The Acoustic Guitar Forum

Go Back   The Acoustic Guitar Forum > Other Discussions > Open Mic

Reply
 
Thread Tools
  #1  
Old 09-25-2017, 12:19 PM
Chicago Sandy's Avatar
Chicago Sandy Chicago Sandy is offline
Registered User
 
Join Date: Jan 2004
Location: SW Coast of Lake Michigan
Posts: 14,782
Default New Mac OS X High Sierra: just say "not yet"

ZDNet just reported that ex-NSA hacker Patrick Wardle, now a CEO of a tech security consulting group, found a hole in the about-to-be-released High Sierra version of OS X that allowed him to write an "exfiltrator" for Keychain (the program that stores users' passwords & usernames--thus allowing the generation of multiple unique and non-memorable passwords, which operates via iCloud on all the user's Apple devices). The exfiltrator lets the hacker access the data--in plain text--in any account or site whose username & password are stored in Keychain, without the necessity of actually logging in.

Seems the very code Apple wrote to shut out third-party developers also compromises user security.

Not gonna update just yet (assuming Apple nonetheless rolls it out on schedule). Seems like I updated to Sierra only within the past year.
__________________
Sandy

http://www.sandyandina.com

-------------------------
Gramann Rapahannock, 7 Taylors, 4 Martins, 2 Gibsons, 2 V-A, Larrivee Parlour, Gretsch Way Out West, Fender P-J Bass & Mustang, Danelectro U2, Peavey fretless bass, 8 dulcimers, 2 autoharps, 2 banjos, 2 mandolins, 3 ukes

I cried because I had no shoes.....but then I realized I won’t get blisters.
Reply With Quote
  #2  
Old 09-25-2017, 01:20 PM
imwjl imwjl is offline
Registered User
 
Join Date: Feb 2007
Location: My mom's basement.
Posts: 8,674
Default

I'm sure that's one of a few in past year or so and it might well be in the prior version. Look at a site like Naked Security or others to have an idea of how often popular technology has vulnerabilities like this. Frankly, it's a bit dizzying. I have to watch it for a hand full of tech platforms.

Something like the Mac keychain does make it a vulnerability worth going after but at any given moment there are targets offering more of a reward. Just think of how often some here give a silly boast about their not doing updates. That's a bit like saying "rob me, I'm ready for it to happen".

I'll probably do the update on computer today and wait for others.

My biggest concern at release is the VMware Fusion version announced is not ready today. I rely on that. At times there's no need for the version upgrade and at other times it's a must.

Good luck.
__________________
ƃuoɹʍ llɐ ʇno əɯɐɔ ʇɐɥʇ
Reply With Quote
  #3  
Old 09-26-2017, 06:34 AM
imwjl imwjl is offline
Registered User
 
Join Date: Feb 2007
Location: My mom's basement.
Posts: 8,674
Default

As suspected, the vulnerability applies to earlier versions of the OS too. The conversion to new file system has me more concerned than anything. Many do upgrades without sufficient backups.
__________________
ƃuoɹʍ llɐ ʇno əɯɐɔ ʇɐɥʇ
Reply With Quote
  #4  
Old 09-26-2017, 02:12 PM
Chicago Sandy's Avatar
Chicago Sandy Chicago Sandy is offline
Registered User
 
Join Date: Jan 2004
Location: SW Coast of Lake Michigan
Posts: 14,782
Default

Of course, most malware hackers go where the money is, and easiest to get. Businesses, institutions, and the majority of people use Microsoft and Android platforms.
If the Mac hack goes beyond the "vulnerability-demonstration" stage, I may just offload my usernames and passwords and print them (or even write them in longhand) and store them somewhere safe; then delete them from & disable Keychain.
__________________
Sandy

http://www.sandyandina.com

-------------------------
Gramann Rapahannock, 7 Taylors, 4 Martins, 2 Gibsons, 2 V-A, Larrivee Parlour, Gretsch Way Out West, Fender P-J Bass & Mustang, Danelectro U2, Peavey fretless bass, 8 dulcimers, 2 autoharps, 2 banjos, 2 mandolins, 3 ukes

I cried because I had no shoes.....but then I realized I won’t get blisters.
Reply With Quote
  #5  
Old 09-26-2017, 02:25 PM
KevWind's Avatar
KevWind KevWind is offline
Charter Member
 
Join Date: Apr 2008
Location: Edge of Wilderness Wyoming
Posts: 19,884
Default

I usually wait awhile before jumping to a new OS And I will do so on this one.

I may not be upgrading my recording studio machine to HS at all. As it is a Mid 2010 Mac Pro "cheese-grater" for which there may be other issues involved.
__________________
Enjoy the Journey.... Kev...

KevWind at Soundcloud

KevWind at YouYube
https://www.youtube.com/playlist?lis...EZxkPKyieOTgRD

System :
Studio system Avid Carbon interface , PT Ultimate 2023.12 -Mid 2020 iMac 27" 3.8GHz 8-core i7 10th Gen ,, Ventura 13.2.1

Mobile MBP M1 Pro , PT Ultimate 2023.12 Ventura 12.2.1
Reply With Quote
  #6  
Old 09-26-2017, 03:00 PM
Arthur Blake Arthur Blake is offline
Registered User
 
Join Date: Dec 2013
Posts: 1,025
Default Two pieces of security software I find very valuable

1) "Little Snitch" -- notifies you every time your computer sends information out. Takes a bit to configure at first, because you have to approve or disapprove each time, but after that, prevents a hacker from accessing your computer without your permission. You can approve temporarily, permanently, or disallow. Once it's set up, you rarely see it again, but it operates continuously.

2) "No Script" -- prevents any scripts from running in your browser without your permission. Some site content may not load properly without enabling it first, but also offers significant protection. - and again you can allow scripts to run temporarily, permanently, or deny them altogether.

I'm using a Mac laptop so don't know if these are available for Windows. I'm using No Script on Firefox, don't know if it's available for other browsers.
__________________
Martin OM-18 Authentic 1933 VTS (2016)
Reply With Quote
  #7  
Old 09-26-2017, 09:52 PM
Chicago Sandy's Avatar
Chicago Sandy Chicago Sandy is offline
Registered User
 
Join Date: Jan 2004
Location: SW Coast of Lake Michigan
Posts: 14,782
Default

Arthur, have these programs managed to stop any Mac-hacks in their tracks for you?
__________________
Sandy

http://www.sandyandina.com

-------------------------
Gramann Rapahannock, 7 Taylors, 4 Martins, 2 Gibsons, 2 V-A, Larrivee Parlour, Gretsch Way Out West, Fender P-J Bass & Mustang, Danelectro U2, Peavey fretless bass, 8 dulcimers, 2 autoharps, 2 banjos, 2 mandolins, 3 ukes

I cried because I had no shoes.....but then I realized I won’t get blisters.
Reply With Quote
  #8  
Old 09-27-2017, 05:53 AM
imwjl imwjl is offline
Registered User
 
Join Date: Feb 2007
Location: My mom's basement.
Posts: 8,674
Default

Quote:
Originally Posted by Arthur Blake View Post
1) "Little Snitch" -- notifies you every time your computer sends information out. Takes a bit to configure at first, because you have to approve or disapprove each time, but after that, prevents a hacker from accessing your computer without your permission. You can approve temporarily, permanently, or disallow. Once it's set up, you rarely see it again, but it operates continuously.

2) "No Script" -- prevents any scripts from running in your browser without your permission. Some site content may not load properly without enabling it first, but also offers significant protection. - and again you can allow scripts to run temporarily, permanently, or deny them altogether.

I'm using a Mac laptop so don't know if these are available for Windows. I'm using No Script on Firefox, don't know if it's available for other browsers.
Those are good but not as simple for many as DNS based security where there's C2 protection many solutions do not have. There is not a free OpenDNS at the current state of Cisco integration but I believe it's about the same cost as Little Snitch.

I'm a few years into using network based in addition to file type anti-virus and firewalls and have it at multiple sites protecting hundreds. It's not a replacement for other security but over and over shows that it's where you have to be if you really want to have the best protection.

When I've had home and small office users go this route they've found the consoles make far more sense than programs making noise on their computers and the alarms or warnings make the most sense.

For file-based or traditional anti-malware security and a Mac, Bitdefender has has good reviews and is indeed fast or unobtrusive as advertised.

If one is really concerned about security, easy management and a super strong set of features I would say look at the smallest Meraki appliances.
__________________
ƃuoɹʍ llɐ ʇno əɯɐɔ ʇɐɥʇ
Reply With Quote
  #9  
Old 09-27-2017, 05:22 PM
Chicago Sandy's Avatar
Chicago Sandy Chicago Sandy is offline
Registered User
 
Join Date: Jan 2004
Location: SW Coast of Lake Michigan
Posts: 14,782
Default

What about those of us retired Luddites who aren't in a corporate environment or even on a VPN and therefore don't face (or potentially cause) the same dangers?
__________________
Sandy

http://www.sandyandina.com

-------------------------
Gramann Rapahannock, 7 Taylors, 4 Martins, 2 Gibsons, 2 V-A, Larrivee Parlour, Gretsch Way Out West, Fender P-J Bass & Mustang, Danelectro U2, Peavey fretless bass, 8 dulcimers, 2 autoharps, 2 banjos, 2 mandolins, 3 ukes

I cried because I had no shoes.....but then I realized I won’t get blisters.
Reply With Quote
  #10  
Old 09-27-2017, 08:09 PM
imwjl imwjl is offline
Registered User
 
Join Date: Feb 2007
Location: My mom's basement.
Posts: 8,674
Default

Quote:
Originally Posted by Chicago Sandy View Post
What about those of us retired Luddites who aren't in a corporate environment or even on a VPN and therefore don't face (or potentially cause) the same dangers?
You can buy 1-2 Cisco Umbrella software licenses and get everything and more than you got when before Cisco acquired OpenDNS.

Think of it as a layer of protection that is before your computer or before anything's under your roof - stops threats before then can reach you. Umbrella uses DNS to stop threats over all ports and protocols — even direct-to-IP connections. There is also a function that stops the call back to malicious command and control networks.

I remember it back to around 2005-6 and it started ad supported or some free and some fee features. Cisco bought it a few years ago and I've been just as happy with it and appreciating more polish and features.

Most people think of end point, file based and firewalls for security. This adds a network layer where their DNS servers filter bad, spoofed and compromised stuff.

Some would call it overkill. Others not.
__________________
ƃuoɹʍ llɐ ʇno əɯɐɔ ʇɐɥʇ
Reply With Quote
  #11  
Old 09-27-2017, 11:27 PM
Chicago Sandy's Avatar
Chicago Sandy Chicago Sandy is offline
Registered User
 
Join Date: Jan 2004
Location: SW Coast of Lake Michigan
Posts: 14,782
Default

Wouldn't Umbrella make it next to impossible to connect to a hotel wi-fi network when I travel (or a hospital's network if I'm a patient)?

My husband reads echocardiograms at home on his Windows PC via his hospital system's portal (it can't be accessed from a Mac). But when he was a surgical patient at a different hospital (part of a different system), he couldn't access his portal and couldn't read echoes (losing several thousand dollars in fees, necessitating he forfeit his salary draw that month, and forcing us to dip into our own funds to meet his office's overhead). The network of the hospital where he was a patient was deemed insufficiently secure by his portal's firewall, and he was refused log-in data for the secure network because he was not an attending at the hospital where he was a patient. When we travel, even though we get free wi-fi at hotels where we're "executive members," he still has to pay extra to access a network his portal deems sufficiently secure--if he can't read echoes on vacation he can't afford to take the time off.

I don't want that hassle for my Macbook, iPad or iPhone.
__________________
Sandy

http://www.sandyandina.com

-------------------------
Gramann Rapahannock, 7 Taylors, 4 Martins, 2 Gibsons, 2 V-A, Larrivee Parlour, Gretsch Way Out West, Fender P-J Bass & Mustang, Danelectro U2, Peavey fretless bass, 8 dulcimers, 2 autoharps, 2 banjos, 2 mandolins, 3 ukes

I cried because I had no shoes.....but then I realized I won’t get blisters.
Reply With Quote
  #12  
Old 09-28-2017, 08:43 PM
imwjl imwjl is offline
Registered User
 
Join Date: Feb 2007
Location: My mom's basement.
Posts: 8,674
Default

Quote:
Originally Posted by Chicago Sandy View Post
Wouldn't Umbrella make it next to impossible to connect to a hotel wi-fi network when I travel (or a hospital's network if I'm a patient)?

My husband reads echocardiograms at home on his Windows PC via his hospital system's portal (it can't be accessed from a Mac). But when he was a surgical patient at a different hospital (part of a different system), he couldn't access his portal and couldn't read echoes (losing several thousand dollars in fees, necessitating he forfeit his salary draw that month, and forcing us to dip into our own funds to meet his office's overhead). The network of the hospital where he was a patient was deemed insufficiently secure by his portal's firewall, and he was refused log-in data for the secure network because he was not an attending at the hospital where he was a patient. When we travel, even though we get free wi-fi at hotels where we're "executive members," he still has to pay extra to access a network his portal deems sufficiently secure--if he can't read echoes on vacation he can't afford to take the time off.

I don't want that hassle for my Macbook, iPad or iPhone.
You can bypass when you wish. You make whitelists that will help tune it. It might be overkill but the core idea of network and DNS-based security is the now or the future because file based anti-virus can't really keep up. Many web sites make so many connections that just firewall management becomes a pain.

Don't forget Gatekeeper. Not exactly the same but a layer of security that comes from (depends on, operates from) Apple's cloud.

I would not bee too paranoid if you do your computer use with common sense and know how to recognize being spoofed.
__________________
ƃuoɹʍ llɐ ʇno əɯɐɔ ʇɐɥʇ

Last edited by imwjl; 09-28-2017 at 09:00 PM.
Reply With Quote
  #13  
Old 09-29-2017, 01:57 AM
Scholar Scholar is offline
Registered User
 
Join Date: Jan 2006
Location: Zagreb, Croatia
Posts: 941
Default

I tend to protect my wife's 2014 iMac with more than my usual paranoia. In addition to the built-in protection from Apple, I've seen to it that she's had the Intego suite for antivirus/network protection on board since she got the system. Intego actually upgraded its suite components specifically in anticipation of the High Sierra, about a week before Apple's release date for the OS. In addition, she has an browser extension that randomly spoofs her browser profile as a means of helping to prevent DNS leaks, and a couple of other protective bits and pieces.

I've now installed High Sierra for her, and everything continues to work seamlessly.

Since 2014, and with different flavors of the Mac OS, the Intego suite has stopped perhaps three or four "attacks" about which it provided her specific warnings. It may have blocked other unreported items as well. So, from my perspective, it's been worth the annual subscription (no financial interest on my part).

I've also got a VPN that can provide additional security for her system, when I can get her to log into it. She has this idea that because she isn't doing anything "critical" and tends not to visit sites she thinks are suspicious or dangerous, her risk is minimal. She may still be right, at least for the moment -- but I'll remain a little paranoid on her behalf.
__________________
Steve
currently (and possibly permanently) guitarless

Reply With Quote
  #14  
Old 09-29-2017, 05:07 AM
imwjl imwjl is offline
Registered User
 
Join Date: Feb 2007
Location: My mom's basement.
Posts: 8,674
Default

Quote:
Originally Posted by Scholar View Post
I tend to protect my wife's 2014 iMac with more than my usual paranoia. In addition to the built-in protection from Apple, I've seen to it that she's had the Intego suite for antivirus/network protection on board since she got the system. Intego actually upgraded its suite components specifically in anticipation of the High Sierra, about a week before Apple's release date for the OS. In addition, she has an browser extension that randomly spoofs her browser profile as a means of helping to prevent DNS leaks, and a couple of other protective bits and pieces.

I've now installed High Sierra for her, and everything continues to work seamlessly.

Since 2014, and with different flavors of the Mac OS, the Intego suite has stopped perhaps three or four "attacks" about which it provided her specific warnings. It may have blocked other unreported items as well. So, from my perspective, it's been worth the annual subscription (no financial interest on my part).

I've also got a VPN that can provide additional security for her system, when I can get her to log into it. She has this idea that because she isn't doing anything "critical" and tends not to visit sites she thinks are suspicious or dangerous, her risk is minimal. She may still be right, at least for the moment -- but I'll remain a little paranoid on her behalf.
I fail to see how a VPN can provide security for the system unless it's something like the client to a LAN or specific host. Many who talk about this with me are confusing privacy with security unless they're making a VPN connection where they know the endpoints.

As examples:

If I use my open VPN based Private Tunnel sitting in Chicago choosing Atlanta or Zurich still gets me using the Internet and where I do it from can or will tell the LAN administrator and ISP I'm using a VPN product.

If I use a Cisco VPN client or L2TP VPN client to the security appliance at a specific location have a tunnel through the Internet but the system I'm using could still be vulnerable to a threat within that building.

People should know that just using a privacy VPN product or hot spotting your phone can get you watched. That's not a problem if you've got nothing to hide but in some cases it's violating terms of use or making you look suspicious.

On privacy VPN products, one should also do their homework. Tech journals I follow have had articles on some that are not really private.

Overall with your computer is like life. Use common sense with your activities and travels. Stick with well regarded best practices.
__________________
ƃuoɹʍ llɐ ʇno əɯɐɔ ʇɐɥʇ
Reply With Quote
  #15  
Old 09-29-2017, 05:54 AM
Scholar Scholar is offline
Registered User
 
Join Date: Jan 2006
Location: Zagreb, Croatia
Posts: 941
Default

I take your point, imwjl, though I did say the VPN would provide "additional security" generally (which it does). I'm not in the US, and my VPN provider (also not in the US) has taken a strong interest in security in the sense to which you refer, as well as in privacy. Ours is a home network, and I'm the admin; given the nature of my family's activities on the net, I'm not concerned that my ISP may know I'm using a VPN product. As you point out, it's generally a good idea not to violate one's terms of use, and I've insured we're clear on that score as well.

Common sense does go along way. I regard my own VPN use (SSTP) as hedging the odds in my favor in terms of privacy, and with my current VPN provider, security as well. I could be wrong, but neither my Windows system nor our two Apple systems have ever been compromised. Perhaps that has more to do with the separate security software I've installed than with the VPN. In either case, I guess I'll keep doin' what I'm doin'...

In the meantime (and to return to the main point), High Sierra appears to be working beautifully on my wife's iMac. All good!
__________________
Steve
currently (and possibly permanently) guitarless

Reply With Quote
Reply

  The Acoustic Guitar Forum > Other Discussions > Open Mic

Thread Tools





All times are GMT -6. The time now is 03:14 AM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
Copyright ©2000 - 2022, The Acoustic Guitar Forum
vB Ad Management by =RedTyger=