Send your audio reviews for the while I’m gone in March to [email protected]. Check out my appearances on The Productive Woman Podcast at theproductivewoman.com and Tech’s Message at natelanxon.com/podcast. An interview at CES with Fujitsu followed by an in depth review of their ScanSnap iX100 mobile scanner. In Dumb Question Corner Eric asks how to speed up an aging Mac for the least amount of money. In Chit Chat Across the Pond Bart takes us through Taming the Terminal part 29 of n – Introducing SSH.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday February 15, 2015 and this is show number 510. Steve and I are getting ready to go off on another big adventure. As you know, Macworld got cancelled and because the same people who owned Macworld sponsored the MacMania Geek cruises, they got cancelled too. So a few of our friends from MacMania suggested that we all go to India, Dubai and Nepal, so Steve and I said, “ok!” I’m not sure it would have been my first choice of vacation spots but these guys had it all planned out already so what the heck!
We’ll have three guest hosts for the shows on March 8th, 15th and 22nd, and then I’ll be back in your ears on the 29th. There will be NO live show any of those weekends! But let’s talk about the guest hosts. Unfortunately Katie is still busy in grad school so won’t be stepping in as she has before, but Guy Serle of the My Mac Podcast has graciously accepted the challenge to entertain and educate you for one show. We’ll have Bart at the helm one week and the dulcet tones of Allister Jenks will take care of you as well. Now would be a GREAT time for you to start working on audio reviews to help the boys out with creating material for the shows. Bart has agreed to act as the broker to dole out the recordings, so please email them to [email protected]. And of course there’s a link in the show notes so you don’t have to be able to spell that!
Don’t worry about Tesla in our absence, she’s going to have a long vacation at our Daughter Lindsay’s house playing with her black lab, Dodger. Our aging kitty Buzzy will be tended by our friend Brandy, a fierce TSA agent who will be house sitting in our absence. All will be well!
Amazon Affiliate Links
I wanted to thank the people who listen to the show who used the Amazon Affiliate links over on podfeet.com. Between all of you, you bought 561 items at Amazon. If you’re not familiar with this, when you use the little Amazon search window on my site, or if you click on a link to a product in the shownotes that redirects you to Amazon, anything you buy in that Amazon session converts to a small percentage being sent back to me to support the show but oddly it doesn’t cost you a dime more. People have bought baby diapers, books and even tech gear of all things using either the direct links or the search. You guys rock for helping pay the hosting bills for the show. By the way, if two more items get purchased through one of my links, I get bumped up to a higher percentage, so listen up to the show and see if you NEED something new at Amazon!
The Productive Woman Podcast
One of my goals in retirement was to make the time to do more podcasting. That goal was certainly met this week. First I had the great pleasure of joining fellow NosillaCastaway Laura McClellan on her show, The Productive Woman Podcast. Laura raised 5 children and THEN went back to school, getting her degree in law from Cornell and is now a partner in a large law firm. She has always had a passion of connecting to women, especially moms, as the navigate the often stressful waters of life as a 21st-century woman. In her show she tries to help others through her triumphs and mistakes. I have great respect for Laura and what she’s doing with this well-needed show so I actually asked to be on the podcast. Luckily for me she confessed that she was trying to work up her nerve to ask me so it was great for both of us. I’ve been asked why this is only for women. I guess I’d give the same answer that I get when I ask podcasters why they advertise Harry’s Razors for men. They tell me, “well a woman COULD use a Harry’s Razor.” I hope you’ll go over to theproductivewoman.com and check out episode 29 (link in the shownotes of course where we talked about my favorite subject, “Choices.”
Tech’s Message
Nate Lanxon is well known in the tech community as the host of the Wired.co.uk podcast and the managing editor of Wired.co.uk. Recently he left Wired, much to the chagrin of his audience to become Senior Editor at Bloomberg Media. The good news is that he’s started a new podcast, called Tech’s Message (spell it!) He’s testing out different formats for the show, and I couldn’t have been more delighted when he asked me to be on his show. You may remember that Nate was a guest on Chit Chat Across the Pond a few months ago where we talked about the differences in tech between the UK and the US. Well as he put it, he turned the tables and asked me on to talk about what kinds of things the UK should worry about as they watch the consolidation of the number of Telcos there. It was great fun and I think you’ll enjoy the discussion. You can catch Tech’s Message over at natelanxon.com/podcast, look for Episode 4 to hear our conversation.
Blog Posts
In Depth Review of the Tiny Portable ScanSnap iX100 Scanner
Dumb Question Corner – How to Speed Up an Aging Mac with Minimum Investment
Clarify
On Saturday morning, Clive sent me an email with a link to his very first ever Clarify document. He asked me if I’d critique it for him. He had used Clarify to capture screenshots of a tip he wanted to show people on how to open multiple tabs in Safari all at once. After he captured the screenshots, he dropped in some annotations – a box here, an oval there – all helping to clarify his point. I suggested a few minor changes and I encouraged him to post the tutorial in our Google Plus community (podfeet.com/googleplus).
In the afternoon I decided to check out his G+ post and follow his link to the free clarify-it site that Clarify made for him, and noticed that the changes I’d suggested were in the document. Now realize that Clive didn’t have to do anything but update his document in Clarify and push the publish to web button a second time and we got his updates. He didn’t have to use an FTP client, he didn’t have to go move images around on a server, he didn’t have to create a new document with a new link and send it out again to everyone, he just pushed the publish button a second time. Clarify is awesome for creating quick tutorials but it’s way way more awesome than any other tool at making changes to tutorials.
I put a link in the shownotes to Clive’s post in Google Plus that will get you to his tutorial on how to open multiple tabs in Safari all at once so you can learn and see what a first time Clarify user can do to help others. If you have an example of how you’ve used Clarify to help yourself or others and would like me to showcase it here, send it on in! And for the last few of you who don’t yet own Clarify, head on over to clarify-it.com and check out their free trial for the Mac and Windows.
Chit Chat Across the Pond
Security Medium – a Bad Fortnight for Privacy
A Healthcare Disaster – US Heath Insurance Company Anthem breached:
- up to about 80 million records lost – http://krebsonsecurity.com/2015/02/data-breach-at-health-insurer-anthem-could-impact-millions/
- It appears the breach dates back to April 2014 – http://krebsonsecurity.com/2015/02/anthem-breach-may-have-started-in-april-2014/
- Phishing attacks against the victims have already begun – http://krebsonsecurity.com/2015/02/phishers-pounce-on-anthem-breach/
- There’s a lot of fluff in the media about how this would all have been find if only the DB had been encrypted – that is actually not correct – a live system needs to be readable and writable, so it wouldn’t have been any help at all in this scenario – http://arstechnica.com/security/2015/02/why-even-strong-crypto-wouldnt-protect-ssns-exposed-in-anthem-breach/
The Next Bush:
Following in his father’s and Brother’s footsteps, former governor of Florida Jeb Bush is making a run for the US Presidency. The campaign are trying to brand the former governor as the e-Governor, and hence set him up to be the e-President. To try underling that point, the campaign released an archive of the former governors’s emails IN UN-REDACTED FORM. These emails contain private information relating to many innocent Floridians, including SSNs, medical diagnoses & prescriptions, and financial matters. The campaign have promised to re-visit the data and redact it, but the genie is out of the bottle now, and simply can’t be put back in.
Editorial (Bart): The level of ignorance needed to effectively Dox the citizens you once served is staggering. It’s clear to me that the title of e-Govenor is not deserved. Mr. Bush clearly knows enough about technology to send and receive emails, but very little more. A classic case of a little knowledge being a dangerous thing. It doesn’t matter what your politics are, there is simply no way to see this irresponsible act as anything other than a scandal.
Security Light
Followups:
- Google tweak their Project Zero procedures in an attempt to address the irresponsible disclosure of big MS bugs last month. (Editorial by Bart: I doubt this tweak is perfect, but, it shows Google are prepared to evolve the project to try resolve problems, that’s very reassuring on two grounds – it shows they are prepared to evolve, and it shows they are prepared to listen to criticisms instead of using their monopoly power to force through their vision. The change seems reasonable, I think the fact that there is a change at all is actually the most important takeaway) – http://arstechnica.com/security/2015/02/google-updates-disclosure-policy-after-windows-os-x-zero-day-controversy/
- Followup – Verizon promise to allow users to full opt out of their super-cookie tracking program – http://arstechnica.com/information-technology/2015/02/verizon-will-now-let-users-kill-previously-indestructible-tracking-code/
Important Security Updates:
- ANOTHER emergency Flash patch for another zero day – http://krebsonsecurity.com/2015/02/yet-another-flash-patch-fixes-zero-day-flaw/ (OS X starts blocking out-dated versions of flash http://www.intego.com/mac-security-blog/apple-updates-safari-adobe-flash-player-web-plugin-disables-all-flash-player-versions-prior-to-16-0-0-305/)
- Microsoft patch 55 security flaws in a bumper Patch Tuesday. The patches include a fix of a bug nicknamed JASBUG, which is catching a lot of media attention. The bottom line on JASBUG is that it only affects corporate-style Windows Active Directory domains, so home users don’t need to worry about it. Everyone should of course apply all the patches presented to them by Windows update, especially because there is also a very important IE patch in there this time! – http://krebsonsecurity.com/2015/02/microsoft-pushes-patches-for-dozens-of-flaws/ (a good article from Ars Technica explaining how JASBUG works – http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/)
Important Security News:
- Another Zero-day surfaces in IE – https://nakedsecurity.sophos.com/2015/02/04/internet-explorer-has-a-cross-site-scripting-zero-day-bug/ & http://arstechnica.com/security/2015/02/serious-bug-in-fully-patched-internet-explorer-puts-user-credentials-at-risk/ (does not seem to be patched yet as best as I can tell: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0072)
- 17 year old security researcher finds privacy flaw in new WhatsApp Web – https://nakedsecurity.sophos.com/2015/01/30/whatsapp-web-has-privacy-holes-that-could-expose-user-photos/
- Apple continues to expand it’s use of 2-Factor Auth, Messages and FaceTime are now protected – http://arstechnica.com/apple/2015/02/apple-extends-two-factor-authentication-to-facetime-and-imessage/
- As of this week US citizens now have the right to have their phones carrier-unlocked (well done FCC) – http://www.macobserver.com/tmo/article/want-to-unlock-your-iphone-theres-a-law-for-that
- Activation Locks seem to be working to bring down crime rates, data from London, New York & San Francisco shows a marked drop in theft rates for smart phones with a ‘kill switch’ – http://www.reuters.com/article/2015/02/11/us-usa-smartphone-killswitch-idUSKBN0LF09520150211
- Intego are warning of a resurgence of the OpinionSpy spyware, it seems to be being bundled with legitimate apps like Free Video Cutter Joiner and distributed via supposedly reputable sites like VersionTracker, MacUpdate, and Download.com – http://www.intego.com/mac-security-blog/opinionspy-rears-its-ugly-head-on-macs-once-again/
- This week’s storm in a teacup – Samsung’s Smart TV Voice Recognition – The media went bonkers about Samsung being honest about the fact that voice recognition involves the transmission of data – there is no scandal here. Samsung did they right thing and the media have punished them for it, the end result will be that companies will be less honest in future. – http://www.bbc.com/news/technology-31296188
- A US senate report raises serious concerns over the safety of many modern cars – onboard computer systems are insufficiently protected – http://arstechnica.com/security/2015/02/senator-car-hacks-that-control-steering-or-steal-driver-data-way-too-easy/
- The iOS-based component of the Operation Pawn Storm malware which targeted western governments made a lot of noise in the media. Much was made of the fact that victims did not need to have been jailbroken to infect themselves, but what a lot of the coverage missed or glossed over was the fact that the victim had to be tricked into installing the malware – yet again, the iPhone’s security model warned victims, who then had to be convinced to ignore the warning presented to them by their devices in order for them to infect themselves. A lot of coverage seemed to leave people with the message that iPhones are vulnerable to malware now, but the real take-away yet again should be that you must not trust unsigned and/or unexpected provisioning profiles on your iOS devices, EVER – http://www.intego.com/mac-security-blog/hackers-target-ios-using-government-officials-and-journalists-in-pawn-storm-malware-attack/
- According to AV firm Avast, there was apps in the Google Play store that contained malware that were downloaded millions of times (Editorial: if you insist on using Android despite the very troubling security landscape, I would recommend using AV, even if you confine yourself to the Play store) – http://arstechnica.com/security/2015/02/malicious-google-play-apps-may-have-hosed-millions-of-android-handsets/
- PSA – if you use a network-connected baby monitor – change the password or prepared to be spied on by creeps – https://nakedsecurity.sophos.com/2015/02/02/baby-monitor-hijacked-change-default-password-urges-foscam/
- PSA – some models of D-Link routers are vulnerable to DNS hijacking. Because the vulnerability was not responsibly disclosed, there does not appear to be a patch available yet. If you have one of these routers, keep an eye out for updates, and in the mean time make absolutely sure the admin pages are NOT accessible from the net – https://nakedsecurity.sophos.com/2015/02/04/d-link-routers-vulnerable-to-dns-hijacking/
- FaceBook improve option for what happens after users die – http://www.macobserver.com/tmo/article/preparing-your-social-network-for-the-afterlife
- FaceBook run into trouble AGAIN with their real names policy – this time it’s Native Americans who are being discriminated against (Editorial by Bart: this is somewhere on a spectrum from ‘only’ unacceptable ignorance to imperialism/paternalism to outright racism – what ever tag you choose to apply, I find deeply distasteful) – https://nakedsecurity.sophos.com/2015/02/12/facebook-is-telling-native-americans-their-names-are-fake/
Notable Breaches:
- Book2Park.com becomes the latest victim of the gang who got Target & Home Depot – http://krebsonsecurity.com/2015/02/target-hackers-hit-third-parking-service/
Suggested Reading:
- FaceBook have pushed out a new Privacy Policy for their European users, and the German privacy regulator has significant concerns about it’s legality – https://nakedsecurity.sophos.com/2015/02/02/facebooks-got-a-new-privacy-policy-and-it-plans-to-share-your-data-with-partners/
- Google promise to change their privacy policy in settlement with UK Information Commissioner’s Office – https://nakedsecurity.sophos.com/2015/02/02/google-to-change-privacy-policy-after-settling-case-with-ico/
- A great article from Naked Security explaining why even anonymised big data is a real privacy concern – https://nakedsecurity.sophos.com/2015/02/12/the-big-data-picture-just-how-anonymous-are-anonymous-records/
- FaceBook launch ThreatExchange – effectively a social network for social network operators to share security information in a standardised format while protecting trade secrets and user privacy – https://nakedsecurity.sophos.com/2015/02/13/facebooks-new-threatexchange-will-rally-companies-to-squash-internet-badness/
- Details have emerged about how the combination of two zero-day flaws was used to compromise Forbes last November – http://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbes-visitors/
- Box release an enterprise key management solution to hand control of data corporate customers store back to the customers – http://arstechnica.com/information-technology/2015/02/box-hands-cloud-encryption-keys-over-to-its-customers/
- The FCC are ready to classify ISPs as common carriers in order to achieve net neutrality, http://www.macobserver.com/tmo/article/fcc-ready-to-classify-internet-service-as-a-utility-in-net-neutrality-plan, and AT&T ready to sue the FCC in response – http://www.macobserver.com/tmo/article/att-ready-to-sue-fcc-over-net-neutrality
Main Topic – Taming the Terminal part 29 of n – Introducing SSH
https://www.bartbusschots.ie/s/2015/02/14/taming-the-terminal-part-29-of-n-intro-to-ssh/
That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.