Apple may have another Gatekeeper security flaw on its hands. Researcher Filippo Cavallarin has detailed a macOS vulnerability that he said would let attackers install malware without the usual permission request. As Gatekeeper considers network shares to be ‘safe’ locations that don’t require permission checks, an intruder just has to trick the user into mounting one of those shares to run the apps they like. A maliciously crafted ZIP file with the right symbolic link could automatically steer you to an attacker-owned site, for example, and it would be easy to trick someone into launching a hostile app — say, a virus masquerading as a document folder.
Menu Bar apps sit in your Mac’s menu bar and provide access to an array of features and services, all with just a simple click or tap of the app’s menu bar icon. They can bring additional productivity, utility, or security, or add useful information to your Mac’s menu bar.
The basic menu bar with Apple-supplied menu items shown.
Our list of 15 menu bar apps is by no means all-inclusive; there are so many apps available that it would take quite a while to combine them into a single list. Instead, I’ve gathered a list of menu bar apps that I’ve either used or are popular in the Mac community, and are worth trying out.
Let’s start our list of favorite menu bar apps with ones that enhance your productivity.
Yes, your Mac comes with its own Calendar app, which does a pretty good job of keeping track
To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update, version 1903, with both a long spell as release candidate and a much less aggressive rollout to Windows Update.
That rollout starts today. While you previously needed to be in the Insider Program (or have a source such as an MSDN subscription) to download and install version 1903, it’s now open to everyone through Windows Update.
However, Windows users are unlikely to see the update automatically installed for many months. Initially, only those who explicitly visit Windows Update and click “Check for Updates” will be offered version 1903, and even then, they’ll have to explicitly choose to download and install the update. This is part of Microsoft’s attempt to make Windows
More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices’ unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.
(credit: Troy Mursch)
Independent researcher Troy Mursch said the leak is the result of a persistent flaw in almost three dozen models of Linksys routers. It took about 25 minutes for the Binary Edge search engine of Internet-connected devices to find 21,401 vulnerable devices on Friday. A scan earlier in the week found 25,617. They were leaking a total of 756,565 unique MAC addresses. Exploiting the flaw requires only a few lines of code that harvest every MAC address, device name, and operating system that has ever connected to each of them.
Today we’re talking about a new IT security model that is changing the way that companies look at securing their networks: Zero Trust Security. To explain how it works and how it is different from traditional network security models, we need to look at how the current models work.
Bodiam Castle, East Sussex, England.
The Castle-and-Moat Security Concept
For most companies, network security is currently based on what is called the “castle-and-moat concept“. In the physical analogy, think of a castle that is surrounded by a deep moat, preferably filled with alligators. There’s only one way in and
Just about every aircraft that has flown over the past 50 years—whether a single-engine Cessna or a 600-seat jumbo jet—relies on radios to safely land at airports. These instrument landing systems are considered precision approach systems, because unlike GPS and other navigation systems, they provide crucial real-time guidance about both the plane’s horizontal alignment with a runway and its vertical rate of descent. In many settings—particularly during foggy or rainy nighttime landings—this radio-based navigation is the primary means for ensuring planes touch down at the start of a runway and on its centerline.
Like many technologies built in earlier decades, the ILS was never designed to be secure from hacking. Radio signals, for instance, aren’t encrypted or authenticated. Instead, pilots simply
You can now use Apple Pay to make purchases from iTunes, the App Store and Apple Books. You can also use it for Apple Music and iCloud storage subscriptions. MacRumors spotted the change in a recently updated support document. The added Apple Pay options are coming to users in the US, Canada, Australia, Singapore, Hong Kong, Taiwan, Russia, Ukraine and the United Arab Emirates, but they might not be available in all of those locations just yet.
You can now use Apple Pay to make purchases from iTunes, the App Store and Apple Books. MacRumors spotted the change in a recently updated support document. The added Apple Pay options are coming to users in the US, Canada, Australia, Singapore, Hong Kong, Taiwan, Russia, Ukraine and the United Arab Emirates, but they might not be available in all of those locations just yet.
First disclosed in January 2018, the Meltdown and Spectre attacks have opened the floodgates, leading to extensive research into the speculative execution hardware found in modern processors, and a number of additional attacks have been published in the months since.
Today sees the publication of a range of closely related flaws named variously RIDL, Fallout, ZombieLoad, or Microarchitectural Data Sampling. The many names are a consequence of the several groups that discovered the different flaws. From the computer science department of Vrije Universiteit Amsterdam and Helmholtz Center for Information Security, we have “Rogue In-Flight Data Load.” From a team spanning Graz University of Technology, the University of Michigan, Worcester Polytechnic Institute, and KU Leuven, we have “Fallout.” From Graz University of Technology, Worcester Polytechnic Institute, and KU Leuven, we have “ZombieLoad,” and from Graz University of Technology, we have “Store-to-Leak Forwarding.”
The wait for Amazon’s Ring video doorbell to integrate with Apple’s HomeKit could soon be over. Ring has long promised HomeKit support, but it’s faced repeated delays. Now, it looks like Ring’s Video Doorbell Pro and Spotlight Cam have earned HomeKit certification. A Twitter user spotted the change on Apple’s MFi licensing page.
For many of us, the Mac’s Mail app is the most often used app in our collection. It has so many features that for most of us, we only touch the surface of what it can do. In this Rocket Yard guide we’ll check out seven features that are often overlooked, most likely left in the default setting, or simply not used.