Web Finds for January 12, 2018

Web Finds are from my web surfing travels. You’ll find some unique and informative news, apps and websites that you may have never known existed. Enjoy!

Apple planning new, “robust” parental controls to help protect children, teens
In a report by The Wall Street Journal, Apple states it has plans to create new software features that will make its current parental controls on iPhone and other devices “even more robust.”
Via Ars Technica

Apple Shares Updated iOS Security Guide With Info on Face ID, Apple Pay Cash and More
Apple this afternoon published an updated version of its iOS Security white paper for iOS 11 [PDF], with information that covers features introduced in iOS 11.1 and iOS 11.2, like Face ID and Apple Pay Cash.
Via MacRumors

How-To Disable macOS High Sierra Upgrade Notifications
Is it just me or are those daily upgrade notifications for upgrading to macOS High Sierra annoying the bleep out of you? Every time I turn on my MacBook (2017,) it immediately starts up with that exasperating High Sierra notice to upgrade to High Sierra so I can “enjoy the latest technologies and refinements.” And it’s even popping up on my iMac (2015 with Fusion Drive,) that Apple itself recommends NOT updating to High Sierra. And I really DON’T want to upgrade to macOS High Sierra right now on any of my Macs!
Via AppleToolBox

How-To Fix an iPad Keyboard That’s Split in Half or Two
One of the most frequent questions we get from our iPad friends and readers is problems with their iPad keyboards. Specifically, what should you do when your iPad keyboard is split down the middle with half of it on the left side and the other part on the right side of your iPad’s screen. Just how do you get it back together like it should be? For many iFolks, this a very annoying problem that they just can’t figure out how to fix!
Via AppleToolBox

The iPad Gestures You Should Master
Your Dock will follow you wherever you go, in any iPad app. Just swipe up about an inch from the bottom of the screen to bring up your Dock and its list of applications, along with the three most recent apps used. You can add up to 13 apps to your Dock so you have the most important ones at your fingertips, apps you can drag and drop to use for multitasking.
Via lifehacker

Previous Web Finds are here.

Worst passwords of 2017 still include “123456” and “password”

SplashData has published its annual list of the worst passwords of the year. The data was pulled from over five million passwords that were leaked by hackers in 2017.

Despite many well-publicized data leaks in 2017, it looks like many people are continuing to use weak passwords like “123456” and “password” that are easily guessed by hackers.

If you’re still using weak passwords please, please do your self a favor and stop. Get a password manager. I use 1Password. With 1Password I’m able to have a unique strong password for every website that requires a password and the best part is I don’t have to remember them because 1Password does it for me.

1Password has an app for Mac and iOS. LastPass is another option.

Web Finds for December 11, 2017

Web Finds are from my web surfing travels. You’ll find some unique, informative, and some of the coolest websites and apps that you may have never known existed. Enjoy!

How to Use Do Not Disturb While Driving on iPhone
Do Not Disturb While Driving is an iPhone specific safety feature. When Do Not Disturb While Driving is activated on iPhone, no calls, messages, notifications, or alerts will come through to the iPhone. I have my iPhone set to automatically go to do not disturb as soon as my car starts moving.

How to Lock Your Mac Screen and Protect It from Prying Eyes
Whether you’re at home or at work, you might not want other people snooping on your Mac when you step away. Leaving your Mac unlocked and unattended allows others nearby to read your emails, text messages, browser history, and all your files. You don’t need to shut down your Mac, you don’t even need to log out. You can just lock it.

How to restore deleted files from iCloud Drive
I use Dropbox more often than iCloud Drive. One of Dropbox’s features is the ability to recover deleted files. I didn’t know I could also recover deleted files in iCloud Drive.

Phishers Are Upping Their Game. So Should You. — Krebs on Security
This is read is worth your time. Not long ago, phishing attacks were fairly easy for the average Internet user to spot: Full of grammatical and spelling errors, and linking to phony bank or email logins at unencrypted (http:// vs. https://) Web pages. Increasingly, however, phishers are upping their game, polishing their copy and hosting scam pages over https:// connections — complete with the green lock icon in the browser address bar to make the fake sites appear more legitimate.

Previous Web Finds are here.

Equifax breach caused by failure to patch two-month-old bug

Negligence! If they would have patched their server(s) the day the patch was released this would have never happened.

This is inexcusable! Heads should roll. Maybe it’s time some people go to jail for this kind of sh^t.

Dan Goodin, writing for Ars Technica 9/13/2017, 8:12 PM

We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.

The flaw in the Apache Struts framework was fixed on March 6. Three days later, the bug was already under mass attack by hackers who were exploiting the flaw to install rogue applications on web servers. Five days after that, the exploits showed few signs of letting up. Equifax has said the breach on its site occurred in mid-May, more than two months after the flaw came to light and a patch was available.

Up to now, Equifax has said only that criminals exploited an unspecified application vulnerability on its US site to gain access to certain files. Now, we know that the flaw was in Apache Struts and had been fixed months before the breach occurred.

The Equifax Breach: What You Should Know

I’m sure you’re pissed about the Equifax breach just like I am. And I’m sure you’re as concerned about how this affects you as I am.

Brian Krebs of KrebsonSecurity is an expert in the area of data breach’s has written an excellent article about what we need to know to protect ourselves in light of the “Equifax Breach”.

Please – Please take the time to read his article.

Brian Krebs, writing for KrebsonSecurity

Here’s what you need to know and what you should do in response to this unprecedented breach.

Some of the Q&As below were originally published in a 2015 story, How I Learned to Stop Worrying and Embrace the Security Freeze. It has been updated to include new information specific to the Equifax intrusion.

https://krebsonsecurity.com/2017/09/the-equifax-breach-what-you-should-know/

iOS 11 has a way to quickly disable Touch ID and require a passcode

As reported, last week, by The Verge iOS 11 has a way to quickly and discreetly disable Touch ID.

According to The Verge:

Apple is adding an easy way to quickly disable Touch ID in iOS 11. A new setting, designed to automate emergency services calls, lets iPhone users tap the power button quickly five times to call 911. This doesn’t automatically dial the emergency services by default, but it brings up the option to and also temporarily disables Touch ID until you enter a passcode. Twitter users discovered the new option in the iOS 11 public beta, and The Verge has verified it works as intended.

This is a handy feature because it allows Touch ID to be disabled in circumstances where someone might be able to force a phone to be unlocked with a fingerprint. With Touch ID disabled in this way, there is no way to physically unlock an iPhone with Touch ID without the device’s passcode.

As a side note. Last week Mashable reported that according to a Virginia judge a cop can force you to unlock your phone with Touch id but not with a passcode.

As pointed out by John Gruber:

Until iOS 11 ships, it’s worth remembering that you’ve always been able to require your iPhone’s passcode to unlock it by powering it off. A freshly powered-on iPhone always requires the passcode to unlock.

TunnelBear completes industry’s first public security audit

TunnelBear has been my VPN service of choice for just over a year. I was excited to read that TunnelBear has undergone a public security audit by Germany-based penetration testing company Cure53. This gives confidence I’ve chosen the right VPN provider and that TunnelBear isn’t scraping and selling my browsing data.

TunnelBear Blog, 07 August 2017

Consumers and experts alike have good reason to question the security claims of the VPN industry. Over the last few years, many less reputable VPN companies have abused users’ trust by selling their bandwidth, their browsing data, offering poor security or even embedding malware.

Being within the industry, it’s been hard to watch. We knew TunnelBear was doing the right things. We were diligent about security. We deeply respected our users’ privacy. While we can’t restore trust in the industry, we realized we could go further in demonstrating to our customers why they can, and should, have trust in TunnelBear.​

Today, we’d like to announce TunnelBear has completed the Consumer VPN industry’s first 3rd party, public security audit. Our auditor, Cure53, has published their findings on their website and we’re content with the results.

However, the recent crisis of trust in the VPN industry showed us we needed to break the silence and share Cure53’s findings publicly. Today we’re sharing a complete public audit which contains both the results from last year and the results from the current audit.

You can read the full report on Cure53’s website.

1Password responds about local vaults

This is a follow-up to my article July 12, 2017. Dave Teara, in an agilebits blog post, has clarified that for now local vaults will continue to be supported.

blog.agilebits.com · by Dave Teare · July 13, 2017:

Many Mac users worry that the same fate awaits 1Password 6 for Mac, and that we will remove support for local vaults and force them to pay again.

This isn’t going to happen. First, it would be evil to take away something you’ve already paid for. And evil doesn’t make for a Happy 1Password Customer, which is the cornerstone for a Happy 1Password Maker. It’s simply not who we are.

For those who purchased 1Password 6 for Mac already, you’re perfectly fine the way you are and can continue rocking 1Password the way you have been. There’s no requirement to change anything as we will not be removing features or forcing you to subscribe. In fact we’re still selling licenses of 1Password 6 for Mac for those that really need them (you can find them today on the setup screen under More Options).

And you need not worry about 1Password 7 for Mac, either, as it will continue to support standalone vaults just like version 6 does today.

We know that not everyone is ready to make the jump yet, and as such, we will continue to support customers who are managing their own standalone vaults. 1Password 6 and even 1Password 7 will continue to support standalone vaults.

There’s a message in Dave’s closing statement:

But 1Password memberships are indeed awesome and are the best way to use 1Password, and as such, I am going to continue to nudge you over when ever I can.