UPDATE – Firefox Zero Day Exploit Traced To FBI

Yesterday a rather worrisome exploit was found in the Firefox browser and all products that use the underlying Mozilla engine – Thunderbird, Tor Browser – that allowed otherwise safe and trusted web sites to inject malicious code into computers using the Windows operating system. You can read about it (and get links to updated versions of the software that correct the problem) here.

Now an even more startling development reveals that the exploit may have been added to the Firefox/Mozilla codebase by law enforcement officials, specifically the FBI. Since James Comey assumed the leadership of the FBI they have constantly targeted the Tor Browser, ostensibly as a way to investigate and prosecute offences in child pornography but with a quietly stated endgame of adding to their toolbox for mass surveillance upon all citizens of the United States. It’s not out of the realm of possibility to assume that they will be ramping up these efforts with an incoming president who is publicly committed to destroying personal privacy and free speech rights, and this is the first stage in surreptitiously broadening their listening powers. The widespread fallout that compromises the computer security of millions of innocent “cyber bystanders” would likely be considered acceptable collateral damage in the current political climate.

A full update has been added to the original post on the WordFence blog. It’s definitely worth a perusal – if you only have the time to read one article today, this is definitely the one.

And remember – UPDATE YOUR FIREFOX/MOZILLA PRODUCTS NOW.

Firefox Zero Day Exploit – Alive And Extremely Dangerous

A freshly discovered “zero day” vulnerability in the Firefox browser is currently being exploited and – if you are using Windows – can compromise your computer simply by visiting otherwise benign web sites. Fortunately, the exploit was published rather quickly and the Firefox team was able to issue a security patch within a few hours.

However – the exploit uses benign websites (especially ones that are commonly used as starting pages for browser sessions) as “watering holes” and any use at all of previous versions of Firefox is contraindicated until you download and install the newest release. If you use Firefox you need to immediately switch to another browser such as Safari or Chrome until you update Firefox. You can get the update here:

Firefox 50.0.2 Release Notes And Download

If you use Thunderbird for your email you also need to update as it uses the same Mozilla engine for parsing HTML within email messages. This is only a concern if you have Thunderbird set to allow inline content to be displayed automatically or you manually select content to load, but it would be in your best interest to update regardless:

Thunderbird 45.5.1 Release Notes And Download

Finally, if you use the Tor browser and security package, you also need to update as it contains a discrete version of the Mozilla engine that is affected by the same exploit:

Tor Browser 6.0.7 Release Notes And Download

Remember – you should not use either Firefox or Tor for any reason, even to download the updates, until you have the newest versions installed. Kudos to the Firefox/Mozilla team for getting these updates out so quickly. If you are interested in how the nuts and bolts of this works, there is an excellent write-up along with some pro analysis at the Wordfence Blog.

November, 2016

Smartie 0655

50: The percentage of citizens of the United States of America with no criminal or arrest record who have their faces stored and regularly searched in police databases.

End Of The Line?

Invitation to the One week from today Apple will hold its probably-last-ever product event at the Infinite Loop campus. By the time the traditional March event rolls around the company will have moved to the new mothership and their swanky new auditorium. 

There isn’t any real mystery as to what next week’s event is all about … this is a refresh across the board of the Macintosh line-up.  Most people will be debating which models will get facelifts and/or speed bumps (I’m pretty sure it will be the iMac on the desktop side and both the MacBook and the MacBook Pro in the portable space) but there is a much better question hanging in the air:  Is this is the end of the line for the MacBook Air?

The signs, I think, point to yes. The new MacBook is every bit as light as the Air, and the Air is really starting to suffer from the lack or a Retina display. A lot of people use their laptop screen as their only household display – they work on it, they watch their shows on it, they play their games on it, they talk to their friends and family on it. When you use a screen all day every day quality becomes paramount.  Once you’ve used the Retina display you really don’t want to go back to anything less, and that alone leaves the Air in a rather awkward space. Add to that it’s position outside the traditional 2 x 2 Apple product grid and I think the writing is on the wall. 

I’ll miss the Air … but I think it’s become a bit of an orphan so maybe this is for the best. We’ll know in a week. 

Duck Off

Despite all of the jokes and/or memes about the failings of auto-correct, it’s undeniable that the technology is generally a helpful and handy thing. It’s not a stretch to assume that most people would be heartbrokenly bereft if they had to do without this particular little piece of digital magic.

That said, there are times when the iOS version of auto-correct really gets in the way of evocative typemanship. Let’s not mince words here: Once in a while you just need to tell someone that you are fucking starving and to hurry the fuck up.

“I’m ducking starving so hurry the duck up!” just seems to lack a certain amount of verisimilitude.

img_0566Fortunately, there is an easy solution. Buried deep within the Human Interface Guidelines for iOS is an interesting little nugget regarding the way auto-correct deals with proper names that the system gleans from your contacts list … specifically, auto-correct gives anything it finds in the name fields there a pass.

Well then. All you need to do is add a couple of bogus entries to your address book and you are in business. Add a contact named fuck fucker and another one named fucking fucked and you are in business! A couple of things to remember … one, make sure you put the two parts of each name separately in the First Name and Last Name fields, and two, remember not to capitalize them. If you capitalize them iOS will only recognize them as such (proper names, dontcha know) and still give you the ducking runaround if you use them mid-sentence.

Oh, and as always … you’re welcome.

Shitstorm Wednesday

Things to remember when the inevitable shitstorm breaks this afternoon:

The Analog Audio Jack Is Old And Stupid: Old with a capital “O”. This is literally (yes, literally) the same technology Marconi used. People are going to wail and moan, but these are the same people who wailed and moaned when the serial port and the floppy drive was missing from the iMac. Serial ports were old and stupid. Floppy discs were old and stupid and unreliable. Analog audio jacks are old, stupid, unreliable, and they let water into the device. Fail. The wailing and moaning shouldn’t be about the fact that the thing will be gone, the wailing and moaning should be why it took this long to get rid of the damn thing.

Cords Suck: Cords for earbuds suck even worse. The removal of the audio jack isn’t to get people to plug into the lightning port or to make them buy dongles, it’s to get them to stop plugging in at all. Which is why the new iPhone will come with “good enough” bluetooth earbuds in the box. It’s not about a different plug – it’s about no plug.

Megapixels Don’t Equal Quality: More pixels doesn’t make for a better image – processors, lenses, sensors, and software does. Anyone who complains that other phones have cameras with more pixels is simply advertising to you that they don’t really understand digital photography. Image quality counts. Bigger numbers are just for companies that are more marketing than innovation.

WatchOS 3 Really Does Make The Apple Watch A Whole New Device: There is no technology bump – yet – that justifies a new form factor or outright hardware version of the Apple Watch. But there is software that makes the current one less of a specialty item and more of a digital triage device for the masses. New Apple Watch next year – newly usable Apple Watch this year.

New Macbook Pro Models Are Coming: Wait for it.

Smartie 0654

85,000,000: The number of Android devices infected with the HummingBad malware via unauthorized copies of “Pokemon GO” over the last 5 days.

Smartie 0653

18,000,000: The number of trees that are cut down each year to provide Americans with toilet paper.

The Best Mobile Safari Tip You Will Get This Week

Unless you live in some sort of odd 1998 time bubble, or are inexplicably using Internet Explorer for something other than demonstration how not to write a browser, you probably use browser tabs pretty much all the time. Listen: As positive developments go, browser tabs are right up there with sliced pizza and the polio vaccine.

Being a clever tab user you are probably also familiar with – and beholding to – the “Undo Close Tab” function. As an extension to that familiarity you have probably cursed out Mobile Safari more than a few times for not having the same function. Sure, you can bring up your history and swipe down to the tab you just closed, and hope like hell you didn’t open it three days ago because now it is about 1,437 items down the list, and … stop. Just stop. Calm down. Mobile Safari does have a “reopen closed tabs” function; you just haven’t found it yet.

Let’s do some finding.

First, tap on the “Show Tabs” icon at the bottom of the screen:
Mobile Safari - Show Tabs Button

Then tap and hold the “New Tab” icon at the bottom of the tabs view screen:
Mobile Safari - New Tab Button

Zut alors! C’est magnifique! Fermer la porte! All of your recently closed tabs, ready for tapping.
Mobile Safari - List Of Closed Tabs

Life, as the kids say, is good. You’re welcome.