Update on Ring and they’re problematic app and website, Daniel Semro demonstrates how a blind person subscribes to a podcast. It’s surprising what things you can’t do without data (as I learned in the national parks last week). In response to Tim Jahr’s question, I’ll explain why I said during Chit Chat Across the Pond with Bruce Wilson that IT is waste. Claus Wolf asks for a change to the Amazon Affiliate Links and I grant that wish. Bart Busschots is back with another fabulous Security Bits segment.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Apple bias. Today is Sunday June 11, 2017 and this is show number 631. We’re back from our big adventure to Yellowstone and Grand Teton National Parks. I simply cannot believe that it took me 59 years to get around to seeing them. They are both absolutely phenomenal. I felt especially dumb about not going there because it was only about a half a day of flying and driving, and yet the parks were filled with people from Europe and Asia. David Roth told me before we went that we would be amazed, and so I’m obligated here to say the words, “Dave was right.”
Update on Ring
I wanted to follow up with the story I told you a few weeks ago about Ring, makers of the Ring Video Doorbell and Floodlight Cam. As you may recall, I’d discovered that their Mac desktop app was causing my browser to launch and go to two tracking sites, and then cause pop ups. Even worse, their site misleadingly said that the app was in the Mac App Store, while in fact it is a zip file download.
About a week and a half after I notified Ring of the problems, they finally came out with a new version of the Mac app that got rid of the auto-launching of the browser and the popups. That was good but they still hadn’t changed the link on their website that claimed it was a Mac App Store app. I continued to pester them, but finally at two full weeks, I took to Twitter. I don’t think it had any effect, but as of two days ago I was able to verify that they had finally fixed the link.
I’m conflicted on how to think about Ring. I love their hardware and I love the video capability. Their hardware purchase price is competitive and their cloud storage of videos is very reasonably priced, On the other hand, they have shown to be be in disarray on messaging and don’t seem to mind misleading their customers.
They did fix the problems in the end, and the CEO did circle back with me to ensure that I had gotten the new app and that I was satisfied with the solution, so that was back in the good column. All I can say is that Ring is no Rogue Amoeba.
Chit Chat Across the Pond
Chit Chat Across the Pond this week is of the lite variety but it’s actually with Bart Busschots. It’s been a year since he came on and told us about his quest to lose weight and become more healthy through the use of technology. He has achieved his goal and has some philosophy to share with us about how to go at this problem so many of us face. He talks through the tech as well, explaining what works for him and what doesn’t. And of course Bart includes detailed notes of everything he talked about over at bartbusschots.ie/… The best part of the discussion is at the beginning, when he says I was right! Check it out in the new Chit Chat Across the Pond Lite feed or the full Chit Chat Across the Pond feed, in your podcatcher of choice.
Daniel Semro Demonstrates Subscribing to Podcasts as a Blind Person
This week we have a wonderful listener review by Daniel Semro to play.
(Don’t read). Daniel demonstrates how he subscribes to podcasts as a blind listener. I don’t know for sure how old he is but he sounds very young. In this audio recording he tries to subscribe to MacBreak Weekly, but the Podcast app fails and can’t find it. Then he tries subscribing ot the SMR Podcast and it works. I love that he does that show in particular because he says all kinds of fun stuff about it.
Wasn’t that awesome? I bet you all thought when he said he was going to do one for me, he would do the NosillaCast or maybe Chit Chat Across the Pond, but picking my favorite podcast to listen to as SMR Podcast was even better. Thanks so much for sending that in Daniel. By the way, Daniel has two YouTube channels if you want to check out more of his content, and of course there are links in the show notes: DanielS Music Covers and his main channel, called simply Daniel Semro
Blog Posts
What You Can’t Do Without Data
IT is Waste
Patreon and Amazon
This week I got a note from Claus Wolf about the ways to support the Podfeet Podcasts. He made a really good point. He said that every time he hears me say at the end of Chit Chat Across the Pond, “This show is supported by Patreon”, it bugs him because it misses the point. Patreon is just a method of providing support to the show. The show is supported by you, not Patreon. That’s such an important distinction and I’m so glad he pointed that out. I will be rerecording that ending for sure!
He also asked for a change to the Amazon Affiliate Links on the home page. He pointed out that it’s three clicks to get to the German (or UK or Canadian) Amazon stores. One to click on Support the Show, then click on Outside the US? Click here” and then finally clicking on the flag for the right country. While the flags are adorable (and the page is called podfeet.com/funwithflags), that’s a lot of clicks. He asked whether I could change that line at the bottom to just say ca | de | uk, that would eliminate that whole step! Since Claus is pretty close to single handedly spending as much on Amazon Germany as the entire United States, I immediately implemented the changes!
If you’d like to help support the show, just head on over to podfeet.com and click on Support the Show and find a way that works for you and your family.
Security Bits
Important Security News
- Russian hackers are abusing Google’s AMP mobile web accelerator services to create very convincing phishing links – the pages are not legitimate, and not hosted on Google’s site, but they look just like Google page, and when served through AMP, they get a
www.google.comURL, so the domain-name highlighting in modern browsers makes these phishing attacks more effective, not less. The take-away is that any URL starting with www.google.com/amp/ should be considered suspect (for entering information), and treated as if it were not actually at Google, because it isn’t really, it’s just being accelerated through a Google server – motherboard.vice.com/… - Security researchers find an interesting bug in Google’s Chrome browser that allows sites to turn on your web cam and mic without the browser displaying that fact to you. WebRTC is a modern protocol which allows websites to stream audio and video to websites, so it can access your webcam and mic. Chrome will not let a site use your mic without your permission. In theory, Google also puts an indicator light on any tab that is recording you through your mic or your camera or both. What researchers have found is that once you grant a site access, it’s possible for that site to record you without the indicator being activated. Google insist this is not a security vulnerability, but many are not convinced (including me). Bottom line, if you use Chrome, and if you grant a site access to your mic and/or web cam, be aware that they can use that access in secret, and only grant such access to sites you truly trust – nakedsecurity.sophos.com/…
- Security researchers are warning of a new technique being used by attackers to distribute malware through PowerPoint. The technique works even when macros are disabled. It abuses the hover functionality in PowerPoint. On newer versions of Office a warning is triggered that users have to be tricked into clicking past, but that’s not the case on older versions, and it’s proven quite easy to trick users into agreeing to things they shouldn’t in the past. The takeaway is to be extra wary of unexpected PowerPoints in emails – arstechnica.com/…
- Google’s Chrome browser will start blocking ads that don’t meet certain guidelines by default. Because of the specifics of exactly what they are doing, and the obvious conflict of interest, this superficially good news is getting a lukewarm reception at best:
- Mid-term pallette cleanser: Internet History Podcast internethistorypodcast.com/…
- Apple announced at WWDC that it is adding AI to their Safari Browser to to detect internet tracking, and block it – nakedsecurity.sophos.com/…
- PSA – Security Firm F-Secure have found security vulnerabilities that allow remote attackers to access videos recorded on many Foscam internet-connected cameras, and despite reporting the vulnerabilities to Foscam many months ago, they remain un-patched, leaving users unable to protect themselves (short of turning the devices off) – arstechnica.com/…
Notable Breaches
- Credit Card Breach at Kmart Stores. Again – krebsonsecurity.com/…
- OneLogin: Breach Exposed Ability to Decrypt Data – krebsonsecurity.com/… & OneLogin suffers breach—customer data said to be exposed, decrypted – arstechnica.com/…
- China uncovers massive underground network of Apple employees selling customers’ personal data – www.hongkongfp.com/…
Suggested Reading
- Useful Advice
- Interesting Analysis
- Russian Hacking News
- Putin: “Patriotic” Russian hackers may have interfered in US election – arstechnica.com/…
- Leaked NSA report says Russians tried to hack state election officials – arstechnica.com/… & Russians apparently ‘targeted US election via phishing attacks’ – nakedsecurity.sophos.com/…
- You’ll never guess where Russian spies are hiding their control servers – arstechnica.com/…
- Google Play Store Malware News
- Yet another example of how broken the Google Play store is, two virus-riddled games have been found in there, they’ve been there since March, and have over 50K downloads – nakedsecurity.sophos.com/…
- Punching down the Judy Android adware: a SophosLabs analysis – nakedsecurity.sophos.com/…
- Android ransomware hides in fake King of Glory game – nakedsecurity.sophos.com/…
- Task force tells Congress health IT security is in critical condition – arstechnica.com/…
- How a few yellow dots burned the Intercept’s NSA leaker – arstechnica.com/…
- Sneaky hackers use Intel management tools to bypass Windows firewall – arstechnica.com/…
- Keybase adds end-to-end encryption to messages on the web – nakedsecurity.sophos.com/…
- WikiLeaks says CIA’s “Pandemic” turns servers into infectious Patient Zero – arstechnica.com/…
- Thousands of enterprise apps exposing data on back-end servers – nakedsecurity.sophos.com/…
- An interesting article describing of some of the research going on into what personal data apps are transmitting across the internet – www.fastcompany.com/…
- Why ‘I forgot my password’ won’t go down well with a judge – nakedsecurity.sophos.com/…
- Crooks hold nude plastic surgery pictures to ransom after break-in – nakedsecurity.sophos.com/…
- It is not OK to break the law to catch criminals, judge rules – nakedsecurity.sophos.com/…
Palette Cleanser
- A stunning video created with images from the Juno spacecraft showing what it’s like to fly close to Jupiter – apod.nasa.gov/…
That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Remember, everything good starts with podfeet.com/. podfeet.com/patreon, podfeet.com/facebook, podfeet.com/googleplus, podfeet.com/amazon! And if you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.
I wanted to reassure the blind community that you are not alone. That being said, I wanted to let you know that there are many options on the market nowadays that can be a tremendous help. There’s a product called OrCam that’s been a tremendous help for me. Essentially, they offer low vision aids such as their smart glasses for the visually impaired and glasses for blind person and in my eyes it’s 100% worth it to re-gain independence and be able to recognize signs, people and my surroundings. Definitely recommend you give it a try.