Security

Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters (zdnet.com) 83

Zack Whittaker, writing for ZDNet: The maker of a sneaky adware that hijacks a user's browser to serve ads is back with a new, more advanced version -- one that can gain root privileges and spy on the user's activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The adware, dubbed OSX.Pirrit, is still highly active, infecting tens of thousands of Macs, according to Serper, who has tracked the malware and its different versions for over a year. Serper's detailed write-up is well worth the read. [...] TargetingEdge sent cease-and-desist letters to try to prevent Serper from publishing his research. "We've received several letters over the past two weeks," Serper told ZDNet. "We decided to publish anyway because we're sick of shady 'adware' companies and their threats."
Networking

Ask Slashdot: What's the Best Way to Retrain Old IT Workers? 343

A medium-sized company just hired a new IT manager who wants advice from the Slashdot community about their two remaining IT "gofers": These people have literally been here their entire "careers" and are now near retirement. Quite honestly, they do not have any experience other than reinstalling Windows, binding something to the domain and the occasional driver installation -- and are more than willing to admit this. Given many people are now using Macs and most servers/workstations are running Linux, they have literally lost complete control over the company, with most of these machines sitting around completely unmanaged.

Firing these people is nearly impossible. (They have a lot of goodwill within other departments, and they have quite literally worked there for more than 60 years combined.) So I've been tasked with attempting to retrain these people in the next six months. Given they still have to do work (imaging computers and fixing basic issues), what are the best ways of retraining them into basic network, Windows, Mac, Linux, and "cloud" first-level help desk support?

Monster_user had some suggestions -- for example, "Don't overtrain. Select and target areas where they will be able to provide a strong impact." Any other good advice?

Leave your best answers in the comments. What's the best way to retrain old IT workers?
Chrome

Google Wants Progressive Web Apps To Replace Chrome Apps (androidpolice.com) 153

An anonymous reader quotes a report from Android Police: The Chrome Web Store originally launched in 2010, and serves a hub for installing apps, extensions, and themes packaged for Chrome. Over a year ago, Google announced that it would phase out Chrome apps on Windows, Mac, and Linux in 2018. Today, the company sent out an email to developers with additional information, as well as news about future Progressive Web App support. The existing schedule is mostly still in place -- Chrome apps on the Web Store will no longer be discoverable for Mac, Windows, and Linux users. In fact, if you visit the store right now on anything but a Chromebook, the Apps page is gone. Google originally planned to remove app support on all platforms (except Chrome OS) entirely by Q1 2018, but Google has decided to transition to Progressive Web Apps:

"The Chrome team is now working to enable Progressive Web Apps (PWAs) to be installed on the desktop. Once this functionality ships (roughly targeting mid-2018), users will be able to install web apps to the desktop and launch them via icons and shortcuts; similar to the way that Chrome Apps can be installed today. In order to enable a more seamless transition from Chrome Apps to the web, Chrome will not fully remove support for Chrome Apps on Windows, Mac or Linux until after Desktop PWA installability becomes available in 2018. Timelines are still rough, but this will be a number of months later than the originally planned deprecation timeline of 'early 2018.' We also recognize that Desktop PWAs will not replace all Chrome App capabilities. We have been investigating ways to simplify the transition for developers that depend on exclusive Chrome App APIs, and will continue to focus on this -- in particular the Sockets, HID and Serial APIs."

Desktops (Apple)

Apple Snafu Means Updating To macOS 10.13.1 Could Reactivate Root Access Bug (betanews.com) 74

Mark Wilson writes: A few days ago, a serious security flaw with macOS High Sierra came to light. It was discovered that it was possible to log into the 'root' account without entering a password, and -- although the company seemed to have been alerted to the issue a couple of weeks back -- praise was heaped on Apple for pushing a fix out of the door quickly. But calm those celebrations. It now transpires that the bug fix has a bug of its own. Upgrade to macOS 10.13.1 and you could well find that the patch is undone. Slow hand clap.
Desktops (Apple)

High Sierra Root Login Bug Was Mentioned on Apple's Support Forums Two Weeks Ago (daringfireball.net) 85

John Gruber, reporting for DaringFireball: It's natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer. One explanation is that logging in with the username "root" and a blank password is so bizarre that it's the sort of thing no one would think to try. More insidious though, is the notion that it might not have escaped notice prior to its widespread publicization yesterday -- but that the people who had heretofore discovered it kept it to themselves. This exploit was in fact posted to Apple's own support forums on November 13. It's a bizarre thread. The thread started back on June 8 when a user ran into a problem after installing the WWDC developer beta of High Sierra.
Desktops (Apple)

Apple To Review Software Practices After Patching Serious Mac Bug (reuters.com) 192

Apple said on Wednesday it would review its software development process after scrambling to patch a serious bug it learned of on Tuesday in its macOS operating system for desktop and laptop computers. From a report: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," Apple said in a statement. "Our customers deserve better. We are auditing our development processes to help prevent this from happening again."
Bug

MacOS High Sierra Bug Allows Login As Root With No Password (theregister.co.uk) 237

An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."
OS X

New Windows Search Interface Borrows Heavily From MacOS (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: Press clover-space on a Mac (aka apple-space or command-space to Apple users) and you get a search box slap bang in the middle of the screen; type things into it and it'll show you all the things it can find that match. On Windows, you can do the same kind of thing -- hit the Windows key and then start typing -- but the results are shown in the bottom left of your screen, in the Start menu or Cortana pane. The latest insider build of Windows, build 17040 from last week, has a secret new search interface that looks a lot more Mac-like. Discovered by Italian blog Aggiornamenti Lumia, set a particular registry key and the search box appears in the middle of the screen. The registry key calls it "ImmersiveSearch" -- hit the dedicated key, and it shows a simple Fluent-designed search box and results. This solution looks and feels a lot like Spotlight on macOS.
iMac

iMac Pro Will Have An A10 Fusion Coprocessor For 'Hey, Siri' Support and More Secure Booting, Says Report (theverge.com) 164

According to Apple firmware gurus Steven Troughton-Smith and Guilherme Rambo, the upcoming iMac Pro will feature an A10 Fusion coprocessor to enable two interesting new features. "The first is the ability for the iMac Pro to feature always-on 'Hey, Siri' voice command support, similar to what's currently available on more recent iPhone devices," reports The Verge. "[T]he bigger implication of the A10 Fusion is for a less user-facing function, with Apple likely to use the coprocessor to enable SecureBoot on the iMac Pro." From the report: In more practical terms, it means that Apple will be using the A10 Fusion chip to handle the initial boot process and confirm that software checks out, before passing things off to the regular x86 Intel processor in your Mac. It's not something that will likely change how you use your computer too much, like the addition of "Hey, Siri" support will, but it's a move toward Apple experimenting with an increased level of control over its software going forward.
Chrome

Slashdot Asks: Have You Switched To Firefox 57? 589

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.
Mozilla

Firefox Quantum Arrives With Faster Browser Engine, Major Visual Overhaul (venturebeat.com) 323

An anonymous reader writes: Mozilla today launched Firefox 57, branded Firefox Quantum, for Windows, Mac, Linux, Android, and iOS. The new version, which Mozilla calls "by far the biggest update since Firefox 1.0 in 2004," brings massive performance improvements and a visual redesign. The Quantum name signals Firefox 57 is a huge release that incorporates the company's next-generation browser engine (Project Quantum). The goal is to make Firefox the fastest and smoothest browser for PCs and mobile devices -- the company has previously promised that users can expect "some big jumps in capability and performance" through the end of the year. Indeed, three of the four past releases (Firefox 53, Firefox 54, and Firefox 55) included Quantum improvements. But those were just the tip of the iceberg. Additionally, Firefox now exclusively supports extensions built using the WebExtension API, and unsupported legacy extensions will no longer work, the company said.
Iphone

Some iPhone X Displays Plagued By Mysterious 'Green Line of Death' (thenextweb.com) 76

Some iPhone X owners are reporting a random green line appearing on their displays. According to The Next Web, "the defect has already started to take on the endearing 'Green Line of Death' moniker." From the report: Several users across Apple forums and social media have reported the error -- I've counted over a dozen accounts, and MacRumors mentions it's read "at least 25" such reports. Oddly, the issue doesn't appear to affect users immediately, only showing up after some time with regular usage. In some cases it alternates with a purple line, for variety. It generally appears towards the right or left sides of the display, and sometimes it simply disappears altogether. Weird. Either way, it appears to be a hardware defect affecting a small number of users, and Apple appears to be replacing affected units. Mac Rumors first reported the issue.
Desktops (Apple)

Ask Slashdot: What Should A Mac User Know Before Buying a Windows Laptop? 449

New submitter Brentyl writes: Hello Slashdotters, longtime Mac user here faced with a challenge: Our 14-year-old wants a Windows laptop. He will use it for school and life, but the primary reason he wants Windows instead of a MacBook is gaming. I don't need a recommendation on which laptop to buy, but I do need a Windows survival kit. What does a fairly savvy fellow, who is a complete Windows neophyte, need to know? Is the antivirus/firewall in Windows 10 Home sufficient? Are there must-have utilities or programs I need to get? When connecting to my home network, I need to make sure I ____? And so on... Thanks in advance for your insights.
Iphone

Israeli Company Sues Apple Over Dual-Lens Cameras In iPhone 7 Plus, iPhone 8 Plus (macrumors.com) 56

Corephotonics, an Israeli maker of dual-lens camera technologies for smartphones, has filed a lawsuit against Apple this week alleging that the iPhone 7 Plus and iPhone 8 Plus infringe upon four of its patents. Mac Rumors reports: The patents, filed with the U.S. Patent and Trademark Office between November 2013 and June 2016, relate to dual-lens camera technologies appropriate for smartphones, including optical zoom and a mini telephoto lens assembly: U.S. Patent No. 9,402,032; U.S. Patent No. 9,568,712; U.S. Patent No. 9,185,291; U.S. Patent No. 9,538,152. Corephotonics alleges that the two iPhone models copy its patented telephoto lens design, optical zoom method, and a method for intelligently fusing images from the wide-angle and telephoto lenses to improve image quality. iPhone X isn't listed as an infringing product, despite having a dual-lens camera, perhaps because the device launched just four days ago.
Displays

iPhone X Has the 'Most Innovative and High Performance' Smartphone Display Ever Tested (macrumors.com) 233

The display in the iPhone X is produced by Samsung and improved by Apple, says screen technology analysis firm DisplayMate. The company has released a display shoot-out for the iPhone X, praising Apple's technology in areas like the higher resolution OLED screen, automatic color management, viewing angle performance, and more. Mac Rumors reports: According to DisplayMate, the iPhone X has the "most innovative and high performance" smartphone display it has ever tested. DisplayMate also congratulated Samsung Display for "developing and manufacturing the outstanding OLED display hardware in the iPhone X." iPhone X matched or set new smartphone display records in the following categories: highest absolute color accuracy, highest full screen brightness for OLED smartphones, highest full screen contrast rating in ambient light, and highest contrast ratio. It also had the lowest screen reflectance and smallest brightness variation with a viewing angle. The iPhone X's 5.8-inch OLED display includes a taller height to width aspect ratio of 19.5:9, 22 percent larger than the 16:9 aspect ratio on previous iPhone models (and most other smartphones). Because of this DisplayMate noted that the iPhone X also has a new 2.5K higher resolution with 2436x1125 pixels and 458 pixels per inch. The iPhone X's display resolution provides "significantly higher image sharpness" than can be analyzed by a person with normal 20/20 vision at a 12-inch viewing distance. DisplayMate said this means that it's now "absolutely pointless" to increase the display resolution and pixels per inch of the iPhone any further, since there would be "no visual benefit" for users.
Bug

An iOS 11.1 Glitch Is Replacing Vowels (mashable.com) 123

An anonymous reader quotes Mashable: We became privy to a new iPhone keyboard glitch after a few Mashable staffers recently started having issues with their iPhone keyboards, specifically with vowels. The issue started when iOS 11's predictive text feature began to display an odd character in the place of the letter "I," offering up "A[?] instead and autocorrecting within the message field...The bug was also covered by MacRumors, but it appears that my colleagues have even more issues than just the letter "I." One reported that they were also seeing the glitch with the letters "U" and "O" as well, making the problem strictly restricted to vowels. They also said the letters showed up oddly in iMessage on Mac devices, and shared some more screenshots of what the glitch looks like when they went through with sending a message. The glitch wasn't just limited to iMessage, however. My colleagues shared screenshots of their increasingly futile attempts to type out messages on Facebook Messenger...and Twitter.
Apple seems to be acknowledging that the iOS 11.1 glitch may affect iPhones, iPads, and iPod Touches. "Here's what you can do to work around the issue until it's fixed by a future software update," Apple posted on a support page, advising readers to "Try setting up Text Replacement for the letter 'i'."
Security

TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released (bleepingcomputer.com) 21

Catalin Cimpanu, reporting for BleepingComputer: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue -- which he codenamed TorMoil -- to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.
Iphone

iFixit's iPhone X Teardown Reveals Two Battery Cells, 'Unprecedented' Logic Board (macrumors.com) 89

iFixit has posted its teardown of the iPhone X, revealing a new TrueDepth camera system, stacked logic board, L-shaped two-cell battery pack, and Qi-based inductive charging coil. Mac Rumors reports: Like every other model since the iPhone 7 Plus, the iPhone X is a sideways-opening device. A single bracket covers every logic board connector. iFixit said the miniaturized logic board design is incredibly space efficient, with an unprecedented density of connectors and components. It noted the iPhone X logic board is about 70 percent of the size of the iPhone 8 Plus logic board. The extra room allows for a new L-shaped two-cell battery pack rated for 2,716 mAh, which is slightly larger than the iPhone 8 Plus battery. iFixit's teardown includes some high-resolution photos of the iPhone X's new TrueDepth camera system that powers Face ID and Animoji. For those unfamiliar, a flood illuminator covers your face with infrared light. Next, the front-facing camera confirms a face. Then the IR dot projector projects a grid of dots over your face to create a three-dimensional map. Last, the infrared camera reads this map and sends the data to the iPhone X for authentication. Like the iPhone 8 and iPhone 8 Plus, the inside of the iPhone X's rear shell is affixed with an inductive charging coil based on the Qi standard. iFixit gave the iPhone X a so-called repairability score of six out of a possible 10 points. It said a cracked display can be replaced without removing Face ID's biometric hardware, but it added that fussy cables tie unrelated components together into complex assemblies that are expensive and troublesome to replace.
Businesses

Apple Crushes Expectations, Sees Record Holiday Quarter (axios.com) 97

Apple on Thursday reported sales and earnings well ahead of projections, and said holiday sales should be a record and ahead of many analysts' expectations. The company sold 46.6 million iPhones last quarter, which came in about 500,000 units ahead of expectations. Axios reports: Going into the earnings report, there were concerns about both iPhone 8 demand and iPhone X supply. Thursday's report should go a long way toward answering those questions. Sales were up in every region expect Japan, where business was down from the prior year, though up sequentially. Notably, the company finally saw a much-needed turnaround in Greater China, where sales of $9.8 billion were up 22% from the prior quarter and 12% from a year ago. The company's business has been weak in China for some time, though the company had predicted improvement this quarter. Apple reported $52.6 billion in revenue (vs $51.2 billion estimated) and per-share earnings of $2.02 (vs $1.87 estimated). In addition to the 46.6 million iPhones sold (vs 46.1 million estimated), the company sold 10.3 million iPads (vs about 10 million expected) and 5.4 million Macs (vs about 5 million expected).
Windows

Windows 10's 'Controlled Folder Access' Anti-Ransomware Feature Is Now Live (bleepingcomputer.com) 157

A reader shares a BleepingComputer report: With the release of Windows 10 Fall Creators Update last week, the "Controlled Folder Access" that Microsoft touted in June is now live for millions of users. As the name hints, the Controlled Folder Access feature allows users to control who can access certain folders. The feature works on a "block everything by default" philosophy, which means that on a theoretical level, it would be able to prevent ransomware when it tries to access and encrypt files stored in those folders. The benefits of using Controlled Folder Access for your home and work computers are tangible for anyone that's fearful of losing crucial files to a ransomware infection.

Slashdot Top Deals