NC #569 Voiceless Allison, Blindshell Smart Phone, I Made Fire, Sesame Smartphone, Security Bits

I lost my voice this week so I asked the Text-to-Speech voice named, coincidentally, Allison to step in for me and MC the show. Luckily we’ve got two interviews from the CSUN Person’s With Disabilities Expo. First, we’ll hear about the BlindShell Smartphone for the visually impaired that might also be helpful to the elderly in its simplicity from blindshell.com/. My favorite interview of the show was about the Sesame Smartphone for those with motor Impairment from sesame-enable.com. Next I explain (or I should say Allison explains) how she made fire this week by editing a cron job all by herself without Bart’s help. Speaking of Bart, he’s back with some really interesting Security Bits.

mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday April 3, 2016 and this is show number 569.

Ok, we cannot possibly listen to any more of that[[slnc 30]] voice! Hi. I’m one of the text to speech voices built into OS Ten. David Schaefer on Twitter suggested I step in and help out, because, coincidentally, my name is also Allison.
[[slnc 300]]

The meat version of Allison asked if I’d take over for most of the show. She wanted me to tell you that she’s not actually sick, she’s just lost her voice. There are some that would say this is a good thing, but I would never say that to her face.
[[slnc 300]]

If you read the show notes, you’ll think you’re seeing typos, but Allison had to spell out some words so that I could correctly pronounce them. For example, Bart’s last name is really hard for me. You’ll also see some code she had to insert between paragraphs because sometimes I forget to paws. She’s such a control freak.
[[slnc 300]]

Luckily her voice was still working when she recorded Security Bits with Bart Boo shots. And Steve finished a couple more interviews from the C SUN persons with disabilities expo, so we’ll play two of those. I get to do the intro here, and she’s going to let me read her latest blog post.
[[slnc 300]]

In Chit Chat Across the Pond this week, Bart was back with Programming By Stealth episode 12 of x.[[slnc 300]] In this installment, we finally get to start playing with Java script. We learn the very basic building blocks, including how to make statements, how to make comments, three rules for variables, the difference between strings and numbers. We learn what you can dooo with them, operators and concatenation. With the exception of the modulus section, I understood everything he said! Learn why this episode ends with the line, “Find out next week if boogers is true or false!”
[[slnc 300]]

Allison also asked me if I’d remind you to use the Amazon Affiliate Links over at podfeet.com slash amazon. If you start there, and then buy anything in that session, a small percentage goes to help support the show, and keeps this an add, free zone.
[[slnc 300]]

Enough with the chitter chatter, let’s hear about a smart phone for the visually impaired that might also be helpful to the elderly in its simplicity. Remember these are also up on podfeet.com as video interviews, if you want to go over and see what they look like.

Blog Posts

CSUN 2016: BlindShell Smart Phone for Visually Impaired

This is certainly not the phone for everyone but it definitely is simple and easy to understand.

I Have Made Fire!

Next up we’ll hear Allison’s top pick from C SUN this year, a phone for the motor impaired called Sesame. She actually got to play with it herself and learn to control it.

CSUN 2016: Sesame Smartphone for Motor Impaired

This product, and BlindShell we heard about earlier are both testaments to the flexibility that comes with an open operating system like Android. You could never do anything as creative as this with an iPhone. I’ll be curious (or rather Allison will be curious) to hear from the audience with motor impairments whether Sesame sounds as cool as she thought it was.

Security Bits

FBI -v- Apple (proxying for the Privacy & Security of all)

• Bloomberg did some great reporting on the back-story to the San Bernardino case – San Bernardino was when a battle that had been going on for years finally became public – www.bloomberg.com/…
• RELATED – the NYT is reporting that the attackers in Paris last November used burner phones to evade detection, not encryption – arstechnica.com/…
• The judge in the case makes it clear that despite the FBI's rhetoric, Apple were at no point 'flouting' the order – www.politico.com/…
• At the last minute, the FBI canceled the court hearing in the San Bernardino case (the one they had unexpectedly changed to an evidentiary hearing just a few days before) – they believed they had found a way into the phone without Apple's help, and wanted to give it a go before continuing with the case – www.macobserver.com/…
• The FBI succeeded in breaking into the phone, and ended the case – nakedsecurity.sophos.com/…
  • Speculation immediately started about HOW – initially the leading theory was NAND mirroring – www.zdziarski.com/…
  • The FBI deny it was NAND mirroring – www.macobserver.com/…
  • It now seems clear it was Israeli security firm Cellebrite who unlocked the phone, presumably with a zero-day bug of some kind – www.macobserver.com/…, arstechnica.com/… & www.bloomberg.com/…
• Apple released a statement on the dismissal to the media – www.loopinsight.com/…
• Apple immediately asked for a delay in the other, similar, case in New York, arguing that the FBI should use the same method they used in the San Bernardino case, the case is now on hold until April 11 – www.macobserver.com/… & www.reuters.com/…
• The EFF warns that the battle for privacy is far from over with the dropping of this one case – www.macobserver.com/…
• to underline the point, the US DOJ vows to continue using the courts to compel tech companies to defeat encryption – www.macobserver.com/…
• The ACLU released an interactive map showing the 63 times the All Writs act has been used against Apple & Google – www.macobserver.com/… & arstechnica.com/…
• The FBI have agreed to use their new iPhone unlocking technique in an Arkansas homicide case – bigstory.ap.org/…
• The next battle in this bigger war may already be underway, in secret, in a Boston court – motherboard.vice.com/…
• The emotions in this on-going fight get ratcheted up again as an Italian father begs Apple to help unlock his dead 13 year old son's iPhone to get the photos off it – arstechnica.com/…
• RELATED – Apple reportedly designs its own servers to be sure there are no snooping devices embedded in them – arstechnica.com/…
• RELATED – Reddit's Warrant Canary just died – boingboing.net/…

Important Security Updates

• Apple release security updates for iOS, OS X, Watch OS, tvOS, Xcode & Safari – www.us-cert.gov/…
  • iOS 9.3 patches a vulnerability in iMessage that could allow attackers to to access supposedly encrypted videos and photos – arstechnica.com/…
• Apple releases a security update to iBooks Author fixing a bug that lead to 'disclosure of user information' – support.apple.com/…

Important Security News

• The German automobile club ADAC has demonstrated a signal amplification attack against keyless fobs for cars – those Faraday Case baggies are not looking so paranoid now (Editorial by Bart: yet more evidence supporting my "car companies don't get digital security" hypothesis) – nakedsecurity.sophos.com/…
• Google have just patched another nasty Android bug – one that other Linux distros patched almost a year ago – patch if you can (Editorial by Bart: if your device-maker and/or carrier are not getting patch out to you quickly, you should seriously consider moving away from them) – nakedsecurity.sophos.com/…
• Just to underline, yet again, the fact that nowhere on the internet is safe – a website for Certified Ethical Hacker training was discovered to be compromised, and spreading ransomeware (editorial by Bart: patch, patch, patch, PATCH!) – arstechnica.com/…
• A jury duty scam is doing the rounds in the US – people are receiving phone calls from people pretending to be court officials or US Marshals, explaining that they did not show up for jury duty, so they can either pay a fine over the phone now, or be arrested – this is not how the actual US authorities operate! – nakedsecurity.sophos.com/…
• Security researchers announced and named a new attack against iOS – 'side stepper – it abuses Mobile Device Management (MDM) and Enterprise Certificates to get software onto an iOs device – however, it relies heavily on social engineering. Apple responded in a statement saying that this is a social engineering attack, not a flaw in iOS – bottom line, don't install custom profiles you were not expecting! – www.imore.com/…
• Another counterfeit charger tear-down (a counterfeit Macbook charger this time) with a familiar conclusion – these things are DANGEROUS – www.righto.com/…
• Amazon bans sale of non-compliant USB-C cables: liliputing.com/…

Notable Breaches

• CNBC caught in a spectacular security blunder – in a drive to improve security they encouraged readers to check the strength of their passwords on a password checking page that sent them over the net unencrypted (HTTP not HTTPS), accidentally included them in referrer links so that all their advertisers got a copy, and then saved them into a Google Docs spreadsheet (editorial by Bart: if this were not so serious it would be comical – talk about a farce!) – nakedsecurity.sophos.com/…

Suggested Reading

• Make sure you haven't accidentally turned off XProtect updates on OS X – tidbits.com/…
• 8 Tips for preventing Ransomeware – nakedsecurity.sophos.com/…
• A spike in identity-theft-based tax fraud is seriously slowing down the processing of tax returns in the US this year – krebsonsecurity.com/…
• Driverless car manufactures to Congress on privacy: "Just trust Us" – www.theatlantic.com/…
• More hospitals fall victim to ransomeware in Kentucky & Maryland, may be a concerted attack against healthcare institutions – krebsonsecurity.com/… & arstechnica.com/…
• Microsoft have added some new controls to Macros that should make it a little harder to infect corporate Office users with malware – nakedsecurity.sophos.com/…
• Verizon Enterprise Solutions customer DB was breached, and 1.5m customer records are now for sale online – krebsonsecurity.com/… & arstechnica.com/…

Some Nerdy Pallet Cleansers

• Complete Guide to Using the Correct Charger or Power Adapter (and What Happens If You Don’t) – www.groovypost.com/…
• Stephen Colbert gets his own Emoji – sixcolors.com/…

Dessert

Linux Sybsystem for Windows (LSW) explained: arstechnica.com/…

Some more details on the Ubuntu bit: hanselman.com/…

That’s going to wind this up for this week. Hopefully Allison will be back in full form by next week’s show. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing her at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community and our Facebook group at podfeet.com/facebook. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.