We’ll be in the live chatroom during the WWDC Keynote – join us! I also hope you’ll come to Macstock Expo in July, and to help it be more affordable use coupon code PODFEET. The free Vectornator Pro for iPad (and iPhone) is an amazing vector design program and I’ll tell you all about it. Rick from Baltimore brings us an amazing Tiny Tip about how he uses the Accessibility shortcuts on his iOS devices to both dim his screen at night and turn on the magnifier. Steve Sheridan tells us all about the Apple Health Study and why you might want to join it. In Security Bits, Bart Busschots tells us about VPNFilter in Security Medium, and then CallKit Removal in China, No Telegram Updates in App Store, End of Flash & Silverlight, Papua New Guinea Turns Off Facebook and much more.
- Spectre & Meltdown
- Details have been released of a new Spectre variant named Speculative Store Bypass, or SSB. The vulnerability affects AMD, ARM & Intel chips. Thankfully it can be mitigated quite easily, so it’s just a matter of applying software, OS, firmware, and microcode updates as they are released — arstechnica.com/…
There won’t be a live show next week, and the NosillaCast will be out on Tuesday instead of Sunday (sorry guys). Check out the tutorial I did on Keep It for ScreenCasts Online at screencastsonline.com. We’ve got another of Steve’s videos from NAB, this time from Backblaze about their B2 cloud storage. Then I’ll tell you how using Airtable from airtable.com might help me finally wrap my brain around databases as I attempt to manage my bathroom remodel with it. Bart Busschots is with us for another fine edition of Security Bits about Efail, protection of the 4th Amendment, Glitch & ThrowHammer as well as Black Dot & Text-Bomb.
Security Medium — The Efail Email Encryption Vulnerability
The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG.
Under certain circumstances, the bug allows an attacker to trick email clients into sending a copy of the decrypted versions of encrypted emails to a server of their choice. The bug is triggered in the client, so it affects every email opened by the client, regardless of when it was sent, so this bug could allow an attacker to read encrypted emails arbitrarily far back in time.
We’ll take a look at StepShot Guides to see if it’s a worthy replacement for Clarify after all. Then we have an interview with Monoprice from NAB where we’ll have a surprisingly interesting and funny interview about SlimRun Ethernet and HDMI cables. Bart and I haven’t talked Security Bits in ages, so we have a nice long one for you.
On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router.
It turns out it’s not possible to set system-wide DNS settings on iOS or Android. This means that the Hybrid Approach we described of setting a third-party DNS on your home router and then also hard-coding it on your mobile devices remains the best advice, but it’s not possible to do on iOS or Android devices. Annoyingly, that means there is no good solution to protect these devices 🙁. Thanks very much to Allister Jenks for drawing our attention to this in our Google Plus Community.
- The Facebook/Cambridge Analytica Kerfuffle:
Continue reading “Security Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy”
In this week’s show I announce the new “Special Pages” button on podfeet.com (I know, exciting to have a new button, isn’t it?) We used mimoLive from Boinx Software for the first time making the live show, but I only tease you at the beginning that I’ll explain what that is. I promise, I’ll tell you all about it next week! We’ve got two last interviews from CSUN: the AssisTech SmartCane and Smartbox for those with speaking challenges. I’ll tell you how I have even MORE blinky lights on me when I go for a walk thanks to Bart, and then we’ll have Security Bits where Bart gives us an update on the Cambridge Analytica/Facebook kerfuffle, WebAuthn, and more security news and information.
Followup 1 — Meltdown/Spectre
- Intel won’t fix Spectre flaws in older chips — nakedsecurity.sophos.com/…
- AMD systems gain Spectre protection with latest Windows fixes — arstechnica.com/…
Followup 2 — The Cambridge Analytica/Facebook Kerfuffle
We start with how wrong I was last week, with two huge mistakes. I posted a teaser video about a Monosnap screencast I did for ScreenCasts Online, and how I was on Daily Tech News Show #3248 where we talked about whether the announcements from Apple will help them get back in the game with education. Then I’ll walk you through the harrowing tale of how awful both iBooks Author and Pages are at creating ebooks. Then Bart joins us to give a follow up on the Cambridge Analytica/Facebook kerfuffle, he’ll tell us about two new laws in the US called SESTA/FOSTA and the CLOUD act, and he’ll tell us about the very clever fix Apple came up with for the HSTS vulnerability that’s plaguing all browsers.
I’ll talk about what tech things we used and learned more about in Paris including improvements in Project Fi, VPN challenges, Apple Pay, calorie metrics with Apple Watch and high-speed trains. Bart barges in on the show to tell me about how he uses a combination of smart playlists and modifications in Overcast to create the best of both worlds. I’ll tell you about a really cool button I found on my Olympus OM-D E-M5 Mark II to automatically shoot HDR shots. Bart joins us again for an out-of-band Security Bits to talk about the kerfuffle about Cambridge Analytica and Facebook.