NosillaCast Logo

NC #635 Conversation of Things, Photo Albums People Want to See, Subscription Models for Software, Security Bits

I was on the inaugural episode of the Conversations of Things podcast with Joe Dugandzic. I’ll explain how to make photo albums with Apple Photos that people actually want to see (spoiler, it’s about keywords). I’ll challenge some assumptions Bart Busschots made in his Let’s Talk Photography podcast about subscription models for software. And Bart is back with another fine edition of Security Bits.

mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Apple bias. Today is Sunday July 9, 2017 and this is show number 635. Before I get started this week I want to warn you that this coming week, the show will probably be late. We’re going to Macstock Expo in Chicago Friday through Monday. I thought about trying to cram the show in early but there’s likely to be juicy content during the show that I’ll be itching to tell you about right away, so I think we’re looking at Tuesday for the show to come out. That also means there’s no live show this coming Sunday. Tell you what, why don’t you guys just come to Chicago for Macstock and see us there? Perfect.

Chit Chat Across the Pond

I’ve been asking Bart a lot of questions in the back channel as I struggle to understand the documentation he has provided in our latest few sessions of homework assignments for the Programming By Stealth series. To be honest, I’ve been pretty frustrated every time he and Dorothy tell me to read the documentation because it doesn’t make sense to me. He had an epiphany last week that he had never explained the documentation methods itself, because the structure is second nature to him but he was making an assumption that we all understood how it worked.

His solution to this is unique. While we recorded the audio podcast, he showed me in video how the documentation is created using JSDoc and it became clear to me during the show. But that would be really mean to everyone else, so he created a screencast without me asking questions where he walks through all of the same content. It’s pretty darn cool

Anyway, go check out Programming By Stealth in either the dedicated podcast feed or in the Chit Chat Across the Pond feed.

Blog Posts

Conversation of Things Podcast – Episode 1 with Allison Sheridan

Make Apple Photo Albums People Actually Want to See

Subscription Models for Software – More Profit and Better Software?

Patreon and Amazon

I want to give a special shout out to a long time listener and friend I haven’t yet met in physical space, Tim Gregoire. Tim decided this week to become a Patron of the Podfeet Podcasts. He went to podfeet.com/patreon and selected a dollar amount that worked for him and now he helps the show keep going every single week. I can’t thank you enough Tim and Steve and I are really excited about actually getting to meet you this week in Chicago.

Security Lite

Security Medium 0 – Petya

The big news story of the last two weeks is obviously that there was another wannacry-like attack, this time named Petya (or rather confusingly, NotPetya).

IMO this is just a re-hash of the same story, so I’m not going to bother going into the detail on air. I’ve included the links below in case you do want to dig into it.

Ultimately, the take-away is exactly the same – keep patched and don’t use obsolete OSes or software.

Links:

Security Medium 1 – The Password Reset Man in the Middle Attack

In a paper presented at the 38th IEEE Symposium, security researchers have described a new attack scenario users need to be wary of.

TL;DR – when you’re registering a new account on a site, you are very vulnerable, only register on sites you trust.

The insight the security researchers had is that if you can trick someone into registering an account on a malicious site you run, you can ask them what ever questions you need to hack into their email account.

The process would go something like this – you start by trying to access or download something you want, and are presented with a registration page that asks for your email address. You hit submit, and the malicious code immediately initiates a password reset request on the address you entered. If your mail provider pops up a CAPTCHA, no problem, display that to the registering user as if it was part of the registration process, then pass their answer back to their email provider. The same works with security questions, and, potentially, even for 2FA, though that might trigger some alarm bells depending on the specifics.

How can you protect yourself? I don’t think perfect protection is possible, but I can suggest some strategies:
1. avoid registering for sites that don’t have a pedigree/reputation – a well known newspaper is a very different thing to a random blog!
2. consider having a separate disposable email account for registering on sites you don’t really care about
3. keep your mail client open while registering on sites and keep an eye for emails telling you a password reset has been requested
4. be very suspicious of 2FA notifications coming in for one site while you’re registering on an other

Links:

Important Security Updates

  • Google have released their July 2017 security update for Android, and it contains fixes for 18 remote code execution bugs, including a particularly nasty bug in the drivers for some Broadcom wifi chips which as been named BroadPwnnakedsecurity.sophos.com/…
  • Joomla has been updated to version 3.7.3, which includes a patch for a critical vulnerability that allows remote attackers to take over Joomla-powered sites – www.us-cert.gov/…

Important Security News

  • McAfee’s latest threat report shows Mac malware on the rise (editorial by Bart: no need to panic, but be aware that Mac users are being actively targeted. I consider this to be a timely reminder that we all need to be more careful about doing the right things like keeping patched, being suspicious of all email, and being very careful about what apps we install and run) – www.macobserver.com/…
  • The latest IC3 (The FBI’s Internet Crime Complaints Center) report shows that scams, extortion and CEO fraud are the top cyber crimes in the US (Editorial by Bart: a timely reminder that you should always be suspicious about that email that appears to be from the boss asking you to transfer money) – krebsonsecurity.com/…
  • Google to stop scanning emails for ad targeting – free Gmail accounts will still see ads, but they’ll be based on everything else Google knows about you, not your email – www.bloomberg.com/…
  • Contrary to some reporting, Snapchat did not start sharing people’s location without their permission – they did introduce a new Snap Map feature that does indeed share your location each time you open the app, but you have to opt into it – nakedsecurity.sophos.com/…
  • US health insurance giant Anthem agree to a record $115m settlement in lawsuits over it’s 2015 breach of 80m people’s health records – nakedsecurity.sophos.com/…
  • Facebook is fighting gag orders preventing it from informing users of search warrants – nakedsecurity.sophos.com/…

Suggested Reading

Palette Cleaners:
* What does WiFi really stand for? (It’s probably not what you think) – www.macobserver.com/…
* My two favourite non-tech Planet Money episodes:
* Episode 601: The Chocolate Curse – www.npr.org/…
* Episode 627: The Miracle Apple – www.npr.org/…

That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Remember, everything good starts with podfeet.com/. podfeet.com/patreon, podfeet.com/facebook, podfeet.com/googleplus, podfeet.com/amazon! And if you want to join in the fun of the live show, normally you can head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time (except not next weekend) and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

Leave a Reply

Your email address will not be published.

Scroll to top