NosillaCast Logo - text says NosillaCast Podcast and EVER so slight Apple Bias. Main background is a gradient medium blue to lighter blue with a skyline of black silhouette buildings below. Behind the building are some geometric red shapes. And of course the prominent podfeet (two bare feet) are in the middle

NC #619 Tap Systems Wearable Keyboard, International Data with Project Fi on iPhone, Tobii Dynavox, Security Bits

From CSUN’s Assistive Technology Conference we’ll hear about Tap Systems wearable keyboard, and Tobii Dynavox speech generating devices. I’ll tell you about how Project Fi gives you international data for a really low price and in theory with high speeds (stay tuned on how that works). Don’t forget to send in audio recordings to Bart Busschots at [email protected] (Allister is all set). Bart is back for Security Bits. If you’ve been waiting for his interpretation of the Wikieleaks CIA hacking tools dump like I was, you’ll enjoy this episode.


itunes
mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Thursday March 16, 2017 and this is show number 619. Steve and I are jetting out of here tomorrow morning to the Galapagos and Machu Picchu so you’re getting the show early this week. Can’t break that streak, right?

Don’t forget to send in your audio recordings, I think Allister is all set but Bart would very much appreciate some help. You can email them to [email protected]. Last week I said .com and it’s definitely .net. I hope you’ll help him out with a review!

Chit Chat Across the Pond

In Chit Chat Across the Pond this week, Bart is back with Programming By Stealth. He teaches us about JavaScript error handling (including throwing and catching errors) and I think. I actually understood it! We then did some manipulation of HTML Selects (those little drop down things) using jQuery. Check out Chit Chat Across the Pond in your podcatcher of choice and look on podfeet.com for CCATP #480 to get links to Bart’s fabulous tutorial.

Blog Posts

CSUN 2017: Tap Systems Wearable Keyboard

International Data with Google Project Fi on an iPhone

CSUN 2017: Tobii Dynavox Speech Generating Devices

Patreon and Amazon

You guys are really pulling out all the stops on Patreon! We had three new patrons sign up, huge thanks to Jens Junge, Jimmi Kristensen, and Seth Rosenblum. I really appreciate the vote of confidence. In other news, I just sent a note to all of the Patrons telling them that I’m not going to charge for the two shows Allister and Bart do for you. It’s not that these shows won’t be valuable, but It just didn’t seem right, AND I totally forgot to send them my login credentials! If you’ve been wanting to show your support for the show, head over to podfeet.com/patreon.

Security Bits with Bart Busschots

Security Medium – The Wikileaks CIA Hacking Tools Dump

Wikileaks has dumped thousands of documents describing the CIA’s hacking arsenal. It’s a big dump, and there is a lot in it, so I’m not going through all the details here.

As I see it, these are the important points:

  1. all of the tools are for targeted attacks – this is totally different to the Snowden revelations which exposed mass surveillance on an epic scale.
  2. there are no real surprises here – the CIA have, for the most part, simply collected exploits for the various vulnerabilities that we already knew about into a library of tools. All the expert opinions I have read agree on this – this is exactly what we all expected the CIA would be doing
  3. while most of the exploits are not news to us, there are a few zero-days in the mix. This brings up the ethical question about whether or not it is OK for the government to use tax payers money to find security flaws and then not report them so they can be fixed
  4. Wikileaks did not actually release any of the exploits themselves, just the documents describing them, but, they are sharing all the technical details about the zero-days with vendors so they can patch them
  5. the fact that this toolkit has leaked proves conclusively that the concept of a golden key or a back-door for only the good guys is a childish and naive fantasy
  6. the big take-away here is that the best protection is to keep your stuff patched – the vast majority of these vulnerabilities are already patched IF you keep all your stuff current
  7. a lot of the main-stream media have gotten the details wrong on this story, making some of the hacking tools sound dramatically more powerful than they actually are, so be very careful about your sources on this story – stick to experts you trust.

Links:

Important Security Updates

  • Adobe & Microsoft release March patches (MS patch the Zero-days we have been waiting on them to patch) – krebsonsecurity.com/…
  • RELATED – Microsoft have not explained why they canceled the February patch Tuesday despite there being zero-days in the wild, and despite being asked repeatedly by the tech press – arstechnica.com/…
  • WordPress auto-patch sites to 4.7.2 to patch critical security vulnerabilities – www.us-cert.gov/…
  • Dahua, the world’s second largest manufacturer of IoT devices has a critical security updates for a wide range of their products – krebsonsecurity.com/…
  • PSA – if you run a web app powered by the open source Apache Struts 2 framework, you need to patch the framework and then re-build your app from source ASAP – there is a nasty security vulnerability in older versions of the platform, and, they are being actively exploited in the wild – arstechnica.com/…, nakedsecurity.sophos.com/… & arstechnica.com/…

Important Security News

  • a US Federal Judge has blocked an FBI warrant seeking all fingerprints from everyone in a building to unlock all iOS devices in the building for being overly broad – www.chicagotribune.com/…
  • consumer Reports begins rating product privacy and security – www.engadget.com/…
  • Security researchers are warning of major security problems with the app Confide which promises secure messaging, and is popular in Washington DC – arstechnica.com/…
  • The US IRS have released a Tax Time Guide to help Americans protect their data during this hazardous time of year – www.irs.gov/…
  • Well respected Mac & iOS security researcher Jonathan Zdziarski joins Apple – www.imore.com/…
  • The UK’s recently created National Cyber Security Centre (NCSC) has released a report warning of the dangers posed by poorly secured IoT devices – nakedsecurity.sophos.com…
  • Because Nintendo shipped their Switch console with an old version of WebKit with well known and since patched security vulnerabilities, the console can be hacked, and presumably joined into botnets like all those other insecure IoT devices. There is no patch yet from Nintendo, so maybe keep your new toy on your IoT or guest network away from stuff you care about – nakedsecurity.sophos.com/…
  • 2 Safari Zero-days were found in this year’s annual Pwn2Own competition – as is the norm for this completion, Apple will be told about the flaws and given a chance to fix them before they are made public – www.macobserver.com/…

Notable Breaches

  • A security researcher found that suspected spammers accidentally left their database of 1.4Bn email addresses exposed on the internet without a password protecting them – nakedsecurity.sophos.com/…
  • UK ISP TalkTalk provides a learning opportunity – the ISP lost its customer database through a security blunder, and that has resulted in their customers being targeted by scammers in India. The scammers are using the data exposed by TalkTalk to make their scams sound more believable – they are doing things like quoting correct customer numbers to their victims. The scammers were using TeamViewer as part of their toolkit, so TalkTalk decided to block the app on their entire network. This made customers very angry, and they eventually had to back down. If your data is breached, be extra vigilant, scammers will try to use your data to victimise you – nakedsecurity.sophos.com/… & nakedsecurity.sophos.com/…
  • Yahoo Update

Suggested Reading

A Palette Cleanser

XKCD 1807 - Listening xkcd.com/…

That’s going to wind this up for this week. I can’t promise quick response for the next 3 weeks but you can still try emailing me at [email protected], follow me on twitter @podfeet. While I’m gone, maybe this is a good time to find some fellow NosillaCastaways to chat with in our Facebook group at podfeet.com/facebook or our Google Plus community at podfeet.com/googleplus. You can still shop on Amazon while I’m gone, from the US you can go to podfeet.com/amazon or check out podfeet.com/funwithflags to find your country’s Amazon link.

There won’t be a live show until Sunday April 9th but when there is, you can head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top