Open post
Security Bits Logo

Security Bits – Spectre & Meldown Update (Again), Dark Caracal, chaiOS

Meltdown & Spectre Update

  • Steve Gibson of GRC (author of ShieldsUp & SpinRite) has released InSpectre, a free Windows app which clearly communicates your PC’s current level of protection against Meltdown & Spectre, and what kind of a performance hit you should expect — www.grc.com/…
  • RedHat have withdrawn their microcode patch for Spectre after it caused some systems to become unbootable (Linux supports dynamic updating of CPU microcode without the need for a BIOS update) — www.theregister.co.uk/…
  • A great post on the official Raspberry PI blog that primarily aims to explain why the Raspberry PIs are not vulnerable to Spectre, but in the process, explain Spectre in clearest and most understandable way I’ve yet seen — www.raspberrypi.org/…

Continue reading “Security Bits – Spectre & Meldown Update (Again), Dark Caracal, chaiOS”

Open post
NosillaCast Logo

NC #662 CES Observations, Avantree Bluetooth Headset, Eargo, Thunderbolt Docks, OLEDcomm LiFi, Command Line Mac App Store, Magik AR Toothbrush, NASA SLS, Security Bits Special

In this mammoth episode, we’ve got some random CES observations, a review of the Avantree Bluetooth over-the-ear headset from George from Tulsa, a CES interview with an innovative hearing aid called Eargo, a story of Thunderbolt docks and USB-C from me, another CES interview about LiFi for Internet connectivity with OLEDcomm, a hot tip from Knightwise about how to reinstall Mac App Store apps using the command line, an augmented reality toothbrush from Kolibree called Magik from CES, and as if that weren’t enough content, we’ve got an out-of-band Security Bits update with Bart Busschots with the lates news about Spectre and Meltdown.

mp3 download

Continue reading “NC #662 CES Observations, Avantree Bluetooth Headset, Eargo, Thunderbolt Docks, OLEDcomm LiFi, Command Line Mac App Store, Magik AR Toothbrush, NASA SLS, Security Bits Special”

Open post
NosillaCast Logo

NC #661 Verizon Credits, No Flash Hack, Security Bits on Meltdown & Spectre

I’ve got a couple of announcements to tell you, then a listener story from David Bogdan from Japan, and one from Denise Crown. At that point, I’m going to hand you over to Bart and me in Security Bits because there was so much to talk about with so many big stories. We’ll talk about password managers being used as trackers, the IOHIDeous vulnerability, and then spend a lot of time learning the truth (as of now) about the Meltdown and Spectre vulnerabilities. It’s a fascinating session and Bart unpacks all of this for us beautifully of course.

mp3 download

Continue reading “NC #661 Verizon Credits, No Flash Hack, Security Bits on Meltdown & Spectre”

Open post
Security Bits Logo

Security Bits – Password Trackers, IOHIDeous, Meltdown & Spectre

Security Bits – 5 Jan 2018

Security Medium 1 — Password Managers as Trackers

Security researchers have found that less-reputable tracking firms have deployed JavaScript which uses invisible forms to trick password managers into entering information which can then be used as a kind of super-cookie that users cannot delete, and hence, track them around the web.

This problem affects all features that auto-fill usernames and passwords, whether or not they are native to the browser, or, provided by third-party plugins, so this affects everyone who saves passwords in their browser in any way.

Continue reading “Security Bits – Password Trackers, IOHIDeous, Meltdown & Spectre”

Open post
NosillaCast Logo

NC #659 Solving Network Problems, 2017 What Apps Am I Still Using Part 1, Security Bits

This week I was on the Clockwise Podcast episode 220 at relay.fm/…. Leo Laporte and Megan Morrone talked about my iOS 11 settings Mind Map of Doom on iOS Today episode 372 at around 57:30 into the show. Helma from the Netherlands brings us some networking tips. I bring you the first half of my 2017 Year in Review where I talk about the different software and hardware I’ve told you about during the year and tell you whether they’re still in use and why (or why not). Then Bart Busschots is back with Security Bits where we have two Security Mediums, the HP Keylogger, and Mailsploit.

mp3 download

Continue reading “NC #659 Solving Network Problems, 2017 What Apps Am I Still Using Part 1, Security Bits”

Open post
2017 in red

2017 Year in Review Part 1 – What Am I Still Using?

I’ve always thought it might be interesting to look back on all of the products I’ve reviewed over the years and see what I’m still using. That would be a gargantuan effort, given that I’ve been doing this for over 12 years!

But then I thought, maybe I could look at the past year and see what products are still valuable and what just fell away over time and maybe a quick discussion on why. I went through every blog post to see what I talked about in 2017, so here goes.
Continue reading “2017 Year in Review Part 1 – What Am I Still Using?”

Open post
Security Bits Logo

Security Bits – HP Keylogger, Mailsploit

Security Medium 1 — HP’s Accidental Keylogger

Some HP laptops shipped with a keyboard driver from Synaptics in which a developer debugging feature was accidentally left enabled. The effect of this mistake is that the driver has built-in support for logging all keystrokes via WPP (a debugging tool that’s built into Windows).

This sounds bad, really bad, but thankfully it’s not actually as bad as it sounds.

Continue reading “Security Bits – HP Keylogger, Mailsploit”

Open post
NosillaCast Logo

NC #657 Making Holiday Labels, Pocket Casts vs Downcast, Patreon Changes, Security Bits

Tom Merritt was on Chit Chat Across the Pond to talk net neutrality. I confess that after all my “I have made fire” talk about writing a script for chapter marks, it didn’t actually work. Learn how to make Holiday Card Address Labels using plain old Apple Contacts. Rush Sherman asks our first ever video Dumb Question – why do I use Downcast when I clearly said I used Pocket Casts before? Patreon did a major shift in how they charge patrons and pay creators, and I wanted to tell you how I feel about it and what hopefully will be changing. In a rare moment of music enjoyment, I suggest you buy If Every Day Were Christmas from Slau Halatyn. Bart Busschots brings us Security Bits about the macOS Root Bug, a HomeKit Bug, and changes to iOS Backup Encryption.

mp3 download

Continue reading “NC #657 Making Holiday Labels, Pocket Casts vs Downcast, Patreon Changes, Security Bits”

Open post
Security Bits Logo

Security Bits – 08 December 2017 – macOS Root Bug, HomeKit Bug, iOS Backup Encryption

Security Medium 1 — macOS High Sierra Root Bug

A nasty bug was found in macOS 10.13 High Sierra — it was possible to cause the root account to become enabled, and to do so with a blank password.

To trigger this bug all you had to do was go into the control panel, click the padlock to un-lock the sensitive settings, change the username to root, enter no password, then hit enter. At this point the authentication would fail, but, the root account would have been made active. Hit enter again, and root with a blank password will be accepted as valid. At this point you can do anything in the control panel, no matter how restricted your account is in theory, and, anything you can get full terminal access as root.

Continue reading “Security Bits – 08 December 2017 – macOS Root Bug, HomeKit Bug, iOS Backup Encryption”

Open post
NosillaCast Logo

NC #655 Follow Up on Chapters, Reader View and Adding Workouts, Show Hidden Files, Mind Map iOS 11 Settings, Security Bits

I’m still working on how to get chapters in the podcast (this show might have them!) Follow up tips from Mike Price and Kaylee Dayo on Reader View. How Sandy and Allister saved Thanksgiving with their tip on saving a workout from last week. Bart brings us a Tiny Tip on a trivially easy way to show and hide hidden files in macOS Sierra and High Sierra. I mind mapped all of the settings in iOS 11, and it was utter madness. In Security Bits Bart and I talk about how Face ID isn’t broken, we learn about USB bugs in the Linux Kernel and how there’s a vulnerability in Intel chips you might need to know about.

mp3 download

Continue reading “NC #655 Follow Up on Chapters, Reader View and Adding Workouts, Show Hidden Files, Mind Map iOS 11 Settings, Security Bits”

Posts navigation

1 2 3 4 9 10 11
Scroll to top