A nasty bug was found in macOS 10.13 High Sierra — it was possible to cause the root account to become enabled, and to do so with a blank password.
To trigger this bug all you had to do was go into the control panel, click the padlock to un-lock the sensitive settings, change the username to root, enter no password, then hit enter. At this point the authentication would fail, but, the root account would have been made active. Hit enter again, and root with a blank password will be accepted as valid. At this point you can do anything in the control panel, no matter how restricted your account is in theory, and, anything you can get full terminal access as root.
Eric in Durham, NC sent in our Dumb Question this week, and it’s a really interesting one:
Hey Allison, here is a dumb question for you. I finally got rid of my Android phone and got an iPhone 😀. With that in mind, should I switch to Apple Photos app instead of using the Google Photo app? What is the difference between the two?
If I didn’t have the screenshots to prove it, you’d think I was making this story up. Olympus, the camera manufacturer, is blocking their own content unless you allow third-party ad tracking from a company called Criteo.
I first discovered this when I used my iPhone to getolympus.com with the intent of comparing the Olympus OM-D E-M5 Mark II to the E-M10 Mark III.
Correction – Apple’s Better Cookies are iOS 11 & macOS High Sierra Only
A few weeks ago we looked at Apple’s new and improved cookie handling algorithm in detail, and we at the very least implied it was a Safari 11 feature, but it’s not, it’s an iOS 11 & macOS High Sierra feature. Even though macOS Sierra got a Safari update, it did not get this new feature.
Here is a nice article showing how to control the feature in the two OSes that do support it: www.macobserver.com/….
With the recent legislation on privacy rules for ISPs in the United States, a lot of people are considering using VPNs to protect their Internet traffic from home. I thought this would be a great time to get Dave Peck on the show, co-founder of Cloak, my VPN of choice. This isn’t a show about Cloak but rather about VPNs in general. We talked about whether we should consider one for our home use, we talk about what kind of information your VPN provider may be collecting on you, we talk about the importance of understanding privacy policies.
Dave is very frank and honest about things like how Cloak handles things like logging of user data. Dave also answers some listener questions. There are some real surprises in this episode, in particular what you should know about those “top five VPN” lists you may have seen recently. I thought I knew where the discussion was going to go, and I was very surprised.
In preparation for this discussion, Dave wrote up his thoughts at davepeck.org/…
I watched the entire five hours of the Judiciary Committee Hearings in the case of the FBI vs. Apple, so you didn’t have to. I think you’ll like what you hear, it’s actually optimistic about our government officials. Next up I’ll tell you how I did not do a nuke and pave, and why you should do what I say, not what I do. Then we’ll have a monster Security Bits with Bart Busschots.
When Steve told me that they were going to broadcast live the House of Representatives Judiciary Committee Hearing on Apple vs the FBI, my first thought was that watching that would be like volunteering for jury duty. I couldn’t have been more wrong. Steve and I watched all five hours and I was positively glued to my screen.
Before we dig in, let’s make sure we all know what the Judiciary Committee is, what does it have to do with the House of Representatives and what are they doing chatting with the FBI and Apple? I’m not a legal scholar, so I looked it up on Wikipedia:
The U.S. House Committee on the Judiciary, also called the House Judiciary Committee, is a standing committee of the United States House of Representatives. It is charged with overseeing the administration of justice within the federal courts, administrative agencies and Federal law enforcement entities.
This week’s show is going to be a little bit different. We’ve got three cool gadget interviews, a Dumb Question asked and answered by Mark Pouley of Twin Lakes Images which is pretty standard fun, but then we’re going to switch gears to Security Bits where Bart and I will spend some quality time going over the FBI/Apple iPhone issue in detail. We both thought it was too important to do a quick bit on it. Bart will explain what we know as facts, then what the security experts think about it and finally Bart will explain his view of the situation. I think it’s a great discussion. As always Bart includes links to all of the articles he quotes.
We had a kernel panic during the live show last week, and four tech mavens helped me figure out what caused it, George from Tulsa tells us about the new Quicken for Lion: Lion Compatible Quicken FAQ, Import Quicken Essentials Data into Quicken, Buy Lion Compatible Quicken from Intuit for $14.99. Two more reviews from the CSUN Persons With Disabilities Expo, My Talk Tools from mytalktools.com and Charm Tech Capti for a more accessible and enjoyable access to Firefox. Professor asks if there isn’t some way to protect his PowerPC Macs. FlyGrip iPhone and Android accessory from flygrip.com. In Chit Chat Across the Pond Bart goes on a rant about 3rd party cookies, and then gives us the higher division course on home networking, and the advantages of building your own network router.