Archive for September 25, 2017

BREAKING: Zero Day Bug In macOS High Sierra Can Facilitate Password Theft [UPDATE: Fixed]

Posted in Commentary with tags on September 25, 2017 by itnerd

On the day that Apple decided to drop it’s latest and greatest OS which is macOS High Sierra, comes this bombshell from Patrick Wardle who a former NSA hacker who now serves as chief security researcher at ‎Synack:

Let me translate this for you. He has a proof of concept attack using an unsigned app that exploits a hole in macOS High Sierra that facilitates the theft of any or all of your passwords that are stored in the Keychain app.

Yikes!

Now Apple hasn’t responded to this zero day threat, but to be frank it has to respond. This is not a trivial issue and this can be a major threat to anyone who upgrades to this OS which was released an hour ago as I type this story. The other side of the fence is that because it requires the use of an unsigned app to get pwned, being careful should keep you safe. But regardless of which side of the fence you happen to agree with, Apple needs to get a fix for this out there now. Until then, you have to question if upgrading to Apple’s latest and greatest is a good idea.

UPDATE: This is now fixed. Details here.

2 Comments »

Deloitte Pwned…. Secret Emails & Plans Exposed

Posted in Commentary with tags on September 25, 2017 by itnerd

The Guardian has details on yet another epic hack. This time it’s consulting firm Deloitte who got pwned by hackers. And the way that the hackers got in screams of amateur hour in their IT department:

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

So far, six of Deloitte’s clients have been told their information was “impacted” by the hack. Deloitte’s internal review into the incident is ongoing.

The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016.

The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”.

The account required only a single password and did not have “two-step“ verification, sources said.

So, let me simplify this for you. The administrator account allows a user to do anything they want. Usually, this account is disabled, or has some sort of strong protection such as two factor authentication to ensure that this exact scenario does not happen. Those protections were clearly not in place. Thus they got pwned. Another issue is the fact that the attackers had access to this email system for months. So who knows what they got away with? Finally, the time it took to disclose this is problematic. There really needs to be more transparency on that front.

Here’s what’s ironic about all of this. In 2012, Deloitte was ranked the best cybersecurity consultant in the world. But clearly in the five years since that award, things have slipped at the firm.

Pity.

Leave a comment »

Review: TP-Link Archer C2300 AC2300 Router

Posted in Products with tags on September 25, 2017 by itnerd

The latest router to hit my review desk is the TP-Link Archer C2300 AC2300 router. Here’s what you get under the hood:

  • A dual-core 1.8GHz CPU
  • 128 MB of storage memory
  • 512 MB of RAM
  • Four Gigabit ports
  • USB 3.0 and USB 2.0 ports
  • WiFi speeds of 1625Mbps on the 5GHz band and 600Mbps on 2.4GHz.
  • MU-MIMO support
  • Beamforming support

In terms of looks, it looks flies under the radar.

IMG_0805.jpg

It features a black plastic exterior, with the top side divided into two main parts, one is covered by a black glossy finish and the other is covered by lots of diamond-shaped cut-outs to allow for better airflow inside the case. The lights aren’t over the top bright either which means it won’t make a student’s dorm room glow in the dark. Of interest, there’s a button on the side that disables WiFi in a single button press. I’ve never seen that before and I can see how it can be handy to get your kids off their devices and off to bed.

The router features a web-based utility which can be reached by either directly connecting the router to a computer using a cable or by connecting wirelessly to the preconfigured WiFi network using the SSID and password provided on the bottom label. Then you open a web-browser and go to http://tplinkwifi.net to create a new secure administrator password. You then access the Quick Setup wizard, which will guide you through the setup process. But there’s another option which is the TP-Link’s Tether app. This app works on both Android and iOS, and walks you through the setup procedure of the router. Either way, the setup process pretty painless and accessible for most users.

To test the router, I took my MacBook Pro and ran some speed tests. On 802.11ac I got an average of 573 Mbps next to the router. Then going to the far end of my condo and I got an average of 481 Mbps. One thing to keep in mind is that I have a concrete wall for WiFi to get through which makes this result more than respectable. For giggles I then repeated the same experiment on 802.11n and next to the router I got an average of 139 Mbps, while at far end of my condo the speed slightly decreased to 122 Mbps. That too is pretty respectable. TP-Link markets this router as being ideal for streaming 4k video, sharing files, as an extender to your existing wireless network, or simply to browse the web. Given my results, I would say that this marketing is easily believable. One other point, this router had no problem reaching the far reaches of my condo. Something that some routers struggle to do.

Here’s the best thing about this router. It’s the price. At $200 CDN retail (less of you look around) it gives you a lot of performance for not a lot of your hard earned money in return. It’s a great value for anyone who needs a router for a decent sized home while having a fair amount of performance.

Leave a comment »