Open post
Security Bits Logo

Security Bits – 08 December 2017 – macOS Root Bug, HomeKit Bug, iOS Backup Encryption

Security Medium 1 — macOS High Sierra Root Bug

A nasty bug was found in macOS 10.13 High Sierra — it was possible to cause the root account to become enabled, and to do so with a blank password.

To trigger this bug all you had to do was go into the control panel, click the padlock to un-lock the sensitive settings, change the username to root, enter no password, then hit enter. At this point the authentication would fail, but, the root account would have been made active. Hit enter again, and root with a blank password will be accepted as valid. At this point you can do anything in the control panel, no matter how restricted your account is in theory, and, anything you can get full terminal access as root.

Continue reading “Security Bits – 08 December 2017 – macOS Root Bug, HomeKit Bug, iOS Backup Encryption”

Open post
Security Bits Logo

Security Bits – 26 November 2017 – FaceID Isn’t Broken, USB Bugs in Linux Kernel, Vulnerability in Intel Chips

Security Medium 1 — No, FaceID isn’t Broken, but it Does Have Limits

A snazzy demo to the press had headlines all over the press screaming about how FaceID had been broken. But as is so often the case with stories like this, the devil is very much in the detail.

What the hackers really found was that it’s bloody difficult to trick FaceID — it takes a lot of time and effort, and even after you put all that investment in, your spoof only works in very carefully controlled circumstances.

Continue reading “Security Bits – 26 November 2017 – FaceID Isn’t Broken, USB Bugs in Linux Kernel, Vulnerability in Intel Chips”

Open post
Security Bits Logo

Security Bits – Canvas Fingerprinting, KRACK Updates, TOR Browser Bug, New Zero-Day WiFi Bug, Brother Printer Exploit

Security Medium 1 — Canvas Fingerprinting

Before we look at canvas finger printing, I just want to set the scene with a reminder of one of the most fundamental truths about how the web was designed – each web page load is an independent event. Because that meant websites had no memory of anything that went before, i.e. no concept of state the original web could not cope with concepts like logging in, or shopping baskets. Something had to be bolted on to allow web servers connect individual requests into related groups of requests.

The official mechanism added to the HTTP protocol for retaining state between requests is the humble cookie. Cookies gave us the ability to log in, and basically, the modern web. But, they came with a dark side — as well as enabling all the cool things we like about the modern web, they also enabled tracking.

Continue reading “Security Bits – Canvas Fingerprinting, KRACK Updates, TOR Browser Bug, New Zero-Day WiFi Bug, Brother Printer Exploit”

Open post
Security Bits Logo

Security Bits – 22 October 2017

Security Medium 1 – WPA WiFi Encryption Develops KRACKs

This week started with a big security news announcement (responsibly disclosed, which is nice). Security researchers at the Belgian university KU Leuven revealed a collection of related attacks against the WPA2 protocol (WiFi Protected Access version 2). The problem at the root of these attacks was not related to any specific implementation of the spec, but with the spec itself, so every manufacturer who implemented the spec correctly would have introduced these vulnerabilities into their WiFi drivers. Because you have to give a bug a fancy name to get any media attention these days, it was given the somewhat strained pseudo-acronym KRACKs, from key reinstallation attacks.

We’re not going to go into the technical minutia here, but I have included links to some good explanations below. I do want to give a high-level overview of the problem though.

Continue reading “Security Bits – 22 October 2017”

Security Bits – 15 October 2017

Correction – Apple’s Better Cookies are iOS 11 & macOS High Sierra Only

A few weeks ago we looked at Apple’s new and improved cookie handling algorithm in detail, and we at the very least implied it was a Safari 11 feature, but it’s not, it’s an iOS 11 & macOS High Sierra feature. Even though macOS Sierra got a Safari update, it did not get this new feature.

Here is a nice article showing how to control the feature in the two OSes that do support it: www.macobserver.com/….

Continue reading “Security Bits – 15 October 2017”

Security Bits – 30 September 2017

From Allison: I’ve just decided that it might be a nice enhancement to the podcast and blog if you could see Security Bits as a stand-alone blog post. Makes it easier to find and more importantly easier to reference when sharing with others. Bart will be shown as the author (since he IS the author) but I’ll write the excerpt for each post.

In this week’s action-packed Security Bits, Bart brings some follow-up on the Equifax breach and more details about Apple’s Face ID. We have three security mediums this week. We cover the CCleaner compromise which infected over 2 million machines. Then we talk about the macOS Keychain vulnerability that was announced this week for macOS (something for everyone). In the third “medium” Bart explains cookies from inception and why they’re needed, through their evolution to help us into something that can track us. He walks us through all of this so we can understand how the changes Apple made in Safari 11 are reducing the tracking and why it’s making some types of advertisers cranky at Apple. Finally, Bart goes through Notable Security Updates, Notable News, Suggested Reading and has a couple of nice palette cleansers. Continue reading “Security Bits – 30 September 2017”

Open post
Anker 2 port UK USB charger

Anker USB Charger Solves a Lot of Problems

The problem to be solved is that I regularly need to charge multiple things at the same time in my kitchen, and I don’t want to waste too many wall outlets, or, be constantly plugging things in and out.

I need the ability to charge Apple devices like my iPhone and my iPad, and, to be able to charge my Bluetooth speaker, my Bluetooth headphones, and my wide array of bike lights from CatEye. The iDevices all have lighting connectors, and the speaker, headphones and the bike lights are all Micro-USB.

Continue reading “Anker USB Charger Solves a Lot of Problems”

Open post
NosillaCast Logo

NC #621 Health Tracking Update, Aira Visual Interpreter, American Printing House Accessible Calculator, Magnet, Spectacle & Security Bits

Hi folks, welcome to episode 621 of the NosillaCast, a technology geek podcast with an ever so slight macintosh bias. This the show for Sunday April 2nd 2016, and I’m your guest-host Bart Busschots.


itunes
mp3 download

Continue reading “NC #621 Health Tracking Update, Aira Visual Interpreter, American Printing House Accessible Calculator, Magnet, Spectacle & Security Bits”

Open post
Chit Chat Across the Pond Lite logo

CCATP #481 – Dermot Daly from Tapadoo

I’m your guest host Bart Busschots, and this week I’m on conversation with Dermot Daly from Tapadoo, a mobile app development company based on Dublin, Ireland. We talk about what it’s like being a developer witting apps for iOS and Android, how App Store and Google Play store differ from each other, and the state of the app business in general. We also look at what some of the recent changes to the app store really mean for developers.

itunes
mp3 download

NC #572 Apple did not Admit to Planned Obsolescence, PRC & Hardcore History

This show is guest-hosted by Bart Busschots. The show starts with a little rant about how Apple did not accidentally admit to practicing Planned Obsolescence, no matter what the tabloid press (or Irish radio) say. Allison teleports in from the past with an interview with PRC from CES 2016, Bart recommends the Hardcore History podcast, and finally, Bart does a solo Security Bits.


itunes
mp3 download

Continue reading “NC #572 Apple did not Admit to Planned Obsolescence, PRC & Hardcore History”

Posts navigation

1 2 3
Scroll to top