On Wednesday, May 31, 2017, we detected that there was unauthorized access to OneLogin data in our US data region. All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.
Note the bold text: including the ability to decrypt encrypted data. This means that OneLogin is violating virtually every tenet of best practises when it comes to data management, including the number one rule of cloud security: The vendor should never, ever, ever have the ability to decrypt user data. Period. Full stop. End of story. Compare this to legitimate cloud services like Dropbox and iCloud where the vendor has no ability to unscramble your data under any circumstances, and have gone so far as to stand up in court for the absolute need to do so on behalf of customer security. OneLogin’s cavalier and reckless attitude towards user security means each and every one of their subscibers needs to take a long hard look at why they use OneLogin and ask themselves whether they should continue to do so. I would venture in the vast majority of cases the answer should now be “hell, no”.
There is an old adage that says “If you are good at technology, you can be good at anything” … and that includes darts. All it takes is an engineering degree, a lot of free time, and some seriously inspired design. Presenting the Automatic Bullseye Dartboard!
Yup. That’s all-caps in the title. And for good reason … actually, two good reasons. One, over the course of 2016 WordPress installations became the number one target of professional cyber-attacks. WordPress had long been the favourite target of the script kiddies, basement crackers, and other sorts of amateur slime but over the past 12 months the big players started turning their attention to the platform as well. Two, WordFence is the shit.
If you have an installation that runs WordPress in any shape or form – whether it’s the platform for your entire web presence, just the blogging component of a larger site, or anywhere in between – you need to harden it now. Not tomorrow, not this weekend when you are taking a break from surfing porn, not next week after you run it by yet another committee. It’s free* (as in beer), it works, and it’s stupidly easy to use … either start it up and forget about it until it tells you that you need to do something, sit down and tweak the crap out of it, or split the difference and get it started as is for now and tweak it later. The choice is yours.
*NOTE: There IS a “pro” version that requires a subscription. And if you are an enterprise user of WordPress it is money well spent – I would encourage you to upgrade to the pro version right away. But for everyday “hobby” bloggers, the free version works extremely well, and is probably all you need.
Now an even more startling development reveals that the exploit may have been added to the Firefox/Mozilla codebase by law enforcement officials, specifically the FBI. Since James Comey assumed the leadership of the FBI they have constantly targeted the Tor Browser, ostensibly as a way to investigate and prosecute offences in child pornography but with a quietly stated endgame of adding to their toolbox for mass surveillance upon all citizens of the United States. It’s not out of the realm of possibility to assume that they will be ramping up these efforts with an incoming president who is publicly committed to destroying personal privacy and free speech rights, and this is the first stage in surreptitiously broadening their listening powers. The widespread fallout that compromises the computer security of millions of innocent “cyber bystanders” would likely be considered acceptable collateral damage in the current political climate.
A freshly discovered “zero day” vulnerability in the Firefox browser is currently being exploited and – if you are using Windows – can compromise your computer simply by visiting otherwise benign web sites. Fortunately, the exploit was published rather quickly and the Firefox team was able to issue a security patch within a few hours.
However – the exploit uses benign websites (especially ones that are commonly used as starting pages for browser sessions) as “watering holes” and any use at all of previous versions of Firefox is contraindicated until you download and install the newest release. If you use Firefox you need to immediately switch to another browser such as Safari or Chrome until you update Firefox. You can get the update here:
If you use Thunderbird for your email you also need to update as it uses the same Mozilla engine for parsing HTML within email messages. This is only a concern if you have Thunderbird set to allow inline content to be displayed automatically or you manually select content to load, but it would be in your best interest to update regardless:
Unless you live in some sort of odd 1998 time bubble, or are inexplicably using Internet Explorer for something other than demonstration how not to write a browser, you probably use browser tabs pretty much all the time. Listen: As positive developments go, browser tabs are right up there with sliced pizza and the polio vaccine.
Being a clever tab user you are probably also familiar with – and beholding to – the “Undo Close Tab” function. As an extension to that familiarity you have probably cursed out Mobile Safari more than a few times for not having the same function. Sure, you can bring up your history and swipe down to the tab you just closed, and hope like hell you didn’t open it three days ago because now it is about 1,437 items down the list, and … stop. Just stop. Calm down. Mobile Safari does have a “reopen closed tabs” function; you just haven’t found it yet.
Let’s do some finding.
First, tap on the “Show Tabs” icon at the bottom of the screen:
Then tap and hold the “New Tab” icon at the bottom of the tabs view screen:
Zut alors! C’est magnifique! Fermer la porte! All of your recently closed tabs, ready for tapping.
You may be aware that the latest generation of Apple TV went on sale yesterday. You may also be aware that the new box features some absolutely eye-popping screen savers – slow-motion hi-def flyovers of locations from around the globe, tuned to your current time of day.
What you might not be particularly aware of is the work of an exceptionally talented Swift programmer named John Coates who has crafted an OS X screensaver that brings these exact same flyovers to your computer desktop. Aerial is free, completely open source, and ready for your downloading pleasure right now. If you have one of the new 4K iMacs, this will blow your mind. If you have any other machine, well, it will still blow your mind, just not as much.
Those 4K iMacs are the bomb.
A couple of notes:
This is written in Swift, so you have to be running at least OS X Mavericks to enjoy it.
It is truly open source so you can use it to learn a little bit about Swift, or – if you are already a Swift guru – you can help contribute to or collaborate on the project.
Well, well. As mentioned here last week, Apple is hosting a September media event to launch a new crop of phones, along with the somewhat-delayed reboot of the Apple TV box and the official releases of iOS 9, OS X “El Capitan” and the beginning of the end of Apple Watch tethering with Watch OS 2.0. The date and location were made both public and official yesterday via the standard round of colourful email invitations. What’s not standard, however, is the semi-interactive nature of the invite. The theme this time around is “Hey Siri, give us a hint” and if you do indeed ask Siri for a hint you will get … no, that would be telling. Why don’t you ask her yourself?
Better yet, ask her a bunch of times. She’s at her coquettish best on this one. Will the answers change as we get closer to September 9th? Only one way to find out …
By anyone’s estimate, Apple Pay has been a huge success in the U.S.A. Apple’s timing in launching the service was exceptionally fortuitous … while the company touted “ease of use” as the prime selling point, the fact that numerous retailers recently proved that they can’t be trusted with your credit card data is really what put the service on the map in a hurry. Apple still downplays the value of keeping both your personal information and your card number secret from retailers – they do need to keep on good terms with said retailers to roll out the service – but it is undeniable that this is the main reason for the service becoming the single largest electronic payment method in less than a year.
Until now, however, Canada has been left out. The main sticking point was the fact that Canadians love to use debit, not credit, as their point of sale payment option. Down below the 49th, people whip out the Visa or Mastercard to pay for small day-to-day purchases. Canadians? We go for the debit card. Using a secure token for debit purchases hasn’t been as easy to integrate as with credit card accounts, and Apple had no appetite to launch the service here without including the most popular form of payment.
Did you read Verne’s classic when you were a kid? Imagined walking through those prehistoric jungles, seeing the first glimpses of battling dinosaurs and man-eating plants? It was cool when you were a kid … but like most sci-fi, especially period sci-fi, it comes off as pretty hokey when you get older and realize that there isn’t very much worth seeing under the surface of the planet.