#494 ChromeSafe, Partial Solar Eclipse, ApplePay, Unprotected WiFi, Taming the Terminal Part 23a Networks

How to protect Chrome on OS X from POODLE vulnerability using Dorothy’s Tutorial. Capturing imagery of a partial solar eclipse – Steve’s video, my photo. A little rocky trying to use ApplePay for the first time, but it worked in the end. Unprotected wifi fun thanks to Andy sending in the link to medium.com and another reason to use Cloak from getcloak.com. In Chit Chat Across the Pond Bart takes us through the first half of Taming the Terminal Part 23a of N explaining Network protocols and layers.

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday October 26, 2014 and this is show number 494. We have a GIANT show today, but I can’t possibly start without thanking Bart for stewarding the show last week. I LOVE it when he hosts, and I thought the discussion with George Starcher was awesome. Thanks Bart!

As you know I was at my daughter’s wedding which was absolutely the best time. She married the man of her dreams in a fabulous setting and everything went off without a hitch. Nolan, my new son-in-law issued a challenge to me before the wedding. He asked me whether I could go through the whole wedding without taking photos. I decided to give it a try and instead of viewing one of the most important days in our life through a tiny viewfinder, I didn’t take a single photo. It was an amazing experience, but I’m absolutely DYING for the photos from the professional photographer, which won’t get here for weeks and weeks. So to those of you who said you can’t wait for the photos, sorry to disappoint but for once I enjoyed the experience without a camera.

Enough about that though, let’s dig in!

When we were talking about Dorothy’s instructions on how to make your Chrome browser safe, I blithely referred to the fact that she made a Clarify tutorial to do this. I’m usually the one making these so it was AWESOME to be the recipient of one. Because she used Clarify she was able to put giant arrows and circles around the things to click and look at, throw in some text to explain what to do, put a text box for the code to copy and paste, and then at the end hit export to PDF. When I got her instructions I had NO problems at all. Unlike the arcane instructions I’d mentioned trying to follow, I had no confusion. It was as though she had Clarified it for me! No puns intended, that’s why it’s named that way! If you want to be as brilliant as Dorothy, first go to college for four years and get a degree in programming and then buy a copy of Clarify to teach people what you know, from clarify-it.com.

Chit Chat Across the Pond

Security Lite

Important Security Updates:
* Apple release iOS 8.1 – includes fix for POODLE – http://nakedsecurity.sophos.com/2014/10/21/apple-pushes-out-ios-8-1-kills-the-mobile-poodle-and-fixes-some-ahem-bakckdoors/
* OS X 10.10 Yosemite patches Poodle & Shellshock – http://www.intego.com/mac-security-blog/os-x-yosemite-10-10-patches-poodle-shellshock-vulnerabilities/
* Apple release Security Update 2014-005 for OS X 10.8 & 10.9, includes patches for POODLE & Shellshock – http://www.intego.com/mac-security-blog/security-update-2014-005-mitigates-poodle-vulnerability/
* Patch Tuesday has been and gone with updates from Adobe (Flash & AIR), Microsoft (Office, including the Mac version, IE 7 .NET) & Oracle (Java) – http://krebsonsecurity.com/2014/10/microsoft-adobe-push-critical-security-fixes/

Important Security News:
* Microsoft warn of zero-day attacks using a Power Point vulnerability in Windows – http://technet.microsoft.com/en-us/library/security/3010060.aspx (provides ‘fix it’ workaround – https://support.microsoft.com/kb/3010060)
* Whisper is not actually anonymous – http://www.theguardian.com/world/2014/oct/16/-sp-revealed-whisper-app-tracking-users (CTO tries to defend the company’s actions – the response is not positive – http://arstechnica.com/security/2014/10/whisper-cto-says-tracking-anonymous-users-not-a-big-deal-really/)
* A hack of a 3rd party website leaks 13GB of SnapChat images – yet again showing how SnapChat is NOT ephemeral – http://arstechnica.com/security/2014/10/snapchat-images-stolen-from-third-party-web-app-using-hacked-api/
* Apple respond to reports that someone (perhaps the Chinese Government) is attempting MITM attacks against iCloud with a very clear instruction page to help people protect themselves: http://support.apple.com/kb/HT6550 (bottom line, if you get a certificate warning, don’t just ignore it!)
* Apple publish iOS Security Guide (including Apple Pay details) – http://www.macobserver.com/tmo/article/apple-publishes-ios-security-guide-with-apple-pay-details
* A kerfuffle erupts over OS X Yosemite’s Spotlight. Gruber’s short summary covers the bases IMO – http://daringfireball.net/linked/2014/10/20/yosemite-spotlight-privacy (or you can read my mini-rant – https://www.bartbusschots.ie/s/2014/10/24/behind-peoples-backs/)

Notable Breaches:
* Kmart reports data breach – http://nakedsecurity.sophos.com/2014/10/13/kmart-becomes-the-latest-retail-data-breach-victim/
* Banks warn of a breach in Staples Stores – http://krebsonsecurity.com/2014/10/banks-credit-card-breach-at-staples-stores/

Suggested Reading:
* Ever wonder just how unsafe public wifi is – see what an attacker can do in just 20 minutes – https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6
* More on US Law Enforcement -v- Security
* Apple make full disk encryption the default for OS X Yosemite – http://www.intego.com/mac-security-blog/yosemite-filevault/
* Head of the FBI pleads with citizens to let the FBI spy on them – http://arstechnica.com/security/2014/10/fbi-director-to-citizens-let-us-spy-on-you/
* WIRED respond with a strong rebuttal – http://www.wired.com/2014/10/fbi-is-wrong-apple-encryption-is-good/
* Facebook pro-actively check their accounts against usernames/passwords leaked in breaches – http://nakedsecurity.sophos.com/2014/10/21/facebook-prowls-the-internet-looking-for-your-password/
* Facebook chastise the US Drug Enforcement Administration for using FaceBook to impersonate people for the purpose of tricking criminals into revealing themselves (I’m no lawyer, but is the word for that not ‘entrapment’?) – http://nakedsecurity.sophos.com/2014/10/20/facebook-dear-dea-please-dont-set-up-fake-profiles-to-trap-criminals/
* New Snowden revelation claims NSA have infiltrated US and foreign firms in an attempt to weaken their security – http://arstechnica.com/security/2014/10/nsas-core-secrets-suggests-agents-inside-firms-in-us-abroad/

Main Topic


Taming the Terminal Part 23a of n – Networking Intro: https://www.bartbusschots.ie/s/2014/10/25/taming-the-terminal-part-23-of-n-networking-intro/

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, Blue Mango Learning at bluemangolearning.com makers of Clarify. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter and app.net @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

