Case in Point – Flash is Awful

News this morning that the current version of Flash has been hacked, and no one is surprised.

I’ve had this exact conversation with many of you, about the Flash lifecycle (new release, hacked within a month, repeat). I’ve installed the newest Flash version for many of you this month (and the month before and the month before).

Today’s hack comes at no surprise, and it means you should expect another pop-up soon requiring you to update yet again.

Here is the correct, official link to update: get.adobe.com/flash. Be wary of any site that provides you an alternate installation method. Flash is free, and Flash does not require you to download any other utilities.

Also, please refer to our step-by-step guide on updating.

 

 

 

Thunderstrike – More Mac malware you don’t need to worry about

Another day, another breathless blog cycle reporting on a mega-attack that could affect all Mac users.

Except it isn’t.

“Thunderstrike” is a proof-of-concept attack developed by a white hat (read: good guy) security researcher. The idea is that if someone can gain physical access to a Mac with a Thunderbolt port — all Macs built in or after late 2011 — they can insert a modified cable into that port, restart the machine, and install an evil version of firmware that could allow other attacks to take place. Once installed, such a piece of firmware could prove very difficult to remove.

And this is true.

However, it requires physical access to the target computer. Someone needs to steal your Mac for at least two minutes. They also need to have the modified piece of hardware, which only (so far) exists in the hands of the researcher. There also needs to be a reason to install it. If you are the sole holder of state secrets, watch out. For everyone else, breathe easy; you likely aren’t interesting enough for this sort of targeted attack.

Apple is already at work at a partial fix. So keep an eye out for security updates and install them when they appear.

So if you read about Thunderstrike, maintain composure. The sky isn’t falling.

Further reading >

Apple Watch Preview

Apple has already given app developers access to the upcoming Watch’s OS and UI, so it was only a matter of time before we, the public, got a chance to see it in action.

Head to http://www.demoapplewatch.com to try out the home screen of the Watch.

You might need to be patient though. The site just hit the blogosphere, and it’s cracking under the strain of all those simultaneous visits.

Happy 2015! It’s time for a new look.

Welcome to the new site. Please make yourself at home.

As you can no doubt tell from our calendar, we’re popular. Such popularity means that every second becomes increasingly precious, and anything we can do to get you help faster is effort well spent.

So in the latest revision of this website, you’ll find several new tools to get service faster and in a few new flavors.

First, you may now schedule your own appointments. No back and forth emails or voicemail tag. You can see our calendar and choose whatever slot is open. You’ll receive immediate email confirmation and an email reminder 24 hours before the appointment.

Second, you can submit email support requests to us directly from the site. This will be especially welcome for those of you using browser-based email (like gmail.com and yahoo.com).

Third, we are making a push to develop and launch Workshops. Many of you have expressed interest in attending small-group workshops on a regular schedule, and we want that to begin this year. Please take our survey to vote on topics you find interesting. You should also sign up for our Workshop email list for notifications as the program develops.

Along with these new site developments are some updated Keylab policies. While not quite as exciting, they are important, so please read them.

Lastly, I want to state our deep interest in hiring more staff. So if you happen to know any qualified, friendly, tech-minded people looking for work, please send them our way.

Happy New Year to you all. We look forward, as always, to helping you demystify your digital lives.

jeremy

Self-scheduling
Email Support
Workshops
Policy Updates

10.10.1 makes the wifi fast again

One of my few gripes against Yosemite was that 10.10.0 slowed down wifi. After some routine fixes, things improved slightly, but I still had a nagging suspicion that I was helpless to fix the real source of the problem.

After a little thought and some exploring with Wireshark, I feel fairly confident that the new Continuity features of Yosemite and iOS 8 were clogging the pipes.

I’m happy to report that this morning, Apple released 10.10.1, and this .1 release has cured my wifi woes.

Safari is back to its lightning pace, even when loading 10 tabs across. I’m running iOS 8.1.1 alongside, but haven’t yet checked the robustness of Handoff.

If your wifi is recently slow, head to  > App Store, then click Updates to force your Mac to find and install the new patch.

Masque Attack on iOS Devices

Read the article linked below for the specifics, but here’s the summary:

Security researchers have discovered a way to install malicious software on iPhones and iPads. The vulnerability exists on all existing devices and versions of iOS. But fear not. For all the hype this is sure to generate today and this week, you can very easily protect yourself by following these three steps prescribed by the researchers:

1. Don’t install apps from third-party sources other than Apple’s official App Store or the user’s own organization

2. Don’t click “Install” on a pop-up from a third-party web page, no matter what the pop-up says about the app. The pop-up can show attractive app titles crafted by the attacker

3. When opening an app, if iOS shows an alert with “Untrusted App Developer”, as shown in Figure 3, click on “Don’t Trust” and uninstall the app immediately

IMG_0001

In short, use your head. Any questions, let us know.

Original link: http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html

Updating Adobe Flash

Here’s a handy guide to the updating process for Adobe Flash Player. You might find it helpful to print this out for reference before beginning the update process. Good luck!

 

1. Click this link to find the Adobe Flash page: https://get.adobe.com/flashplayer/

2. Click the yellow Install Now button at lower right.

3. Adobe Flash begins to download.

4. Quit Safari by clicking the word Safari at the top left corner of the screen, then “Quit Safari.”

5. Click on the Finder icon (the blue two-faced icon) in the bottom left corner of your screen.

6. At the very top of the screen, click “Go”, then click “Downloads.”

7. In the Downloads folder, find and double-click “AdobeFlashPlayerInstaller_15_ltrosxd_aaa_aih.dmg”

8. Double-click “Install Adobe Flash Player.app”

9. Click “Open”.

10. Type your computer’s admin password (the short one you use when you install new software). This is your main Mac password, NOT one specific to Adobe.

11. Wait for the update to download.

12. When finished, click “Finish.”

13. Finally, Adobe will open a new Safari page trying to sell you other software. Close this window and carry on.

14. Site that require Flash (like youtube.com) should work again.