Apple Issues Security Update for High Sierra Root User Bug

Apple on Wednesday released a special security update for macOS High Sierra, solving a recently uncovered flaw which would let people gain root access without entering a password.

You can file this one under the ol’ “face palm – how the h3ll did this make it out to production?” category.

As a software development professional with over 25 years of experience, it really makes me wonder sometimes… It’s a question, that as a Quality Assurance professional, you never want to ask, or have someone ask YOU; but when the item in question is this blatant, you really can’t help it.

Recently, a bug in macOS 10.13 High Sierra was discovered that allowed anyone – literally, anyone – with physical access to your Mac to log in with root permissions, whether they had an account on the computer or not.

Root is a super user level of access. Someone with root or super user access can do anything and EVERYTHING to your Mac, despite any and ALL security settings you’ve made or apps you’ve installed. They can burn down your entire world with root access… and there isn’t anything on the computer that can stop them.

Now, there are a few things you should know about this.

1. As of this writing, this should no longer be an issue. Apple has released a security update, Security Update 2017-001, and it will update your High Sierra build number to 17B1002 after it installs.
2. As of this writing, the update will come down and install automatically. You won’t see an update notification or red bubble on the App Store indicating an update is available. It’s going to install automatically when you restart your Mac. Period. You don’t get a choice.

I wanted to get that in front of everyone before I relay the following comment – I’ve seen this defect in action, and it was totally devastating.

root_authorizing

In fact, it was a bit more than that. I’ve never seen such an easily exploitable, completely revealing security vulnerability like this… ever.

I have access to Mac with a standard (non-admin) account. I don’t know the admin password on this box, so I couldn’t cheat on it at all. With the above vulnerability active on that Mac, I was able to bypass the administrator’s credentials and make changes to my standard account as if I were an admin, and I didn’t even need a password.

As I understand it, there wasn’t a secret account or other access point on your computer. When users tried to log in as root, without a password, High Sierra wouldn’t let you in. The bug, however, occurred when you retried logging in as root without a password. It somehow burned the account in, without a password, after multiple tries. At that point, you had access to absolutely everything on the computer. When macOS again prompted you for any kind of admin permissions, simply entering in, “root” as the user name without a password again, got you authenticated.

As I mentioned, this was probably the easiest “hack” I’ve ever done. You didn’t need any coding or any kind of technical knowledge. All you needed was physical access to the computer and the ability to spell the word, “root.”

Thankfully, the hole has been patched; and it was patched, as I mentioned, via a silent, forced update, that, to my understanding, Apple has only used one time before. You didn’t get the opportunity to decline this update, and Apple applied it to your system without asking for permission or requesting a restart of your machine, or your knowledge, really. It simply got installed and then silently applied when you either rebooted or turned your Mac on.

The only evidence that something had happened was a notification bubble that showed up a day or so later letting you know that the update had been installed.

root_security_updated

To be honest, I wasn’t happy with the news that this vulnerability was published, and I wasn’t happy with the way it was resolved, either. I wouldn’t have been upset with a “required” update that would have been installed without me getting a say in its installation IF Apple had told me that it was installing it. I don’t like the fact that Apple can just push an update to my PC and I can’t prevent it from installing, or even know that it was installed until AFTER it was installed.

That’s just as bad as the vulnerability existing in the first place.

In the future, I really wish Apple would be a bit more sensitive in situations like this. I *DO* understand why they did what they did. This was a serious bug that had to be resolved for everyone running High Sierra. However, I don’t like it when vendors force me to take an update and don’t tell me that it’s going to install or give me an option to postpone the update. People have been screaming about situations like that on the Windows side of the world since Windows 10 was released a few years ago. Just because Microsoft does it, doesn’t make it ok.

Did you happen to see this bug in action? Did you happen to play with it at all prior to Apple plugging the hole? Did the update reveal itself to you via the App Store, or did you get the silent version of the update shoved at you like most of the world did?

Why don’t you meet me in the Discussion Area below, and give me your thoughts on the whole thing?

Related Posts:

The Difference between Outlook.com and Gmail

I recently had a very good friend of mine ask me the difference between the two. Here’s the skinny…

eMail services today aren’t like they used to be. It used to be that you got email because of the online service you used (like CompuServe, Prodigy, American Online or MSN, to name a few…). Some of them were IMAP related services. Some of them were POP3 related. In very rare occasions, depending on the level of service you purchased, some of them were corporate based or corporate classed, like Microsoft Exchange services. And, on top of that, you nearly ALWAYS had an email application (like Outlook or Outlook Express) to read your email with.gmail

Today, it’s a completely different story.

Today, nearly all email addresses are services that you choose to use. While the players have largely changed – all except for Microsoft, who still offers email via Outlook.com – most users choose to use web based email services provided by one of the larger consumer SaaS providers like Google, Microsoft, (and yes, even) Yahoo! (still…).

So, as I said, I recently had a very trusted, and good friend ask me what the difference between Outlook.com and Gmail were; and more importantly if one was better than the other. My answer, as always, was qualified. It depends.aL0gJ9_Y

It depends… on your needs.

So, for this discussion, I’m going to leave the Office compatible applications OUT of the conversation. Both offer Microsoft Office or Office compatible app suites, including eMail, but they also offer

• Word Processing – Word Online vs. Google Docs
• Spreadsheets – Excel Online vs. Sheets
• Presentations – PowerPoint Online vs. Slides
• Online Storage – OneDrive vs. Google Backup and Sync

For the sake of our discussion, we’re going to call these pretty much even; though, Google’s online storage offering does offer full computer backup, where OneDrive does not.

We’re going to instead concentrate on the email offering, which, believe it or not, is also, pretty much even. However, there are a few differences, and I want to touch on those so that you can pick out the service that is really the best for you.

Here are the nuts and bolts of the differences between Gmail and Outlook.com

Feature Gmail Outlook.com
Cost Free Free
Accessibility Online or Offline; but offline isn’t easy Online or offline
Tags & Folders Uses labels instead of folders Folders and Categories
SPAM Filtering Comprehensive Rudimentary
Attachment Size 25MB 10MB

 

There are perhaps one or two more differences of note; and depending on your situation, they may make a difference to you.

The biggest one is that will likely may any difference to anyone is that Outlook.com supports Exchange and Gmail does not. This won’t make any difference to you unless you intend to use Microsoft Outlook as an email client. Exchange allows you to take full advantage of all of Outlook’s features.

For example, while Gmail supports calendaring, Exchange’s calendar features are an industry standard. In fact, most of the features in Outlook are an industry standard. The thing about Outlook.com is that if you really want to use it, you’re best email client is going to be Outlook. If you’re not wanting to use Outlook, then you don’t have to.

Outlook.com will still work with a web browser, and work well; but if you really want that to work well, you’re going to need to use Edge or Internet Explorer. While Outlook.com works with any web browser, its feature set is deprecated with anything else other than a Microsoft web browser. Gmail works with Outlook, but it requires either POP3 or IMAP configurations. Gmail also really wants to live in a browser, and more than that… it really wants to live in Google Chrome.

So, at the end of the day, where does this really leave us? Honestly, that’s pretty easy.

If you want to use Outlook, then you should choose Outlook.com or Office 365 for your email needs. Outlook.com will default to Exchange regardless of the email address it creates for you. If you want to use it as either a POP3 or IMAP service, you can, of course, but you won’t get the advantages of Exchange, in Microsoft Outlook if you go that route.

If Exchange Services aren’t important to you, then , as I mentioned you can still use Outlook.com as a POP3 or IMAP service provider, or you can simply go with Gmail, which has some of the most reliable, easiest to configure services available It just depends on what you want to do and how you want to do it… It’s really up to you.

So what are the differences between Gmail and Outlook.com? Why do you pick one over the other? To be honest, I’m going to tell you exactly what I told my friend:

They’re effectively identical.

The only reason why you choose one over the other is going to depend on what type of mobile devices you have (Google services plays best with Android devices…); or whether or not you need or want Exchange.

If either of these are a toss up, then by all means, just pick one. To be honest, most folks aren’t going to care and it won’t really matter… It’s not your email needs that are going to drive you to pick one over the other. It’s going to be another service – Exchange, Office Suite compatibility, web browser needs/ choice, or full app client that are going to push you to choose one over the other.

If none of that makes a difference to you, then by all means… flip a coin.

However, I’d love to hear what you chose and why. Did you go Google or Microsoft? Chrome or Outlook? Why don’t you meet me in the Discussion area, below and tell me what direction you went and why. I’d love to hear all about it.

Related Posts:

Unboxing the Unihertz Jelly Pro

I never thought the Zoolander phone was real… until now.

The Unihertz Jelly Pro is here! Just off of successful campaigns on both Kickstarter,and Indegogo, the Jelly Pro is intended to be a supplemental device and not your daily driver. The device is tiny. It fits in the coin pocket on your jeans. It fits into a small party clutch.

It goes where you do when you can’t take your standard, five plus inch smartphone, yet still provides all the power and functionality of your regular Android phone, without taking up all the space and without the risk of breakage (because you stuck it in a rear pocket or some other place where its likely to get sat on…
Jelly
Full Specs are below.

• 4G/ LTE Smartphone (with support for VoLTE (voice over LTE))
• Quad Core CPU 1.1gHz
• 2GB RAM
• 16GB ROM
• 950mAh Battery – Reported 4-12 hours real use, depending on apps installed
• 2.45 Inch (62.23mm) Display
• 8MP Rear Facing Camera
• 2MP Front Facing Camera
• Android 7.0 Nougat (out of the box)
• Connectivity Support:
o LTE
o WLAN
o Bluetooth
o GPS

Unihertz doesn’t have all of the details I’m looking for in their tech specs, so I’m doing a bit more digging and investigating to see if I can get information on connectivity support and when (read: IF) Unhertz will be updating Jelly Pro to Android 8 Oreo.

The full review is still in the works!

Related Posts:

Microsoft Introduces Surface Book 2

If you thought Surface was just a passing fancy, think again…

Surface-Book-2-696x429

I’ve always been a HUGE fan of Microsoft Signature PC’s. They are, in my opinion, the best Windows experience that you can buy. They don’t have any extra crap on them that would take away from or distract you from your computing purpose. It’s one of the reasons why I really like Microsoft Surface PC’s as well.

Over the past five or so years, I’ve had an original Surface Pro, a Surface Pro 3 and a Surface Book. The combination of the devices features – like the touch screens and pens – have made the Surface line one that I find very valuable, especially in a corporate setting. The Surface Pro and the Surface Book are both perfect for Microsoft OneNote and for a number of different business applications, including custom sales and invoicing apps as well as process and business flow.

Recently, Microsoft released an update to their Surface Book line, and this update, is squarely aimed at not only the creative professional, but the enterprise as well. The Surface Book 2 now comes in both its original 13 inch size, but also a new, 15 inch version. The new size, paired with Intel’s eight generation Core i processor and better graphics hardware also enables Microsoft’s Mixed Reality Headsets.

Like its earlier iterations, the Surface Book 2 has put the bulk of its processing power in the tablet. The keyboard houses both the extra battery and the new Nvidia graphics cards. The 13″ version has an optional Nvidia GeForce 1050 and the 15″ gets a GeForce 1060 by default. Both are mainstream gaming graphics cards and a big step up from what the Surface Book was previously equipped with.

The following are basic specs for both versions of the Surface Book 2.

 

 

Surface Book 2 – 13″ Surface Book 2 15″
Processor Intel 8th-gen Core i5 (dual-core) or i7 (quad-core) U-series processors Intel 8th-gen Core i7 U-series processors
Display 13.5-inch 3,000×2,000-pixel display 15-inch 3,240×2,160-pixel display
Graphics Nvidia GeForce GTX 1050 GPU

(Core i7 version only)

Nvidia GeForce GTX 1060 GPU
USB Ports 2x USB-A 3.1 ports

1x USB-C 3.1 port

2x USB-A 3.1 ports

1x USB-C 3.1 port

Card Reader SDXC card reader SDXC card reader
RAM 8GB or 16GB RAM 16GB RAM
Storage 256GB, 512GB or 1TB SSD storage 256GB, 512GB or 1TB SSD storage
Intel 8th-gen Core i5 (dual-core) or i7 (quad-core) U-series processors Intel 8th-gen Core i7 U-series processors

When it comes to augmented reality, both of these convertibles are in good shape to perform well. Both work well with Microsoft’s Pen and the Fall Creators Update version of Windows 10. You can, for example, create a file in Microsoft’s Paint 3D and then drop it into a real word situation, capturing everything with the device’s 8MP, rear-facing camera. The only problem that you’re going to have here, when trying to hook into AR headsets is the lack of an HDMI port, though you shouldn’t have any real concerns with performance of the box or its graphics adapters. According to recent test results, both versions of the Surface Book 2 can be taken seriously as gaming machines, which is kinda cool.

Microsoft is also releasing a new mouse, called the Surface Precision Mouse. It’s got a more traditional design than either the original Surface Mouse or the Surface Arc Mouse. It also includes a set of programmable left side buttons; and supports both wired USB and wireless Bluetooth connectivity. As of this writing, pricing for these devices has not been released, though you should expect them to fall somewhere between $50 and $80 USD.

Microsoft is putting the Surface Book 2 directly against the new Apple MacBook Pro. According to Microsoft, the Surface Book 2 is a much better performer. There may be some truth to this, as the Apple MacBook Pros are still using previous generation Core Intel processor. Pricing for the new Microsoft Surface Book2 starts at $1499 USD for the 13 inch version and $2499 for the 15″ version.

In my opinion, pricing for the Surface Book line has always been a bit on the high side. As I previously stated, Microsoft is clearly targeting the Surface Book 2 at Apple’s MacBook Pro. The problem that I have with this pricing strategy is that the MacBook Pro is a clearly well established, top performing machine with a long history of top notch components and high price tags.

Microsoft doesn’t have any of these precedent, with any version of the Surface Book. The device has had what I would consider to be a mediocre performance history, especially with all of the issues that were first encountered with the original Surface Book and its ROM problems.

This update is also mostly what I would call an evolutionary update rather than any update of note. Surface Book with Performance Base, released earlier this year, put a better graphics card in the keyboard along with the extra battery. It also bumped the price up quite a bit.

The Surface Book 2 offers a new processor and a new graphics card; but the fact that it also offers a new 15″ screen size takes this device to a completely new level, in my opinion. It clearly brings the Surface Book up into a better class of computing device, and may actually make the larger price tag, a bit more reasonable. To be honest, we’re going to have to wait and see on that one, though. The a5″ version is new. It’s a completely different device than the 13″ version, with different components and different drivers; and Microsoft has always had an issue with drivers and components when it comes to Windows, regardless of version. So this clearly falls in the wait and see category…

Is Surface Book 2 something that you’re interested in? Will it be a convertible that you pursue or keep your eye on as a potential work tool? I’d love to hear what you plan to do. Why don’t you give me your thoughts in the Discussion area below?

Related Posts:

G Suite’s New Calendar Interface

If you were looking for enhanced functionality out of Google Calendar, you’re about to get it…

My good friend Doug Golding used to have a site called Just Another Mobile Monday. He got out of the mobile enthusiast world and sold the site and unfortunately, the site didn’t survive much past the sale even though it had a decent run afterwards.

However, it was during that time that I wrote a review on the Nexus One and got deep, DEEP into Google Services. In fact, I was all in with iTechGear.org by that time and I had started using what is now called G Suite for all of my PIM services – mail, calendar, contacts and to-do’s.

As of 2017-10-17, there’s a new look and a new set of features for Google Calendar on the web. Google has taken a lot of what they’ve learned over the past seven years related to their mobile apps and have brought that knowledge forward to the desktop, web version of Calendar. This new design is responsive. It adapts itself to your screen size, presenting you with the proper controls for your size screen. Google has also added additional enterprise level features designed to help teams prep for meetings.

Google Calendar

In the new version of Calendar you can:

• See conference room details when booking a room. G Suite admins can enter detailed information about room locations so users know its location, size, seating capacity, A/V equipment status, Accessibility features, etc. Users can simply hover their pointing device cursor over the location and get all the information about the location and its resources.
• Add rich formatting and hyperlinks to calendar invitations. You can link out to documents (word processing and spreadsheets) and presentation files, and then open them directly in a new Event Detail view. Meeting agendas are now more comprehensive and interactive, and attendees can be more productive and prepared prior to the actual meeting.
• Manage multiple calendars in a single view. It’s now easier to see who is busy with what at specific times during the day so that scheduling meetings when attendees are free is now easier and more efficient.
• View contact information of meeting attendees in a calendar invitation. Again, hovering your mouse cursor over an attendee’s name will get you the details you need.
• More easily view and restore deleted items in a single place if you accidentally delete a meeting invitation.
• Day, Week and Month views are now more accessible, featuring better compatibility with screen readers

The new changes will be rolling out during the month of November 2017. By the time this is posted, we should be very close to when Rapid Release domains will begin seeing the new UI implemented (2017-11-14). Scheduled Release domains will begin transitioning to the new UI at the end of the month (2017-11-28); and the transition depending on domain size will take about eight (8) weeks. Admins will have the opportunity to opt-in or opt-out. Admins may also manually opt-in via the Google Admin console.

Related Posts:

First Impressions – iPhone 8 Plus

Here are my initial impressions of one of Apple’s newest iPhones…

Introduction
Recently, due to an unfortunate turn of events where my oldest son dropped his iPhone 6s Plus, I was forced to purchase an iPhone 8 Plus recently. Sometimes having a pre-teen/ young teenager carrying a flagship level smartphone can be a bit problematic. Having a device is a case helps protect against shattered screens, but even then, they aren’t foolproof. You can still end up with a shattered screen despite your best efforts.

The situation with my oldest son is a great example of how sometimes, the universe just seems to be working against you no matter how hard you try. He dropped his protected iPhone 6s Plus and the screen shattered. I had the choice of replacing it via insurance claim or paying the AT&T Next acquired device off and upgrading to the iPhone 8/ 8 Plus. (As a brief aside, upgrading to the iPhone X was out of the question… I’m not paying $999 for a phone. EVER. It’s just not an option, especially when it’s THIS close to the Holidays, and you’re a new grandparent.) The prices in this scenario – insurance claim vs. upgrade – were nearly identical, so… it seemed the better, more prudent thing to do to purchase the upgrade on his account rather than pay the same amount of money for two year old technology.

Through the magic of SIM card swapping, my son ended up with my mint condition iPhone and I ended up with the new iPhone 8 Plus. Here are my initial thoughts on the device. If you recall, I covered this subject shortly after Apple announced both the iPhone 8/ 8 Plus and iPhone X in September 2017.

Honestly, after hearing the details and writing this article, I wasn’t going to bother with the iPhones announced this year. It didn’t seem worth the cost at the time; but since I got forced into it… here I am.

To get started, here, in no particular order, are what I would consider to be the major differences between the iPhone 7 Plus and the iPhone 8 Plus:

• The iPhone 8 Plus features an all-glass design with an aero-grade aluminum chassis in between. The iPhone 7 Plus features a unibody aluminum body
• The iPhone 8 Plus also supports Qi wireless charging
• The iPhone 8 Plus’ Retina HD display supports True Tone display technology. The display automatically tweaks the white balance to improve readability depending on the ambient lighting
• The iPhone 8 Plus is powered by Apple’s 6-core A11 Bionic chip. The iPhone 7 Plus is powered by Apple’s A10 Fusion chip.
• The iPhone 8 Plus is available in 64GB and 256GB storage variants. The iPhone 7 Plus comes in 32GB and 128GB variants
• The iPhone 8 Plus can record 4K videos at 60fps and Full HD videos at 240fps. The iPhone 7 Plus can record 4K videos at 30fps and Full HD videos at 120fps

My initial impressions and analysis of each of these are below. There’s not a lot here to distinguish the 8/ 8 Plus from the 7/ 7 Plus. The devices are visually identical, except for their body construction. However, you really have to look at the back of each device to be able to tell them apart.

The Full 360
Here are some comparison photos of the iPhone 8 Plus next to an iPhone 7 Plus. My guess is that without me telling you which was which, you wouldn’t be able to tell…

DSC_5532
The fronts of the iPhone 7 Plus and the iPhone 8 Plus, from left to right, respectively. The devices look identical. The only way to tell them apart from the front (without turning the devices on) is by hands on inspection.

The backs of the iPhone 7 Plus and the iPhone 8 Plus, from left to right, respectively. Here, you can see a difference. The iPhone 8 Plus’ back is covered in glass where the iPhone 7 Plus clearly is not.

The left edges of the iPhone 7 Plus and the iPhone 8 Plus from top to bottom, respectively. Again, you likely wouldn’t have known the difference if I hadn’t told you which was which.
DSC_5535
The top edges of the iPhone 7 Plus and the iPhone 8 Plus from top to bottom, respectively. Again, you likely wouldn’t have known the difference if I hadn’t told you which was which. There is a SLIGHT color difference between the matte black of the iPhone 7 (top) and the space gray of the iPhone 8 (bottom); but that’s likely just the lighting in my kitchen…

The right edges of the iPhone 7 Plus and the iPhone 8 Plus from top to bottom, respectively. Again, you likely wouldn’t have known the difference if I hadn’t told you which was which.

The bottom edges of the iPhone 7 Plus and the iPhone 8 Plus from top to bottom, respectively. Again, you likely wouldn’t have known the difference if I hadn’t told you which was which. Here, the color difference between the two is a little easier to see.

Storage Space

The change that is probably the most noticeable, believe it or not, is the storage size difference. There’s no longer a 128GB variation in the iPhone 8/ 8 Plus. To be honest, since I had to buy a new device, I decided I didn’t want to spend the extra $150 for the 256GB variant. However, when you’re coming from 128GB, going back to 64GB can be a bit painful. While this is not what I wanted to do, moving to 256GB was not worth the extra cost to me. So, I settled for the 64GB variant and am streaming a lot more content than I was prior to purchasing the iPhone 8 Plus.

Display
The True Tone Retina Display is really very, very good. However, the impact of this white balance method is completely lost on EVERYONE about five minutes after the initial setup of the device.

During setup, you’re given the ability to turn True Tone on or off. You’re also given a button that allows you to see how the screen will look with the feature on and then again with the feature off. While the screen looks MUCH better with True Tone turned on, you forget that its turned on. You don’t have anything that continually reminds you of the feature’s effect when its turned on. This is a set it and forget it feature; and honestly this is exactly what Apple wants to have happen.

Chipset – A11 Bionic
The same can be said for the iPhone 8/ 8 Plus’ A11 Bionic chip. You notice the speed difference for about a couple hours after upgrading. The next day, it’s all business as usual. The performance difference is going to be very noticeable when it comes to VR and AI headsets and apps; but other than that, you aren’t really going to notice the performance bump later on. After the “newness” wears off, this is going to appear as business as usual.

4K Video Frame Rates
You do notice the 4K video frame rate differences, especially on larger displays (like your desktop monitor), as the video filmed on the iPhone 8/ 8 Plus will appear much smoother.

Body Construction – Glass vs. Airplane Grade Aluminum
The body differences are TOTALLY noticeable; but really only from the back. You REALLY need a case on the iPhone 8/ 8 Plus. The iPhone 8/ 8 Plus is very difficult to hold on to due to the glass back and smoother, metal sides. If you don’t have something with a bit of “stick-’em” on it, you’re gonna drop the phone at some point. There’s no doubt in my mind. I’ve nearly done it three to four times in the few days that I’ve had the device. Since the body is covered in glass with an aluminum underbody, as soon as it hits the ground, it’s going to shatter into a million pieces. Save your phone. Put it in a case that’s going to provide decent protection.

Wireless Charging
The go-to feature is the Qi compatible wireless/ cableless charging. I’ve been able to confirm that it works with just about any and every Qi compatible charging system available. This includes any cheap Chinese aftermarket systems as well as Samsung’s wireless charging system for the Galaxy 8 and 8XL smartphone, which is kinda cool. Unfortunately, I am not a fan of Apple’s larger charging mat. I prefer the cradle like system for the Samsung Galaxy 8/8XL.

Conclusion
So where does this leave me..? That’s a great question.

First and foremost, I won’t be purchasing an iPhone X, especially after purchasing the iPhone 8 Plus. I don’t have the funds to do so, and wouldn’t, to be very honest, on my own. At nearly $1000 USD for the entry level model, the phone isn’t reasonably priced or realistically affordable for anyone on any kind of family plan with their carrier of choice.

Now, let’s talk about the iPhone 8/ 8 Plus. The iPhone 8 Plus is a decent phone to be certain; but I stand by my original assessment of the device – if you don’t HAVE to upgrade, you may want to wait for Apple’s next iteration of iPhone, due out some time next year. The iPhone 8/ 8 Plus is, in my opinion, just too similar to the iPhone 7/ 7 Plus. But that is Apple’s M.O. – evolution rather than revolution.

The wireless charging is really cool; and will be something that you really prefer doing and using, say at the office or by your bedside, especially if you use your device as an alarm clock to wake yourself in the morning for work or school. However, it’s not a killer, must have, do or die feature. It’s a convenience.

And that can probably sum up the entire iPhone 8/ 8 Plus experience for me – upgrading has been a convenience for me, and not much more.

The cost of the device – as well as the cost of the iPhone X, in my opinion – is bordering on excessive. The 64GB version is now “affordable” at $800 plus tax; and the 256GB version is just below crazy-stupid (at least from my perspective) at $950 plus tax. Here in Chicago that put things at $870 bucks and $1018 bucks respectively after taxes; or about $27 a month and $35 a month, respectively.

I’m shaking my head as I write this. Apple has almost completely priced me and my family out of the iPhone entirely. We used to be able to upgrade devices every two years or so (AT&T’s standard upgrade cycle is 30 months or 2.5 years). Now, it seems as though we’re going to have to make those last a lot longer than just two and a half years. Even with AT&T Next, the monthly costs for a new device are just not sustainable when you have to cover costs for four to five different devices. When you’re looking at a monthly cost of $35 to $40 per device, I’m looking at $150 – $200 per month just for devices… and I haven’t even begun to cover the cost of a voice and data plan for them yet. After all is said and done, I’m looking at nearly $425 a month, which is just crazy. Who does that just for mobile phones..?!

It truly does appear that after phones get paid off, the family is going to have to learn to live them for a while. So, my son is going to have to make this one last more than a year. Its either that, or he’s going to end up with a flip phone (or maybe a Windows Phone… I think both are just about equal when it comes to apps and functionality at this point.)

However, I’d really like to hear your thoughts on all of this. Did you upgrade to the iPhone 8/ 8 Plus? Did you opt for an iPhone X? Are you sticking with what you’ve got for now and upgrading later? Are you just sick of all the evolutionary updates out of Apple and have you decided to jump ship?

Why don’t you meet me in the Discussion area, below and give me your take on the iPhone 8/ 8 Plus? I’d love to hear from you!

Related Posts:

UPDATED: KRACK Attack Threatens to Kill WPA2 Wi-Fi Security

Well, this could be problematic…

I heard about this early Monday 2017-10-16; and it got me a bit concerned. Six collegiate researchers revealed information on a WPA-2 Wi-Fi security, Key Reinstallation Attack (KRACK Attack). This reliable information will allow attackers to undermine Wi-Fi encryption on any wireless connection utilizing WPA2 Personal security. This will affect literally, any and every brand and type wireless router on the B2B and consumer markets today.

This latest exploit takes advantage of the four-way handshake needed to establish an encryption key between a router and a connecting device. When properly executed, this vulnerability allows attackers to compromise the third step. This can lead to the re-use of an encryption key; or in some cases in Android and Linux based devices, the establishment of a null key.

US-CERT, the division of the Department of Homeland Security responsible for computer safety has become aware of “several key management vulnerabilities” used in the attack. The agency has declared that the vulnerability includes lack of proper encryption, content hijacking, HTTP injection, and other problems. In the advisory issued on Monday, US-CERT says that “most or all correct implementations” of WPA-2 are affected by the vulnerability —meaning every consumer device, and most enterprise access points.

The researchers claim that the attack vector completely opens up an Android 6.0 and later device. Other operating systems, including iOS and macOS are less impacted, but “a large number of packets” can still be decrypted from all.

At present, there are no patches for consumer-grade devices, and only a few commercial manufacturers have issued updates. A large percentage of network equipment will likely not see updates —so a properly patched operating system will be essential for users.

The attack uses one or more of 10 different exploits. The details of the exploit were submitted for review on May 19, and a conference presentation will be delivered on Nov. 1.

Fixes can be made by vendors on either the client or router level, and only one of the pair needs to be patched for the vulnerability to be ineffective. A patched computer can connect to an un-patched router and not be vulnerable, and vice-versa. Updates to either will prevent an encryption key from being reused.

What to Do
If you feel you must do something to ward off the evil Wi-Fi spirits, you can consider doing the following:

• Most home-based, consumer networks likely won’t be affected. However, those “common area” networks in apartment buildings (you get access because you rent there) or hotels and other high settlement areas remain vulnerable to attack.

• If and when a patch to the vulnerability becomes available, install it immediately.

• Upgrade to the latest, released version of the OS you’re computing on; and keep your security patches current.

• Never, ever use public Wi-Fi or unsecured networks. In fact, avoid them like the plague.

• Don’t frequent any ecommerce sites or any sites that collect PII (personally identifying information – like Name, Address, Date of Birth or SSN), that do not make use of HTTPS.

• Consider configuring your Wi-Fi network(s) to NOT broadcast its SSID. It’s still possible to sniff a non-broadcasted network name out if you’re determined enough to do it; but not revealing your network name is easy and effective way of keeping it hidden.

• Change your default passwords. If your router or other network equipment, network attached storage devices, etc. are still using their default passwords after you set them up, you’re just begging for trouble. Changing these will make it harder for undesirables to get the goods

• Consider turning your wireless printer off when you’re not using it. That way, no one will be able to waste your paper or toner by printing 300 pages of junk…

• Enterprise WPA-2 doesn’t appear to be affected by the flaw. If your network gear supports it, consider shifting to the more secure protocol.

UPDATE:
I reviewed the Netgear Orbi Mesh Router earlier this year. I was fairly pleased with the device and the way it worked in my house. Most of the Wi-Fi issues I was experiencing were resolved after I purchased and installed this device in my house.

Unfortunately, Netgear has not released a firmware update for the Orbi Mesh Router to resolve the KRACK vulnerability in this device. According to a KB article, there are a couple issues that need to be remembered about this issue:

1. Your devices are only vulnerable if an attacker is in physical proximity to and within the wireless range of your network.
2. Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
3. Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.
4. Mobile hotspots are only affected while using Wi-Fi data offloading, which is not enabled by default.

Based on this information, it’s very unlikely that anyone – regardless of the type of UNPROTECTED router they have – is EVER going to fall victim to this exploit, especially if you’re the average, everyday consumer. Those folks don’t have much to chase after; AND most importantly, they are unlikely to have any of their wireless networking equipment in bridge mode or to have hotspots using Wi-Fi data offloading.

While there are a number of Orbi users loudly demanding a firmware update, if and when an update IS made available, the Orbi system will download and install the update automatically.

Thankfully, I don’t have too much to worry about.

The other thing that users can do IF their router supports it is to switch from WPA2 Personal encryption to WPA2 Enterprise. Unfortunately for me, the Orbi does NOT currently support WPA2 Enterprise, so this isn’t an option for me. However, I’m not very upset or concerned about it at this time.

If you’re effected by this issue, I’d love to hear from you. Please meet me in the discussion area below and tell me what happened to you and if and how you resolved it on your end.

Related Posts:

Jelly – The World’s Smallest 4G/LTE Smartphone

After successful campaigns on both Kickstarter and Indiegogo, Jelly is finally available!
Jelly

Back in the day, small but functional was the thing. One handed operation on any PDA or smartphone was not only important, it was imperative. Back in the early 2000’s, if you couldn’t fully operate your phone with one hand, it wouldn’t make it. I remember reviewing one or two phones who stretched this a bit and didn’t do very well. Back in the day, large screens were a no-no.

Today, the world is all about bigger screens for video purposes. In fact, the larger the screen, the better (without really being a tablet…). However, when you do this, you lose some portability and convenience. Enter Jelly… an Android phone that tries to go a long way to resolve this issue.

 

Unihertz sponsored two crowd funding campaigns – one on Kickstarter, the other on Indegogo. Together, Jelly was able to raise nearly $3M in funding.

Jelly is meant to be an “alternative” to your usual phone that you can use while working out or maybe going out for the night. The device, according to Unihertz isn’t supposed to be your primary phone, despite the fact that its running Android 7, Nougat.

Measuring 92.3 x 43 x 13.3 mm, Jelly sports a 2.45-inch screen with 240 x 432 pixels. Jelly is powered by a quad-core 1.1 GHz processor, with 1 GB of RAM and 8 GB of ROM or 2 GB of RAM and 16 GB ROM. Both models feature two cameras, dual SIM support, GPS, Wi-Fi, Bluetooth 4.0, and a 950 mAh battery.

According to Unihertz, with only a 950mAh battery, the device won’t last all day long, and you shouldn’t rely on it as your only device. This means that you’re likely going to need to swap your SIM card in and out in order to make this work as intended. From my perspective, 950mAh isn’t ideal, but it isn’t horrible. Back in the day, a battery this small was often encountered and just meant that you will need to charge it periodically, if possible.

However, the proof is in the pudding, as they say. I have a Jelly Pro (2GB RAM/16GB ROM (for storage)) coming to me to review. I expect it to be here some time in November 2017. I’ll have additional spec and performance information in the review, and I will also do an unboxing video as well.

Stay tuned!

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox

Find us on Facebook