Archive for October 5, 2017

macOS High Sierra Vulnerability Exposes Passwords of Encrypted APFS Volumes in Plain Text [UPDATE: Fixed]

Posted in Commentary with tags on October 5, 2017 by itnerd

Apple, you have a problem. And it’s a big one. A guy named Matheus Mariano appears to have discovered a significant macOS High Sierra vulnerability that exposes the passwords of encrypted Apple File System volumes in plain text in Disk Utility. The article that I linked to will walk you through how to reproduce it and the fact that is trivially easy to reproduce shows that Apple truly dropped the ball here. I say that because this is a bug, and this sort of bug that should never, ever make it out the door. It should have been caught by Apple’s QA department. But clearly that didn’t happen and here we are talking about it.

Now the bug has been reported to Apple, thus I wonder how long they will take to fix something this serious. If they were smart, they’d fix this ASAP if they value their credibility.

UPDATE: This appears to have just been fixed via the release of a update from Apple. High Sierra users should run to Software Update to get this fix. There is also a support document that has been posted that discusses this issue. That I have to say is insanely quick work by Apple.

UPDATE #2: Another issue has been fixed in this update.  The issue where someone could steal the usernames and passwords of accounts stored in Keychain using a malicious third-party app has been fixed as well. This document has more details and confirms the fix for the APFS issue.

Advertisements

70% Of Business Decision-Makers Say GDPR Will Make EU World Leader In Data Protection: McAfee

Posted in Commentary with tags on October 5, 2017 by itnerd

McAfee today released a new report, Do you know where your data is? Beyond GDPR: Data residency insights from around the world, which highlights businesses’ approach to data residency, management, and protection in light of global events, policies and the changing regulatory data protection landscape.

Based on a survey of 800 senior business decision-makers from across multiple industry sectors and eight countries, the report provides a comprehensive view of how organizations view 11 key data regulations from around the world, including the E.U. General Data Protection Regulation (GDPR), which will toughen and simplify laws protecting personal data for over 500 million people residing in the European Union once implemented in May 2018.

The report shows that nearly half (48 per cent) of organizations will migrate their data to a new location because of regulations like GDPR. A similar amount will migrate their data because of changing geopolitics or the approach to relevant policies in the United States. Seventy per cent of respondents believe the implementation of GDPR will make Europe a world leader in data protection; however, the United States remains the most popular data storage destination, preferred by nearly half of all organizations surveyed.

Some key findings from the report include the following:

  • Privacy sells: Data protection delivers commercial advantage. Seventy-four per cent of respondents believe organizations that properly apply data protection laws will attract new customers.
  • Regulations and policies present barriers to technology acquisition and investment: Approximately two-thirds of respondents say that GDPR (66 per cent), U.S. policies (63 per cent) and Brexit (63 per cent) either already have or will impact their organization’s technology acquisition investments, while approximately 20 per cent don’t yet know how these issues will impact their spending. More specifically, 51 per cent of all respondents say their organization is being held back from technology investment because of external data protection regulations.
  • Public opinion key to data decision-making. Eighty-three per cent of organizations take public sentiment towards data privacy into account when making data residency decisions.
  • Organizations take 11 days on average to report a breach.
  • Organizations put faith in cloud service providers. Eight in 10 respondent organizations are planning, at least in part, to leverage their cloud service provider to help achieve data protection compliance.
  • Most organizations are ‘unsure’ of where their data is stored. Only 47 per cent of organizations know where their data is stored at all times. The majority are unsure, at least some of the time.
  • Only two per cent of management really understand the laws that apply to their organizations. While a majority of respondents (54 per cent) believe their organization has a “complete understanding” of the data protection regulations that apply to them, just two per cent of senior decision-makers know all the clauses of regulations that apply to their organizations.

Overall, the report reveals conflicting beliefs about data protection regulations. While global events and a tightening of data protection rules give senior decision-makers pause when determining their company’s technology investment, most organizations look to store their data in those countries with the most stringent data protection policies. Clearly, there is recognition that, while businesses might not like strict compliance laws, they are beneficial to both customers and a company’s bottom line, even providing a competitive advantage in some cases. Moving forward, increased awareness and understanding about a company’s data assets will lead to better usage and protection.

For more information about today’s data protection landscape and to view the full report, visit: http://bit.ly/2wiOp6N

Methodology

McAfee commissioned independent technology market research specialist Vanson Bourne to undertake the research upon which this report is based. The findings are based on the responses of more than 800 senior business decision-makers from across eight countries at companies ranging in size from 500 employees to more than 5,000 across a range of industry sectors, including financial services, private healthcare and the public sector. The survey targeted respondents with a range of business functions, from IT professionals to client services, HR, and engineering. Countries represented by respondents include Australia, Brazil, France, Germany, Japan, Singapore, United Kingdom and United States.

McAfee Canada maintains a website called “The State of Consumer and Enterprise Security in Canada” in order to provide a one-stop shop for writers looking for information on a variety of trends and issues affecting and shaping the Canadian security landscape. Feel free to check out the resource site for security information, statistics, story ideas, and access to published McAfee surveys and studies.

Firefox To Kill Off Vista And XP Support By Next June

Posted in Commentary with tags on October 5, 2017 by itnerd

Here’s another reason for you to upgrade to Windows 10 if you’re still running Windows XP or Vista. Firefox, which is the last browser to support Vista and XP will drop support for those two operating systems next June:

Today we are announcing June 2018 as the final end of life date for Firefox support on Windows XP and Vista. As one of the few browsers that continues to support Windows XP and Vista, Firefox users on these platforms can expect security updates until that date. Users do not need to take additional action to receive those updates.

We strongly encourage our users to upgrade to a version of Windows that is supported by Microsoft. Unsupported operating systems receive no security updates, have known exploits, and are dangerous for you to use.

So consider this a big push for you to upgrade to a newer operating system so that you can run Firefox…. And pretty much anything else that’s out there at present. While you have six months or so before Firefox no longer supports Vista and XP, you should plan on making the move now as that would be less painful.

Review: 2018 Mazda CX-3 GT AWD – Part 4

Posted in Products with tags on October 5, 2017 by itnerd

Even though the 2018 Mazda CX-3 GT is a sub-compact crossover which means that you’re giving up some size, you don’t give up technology. Here’s what it comes with starting with the safety technology:

  • Blind Spot Monitoring: This system keeps an eye out for cars in your blind spots so that you don’t hit them when changing lanes. It also detects cars that are rapidly closing in on you from a distance.
  • Smart City Brake Support: Let’s say that you you do not react in time to a car that panic stops in front of you. This Mazda is capable of coming to a stop at low speeds, or slowing down to make the impact less severe. You can get more details on this system here. I should note that as of the 2018 model year, this is a standard feature which means that getting such a key safety feature won’t require you to go to the top of the food chain.
  • Lane Departure Warning System: If you cross over into another lane, this system will buzz you on either the right or the left side. The buzz really gets your attention I must say.
  • Rear Cross Traffic Alert: If you back out of a parking space in a busy shopping mall and you have limited visibility to your left and right, you’ll love this system as you will be warned of any cars that cross into your path.
  • Adaptive Front Lighting System and High Beam Control: This trim level comes with LED headlights with LED daytime running lights that look cool. The lighting can be set to automatic so that you never have to worry about turning the lights on and off. I found that the levels where the lights might turn on to be better than most cars that I’ve driven as on a dark overcast day, the lights would come on. That’s something that would not happen in a lot of cars in similar systems. The high beam control is a handy feature to have as it adds to your visibility on dark country roads. So is the fact that as you steer, the headlights allow you to “see” around corners.
  • You get anti-lock brakes, traction control, stability control, and electronic brake force distribution. Plus you get hill launch assist which keeps you from rolling backwards when you’re on a hill.
  • Finally, you get dual front air bags, dual front side air bags and dual side air curtains.

Now how about actually driving the CX-3? The GT trim level gives you a proximity key with push button start. Thus all you have to do is press a button on the driver’s door handle. Press it and the car will unlock. Get in, hit the start/stop button and drive away. One nice touch is that the start/stop button will light up with a green light if you press the brake pedal to start. That’s a nice touch to remind you to press the brake pedal to start the car. When you’ve reached your destination, press the start/stop button to turn off the car. Then get out of the car, close the door and walk away. You’ll hear two beeps. One after you close the door and one about 10 seconds later. When you hear both, the car is locked. You never need to pull out the key fob to do any of this. But the key fob does have the ability to lock and unlock the doors and it has the ever useful panic button. As an added bonus, it has a backup key inside the key fob should you need it.

While driving the CX-3 you get this handy piece of technology:

IMG_0840.jpg

This is the Mazda Active Driving Display. Hit the ignition button and the Active Driving Display screen pivots up from its place in the dash. It provides drivers with vehicle speed, chosen cruise-control speed, information from the navigation system (including turn-by-turn directions, distance and lane guidance), speed limit signs, as well as the operational status of the Mazda’s active safety systems. All of this is within the line of sight of the driver. which means you never have to look away from the road. Once I tweaked my seat position as well as the position of the screen, I found it to be extremely useful. For 2018, this display is now in color.

Mazda Connect is on board the CX-3 with the combination of the 7″ touchscreen and the HMI (Human Machine Interface) Commander Switch. It gives the driver a easy to learn, easy to use infotainment system. I wrote about it in detail here, if you want to see what it has to offer. However, the one thing that I will say is that every person who sat in the CX-3 asked if it had Apple CarPlay or Android Auto. At present it doesn’t, but it is something that they have promised to do. Though no timetable exists for that at present.

The touchscreen also doubles as the screen for the backup camera. It was easy to manoeuvre into a space as its field of vision was very good. Though I will note that the actual camera is exposed to the elements.

The Mazda CX-3 has an 7 speaker Bose sound system that I have to admit that regardless where in the CX-3 I happened to be sitting, the sound was excellent as the highs and lows were perfect and the audio was well balanced. Everything from Austra to Wolf Saga sounded great. Phone calls were clear on both ends of the conversation as well. For those of you who still use CDs, there’s a CD drive as well which is unusual to see in a car these days.

The final part of this review will tie up some loose ends and I’ll give you my final verdict. Watch for it on Friday.