Aussie Mac Zone ~ Episode 254

Show 254 – Sept 10, 2018

Run Sheet ~ Garth, Zarn & Michael

This week sponsors

athwebhosting.com.au

aussietechradio.com

⬇︎

Our Aussie Apple Ramblings

Story 1

Cult of Mac is reporting – Here’s how hackers can install malware on your Mac through Safari

Patrick Wardle has demonstrated how hackers can remotely infect a Mac with malicious software using a Safari vulnerability. Apple’s built-in protections can do nothing to stop it.

As Apple machines have risen in popularity, an increase in attacks has followed. The days when you could use a Mac without the fear of it being infected are long gone. Wardle’s exploit proves that simply browsing the web in Safari lead to serious problems.

Safari exploit leaves users open to attack

In a lengthy explainer, Wardle reveals how an attacker can take advantage of the way in which Safari processes document and URL handlers to inject malware onto a Mac. It starts when a user visits a malicious website.

“Once the target visits our malicious website, we trigger the download of an archive (.zip) file that contains our malicious application,” Wardle explains. “If the Mac user is using Safari, the archive will be automatically unzipped, as Apple thinks it’s wise to automatically open “safe” files.”

“This fact is paramount, as it means the malicious application (vs. just a compressed zip archive) will now be on the user’s filesystem, which will trigger the registration of any custom URL scheme handlers! Thanks Apple!”

The malicious website can then run code that causes macOS to launch the malicious application. A popup will ask the user whether they wish to “Allow” or “Cancel” the process, but the text in it is controlled by the attacker and can be deceiving.

macOS can’t protect you

Apple’s built-in defenses in macOS can’t protect against this kind of attack. It would require a change in the way in which Safari manages document and URL handlers. Apple could revoke a malicious app’s certificate, but by the time the app is identified, it will be too late for those who have already installed it.

There is something you can do, however. Preventing Safari from opening “safe” files stops this attack in its tracks. All you need to do is select Preferences… in Safari’s menu bar, General, then uncheck the option to Open “safe” files after downloading.

https://www.cultofmac.com/573449/malware-install-safari/

⬇︎

Story 2

Mel Silva promoted as new Google ANZ managing director

ZDNet reports ~  Google has announced the appointment of Mel Silva as the new managing director for the company’s Australia and New Zealand operations.

Having been with Google for over 11 years, Silva has held a number of senior leadership positions in Australia and the greater Asia-Pacific region, most recently based in Singapore as managing director of Go-to-Market Strategy & Operations for Google APAC.

“I am thrilled to be coming home and rejoining the Google Australia and New Zealand team. There is a tremendous digital opportunity for the region, with businesses and consumers increasingly making use of tools such as AI and machine learning,” Silva said in a statement Thursday.

“During my time in APAC, it’s been wonderful to see and share stories of the innovations coming out of Australia and New Zealand, and I can’t wait to come back and work with our partners and clients to help them innovate, grow, and succeed.”

Silva will commence in her new role on October 1, 2018, replacing former local MD Jason Pellegrino, who announced he was leaving Google in July.

https://www.zdnet.com/article/mel-silva-promoted-to-new-google-anz-managing-director/

⬇︎

Story 3

Telstra announces new head of technology

Again ZDNet reports ~ Telstra has announced the appointment of its new group executive of Product and Technology, choosing Deutsche Telekom chief product and innovation officer Christian von Reventlow, who will commence his role on November 1.

In announcing the role, Telstra pointed to von Reventlow’s expertise across artificial intelligence, Internet of Things (IoT), augmented reality, digital twins, and edge computing.

“Von Reventlow has spent more than three years in this role, responsible for accelerating innovation, simplifying the product and service portfolio, digitising core processes, and transforming culture,” Telstra said in a statement to the Australian Securities Exchange (ASX) on Thursday.

Von Reventlow has also held roles at Intel, Bosch Telecom, and Avaya, with Telstra CEO Andy Penn saying he has expertise across mobile, cloud, software, and hardware solutions.

“I am very pleased to have someone with Christian’s product credentials coming on board to deliver innovative and simple product experiences for customers that will lead the market and drive profitable growth,” Penn added.

“He will be accountable for Telstra’s products strategy, product lifecycle, and technology and innovation where products are incubated and brought to scale.”

https://www.zdnet.com/article/telstra-announces-new-head-of-technology/

⬇︎

Reminder this week we are bought to you by athwebhosting.com.au 

Affordable and competitive plans

    • 99.95% uptime
    • Domain registration available
    • Free setup
    • auto setup 24/7″
    • Instant activation
    • accepts Paypal as well as other cards
    • over 250 scripts installed with one click, including WordPress, Joomla and many 
    • many more
    • we use cPanel – industry standard, user friendly, feature rich control panel
    • From $5.95 per month when paid annually
    • 24/7 ticket support system
    • friendly help when needed

⬇︎

Story 4

GOOGLE TURNS 20: HOW AN INTERNET SEARCH ENGINE RESHAPED THE WORLD

No technology company is arguably more responsible for shaping the modern internet, and modern life, than Google. The company that started as a novel search engine now manages eight products with more than 1 billion users each. Many of those people use Google software to search the repository of human knowledge, communicate, perform work, consume media, and manuever the endlessly vast internet in 2018. On Tuesday, September 4th, Google turned 20 years old, marking one of the most staggeringly influential runs for any corporation in history.

AUGUST 1996: LARRY PAGE AND SERGEY BRIN LAUNCH GOOGLE ON STANFORD UNIVERSITY’S NETWORK

SEPTEMBER 4TH, 1998: GOOGLE INCORPORATES WITH $100,000 IN ANGEL FUNDING

Inspired by the vast number of links between pages and how their search engine would only become more accurate and useful as the web continued to grow, Page and Brin renamed their company after the mathematical term googol (a one followed by 100 zeroes). The duo relocated to the garage of Susan Wojcicki, who would later become CEO of YouTube in Menlo Park, California. They incorporated the company as Google, with a $100,000 investment from Sun Microsystems co-founder Andy Bechtolsheim.

AUGUST 2001: SCHMIDT MADE CHAIRMAN

SUMMER 2002: YAHOO TRIES (AND FAILS) TO BUY GOOGLE FOR $3 BILLION

JULY 2003: GOOGLE MOVES INTO THE GOOGLEPLEX

APRIL 1ST, 2004: GMAIL LAUNCHES TO THE PUBLIC WITH 1GB OF STORAGE

AUGUST 19TH, 2004: GOOGLE GOES PUBLIC

FEBRUARY 8TH, 2005: GOOGLE MAPS LAUNCHES

JANUARY 27TH, 2006: GOOGLE LAUNCHES ITS SEARCH ENGINE IN CHINA

OCTOBER 9TH, 2006: GOOGLE ACQUIRES YOUTUBE

SEPTEMBER 2ND, 2008: GOOGLE LAUNCHES THE CHROME BROWSER

SEPTEMBER 23RD, 2008: ANDROID LAUNCHES ON THE T-MOBILE G1 / HTC DREAM

MARCH 22ND, 2010: GOOGLE GETS KICKED OUT OF CHINA AFTER ENDING CENSORSHIP

OCTOBER 2010: GOOGLE STARTS WORKING ON SELF-DRIVING CARS

JUNE 15TH, 2011: CHROME OS INITIAL LAUNCH

JUNE 28TH, 2011: GOOGLE+ LAUNCHES

AUGUST 15TH, 2011: GOOGLE ANNOUNCES IT’S BUYING MOTOROLA MOBILITY

JULY 24TH, 2013: GOOGLE CHROMECAST ANNOUNCED

AUGUST 10TH, 2015: GOOGLE RESTRUCTURES AS ALPHABET INC.

MAY 18TH, 2016: GOOGLE ASSISTANT LAUNCHES

OCTOBER 2016: GOOGLE SOLIDIFIES HARDWARE LAUNCH WITH PIXEL, GOOGLE HOME

⬇︎

Story 5

Google Play Store may be getting Play Points loyalty program

The folks over at 9to5google and XDA-Developers have been decompiling APKs and looking for hints that might reveal future possible features. These lines of code inside the APKs could very well be an early indication of things to come. However, they don’t guarantee that the features hinted in the code will ever become mainstream. So, for now, keep a tad skeptical, as exciting as the below may sound.

Google might be working on a Play Points loyalty program for the Google Play Store. According to the report, the string “Introducing Google Play Points” first appeared in version 11.5, and later 11.6, of the Play Store app. Interpreting the lines of the code, the report claims that this reward program will be an opt-in one.

Once signed-up for the Play Points this loyalty program, users will be able to earn points with their purchases. The opt-in has to be explicit and rewards will be handed out only after joining. The icon for the service can be seen above, as the tited colored squared. The report claims that, according to the current phrasing used, points will be handed out for purchasing music, movies, TV shows, and books as well, not just Android apps.

As per the exchange rate used for the Play Points, it will probably vary from country to country. A string, however, details how it will work in Japan, with ¥100 spent on purchasing content or apps earning the user one point.

https://pocketnow.com/play-points-loyalty-program

⬇︎

Story 6

The Tension Is Building Between Spotify and the Music Industry

Marc Cimino is frustrated. The Universal Music Publishing executive oversees one of the largest song catalogs in the world, collecting royalties for Nicki Minaj, Adele and Justin Bieber.

Since songwriters have long complained about how little they make, Cimino is accustomed to arguing for more money. But Spotify Technology SA, the world’s largest paid online music service, is testing his patience.

Spotify features music videos atop many of its playlists, which the company says is a way to promote artists to its 180 million users. But Cimino says the Swedish technology giant, with a market value of $32 billion, is supposed to pay more for videos and hasn’t. The dispute, simmering for months, threatens to blow up relationships that have helped the record industry climb out of a near two-decade hole and let Spotify soar.

https://www.bloomberg.com/news/articles/2018-09-06/tension-builds-between-spotify-music-industry-in-war-of-wills

⬇︎

Story 7

Dozens of iOS apps secretly collect location history for data monetisation, analysis says

According to a new report from GuardianApp, “a growing number of iOS apps have been used to covertly collect precise location histories from tens of millions of mobile devices, using packaged code provided by data monetisation firms. In many cases, the packaged tracking code may run at all times, constantly sending user GPS coordinates and other information.”

The information being collected includes Bluetooth LE Beacon Data, GPS Longitude and Latitude, Wi-Fi SSD and BSSID, and also such information as accelerometer data, battery charge performance and status, and even timestamps for departure/arrival to a location.

GuardianApp lists 24 apps that are “confirmed to send data to a third-party data monetisation firm,” including ASKfm: Ask Anonymous Questions, C25K 5K Trainer, Classifieds 2.0 Marketplace, Code Scanner by ScanLife, Coupon Sherpa, GasBuddy, Homes.com, Mobiletag, Moco, My Aurora Forecast, MyRadar NOAA Weather Radar, PayByPhone Parking, Perfect365, Photobucket, QuakeFeed Earthquake Alerts, Roadtrippers, ScoutLook Hunting, SnipSnap Coupon App, Tapatalk, The Coupons App, Tunity, Weather Live and YouMail. 

GuardianApp has also found code from the monetisation firm, RevealMobile, on the apps of several local TV stations owned by the Sinclair Broadcast Group, Tribune Broadcasting Company, LIN Television Corp., Gray Television Group and other broadcasters. 

GuardianApp suggests using Apple’s built-in Limit Ad Tracking feature to mitigate potential location sharing. The tool can be enabled by navigating to Settings > Privacy > Advertising. Further, vigilant users can select “Don’t Allow” when iOS Location Services popup windows instructs them to “See privacy policy” or take similar action. The firm also suggests using a generic name for the SSID of a home Wi-Fi router and switching Bluetooth off when not in use.

Earlier on Friday, two major news stories broke about user data. Adware Doctor, formerly the top paid app in the Mac App Store, was pulled after a security researcher revealed it was exfiltrating user information to China, while a separate investigation revealed other malicious apps in the Mac App Store.

https://appleinsider.com/articles/18/09/07/dozens-of-ios-apps-secretly-collect-location-history-for-data-monetization-analysis-says

⬇︎

Reminder this week we are bought to you  by Aussie Tech Radio @

www.aussietechradio.com

Aussie Tech Heads Podcast

and

Aussie Tech Crypto

and  

My Tech Opinion

AND

other podcasts from Australia

⬇︎

How to 1

Getting AirPlay to work on older devices

start playing

swipe down from the top of the screen choose the speaker / s

enjoy

How to 2

Remember this is important ~ repeating from story one

Preventing Safari from opening “safe” files stops this attack in its tracks. All you need to do is select Preferences… in Safari’s menu bar, General, then uncheck the option to Open “safe” files after downloading.

Remember we will be doing a show on Thursday!

Thanks to our sponsors, this week being athwebhosting.com.au AND aussietechradio.com & our supporters you our listeners!

Show Promotion

Show notes link each week on show upload

Spotify – just search Aussie Mac Zone

AND

Apple News ~ Aussie Mac Zone

(remind ~ how to Favourite)

Thanks to our sponsors, this week being athwebhosting.com.au AND aussietechradio.com & our supporters you our listeners!

Leave a Reply

Your email address will not be published. Required fields are marked *