NosillaCast Logo

NC #643 Episode 500 of Chit Chat, Galileo Offline Maps, TechMatte MagGrip Phone Mount, Security Bits

We celebrate the 500th episode of Chit Chat Across the Pond with Bart Busschots so I do a little retrospective on the origin of the show. Steve and I will be in the live chat room during the Apple announcement on September 12th at podfeet.com/live, so we hope you’ll join us. I’ve got a review of Galileo Offline Maps and one of the TechMatte MagGrip phone car mount.

mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Apple bias. Today is Sunday September 3, 2017 and this is show number 463.

Chit Chat Across the Pond

This week, Bart and I celebrated 500 episodes of Chit Chat Across the Pond. If you’ve been keeping track of the numbering, next week with Joe Dugandzic will be episode 499. As much as I adore Joe, Bart started Chit Chat Across the Pond, so I wanted him there for the big high five about going this long.

If you’ve only been with us for a short while, Bart started contributing to the show by sending in audio recordings and eventually became my co-host for part of the NosillaCast. We eventually split it off as its own show in October 2015, and I started numbering them from that point onward. Bart was on the show ever week until he fell ill for a few months. When he recovered, we decided to go every other week, which allowed him the time to create his own great shows, Let’s Talk Apple and Let’s Talk Photography.

I know not everyone who listens to the NosillaCast also listens to Chit Chat and specifically the Programming By Stealth series, I thought you might enjoy listening to our verbal high fives we did on Chit Chat. We sort of did some at the front end and some at the back end so here’s both combined:

=========Insert audio from end of chit chat with Bart======

Thinking about how far we’ve come, Steve helped me go back and find the first episode of Chit Chat Across the Pond. It was on November 4th, 2007, episode #119 of the NosillaCast. As he said, he’d been sending in audio reviews, and the week before we started recording together he sent in a recording about his experiences with Leopard! That really brings home how long ago this was, doesn’t it? I pulled the first 40 seconds of the recording just for nostalgia to play for you:

=========insert first ccatp==========

There’s several things I find entertaining about this. First of all, nearly a decade later, we start out almost exactly the same way! I always say, “how you doin’ today, Bart?” And pretty often we talk about whether it’s raining in Ireland or not.

Anyway, I can’t thank Bart enough for being the genesis of Chit Chat Across the Pond and being with me for ten years. I also want to thank all of the guests who’ve been on Chit Chat Across the Pond over the years. I keep meaning to sit down and compile a table of all of the guests so I can see whose been on. But I’m too lazy, so there’s that.

Apple Announcement

As I’m sure you’ve heard by now, Apple’s next big announcement will be on Tuesday September 12th at 10am Pacific Time. Steve and I will be in the live chat room during the announcement if you’d like to join us.

If you’ve never been to the live show before, it’s super easy. You simply go to podfeet.com/live. On the page you’ll see some text about what time the next live show is, but ignore that part. Also ignore the embedded YouTube video. That only shows when I’m doing video, and for the Apple announcements there’s no need to see and hear me. I just want to have people to chat with so we only use the text chat part.

So on the right side of the screen you’ll see an embedded chat client (look for some green on the page). You simply enter a nickname (or let it pick a dumb one for you like NC_85852 and then hit Start. It will default to the #nosillacast channel on Bart’s IRC server so you’ll be good to go.

If you want to be like the cool kids, you may want to download a standalone chat client. There are instructions below the chat for Colloquy, Adium and Textual for the Mac, and mIRC for Windows.

It’s not nearly as complicated as I’ve made it sound so come join the friendly, and enthusiastic NosillaCastaways during the announcement on September 12th!

Blog Posts

Galileo Offline Maps Pro for iOS and Android

New Favorite Phone Car Mount – TechMatte MagGrip

Patreon and Amazon

Amazon canadaI want to do a shout out today to our Canadian listeners who have been using the living daylights out of the Canadian Amazon Affiliate Links! This month was the biggest usage we’ve ever had, more than doubling the amount purchased. Steven Goetz told me that he’s been using the heck out of the links and so it might just be all him, but I’m just guessing he had some help.

If you’re not in the US, you might be surprised to know that there is an affiliate link for you if you’re in Germany, the UK, and Canada. There’s a couple of ways to find the links. You can go to podfeet.com and click on Support the show, which takes you to a row of icons. The Amazon logo defaults to the US store, but below that are links to de, uk and ca. If that’s too many clicks, you can always go to podfeet.com/funwithflags and just click on your country’s flag. Once you’ve gone to all this work, you might as well just make it a bookmark in your browser and call it Amazon, right?

Anyway, thank you so much to everyone who helps send a small percentage to support the show while doing your normal shopping on Amazon

Security Bits

Followups

  • DreamHost succeeds in getting a judge to roll back the amount of data they have to hand over to the US government about visitors to an inauguration-day protest website – nakedsecurity.sophos.com/…

Security Medium 1 – Putting the Decryption of the iPhone’s Secure Enclave Firmware into Perspective

Ultimately, security depends on secrets – you can keep your algorithm secret (security by obscurity), or you can engineer your algorithm so that an attacker knowing exactly how it works does not compromise your security because the security actually comes from keeping some kind of key secret. You can of course choose to do both!

Apple chose to do both – the security of the secure enclave does not come form security by obscurity, but from keys, but, Apple chose to keep the software that runs the secure enclave secret as well. Security based on keys, and on top of that, obscurity.

All that has happened is that the obscurity has been removed. That’s it. There is no actual breach of the secure enclave.

In theory, having the software be public for the first time will make it easier for attacker to try find bugs, and, some time in the future, a catastrophic bug may be found, but none of that has happened.

Links:

Security Medium 2 – No, You Can’t Buy a $500 Device to Hack any iPhone 7

There is a video online that seems to show a hardware device that is on sale for $500 successfully brute-forcing 4-character passcode on three iPhones in 12 minutes.

The device works by entering every possible PIN in order, and yet, the phone does not seem to be putting up the usual barriers to stop that kind of attack – what’s going on? Normally, iOS will begin to slow-walk your PIN entry as you guess wrong more and more times, but there is a bug in iOS that stops this slow-walking form happening in very very special circumstances, and that is what the video is exploiting.

Also – the device starts guessing at 0000, then goes to 0001, and the three demo devices were set to have PINs 0015, 0016, and 0012, so you could argue the demo was rigged!

OK, but the phone did not slow down their 16 guesses, what gives?

If you have changed your password within the last few minutes, and if the attacker can force the phone into software update mode, and if you have a 4 digit passcode, this device will be able to make some guesses before the phone locks itself down (hence the demo using carefully chosen PINs).

Obviously the phone should always slow guesses down, even if you have changed your password within the last few minutes and the phone is in software update mode, so Apple do need to fix that bug, and indeed the have, in iOS 11.

However, I’d argue that neither this bug, nor this device pose any practical threat in the real world. I’m certainly not going to loose any sleep over this!

Links:

Notable News

  • The US Federal Trade Commission (FTC) has ruled that Uber must face privacy audits every two years for the next 20 years – nakedsecurity.sophos.com/…
  • The harassment of a UK woman by a pervert pushing hundreds of lewd pictures to her phone while travelling on public transport serves as a timely reminder to set AirDrop to only accept files from contacts, or, to turn it off – nakedsecurity.sophos.com/…
  • Developments in the on-going struggle for Privacy Rights in the US
    • An interesting new privacy feature has emerged in a recent iOS 11 beta – the ability to quickly disable touchID by tapping the lock button five times – arstechnica.com/… & www.macrumors.com/…
    • A judge in the US has ruled that you can be forced to unlock your phone with your finger print, but not to enter your password – mashable.com/…
    • A judge has thrown out evidence gathered from a cell phone police had ceased with a warrant on the basis that the warrant should not have been granted because police did not demonstrate probable cause that the suspect actually owned any of the ceased devices – this judgement is being described as a curb on police power to seize cellphones in the US nakedsecurity.sophos.com/…
  • Android Oreo to bring along some welcome security improvements – nakedsecurity.sophos.com/…
  • Newly published research highlights the danger of third-party repairs by detailing what they call the chip-in-the-middle attack (Editorial by Bart: this is just common sense, and why I have never trusted anyone but Apple to repair my iPhones) – arstechnica.com/… & nakedsecurity.sophos.com/…
  • The popular PDF reader Foxit came in for strong criticism after initially refusing to fix two critical security vulnerabilities reported to it. Their refusal to address the problems lead to the bugs being publicly released, and the company are now scrambling to get a patch out. The only saving grace is that the app’s default configuration protects from these bugs – though a small amount of social engineering could easily get around that – nakedsecurity.sophos.com/…
  • A spate of attacks against SMS-based 2FA belonging to Bit Coin users acts as a timely reminder of why it’s time to switch from SMS-based 2FA to other 2FA options where ever possible – www.nytimes.com/… & krebsonsecurity.com/…
  • DropBox have announced that they will stop supporting older Ones in January 2018 (Windows Vista & older and OS X 10.8 Mountain Lion & older) – tidbits.com/…
  • Similarly, Microsoft have announced that they will not be supporting Office 2011 on macOS 10.13 High Sierra – tidbits.com/…
  • Popular cloud-backup provider CrashPlan announces the end of their consumer offering – tidbits.com/…

Suggested Reading

Palette Cleansers

  • Don’t throw out your eclipse glasses – donate them to Astronomers without Borders! – gizmodo.com/…
  • GUI for homebrew: Cakebrew.com

That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Remember, everything good starts with podfeet.com/. podfeet.com/patreon, podfeet.com/facebook, podfeet.com/googleplus, podfeet.com/amazon! And if you want to join in the fun of the live show like flyingout did for the first time this week, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

Leave a Reply

Your email address will not be published.

Scroll to top