{"id":7782,"date":"2015-12-29T16:24:02","date_gmt":"2015-12-30T00:24:02","guid":{"rendered":"http:\/\/www.podfeet.com\/blog\/?p=7782"},"modified":"2024-12-15T19:43:38","modified_gmt":"2024-12-16T03:43:38","slug":"nc-555","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2015\/12\/nc-555\/","title":{"rendered":"NC #555 Black Screen of Death, Don&#8217;t Turn off SIP, Tenba Messenger Bag, Security Stuff"},"content":{"rendered":"<p>What would make not one but two Macs suddenly have their screens go black? We&#8217;ll unravel that mystery along with a Dumb Question from John Ornsby asking if it&#8217;s ok to partially turn off System Integrity Protection (SIP).  I&#8217;ll give you a review of the <a href=\"http:\/\/amzn.to\/1QSKN06\" target=\"_blank\">Tenba DNA 8 Messenger Bag<\/a> and then we&#8217;ll close out the show with Security Stuff from Bart Busschots.<\/p>\n<p><audio class=\"wp-audio-shortcode\" id=\"audio-7782-1\" preload=\"none\" style=\"width: 100%;\" controls=\"controls\"><source type=\"audio\/mpeg\" src=\"http:\/\/media.blubrry.com\/nosillacast\/traffic.libsyn.com\/nosillacast\/NC_2015_12_29.mp3?_=1\" \/><a href=\"http:\/\/media.blubrry.com\/nosillacast\/traffic.libsyn.com\/nosillacast\/NC_2015_12_29.mp3\">http:\/\/media.blubrry.com\/nosillacast\/traffic.libsyn.com\/nosillacast\/NC_2015_12_29.mp3<\/a><\/audio><br \/>\n<a href=\"http:\/\/phobos.apple.com\/WebObjects\/MZStore.woa\/wa\/viewPodcast?id=81677867\"><img loading=\"lazy\" decoding=\"async\" style=\"float: none;\" src=\"https:\/\/podfeet.com\/NosillaCast\/artwork\/itunes_subscribe_button.png\" alt=\"itunes\" width=\"125\" height=\"43\" \/><\/a><br \/>\n<a title=\"mp3 download\" href=\"http:\/\/media.blubrry.com\/nosillacast\/traffic.libsyn.com\/nosillacast\/NC_2015_12_29.mp3\" target=\"_blank\">mp3 download<\/a><\/p>\n<p><!--more--><br \/>\nHi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Tuesday December 29, 2015 and this is show number 555.  I hope you had a safe and happy holiday and got lots of fun tech gifts! If you got something fun and want to tell everyone about it, we&#8217;d love a recording for the show! If it&#8217;s your first time, check out the <a href=\"https:\/\/www.podfeet.com\/blog\/record-your-own-review\/\" target=\"_blank\" >link in the shownotes<\/a> on how to record your own review. I give you guidelines on how long to make them and how to send them to me.<\/p>\n<p>In Chit Chat Across the Pond this week, Bart Busschots continued his series Programming By Stealth with installment 5 on HTML Images and Links.  Remember you have to subscribe separately to Chit Chat Across the Pond so you don&#8217;t miss it!<\/p>\n<p>I want to start the show with a harrowing tale of a technical disaster that turned into a giant success story.<\/p>\n<h3>Blog Posts<\/h3>\n<h4><a href=\"https:\/\/www.podfeet.com\/blog\/2015\/12\/2-macs-black-screen\/\" target=\"_blank\">What Would Make TWO Macs Go Black Screen?<\/a><\/h4>\n<h4><a href=\"https:\/\/www.podfeet.com\/blog\/2015\/12\/dqc-turn-off-sip\/\" target=\"_blank\">Dumb Question Corner &#8211; Is it ok to partially turn off System Integrity Protection?<\/a><\/h4>\n<h4><a href=\"https:\/\/www.podfeet.com\/blog\/2015\/12\/tenba-dna-8-bag\/\" target=\"_blank\">Tenba DNA 8 Messenger Bag &#8211; Perfect for Mirrorless Cameras<\/a><\/h4>\n<h3>Security Stuff with Bart Busschots<\/h3>\n<h4 id=\"toc_1\">Important Security Updates<\/h4>\n<ul>\n<li>Apple patch all their OSes &#8211; <a href=\"http:\/\/arstechnica.com\/apple\/2015\/12\/mega-apple-update-day-brings-ugprades-to-os-x-ios-watchos-and-tvos\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Adobe release security update for Flash &#8211; <a href=\"https:\/\/www.intego.com\/mac-security-blog\/adobe-issues-final-2015-flash-player-security-update\/\">www.intego.com\/&#8230;<\/a><\/li>\n<li>In a massive patch Tuesday, Adobe &amp; Microsoft each plug over 70 security holes &#8211; <a href=\"http:\/\/krebsonsecurity.com\/2015\/12\/adobe-microsoft-each-plug-70-security-holes\/\">krebsonsecurity.com\/&#8230;<\/a>\n<ul>\n<li>Of particular importance is a patch to Outlook, fixing a dangerous exploit that has been named &#39;letterbomb&#39; &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/outlook-letterbomb-exploit-could-auto-open-attacks-in-e-mail\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Microsoft warn of possible attacks after the private key for an Xbox live cert was leaked &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/10\/microsoft-warns-of-possible-attacks-after-xbox-live-certificate-leaked\/\">nakedsecurity.sophos.com\/&#8230;<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h4 id=\"toc_2\">Important Security News<\/h4>\n<ul>\n<li>Oracle settle with the US FTC over Java&#39;s deceptive security patches (patching Java did not actually remove all old versions of Java, leaving users vulnerable) &#8211; <a href=\"http:\/\/arstechnica.com\/information-technology\/2015\/12\/oracle-settles-with-ftc-over-javas-deceptive-security-patching\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>To help illuminate the realities of internet censorship, and new HTTP response code has been agreed &#8211; a HTTP 451 response means the content was blocked for legal reasons &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/23\/welcome-to-http-error-code-451-unavailable-for-legal-reasons\/\">nakedsecurity.sophos.com\/&#8230;<\/a><\/li>\n<li>Grindr is being used to lure gay men to pre-assigned meeting places where they are then robbed in the UK. This could happen anywhere though, with any &#39;dating&#39; app &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/23\/grindr-being-used-to-target-and-rob-gay-men\/\">nakedsecurity.sophos.com\/&#8230;<\/a><\/li>\n<li>Naked security warn that malware is getting smarter about exploiting MS office, so it is ever more important to keep Office patched &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/18\/crooks-update-their-exploits-have-you-updated-your-office\/\">nakedsecurity.sophos.com\/&#8230;<\/a><\/li>\n<li>Jailbroken iPhones in China getting infected with TinyV iOS Trojan &#8211; <a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-trojan-tinyv-is-infecting-jailbroken-iphones\/\">www.intego.com\/&#8230;<\/a><\/li>\n<li>PSA: US Drone owners beware &#8211; you must now register your drone with the FAA &#8211; <a href=\"http:\/\/www.imore.com\/you-are-now-required-register-all-unmanned-aircraft-including-drones\">www.imore.com\/&#8230;<\/a><\/li>\n<\/ul>\n<h4 id=\"toc_3\">Notable Breaches<\/h4>\n<ul>\n<li>Hyatt Hotels report a malware-driven credit card breach &#8211; <a href=\"http:\/\/krebsonsecurity.com\/2015\/12\/malware-driven-card-breach-at-hyatt-hotels\/\">krebsonsecurity.com\/&#8230;<\/a><\/li>\n<li>Password theives buy e-GiftCard from Gyft &#8211; <a href=\"http:\/\/krebsonsecurity.com\/2015\/12\/password-thieves-target-e-giftcard-firm-gyft\/\">krebsonsecurity.com\/&#8230;<\/a><\/li>\n<li>&#39;Unauthorised Code&#39; present in Juniper products since 2012 allows for the decryption of VPN traffic, and provides a back-door into firewalls &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic\/\">arstechnica.com\/&#8230;<\/a> &amp; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/researchers-confirm-backdoor-password-in-juniper-firewall-code\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Apparent card breach at Landry&#39;s Restaurants &#8211; <a href=\"http:\/\/krebsonsecurity.com\/2015\/12\/banks-card-breach-at-landrys-restaurants\/\">krebsonsecurity.com\/&#8230;<\/a><\/li>\n<li>Card skimmers found at some California and Colorado Safeways &#8211; <a href=\"http:\/\/krebsonsecurity.com\/2015\/12\/skimmers-found-at-some-calif-colo-safeways\/\">krebsonsecurity.com\/&#8230;<\/a><\/li>\n<li>Security rEsearchers discover a data leak in Target&#39;s wishlist app &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/wish-list-app-from-target-springs-a-major-personal-data-leak\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>A rookie mistake (failing to secure the standard MongoDB port) exposes the details of 13m MacKeeper users &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/13-million-mackeeper-users-exposed-after-mongodb-door-was-left-open\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Hzone, a dating app for HIV+ people decided to respond to security researchers trying to inform them about a data leak by threatening to infect them and their families with HIV (also appears to be a failure to secure MongoDB) &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/16\/hiv-dating-app-leaks-sensitive-user-data-threatens-infection-when-alerted\/\">nakedsecurity.sophos.com\/&#8230;<\/a><\/li>\n<li>Hello Barbie servers found to be vulnerable to now 14 month old POODLE bug &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/internet-connected-hello-barbie-doll-gets-bitten-by-nasty-poodle-crypto-bug\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<\/ul>\n<h4 id=\"toc_4\">Suggested Reading<\/h4>\n<ul>\n<li>A nice FAQ from Ars Technica on the whole encryption debate &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/fact-checking-the-debate-on-encryption\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Good advice from c|net for securing your iOS devices &#8211; <a href=\"http:\/\/www.cnet.com\/how-to\/six-ways-to-make-your-iphone-more-secure\/\">www.cnet.com\/&#8230;<\/a><\/li>\n<li>Good advice for US citizens to avoid being the victim of Tax Refund Fraud in January &#8211; <a href=\"http:\/\/krebsonsecurity.com\/2015\/12\/dont-be-a-victim-of-tax-refund-fraud-in-16\/\">krebsonsecurity.com\/&#8230;<\/a><\/li>\n<li>Apple petition the US government to change the wording of their controversial &quot;Investigatory Powers Act&quot; AKA &quot;Snooper&#39;s Charter&quot; &#8211; <a href=\"http:\/\/www.imore.com\/apple-calls-changes-proposed-uk-intelligence-bill-over-encryption-concerns\">www.imore.com\/&#8230;<\/a><\/li>\n<li>The FBI admits to using Stingrays and zero-day exploits &#8211; <a href=\"http:\/\/arstechnica.com\/tech-policy\/2015\/12\/fbi-admits-it-uses-stingrays-zero-day-exploits\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Twitter warns dozens of users that they may be being targeted by state-sponsored hackers &#8211; <a href=\"http:\/\/arstechnica.com\/tech-policy\/2015\/12\/beware-of-state-sponsored-hackers-twitter-warns-dozens-of-users\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Research finds that many banking apps on iOS still leave a lot to be desired security-wise &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/21\/ios-banking-app-security-getting-better-but-still-bad\/\">nakedsecurity.sophos.com\/&#8230;<\/a><\/li>\n<li>The Intercept reveal a secret catalogue of cellphone spying equipment on sale to law enforcement &#8211; <a href=\"http:\/\/arstechnica.com\/tech-policy\/2015\/12\/behold-the-catalog-of-cellphone-spying-gear-the-feds-dont-want-you-to-see\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Germany comes to an agreement with Facebook Google &amp; Twitter to delete hate speech within 24 hours &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/17\/facebook-google-and-twitter-agree-to-german-demand-to-delete-hate-speech-within-24-hours\/\">nakedsecurity.sophos.com\/&#8230;<\/a><\/li>\n<li>How a bug in some FireEye firewalls could allow an entire corporation to be compromised with a single specially crafted malicious email &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/when-a-single-e-mail-gives-hackers-full-access-to-your-network\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>The DNS infrastructure withstood a huge DDoS attack &#8211; <a href=\"http:\/\/nakedsecurity.sophos.com\/2015\/12\/10\/internet-dns-servers-withstand-huge-ddos-attack\/\">nakedsecurity.sophos.com\/&#8230;<\/a> &amp; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/attack-flooded-internet-root-servers-with-5-million-queries-a-second\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<li>Facebook and CloudFlare push controversial proposal to extend support for SHA1 certs &#8211; <a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/sha1-sunset-will-block-millions-from-encrypted-net-facebook-warns\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<\/ul>\n<p>Well in spite of everything we managed to muddle through and we never missed a show! That&#8217;s going to wind this up for this week. Don&#8217;t forget to send in your Dumb Questions, comments and suggestions by emailing me at <a href=\"mailto:allison@podfeet.com\">allison@podfeet.com<\/a>, follow me on <a href=\"http:\/\/twitter.com\/podfeet\">twitter<\/a> @podfeet.  Check out the <a href=\"https:\/\/plus.google.com\/communities\/117336672755291339814\" target=\"_blank\">NosillaCast Google Plus Community<\/a> too &#8211; lots of fun over there!  If you want to join in the fun of the live show, head on over to <a href=\"https:\/\/podfeet.com\/live\">podfeet.com\/live<\/a> on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways.  Thanks for listening, and stay subscribed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What would make not one but two Macs suddenly have their screens go black? We&#8217;ll unravel that mystery along with a Dumb Question from John Ornsby asking if it&#8217;s ok to partially turn off System Integrity Protection (SIP). I&#8217;ll give you a review of the Tenba DNA 8 Messenger Bag and then we&#8217;ll close out [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147,173,1],"tags":[245,239,96,50,209],"class_list":["post-7782","post","type-post","status-publish","format-standard","hentry","category-blog-posts","category-nosillacast","category-podcasts","tag-black-screen","tag-camera","tag-photography","tag-security","tag-troubleshoot"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/7782","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=7782"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/7782\/revisions"}],"predecessor-version":[{"id":7785,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/7782\/revisions\/7785"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=7782"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=7782"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=7782"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}