This Week In Tech News [1 Dec 2017]
This Week In Tech News is a weekly segment released on Fridays highlighting the most important, popular, and interesting technology related news stories of the past week. Written and curated by Scott Schilder and presented by Cyber Tech Cafe. If you have an idea for a story to highlight please share it with us on Twitter.
Huge Vulnerability Found in Mac OS High Sierra – Mac user and software engineer Lemi Orhan Ergin first discovered a bug in the way Mac OS High Sierra handles logins and authentication on November 28th and disclosed the vulnerability to Apple in a tweet.
Dear @AppleSupport, we noticed a *HUGE* security issue at MacOS High Sierra. Anyone can login as "root" with empty password after clicking on login button several times. Are you aware of it @Apple?
— Lemi Orhan Ergin (@lemiorhan) November 28, 2017
The vulnerability allows an unauthenticated user to gain access to the device as the root user, without a password, simply by clicking the login button repeatedly. Yes, you read that correctly, simply mashing the login button with no password will grant any user full and unfettered access to any device running Mac OS High Sierra. The issue is an embarrassing one to say the least but was swiftly dealt with by Apple who pushed a fix for the bug in just 24 hours. The fast turn around shows improvement on Apple’s part compared to their last blunder of this magnitude back in 2014 where it took almost 5 days for them to release a patch for a critical TLS vulnerability in nearly all iOS devices. Some in the security community are questioning the disclosure method used with this vulnerability (generally tweeting publicly is not the best way to share a bug of this nature) while others are claiming the public method used was a strong catalyst in having the patched pushed out more quickly. Feel free to share your thoughts on responsible disclosure in the comments.
Cryptocurrency Bitcoin Reaches $10k, Up 900% From January 2017 – The most popular cryptocurrency (mathematically verifiable, open source, digital currencies) Bitcoin is up 900% since the start of the year and now has a global market value of over $160 billion dollars. The surge in value for Bitcoin has fueled many discussions from Bitcoin (or other cryptocurrencies) being the future of money, destined to replace traditional FIAT currencies, to Bitcoin being a scam and its rise in value seen as a “bubble”. The high water mark for Bitcoin was close to $11k on Wednesday of this week but has since taken a small dip back to around $9k towards the end of the week. Regardless of opinions on the long term viability of a blockchain based currency like Bitcoin, the growth seen this year (and this week) alone is staggering to say the least and with blockchain technologies being developed en mass currently in Silicon Valley, there are many who believe this is only the beginning. Let us know your opinions on Bitcoin, cryptocurrencies, and blockchain technology in the comments. For some good reading on Bitcoin, what it is, how it works, and why its valuable, check out the bitcoin.it wiki.
Continued Talks of Net Neutrality – News agencies, social media, the internet at large has continued with the discussions and debates over the upcoming December 14th vote to repeal Obama era legislation that classifies ISPs under “Title 2” with the FCC. Many of those in favor of net neutrality have taken to social media sites like Reddit, Twitter, and Facebook to urge users to reach out to their local and state legislators asking them to “Vote No” to the repeal of these regulations. The so called “digital protest” was organized by the non-profit organization Fight For The Future. Those in favor of the repeal, like FCC Chairman Ajit Pai have largely remained quiet as the media storm surrounding the upcoming vote continues, some believe this to imply the vote is likely to pass. In order to keep things light I will not expand too much on the underlying debate, but can say that some light Google Fu can return hours of quality reading material to help better your understanding of Net Neutrality and why this debate matters, regardless of which side you fall on.
Google Blocks Lockscreen Ads – Google announced this week that ads displayed on the lock screens of Android devices would no longer be allowed and any apps doing this without explicit permission from the users would be removed from the Google Play Store. The official verbiage reads,
“Unless the exclusive purpose of the app is that of a lock-screen, apps may not introduce ads or features that monetize the locked display of a device.”
It is mentioned that this will NOT affect devices specifically sold with lock screen ads like the low cost Android devices available with lock screen ads from Amazon. The change comes after a recent surge in shady developers whose apps would replace a users lock screen with one of their own creation to allow them full control over ad deployment to the lock screen. This change often came with no warning or method to change back for the user and in some cases even posed a security risk.
Chrome Will Soon Block 3rd Party Software Injections – Google announced that starting in April of 2018, Google Chrome will no longer allow 3rd party applications (like anti-virus software, or video card applications) from injecting libraries or code into Chrome. While Google claims the main reason for this is stability (as they have reported, over 15% of all crashes are caused by 3rd party software injection), another added benefit will come from the security a move like this provides. Not only legitimate applications will be blocked but also any malicious code attempting to snoop on your browser or inject their own code into the process in any way will presumably also be blocked. Only time will tell how the implementation of this will go, but the idea is one that looks promising and pushes us further towards a more secure and usable internet.
As always, your participation is encouraged and we are eager to politely discuss any of the articles covered in the comments below or on any of our social media accounts. This weeks article was written and curated by Scott Schilder and presented by Cyber Tech Cafe. If you have an idea for a story to highlight please share it with us on Twitter. See you next Friday. Have a great week!