NC #571 Smile is Awesome, Ditto for Notifications, Netgear X8 Router, Security Bits

This week we’ll learn how awesome Smile, the makers of TextExpander really is (in spite of last week) and how Ditto can give you notifications without a smart watch. We’ll learn how you really NEED a wicked cool new router like the Netgear X8 5300ac, and Bart is back with Security Bits.


itunes
mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday April 17, 2016 and this is show number 571. Steve and I are off on my adventures to visit my kids, then go to NAB in Las Vegas to hang out with Don McAllister and Chuck Joiner for a few days and then off to swim with turtles in Hawaii for a week. We need a break, this retirement thing is exhausting, you know? Some people worry about me telling you we’ll be gone, but those people don’t know we have a TSA agent who lives in our house while we’re gone. She’s a marshmallow when it comes to taking care of our kittens but a ferocious lion who would defend our family to the death so I don’t worry a bit when I’m gone!

On this week’s Chit Chat Across the Pond Bart Busschots takes us through Programming By Stealth episode 13 of X where he introduces the concept of conditionals. We’ll learn whether boogers is true or false, how Javascript handles text strings and numbers in comparisons (what’s bigger or smaller), how equality is really three different things, and we’ll learn about logical operators like AND, OR and NOT to be used in conditional statements. Bart has updated the Javascript Playground he created so be sure to grab the new version when you start playing along with the podcast.

In this week’s show, I’m going to violate my cardinal rule. I’m going to tell you all about a new router I bought and how I set it up, all without telling you the problem to be solved. I blame time travel. Bart and I already recorded Chit Chat Across the Pond for next week, where he explains the problem with the security model for Internet of Things Devices and in the end tells us that the solution is to have three routers. Unfortunately you will hear that episode AFTER you hear me tell you about my new cool router! Oh well, can’t be helped. Bart suggested maybe hearing about the fun I had will whet your appetite to learn why.

Next weekend’s show will be hosted by Bart, and the following weekend by Allister Jenks. They could really use your help sending in audio reviews and recordings, so if you’ve been thinking of one you could do, now would be a great time to send them along. You can send them directly to me if you want and I’ll hand them out, or you can send them directly if you already have their contact information. It’s a lot of work for these guys so I’d really appreciate it if you’d help them out.

Blog Posts

Why Smile is a Great Company

Receive Notifications with Ditto

You NEED This Wicked Cool Router: Netgear X8 5300

Security Bits

Encryption Wars Update

  • FBI assures local law enforcement thy will help them unlock mobile devices – arstechnica.com/…
  • FBI discloses their secret hack to senators – www.imore.com/…
  • FBI Director James Comey says the hack the FBI south can only attack a 'narrow slice of phones' – iPhone 5S and newer are not affected (editorial from Bart – that strongly implies the secure element protects from the hack) – www.imore.com/…
  • The US DOJ is proceeding with it's appeal of the New York ruling that the All Writs Act cannot be used to compel Apple to create backdoors for iPhones – www.imore.com/…
  • The FBI scores a hollow victory in the secret Boston encryption case – Apple ordered to do what they do already, and not required to create a backdoor into iOS devices – www.macobserver.com/…
  • The Burr Feinstein encryption bill was officially publihsed techcrunch.com/… – being described as 'Ludicrous, Dangerous, Technically Illiterate' – daringfireball.net/…
  • The White House will not back the Burr Feinstein bill – www.macobserver.com/…
  • The CA phone decryption bill has been defeated – www.sacbee.com/…
  • New reporting form the Washington Post calls into question earlier reports that it was security firm Cellebrite that hacked the San Bernardino iPhone for the FBI – www.imore.com/… & www.washingtonpost.com/…
  • Law enforcement say they found nothing of value of Syed Farook's iPhone – www.macobserver.com/…
  • Apple & FBI to testify before congress again on Tuesday 19 April – www.macobserver.com/…

Important Security Updates:

  • Adobe rushed out an emergency Flash patch to plug a hole that was being exploited in the wild – nakedsecurity.sophos.com/…
  • Owners of ARRIS cable modems should update them ASAP, if they can (may need to be done by the ISP) – securityaffairs.co/…
  • Patch Tuesday has been and gone, with updates from Microsoft and Adobe – www.us-cert.gov/… & www.us-cert.gov/…
  • Microsoft's updates on patch Tuesday included a patch to a bug named Badlock. A patch for the open source SAMBA implementation of Windows file sharing was released at the same time. The Badlock bug is real for corporations and organisations, but are not something home users need to set their hair on fire over – nakedsecurity.sophos.com/…
  • Patch Tuesday also brought an important security update for Office 2011 on Mac – www.intego.com/…

Important Security News

  • New 'Petya' malware takes ransomeware to the next level – encrypts the core of the filesystem rather than individual files – nakedsecurity.sophos.com/… – thankfully the malware authors made a mistake, so victims can get their data back with the help of a free online tool – arstechnica.com/…
  • Security researchers show how a fundamentally flawed design decision allows malicious FireFox plugins to evade detection during the vetting process (editorial by Bart: I've always advised caution when installing FireFox plugins, that remains my advice) – arstechnica.com/…
  • The popular chrome extension Better History has been banned by Google after it was bought out, and altered to start redirecting users to ad pages – nakedsecurity.sophos.com/…
  • WhatsApp moves to end-to-end encryption – nakedsecurity.sophos.com/… * blog.whatsapp.com/…
  • Apple fixed a Siri bug that gave access to contacts and photos without a passcode (editorial by Bart – I agree with John Martellaro at TMO – allowing siri on the lock screen is dangerous, and Apple should just stop it – I suggest you condsider disabling it, I have, years ago – www.macobserver.com/…) – www.imore.com/…
  • According to numbers form the FBI, US companies lost $2.3Bn to CEO email scams (a form of spear-phising) over the past 3 years – krebsonsecurity.com/…
  • A experiment by security researchers shows that people still put USB sticks they find in the parking log into their computers (editorial by Bart – DON'T DO THIS!) – nakedsecurity.sophos.com/…
  • WordPress.com partners with Lets Encrypt to add HTTPS to all the sites they host – nakedsecurity.sophos.com/…
  • It happened again – this time almost 300 major Dutch sites were serving malware thanks to breach of an ad network – nakedsecurity.sophos.com/…
  • FaceBook promise to try tackle the deceptive ads they serve after reporting by BuzzFeed shines a spotlight on the problem – nakedsecurity.sophos.com/…
  • A fake kidnapping scam exposes the dangers of sharing too much publicly on social media – nakedsecurity.sophos.com/…
  • If you haven't updated your iOS device – now would be a great time – recently patched bugs can be automatically exploited with ease (a malicious NTP server can push you back to 1970, and BOOM – useless phone!) – krebsonsecurity.com/…
  • New USB 3 Authentication protocol announced that will allow devices to validate cables before power or data get sent through them in future – www.businesswire.com/…
  • Uber released their first transparency report, and it shows they have been forced to hand over a LOT of data by regulators – data on 12 million users – nakedsecurity.sophos.com/…
  • QuickTime on Windows is dead – Apple are not going to patch it anymore, and there are know vulnerabilities – if you have it, UNINSTALL IT NOW – arstechnica.com/…
  • Microsoft are suing the US government in an attempt to get gag orders declared unconstitutional – nakedsecurity.sophos.com/… & blogs.microsoft.com/…
  • Reporting from Motherboard details how the RCMP (the Mounties) were able to decrypt millions of BlackBerry messenger messages between 2010 and 2012 as part of an investigation into a mob case. BlackBerries not tied to a corporate account may be vulnerable to this day – motherboard.vice.com/…

Notable Breaches

Suggested Reading

  • The members of a non-partisan White House Commission charged with making recommendations on cybersecurity have been announced – contains a wide range of respected experts, raising hopes they will deliver sound recommendations – www.macobserver.com/…
  • Still millions of computers connecting to the internet from Windows XP – nakedsecurity.sophos.com/…
  • A graphic illustration of the real-world dangers that can be caused by carelessly chosen software defaults – fusion.net/…
  • Microsoft follows Apple & Google's example and adds a power-saving feature to their Edge browser that has the side effect of disabling a lot of flash ads – nakedsecurity.sophos.com/…
  • A former computer security official for a US state lottery association was able to fraudulently win millions by tampering with a random number generator – arstechnica.com/…
  • Underwriters Labs (UL) now tracking security of IoT devices, but refuses to share the rules for certification – arstechnica.com/…
  • A bill in New York State could allow police to use a secretive proprietary technology called Textalyser to test if a phone shows signs of recent use at an accident (Editorial by Bart – given that the details of how this technology works are being kept secret, this sounds like a really dangerous move to me) – www.macobserver.com/…
  • Zero-day attacks more than doubled in 2015 – arstechnica.com/…
  • URL shorteners can short-circuit cloud security – arstechnica.com/…
  • SecurityScorecard data shows US local and federal government agencies underperforming in cyber security compared to private corporations – www.reuters.com/…

That’s going to wind this up for this week. Don’t forget to send in your recordings for Allister and Bart – you can email me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community and our Facebook group at podfeet.com/facebook. Remember there’s NO LIVE SHOW for the next few weeks. You’ll have to wait till May 8th to join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top