Security Medium 1 – WPA WiFi Encryption Develops KRACKs
This week started with a big security news announcement (responsibly disclosed, which is nice). Security researchers at the Belgian university KU Leuven revealed a collection of related attacks against the WPA2 protocol (WiFi Protected Access version 2). The problem at the root of these attacks was not related to any specific implementation of the spec, but with the spec itself, so every manufacturer who implemented the spec correctly would have introduced these vulnerabilities into their WiFi drivers. Because you have to give a bug a fancy name to get any media attention these days, it was given the somewhat strained pseudo-acronym KRACKs, from key reinstallation attacks.
We’re not going to go into the technical minutia here, but I have included links to some good explanations below. I do want to give a high-level overview of the problem though.
One of my frustrations in life is that I can spot a typo in someone else’s work from a mile away, but I simply cannot see my own mistakes. Seriously, a printed page on the other side of a desk facing upside down to me is a cake walk to catch mistakes, but in what I can only assume is a built-in delusion about my own writing talents, I simply cannot see where I’ve botched something up.
I run spell checkers, I have Steve read my blog posts before they go up, sometimes I trick Steven Goetz into reading things for me, and I have early warning systems in place like Roger Nash from England who gets up before anyone else and tells me about my errors.
But still, these errors leak through. When we’re lucky, I’ll be reading a post for the podcast and I see a mistake and stop and fix it. But those blog posts have been up for days with those mistakes. It drives me nuts.
I met Mark Fawcett at Macstock Expo in Chicago last year and we hit it off immediately. Mark does in-home tech support for Apple products, and he’s full of great stories of the fun he has doing this job. After 20 years as a TV and video producer, he finds his new job more fulfilling and fun. I had a great time hearing his crazy stories of some “interesting” clients and I’m sure you’ll enjoy the conversation too. And of course I tease him about the name of his company, MacMen.
Barry Porter tells us about another way to address Bluetooth problems by resetting the Bluetooth hardware module. I’ll tell you why I like Setapp and how it helped me find Cloud Outliner Pro from xwavesoft.com/…. In a Tiny Tip I tell you how to solve the problem of your Apple TV remote always being upside down. Then I’ll tell you the process of how I sell my Apple products so I can afford new toys. We’ve got Bart Busschots with Security Bits.
Correction – Apple’s Better Cookies are iOS 11 & macOS High Sierra Only
A few weeks ago we looked at Apple’s new and improved cookie handling algorithm in detail, and we at the very least implied it was a Safari 11 feature, but it’s not, it’s an iOS 11 & macOS High Sierra feature. Even though macOS Sierra got a Safari update, it did not get this new feature.
Here is a nice article showing how to control the feature in the two OSes that do support it: www.macobserver.com/….
In this episode of Programming By Stealth, Bart ties up the last of the loose ends related to web forms. He teaches us about form events, which are critical to making our web forms not only accessible to screen readers but to allow our users to tab around to the different fields and interact with them without using a mouse. We learn about the keypress event and learn what it means for 31 to be the space key.
One of the ways to justify spending money on Apple gear is to sell your used Apple devices when you’re done with him. Apple products retain their value really well, which I’m sure you’ve noticed if you’ve ever tried to find a “cheap, used MacBook”.
I illustrated the value of selling your own Apple gear when I did a spreadsheet analyzing all the different ways you could buy an iPhone from a 2-year subsidized contract, to paying outright, to trading in your phone every year, to buying on one of these free loans they’re offering in the US right now. In my analysis, I explained that a phone that cost $600 new will sell for around $400 one year later and $200 when it’s two years old.
If you do the trade-in deal, you get the new hotness every year but you’re actually losing a couple hundred dollars every time you do it because Apple (or your carrier) gets the still highly available sales value of the used iPhone.
The old silver Apple TV remote that came with version 2 was, in my opinion, an abomination. I hated the click circular selector. When the Apple TV 4 came out with the new black remote, I was in love. Ok, love might not be the right word, but maybe I super like it.
The main reason I super like this remote is because of the voice control. Being able to sing out my passwords by character is a dream come true. Ok, maybe not a dream come true but a darn sight better than hunting and pecking through a giant horizontal text area.
Fast forwarding is a bit tricky with the trackpad, but I use voice control for that too. Love to be able to say, “go back 30 seconds”. Well, love might not be the right word, maybe love when it works. Don’t get me wrong, it always backs up, but how far it backs up seems highly dependent on what I’m watching. Sometimes it goes back a minute, sometimes more like 5-10 seconds. Continue reading “Tiny Tip – Point Your Apple TV Remote in the Right Direction”
A while back a new app model came out called Setapp from setapp.com. You probably heard about it back then, but to refresh your memory, it’s a subscription service for $10/month that gives you full access to a ton of apps.
At the time, without looking at it myself, I declared it a dumb idea and I didn’t want any part of it. But then I met Mark Fawcett of MacMen at MacStock Expo and he told me he thought it was really cool. I still didn’t look into it. Then Steven Goetz, my research assistant, told me it was cool. But I still didn’t look into it. Continue reading “Setapp Led Me to Cloud Outliner Pro”