What would make not one but two Macs suddenly have their screens go black? We’ll unravel that mystery along with a Dumb Question from John Ornsby asking if it’s ok to partially turn off System Integrity Protection (SIP). I’ll give you a review of the Tenba DNA 8 Messenger Bag and then we’ll close out the show with Security Stuff from Bart Busschots.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Tuesday December 29, 2015 and this is show number 555. I hope you had a safe and happy holiday and got lots of fun tech gifts! If you got something fun and want to tell everyone about it, we’d love a recording for the show! If it’s your first time, check out the link in the shownotes on how to record your own review. I give you guidelines on how long to make them and how to send them to me.
In Chit Chat Across the Pond this week, Bart Busschots continued his series Programming By Stealth with installment 5 on HTML Images and Links. Remember you have to subscribe separately to Chit Chat Across the Pond so you don’t miss it!
I want to start the show with a harrowing tale of a technical disaster that turned into a giant success story.
Blog Posts
What Would Make TWO Macs Go Black Screen?
Dumb Question Corner – Is it ok to partially turn off System Integrity Protection?
Tenba DNA 8 Messenger Bag – Perfect for Mirrorless Cameras
Security Stuff with Bart Busschots
Important Security Updates
- Apple patch all their OSes – arstechnica.com/…
- Adobe release security update for Flash – www.intego.com/…
- In a massive patch Tuesday, Adobe & Microsoft each plug over 70 security holes – krebsonsecurity.com/…
- Of particular importance is a patch to Outlook, fixing a dangerous exploit that has been named 'letterbomb' – arstechnica.com/…
- Microsoft warn of possible attacks after the private key for an Xbox live cert was leaked – nakedsecurity.sophos.com/…
Important Security News
- Oracle settle with the US FTC over Java's deceptive security patches (patching Java did not actually remove all old versions of Java, leaving users vulnerable) – arstechnica.com/…
- To help illuminate the realities of internet censorship, and new HTTP response code has been agreed – a HTTP 451 response means the content was blocked for legal reasons – nakedsecurity.sophos.com/…
- Grindr is being used to lure gay men to pre-assigned meeting places where they are then robbed in the UK. This could happen anywhere though, with any 'dating' app – nakedsecurity.sophos.com/…
- Naked security warn that malware is getting smarter about exploiting MS office, so it is ever more important to keep Office patched – nakedsecurity.sophos.com/…
- Jailbroken iPhones in China getting infected with TinyV iOS Trojan – www.intego.com/…
- PSA: US Drone owners beware – you must now register your drone with the FAA – www.imore.com/…
Notable Breaches
- Hyatt Hotels report a malware-driven credit card breach – krebsonsecurity.com/…
- Password theives buy e-GiftCard from Gyft – krebsonsecurity.com/…
- 'Unauthorised Code' present in Juniper products since 2012 allows for the decryption of VPN traffic, and provides a back-door into firewalls – arstechnica.com/… & arstechnica.com/…
- Apparent card breach at Landry's Restaurants – krebsonsecurity.com/…
- Card skimmers found at some California and Colorado Safeways – krebsonsecurity.com/…
- Security rEsearchers discover a data leak in Target's wishlist app – arstechnica.com/…
- A rookie mistake (failing to secure the standard MongoDB port) exposes the details of 13m MacKeeper users – arstechnica.com/…
- Hzone, a dating app for HIV+ people decided to respond to security researchers trying to inform them about a data leak by threatening to infect them and their families with HIV (also appears to be a failure to secure MongoDB) – nakedsecurity.sophos.com/…
- Hello Barbie servers found to be vulnerable to now 14 month old POODLE bug – arstechnica.com/…
Suggested Reading
- A nice FAQ from Ars Technica on the whole encryption debate – arstechnica.com/…
- Good advice from c|net for securing your iOS devices – www.cnet.com/…
- Good advice for US citizens to avoid being the victim of Tax Refund Fraud in January – krebsonsecurity.com/…
- Apple petition the US government to change the wording of their controversial "Investigatory Powers Act" AKA "Snooper's Charter" – www.imore.com/…
- The FBI admits to using Stingrays and zero-day exploits – arstechnica.com/…
- Twitter warns dozens of users that they may be being targeted by state-sponsored hackers – arstechnica.com/…
- Research finds that many banking apps on iOS still leave a lot to be desired security-wise – nakedsecurity.sophos.com/…
- The Intercept reveal a secret catalogue of cellphone spying equipment on sale to law enforcement – arstechnica.com/…
- Germany comes to an agreement with Facebook Google & Twitter to delete hate speech within 24 hours – nakedsecurity.sophos.com/…
- How a bug in some FireEye firewalls could allow an entire corporation to be compromised with a single specially crafted malicious email – arstechnica.com/…
- The DNS infrastructure withstood a huge DDoS attack – nakedsecurity.sophos.com/… & arstechnica.com/…
- Facebook and CloudFlare push controversial proposal to extend support for SHA1 certs – arstechnica.com/…
Well in spite of everything we managed to muddle through and we never missed a show! That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.