminding me to post Chit Chat Across the Pond as soon as I record it TOTALLY fell down on the job. It just got published a few hours before the NosillaCast! It was also suggested to me that I really should mention on the NosillaCast each week who the guest was on Chit Chat Across the Pond.

This week on CCATP #411 I was joined by Bart Busschots with Part 3 of X of his Programming By Stealth series. In this installment we start looking at HTML block elements. I knew a fair amount of this part but I’ve learned by hacking my way around so it’s great to get this foundational structure under my belt.

Last week on CCATP #410 (since I neglected to mention it) I had Mark Pouley of Twin Lakes Images on the show to talk about how he takes photographs that stand out as unusual even though what he’s photographing has been shot a zillion times. As an example he walked me through how he got this extraordinary photo of a duck standing on a log in the middle of Niagara Falls.

So far only about a third of you have subscribed to Chit Chat Across the Pond as a standalone podcast so maybe this will help remind you to do that if you’re interested. Bart pointed out that I still had only the NosillaCast on my page “Subscribe to the Podcasts” so I spent a bunch of time setting that up to s how you how to subscribe to the NosillaCast, Chit Chat Across the Pond and Taming the Terminal via iTunes, an RSS link and Stitcher Radio. I haven’t gotten approval on Taming the Terminal for Stitcher yet but I only submitted it this morning so that should come along shortly.

Now what else could be fun in a hectic week like this? How about changing out my blogging software? Yup, I did that too. I’ll talk about that more next week but it’s ben super fun learning a new tool and screwing things up in whole new ways. Ok, let’s dig into the NEW material for this week!

Blog Posts

Alternote Brings a Nicer Interface to Evernote

Flash Memory in an iPod Classic – Don’t Try This at Home

Extract Application Icons

Amazon plug

When I explained last week that the show is no longer sponsored, I mentioned that I’ll be relying on the kindness of the listeners, a whole bunch of you pushed the Paypal button under “Ways to Help the Show” on Podfeet.com. That was wonderful of you! That’s one way to help directly but if you can’t afford to do that, an easy way to help is to click the Amazon image in the left sidebar (that is NOT tracking you) and do your shopping in Amazon from there, and a small percentage goes to help the continued funding of the show. The holidays are upon us so it would really help out if you could use that link. Thanks in advance!

Security Lite with Bart Busschots

Security Medium – KeeFarce

A piece of malware that waits for you to unlock your KeePass vault, and then reads out all the data and phones home with it has captured a lot of media attention. The malware has been given the name KeeFarce.

You might assume this means there is some kind of flaw in KeePass, or, that this means we should stop using password vaults in general, but I think you would be wrong on both counts.

Firstly, while this particular piece of software is keyPass-specific, it is just one of a breed malware that targets password vaults. It’s a simple fact that it is IMPOSSIBLE to secure anything on a computer that is infested with malware. ALL ENCRYPTED VAULTS OF ANY KIND are vulnerable when your computer is infested with malware. Anything you can do, the malware can do too – and, if the malware manages to elevate it’s privileges, it may well be able to do MORE on your computer than you can! LastPass, 1Password, KeePass, TrueCrypt, VeraCrypt, encrypted disk images, you name it, they are ALL vulnerable when unlocked on an infected computer.

Remember, the way the attack works is that the malware sits silently on your computer, and waits for you to unlock your KeePass vault. Once you do, the malware springs to life and extracts all your usernames and passwords. It then uploads them to a server or place on the internet controlled by the attackers. The only way to read the content of an encrypted file is to decrypt it. The only way to decrypt it is with the key, and the key MUST be entered into the computer, so malware MUST be able to snatch the key.

If you’re KeePass user, this is absolutely no reason for changing to another vault.

So, given that vaults can’t protect us when our machines are hacked, shouldn’t we just stop using them? I would say not. Once your machine is infested, all bets are off. Every password you enter can be snagged, so even if they don’t get your vault, they’ll still get everything important. If you don’t use a vault, where will your keep your passwords? Your brain? Not possible! So, you’ll either have then written down next to your computer, or you’ll do one of the most dangerous things you can do on today’s internet – reuse the same few passwords all over the place. A password vault is not perfect, but it’s still much better than nothing at all!

This is another example of the seat-belt fallacy (as I call it) – abandoning password vaults because they can’t protect you when your computer is infected with malware is like not wearing a seatbelt because it can’t protect you if you drive off a cliff. Don’t let the fact that a password vault is no panacea put you off – it’s still a very good security tool!

Link: http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/

Security Light

Important Security News:

Notable Breaches:

Suggested Reading:

That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

Leave a Reply

Your email address will not be published.

Scroll to top