Meeting Notes‎ > ‎

SVMUG meeting January 26, 2015

posted Jan 26, 2015, 9:28 PM by Robert Brown


NEWS January 26, 2015

SVMUG


Security: 


Google’s Project Zero publicizes zero-day vulnerabilities - Mac OSX


Update for Critical Security ‘Pushed’



Updates:


Logic Pro


Dropbox stopping support 10.5 & Older


General News:


BBC Panorama Show Accuses Apple re Workers


Apple Responds to BBC Critical Show on Apple in China


Apple Quality ‘Conversation’


Linkbait or Reality? 


Apple buys online music analytics company


Market Share update - Apple does well


Apple Pay doing well


Apple Reports Compensation for Execs


Retail Stores Opening in China


Mac mini Gets 2TB option back


iPhone Withdrawal Harms Performance


After CES Analyst Speculates on Apple TV & Robots


iOS 8 Adoption Nears 70%


Spaceship Campus Progressing


Info re BackBlaze Hard Drive Stats



Financial:  

Analysts make guesses re Apple Q1 results 


Apple Earnings Results, Conf Call tomorrow 1/27



Legal:


Monster Sues Apple’s Beats


Apple and Ericsson Fight over Patents


Apple Wins iTunes Antitrust Case & Jobs Testimony rRemains Confidential



Rumors:


Apple launching Stylus w/larger iPad?


Apple’s chips ready for Low-end laptops


More on ARM chips in Macs



______


REMINDER:  FEB MEETING WILL BE THE 4TH MONDAY OF THE MONTH

FEB 23, 2015



Presentation


Dave Peck on VPN software and use.


http://www.getcloak.com/


What is CloaK?

Keeps you safe when you are connected to WiFi networks in the wild.

It is a easy to use VPN.

Three freelancing software developers put it together.


They wanted to make a VPN that was Mac-like and Mac-friendly


Why should you care?


Unprotected WiFi can be dangerous.

For example, Firesheep is a FireFox plug-in that allows snooping of communications on a WiFi network. 

It would even automatically log in to Facebook as some one else when a log-in was detected on the network.


Cloak provides value where HTTPS is not in use.


Cloak prevents passive snooping. 


What is a VPN?


virtual private network

Every byte will be encrypted before it is sent from the local client.

A special VPN server receives the encrypted data, unwraps it,

and forwards it alone.


How is this different from TOR?

How does it affect workplace snooping?


What about other platforms?

We love our Apple devices, which is why when we first built Cloak we built it for Macs, iPhones, and iPads. But we haven't forgotten Android, Windows, and Windows Phone — and perhaps someday in the future, we'll have more to say about them!


How many Cloak accounts do I need?

One! You can use one Cloak account with as many devices (Macs, iPhones, iPads, etc.) as you like.

(We only ask that you keep it to one account per person.)


Do you support Yosemite?

Of course. We're all about Apple.


Do you support iOS 8?

You betcha.


Try for free for 30 days.

$9.99 per month for unlimited service.

$2.99 for 5 GB per month.


Given how much of our daily life and business is conducted online, the question isn’t really if you can afford to sign up for Cloak — it’s if you can afford not to.

Dan Moren, Macworld


SSL is pretty much broken - so people should be using TLS.

POODLE was an attack that caused a client browser to downgrade from SSL to TLS.

 The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1.


It used to be believed that TLS v1.0 was marginally more secure than SSL v3.0, its predecessor.  However, SSL v3.0 is getting very old and recent developments, such as the POODLE vulnerability have shown that SSL v3.0 is now completely insecure (especially for web sites using it).  Even before the POODLE was set loose, the US Government had already mandated that SSL v3 not be used for sensitive government communications or for HIPAA-compliant communications. If that was not enough … POODLE certainly was.  In fact, as a result of POODLE, SSL v3 is being disabled on web sites all over the world and for many other services as well.


SSL v3.0 is effectively “dead” as a useful security protocol.  Places that still allow its use for web hosting as placing their “secure web sites” at risk; Organizations that allow SSL v3 use to persist for other protocols (e.g. IMAP) should take steps to remove that support at the soonest software update maintenance window.


Subsequent versions of TLS — v1.1 and v1.2 are significantly more secure and fix many vulnerabilities present in SSL v3.0 and TLS v1.0.  For example, the BEAST attack that can completely break web sites running on older SSL v3.0 and TLS v1.0 protocols. The newer TLS versions, if properly configured, prevent the BEAST and other attack vectors and provide many stronger ciphers and encryption methods.


Cloak includes “Overcload”, which makes sure that when you change networks, no communication is made until the security has been established.


Cloak provides security for the immediate network, but not for the global network — The NSA can still get you.




Open Source Corner


Font Awesome


Treat icons on a web page like styled text.


The iconic font and CSS toolkit


Font Awesome gives you scalable vector icons that can instantly be customized 

— size, color, drop shadow, and anything that can be done with the power of CSS.


Free, as in Speech

Font Awesome is completely free for commercial use. Check out the license.


 One Font, 519 Icons

In a single collection, Font Awesome is a pictographic language of web-related actions.

http://fortawesome.github.io/Font-Awesome/


Q & A


1. Got a new MacBook Pro. Having trouble connecting Firewire 400 drives via an adapter. Does not work with USB either. The drive is a 5.25 with its own power supply. The drive works fine with older computers under Firewire 400.


We suspect the adapter is not good, but as USB is not working, something deeper might be going on. 


Perhaps the bridge chips in the cables?


2. Any experiences with upgrading from Mavericks to Yosemite?


Most experiences seem to be good.

Read “Taking Control of Upgrading to Yosemite”


3. How to use AirDrop on a Mac?


4. Does iPhoto work on Yosemite?


Yes. But bear in mind the Photos will replace iPhoto and Aperture.


5. Demo Handoff.


6.  Recurring directory corruption on internal hard disk.


Very intricate problem — we can only recommend AppleCare. Something is actively damaging your disk — perhaps a third party hardware, like one of the external drives. 


Comments