How to Turn Off NAT-PMP and UPnP on Your Router

A few weeks back after the disastrous distributed denial of service attack on the DNS servers was found to have been caused by insecure Internet of Things devices, Bart suggested that we turn off automatic port forwarding. This is a technology that is built into routers that allows devices (and software) inside your network to punch holes through your firewall in order to talk to the Internet. The advantage of this technology is that you don’t have to understand or even know what port forwarding is in order to get your devices and software to work. Unfortunately, we’ve learned that our IoT devices are often spectacularly insecure. For example, there are devices with hard-coded Secure Shell (SSH) usernames and passwords that were largely responsible for the denial of service attack.

This automated port forwarding I’m describing on most routers is called UPnP, and on Apple routers they use a similar protocol called NAT-PMP. Bart recommended that we turn this service off, and only open ports manually when we know why they need to be opened. I have both a Netgear router and an Apple router, so I thought it might be helpful if I posted tutorials on how to turn off UPnP via the web interface on the Netgear router, and NAT-PMP from the Airport Utility. Thanks to Allister Jenks for helping put together the instructions for turning off NAT-PMP from an iOS device for the Airport. And of course we made the tutorials with my favorite app, Clarify.

Here’s links to the three tutorials:

NC #599 iPhone 7+ Portrait Mode, 2016 MacBook Pros, Security Bits

Next week the show will be out early because we’ll be out of town on the weekend, so don’t try to go to the live show because there won’t be one! In Chit Chat Across the Pond, Bart taught us how to create a JavaScript API in Programming By Stealth 24. I did some experiments with the new iPhone 7+ feature called Portrait mode comparing the photos to a DSLR. The new MacBook Pros are coming and I’ll talk through the features and try to help you see if they’re good or bad choice for you. Bart Busschots is back with Security Bits where we do a deeper dive into DirtyCOW and Drammer along with important security updates, notable breaches and suggested reading.

mp3 download

Continue reading “NC #599 iPhone 7+ Portrait Mode, 2016 MacBook Pros, Security Bits”

NC #597 Credit Card Mixup at Apple, Easy Pill, Clean Install of macOS, Security Bits

Something appears to be fishy with Apple’s databases, based on my story of how someone else’s credit card got into my account. Mark Pouley of Twin Lakes Images gives a great review of the Easy Pill medication tracker and reminder for iOS. I’ll tell you why I think doing a clean install of your OS from time to time and not using Migration Assistant is a good idea, but I’ll follow that up with all the little fiddly bits I’ve had to modify to get things running again. Bart Busschots is back with Security Bits where he gives us an update on the security of the Internet of Things and more information that’s been coming out, along with all of the rest of this week’s security news.

mp3 download

Continue reading “NC #597 Credit Card Mixup at Apple, Easy Pill, Clean Install of macOS, Security Bits”

You May Not Want to Turn on Two-Factor Authentication If You Have an Apple TV 2 or 3

This post has been dramatically edited (and improved) since it’s first publish date, thanks to alert readers Mike C and Giles Croft. Spoiler alert – you CAN use two-factor authentication on an Apple TV 2 or 3! If you’ve already read this post, jump down to the heading “Breaking News”.

Atv 3 with remoteA little while ago I told you about how we were finally able to get our Apple TV to work on Hotel WiFi. As you probably recall, since the Apple TV can’t show a web browser popup, there’s no way to answer the prompt for the WiFi password. The trick was to get the hotel to tell you the phone number for the service provider of their WiFi. From there you can get the provider to provision the MAC address of the Apple TV to connect.

This week we went to see Forbes again (Lindsay and Nolan too) and stayed in a different hotel. We plugged in our Apple TV 3, connected to the network and as expected it didn’t work. After a few calls to the front desk, we eventually found someone to give us the number for their provider, Wandering WiFi. The guy I got was excellent, immediately knew what to do with my request and I hung up while we waited for the Apple TV to connect. But it didn’t work. Continue reading “You May Not Want to Turn on Two-Factor Authentication If You Have an Apple TV 2 or 3”

Enabling Two-Factor Authentication to Allow Apple Watch to Unlock Your Mac

Open system preferences security privacyOne of the things I was really looking forward to with macOS Sierra and watchOS 3 was the ability to unlock my Mac with my Apple Watch. I know it’s a small thing but typing that silly password 20 times a day gets on my nerves. I’m not as crazy as George from Tulsa thinks I am, as I didn’t upgrade my podcasting Mac, but I did upgrade my MacBook to Sierra and I upgraded my Watch right away to watchOS 3, so I really wanted to test this feature out.

It turned out to be quite a bit more complicated than I expected. I’ll explain why as we go through all of the steps. If you’d rather just jump right in and do it yourself, of course I did a full tutorial so you can skip ahead:

How to Disable Appleā€™s Two-Step Verification and Enable Two-Factor Authentication

I figured the place to turn this feature on would be in System Preferences, Security & Privacy where you originally enable a password to unlock the Mac. I guessed right because just below that was a section that said “Allow Apple Watch to unlock your Mac” and right below that it showed my original Apple Watch (which is still paired to my account) and my new Series 2 Apple Watch. I happily clicked the checkbox to allow my Watch to open the Mac.

Continue reading “Enabling Two-Factor Authentication to Allow Apple Watch to Unlock Your Mac”

NC #593 Poll to Influence Podfeet Redesign, Activity Tracking Improvements in watchOS 3 and iOS 10, First Days with iPhone 7 Plus, Security Bits

We chat about how the clock on is insecure and how we’re going to program our way around it. I need your help with a quick 5-question poll to help me redesign Activity tracking has REALLY improved with watchOS 3 and iOS 10. Want to help the show? Pledge your support at I’ll give you some of the high points of my first few days with the new iPhone 7 Plus (spoiler, I love it) but we’ll wait till next week to talk about the camera. Bart Busschots is back with another edition of Security Bits. Among other things he’ll tell you whether to light your hair on fire about the Dropbox kerfuffle.

mp3 download

Continue reading “NC #593 Poll to Influence Podfeet Redesign, Activity Tracking Improvements in watchOS 3 and iOS 10, First Days with iPhone 7 Plus, Security Bits”

Danger! Insecure Clock!

Dangerous scriptsSunday night during the live show, we noticed a big problem with the page for the live show, It wasn’t showing all of the elements of the page. At the top when it’s working properly, you should see a clock that tells you what time it is at my house. It’s not that I’m a narcissist, it’s there because I do the live show at 5pm where I am, so if you go to the page and it’s not live when you think it should be, you can check your time zone math by looking at the clock.

Also not showing was the live video from YouTube, which is essentially the whole point of the live show! I was alerted to the missing elements first by Steve but I assumed it was a problem on his computer, but then the live chatroom confirmed both the clock and video were missing.

I figured out what the problem was fairly quickly. Bart and I worked just a few weeks back to get set up as a secure website, buying a certificate and enabling it through my web host. Right before the live show, I edited the .htaccess page for my web server to give it a permanent 301 redirect so that any time http is requested, go to https instead.

The reason that affected the live show page is because the two elements in question, the clock and the live video, are both embedded http links. In the old days, a browser would put a giant popup on screen to tell you that there were insecure elements on the page, but people just said yes and went on their merry way. Instead, now browsers simply block insecure content on secure pages. Makes a bit more sense, right?

Now of course there’s nothing on that really requires security because you’re not putting your bank account info in anywhere, in fact other than writing text comments, you’re not entering any content at all. However it’s a bit alarming,, say in Chrome when you notice the red X in the url bar saying DANGER! INSECURE CONTENT!

The good news is that the video is pretty easy to fix. Every week Steve copies the embed link from the Hangout on Air into the Live Show page (, so now he needs to remember to put an “s” on the end of the http. That’s not a process fraught with danger at all, is it? I hope someone reads or hears this and remembers it for me just in case Steve is out of town at some point and I have to do it!

The clock is a bit more problematic because adding the “s” doesn’t fix it. Bart rubbed his hands together with delight though. He said he’s been searching for the right project for us to program in Programming By Stealth, and he says this would be a perfect thing for us to build! I’m super excited, and have no clue how we’ll even start but I’m sure looking forward to it.

NC #591 Theodore Bearington, Typeeto, Wire, DropShadow App, Security Bits

John, AKA NASAnut in the live chatroom sends a spectacular gift to us. We’ll talk about a free Mac utility called Typeeto that lets you use your Mac as a Bluetooth keyboard for your iOS devices and AppleTV. Joe LaGreca gives us a review of the secure messaging service, Wire, with full instructions on how to install and configure it. I’ll tell you how I made fire, otherwise known as how I wrote an actual Mac application using Automator and bash shell scripts (you can download it here but make sure you read the Read Me!) We’re also joined by Bart Busschots for another session of Security Bits.

mp3 download

Continue reading “NC #591 Theodore Bearington, Typeeto, Wire, DropShadow App, Security Bits”

NC #589 Live Show Sausage Making, Diagramming Live Show, Hangouts Moving, Screensharing, Fit and Healthy NosillaCastaways, Security Bits

In this week’s show we talk quite a bit about the tech behind the live show. I did a new diagram of how I broadcast my audio, Steve’s audio and my video to YouTube Live and to Alpha Geek Media and more. I created it with and you can see it at I made a 1 minute long video for Megan Moronne and Leo Laporte to talk about how the Smartbean from Antec can turn any headphones into Bluetooth, but my cat Ada sorta photo bombed it. I walk through the different methods of screensharing I use, including Skype, Messages and how adding QuickTime into the mix lets you include your iOS screens in the screen share. NosillaCastaways are becoming more fit and healthy because of our recent discussions and i read you a few anecdotes and tell you how even I upped my game because we’ve focussed on the tech. Bart Busschots is back with Security Bits too.

mp3 download
Continue reading “NC #589 Live Show Sausage Making, Diagramming Live Show, Hangouts Moving, Screensharing, Fit and Healthy NosillaCastaways, Security Bits”

Posts navigation

1 2 3 6 7 8 9 10 11 12 13
Scroll to top