NC #639 Two Catastrophic Apple Problems Challenge Me, Security Bits

This is a bit of a different show – it’s primarily the four part story of my saga dealing with two catastrophic failures with Apple in a single week. It’s quite a tech story with a lot to interesting angles. After that Bart joins us with Security Bits.

mp3 download

Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Apple bias. Today is Sunday August 6 and this is show number 639.

Chit Chat Across the Pond

I usually start the show by telling you who was on Chit Chat Across the Pond this week. There normally would have been a Programming By Stealth episode of Chit Chat, but Bart is hammered at work and Steve and I have been traveling so much that we just couldn’t put it together. Bart and I do this for the fun of it, and it wasn’t going to be fun, so I declared that we’re on summer vacation. Programming By Stealth will reconvene as a “back to school” episode the first weekend in September.

Chit Chat Across the Pond Lite will have some episodes here and there, like next week Patrick Beja of FrenchSpin.com will be on to talk about the tech industry that’s on fire in France. I think Chit Chat Across the Pond Lite will take a break the following week though because Steve and I are headed off to Portland to hangout with Jean MacDonald (you might know her from App Camp for Girls) and we’re all going to see the eclipse together.

I’m going to do my darnedest to get out the NosillaCast during all of this travel but I expect they’ll be shorter than usual. If you’ve got a gadget or app you’re excited about, or a cool tech story to tell, I would love it if you’d make a recording for the show that I can use in the next few weeks. Oh yeah, this week Steve and I are off to Sal Soghoian’s Cmd-D conference too! After the end of August I’m refusing to leave the house for three months!

This week’s show is going to be a little bit unusual. I had a catastrophic series of technical events unfold over the week, and I’m going to tell you that story. As these events progressed, I documented everything that happened in blog posts. I’m going to tell you it as it happened, which will make it more dramatic I think then telling you the solution at the end. Some things I’ll say up front end up not being true at the end, but again, it’s a better story if I tell it as it’s happened.

When I’m done with my tech disaster story, we’ll have a chat with Bart in Security Bits.

Blog Posts

AppleCare Needs a Frequent Flyer Program

That Time Apple Stole My Stuff (or Maybe Not)

Time to Contact Craig Federighi

When Bad Things Happen to Good Computers

Patreon and Amazon

This week, Lynda Gousha and Terry Vogelaar, and Ron (who chooses to go last nameless) all signed up to become Patrons of the Podfeet Podcasts. This big surge in signups is fantastic! These folks went to podfeet.com/patreon and signed up to donate a dollar amount per week or per month or per episode. It’s a really easy way to support podcasters that you think are providing you value. I do this out of the love of the sport, but it’s sure nice to have revenue to offset the costs of the equipment and servers and such that make the show “go”. Thank you so much for supporting the shows!

Security Bits with Bart Busschots

Noteworthy Security News

• The CopyFish Chrome Plugin – a cautionary tale of how one employee clicking on one phishing link could threaten the very existence of your entire product – nakedsecurity.sophos.com/…
• A few days after the CopyFish plugin was successfully take over by attackers and used to push ads on users, it happened again, this time to the Web Developer Chrome plugin – arstechnica.com/…
• Following an investigation into online fraud in the so-called binary trading market (basically markets where you bet on whether a give stock will go up or down) by the Australian Securities and Investments Commission (ASIC), Apple & Google have both pulled hundreds of apps from their app stores (Editorial by Bart – just because an app has been tested and found not to be malicious in the software sense doesn’t mean it’s safe in every sense – fraudsters can build secure apps!) – www.independent.co.uk/… & www.macobserver.com/…
• VPNs under attack
  • In China, most VPNs are illegal, and the government moved to force Apple to remove VPN apps from their Chinese App stores – www.macobserver.com/…, daringfireball.net/… & www.loopinsight.com/…
  • Meanwhile, in Russia, a new law was just passed making VPNs, and indeed any technology that allows for anonymous web surfing, illegal. That law comes into effect on the 1st of November, so expect app purges then – www.macobserver.com/…
  • TunnelBear’s GhostBear intended to obfuscate the fact that you’re using a VPN.
• Security researchers reveal hack against 2015 and 2016 Amazon Echos that turn them, permanently and invisibly, into eaves-dropping devices. The only small silver lining is that physical access is needed to perform the hack, but, once its performed, it can’t be un-done via any sort of software reset or update, and it leaves no obvious trace (it’s invisible unless you physically open the device or notice unusual network traffic coming from your device) – motherboard.vice.com/… & www.macobserver.com/…
• US Senators introduce a bill designed to set minimum security standards for IoT devices, and to curtail the abuse of the US Computer Fraud & Abuse Act (CFAA) to persecute security researchers. Supporters of the bill include The Harvard University Berklett Cybersecurity Project, the Center for Democracy & Technology, and Mozilla – krebsonsecurity.com/…, www.macobserver.com/… & nakedsecurity.sophos.com/…

Suggested Reading

• PSAs, Advice & Tips
  • How to Tell if Software and Updates Are the Real Deal – www.intego.com/…
  • A nice explanation and review of ViewExif, and iOS app for managing an important aspect of your privacy, location data embedded in photos you share – www.imore.com/…
  • Everything you need to know about iCloud Keychain – www.imore.com/…
  • ?? How to Tell If Your Eclipse Glasses or Handheld Solar Viewers Are Safe – eclipse.aas.org/…
• News
  • The UK Home Secretary (similar role to Secretary of State in the US) sparks a torrent of strong reaction when she says that “real people don’t want unbreakable encryption” – nakedsecurity.sophos.com/…
  • Multiple vulnerabilities found in radiation monitoring gateways – nakedsecurity.sophos.com/…
  • DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program – www.us-cert.gov/…
  • Security researchers reveal an exploitable weakness in the CAN protocol used on the CAN bus in cars. The bug can be used for DOS attacks, which in the case of cars translates to Denial of Control, since even things like steering, brake, and throttle inputs can be blocked! The only small silver lining is that physical access is needed to initiate the attack – nakedsecurity.sophos.com/…
  • The Electronic Privacy Information Center (EPIC) has filed suit against Google over the plans the announced back in May to track users in the physical world and map that to the ads they were shown on Google – nakedsecurity.sophos.com/…
  • Amazon reaches out to users with bad security before the crooks do – nakedsecurity.sophos.com/…
• Opinion & Analysis
  • ?? An excellent article explaining how supposedly harmless anonymised data can be de-anonymised surprisingly easily – nakedsecurity.sophos.com/…
  • Month in Review: Apple Security in July 2017 – www.intego.com/…

That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Remember, everything good starts with podfeet.com/. podfeet.com/patreon, podfeet.com/facebook, podfeet.com/googleplus, podfeet.com/amazon! And if you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.