The Sizzle

Issue 359 - Friday, 24th March 2017


More CIA hacking stuff from WikiLeaks
WikiLeaks has released more info out of its haul of its Vault 7 CIA stuff, this time focussing on Apple related exploits. This release is called "Dark Matter" and explains how the CIA managed to get into Mac firmware, which is particularly nasty due to it staying there, even if you wipe the storage. The attacks have names like "Sonic Screwdriver" (load malware via a Thunderbolt Ethernet adaptor) and "DarkSeaSkies" (MacBook Air EFI hack). Apple has come out and said all this stuff has been patched now.

Someone is threatening to hack 500m iCloud users if Apple doesn't pay up
Apple was also the focus of some miscreants calling themselves the "Turkish Crime Family" yesterday, who threatened to hack 559 million iCloud users if Apple doesn't hand over US$75,000 in Bitcoin or US$100,000 in iTunes credit. Apple has said that it hasn't noticed any large scale hacks that would lead to over 500 million accounts left dangling in the wind. It reckons that these attackers just have a list of emails and possibly passwords from hacks of other services and that they'll use it to try log in to iCloud accounts with that info. If you actually had the ability to wipe 500 million iCloud accounts, you'd ask for a shitload more than US$75k. Turn on 2FA, use a unique password and you should be golden.

Big US advertisers upset that their ads are played alongside weirdos and creeps on YouTube
On Wednesday I mentioned that a bunch of UK advertisers cracked the shits that their ads were appearing on distasteful YouTube videos. That anger has spilled over to the USA, with AT&T, Verizon and Enterprise (a car rental company) pulling their ad spend from YouTube. Google is still saying it's working on a way to make sure advertisers have more control over where their ad appears. Good luck determining if a video is going to have a Nazi sympathiser in it if they stop using the word Nazi.

Chrome is shitcanning Symantec issued EV SSL certs
And more Google related stuff - the Chrome team has decided to stop recognising the extended validation certificates issued by Symantec-owned certificate authorities. EV certs are those ones that show the company's name in green next to the URL. They're only supposed to have been issued if there's rigorous validation of the certificate owner's identity. Symantec issued 30,000 EV certs that were not up to those standards, so Google isn't gonna honour them.

The TIO doesn't know what type of NBN someone has if they complain
The NBN is currently under a grilling in the Senate Estimates - like, as I write this, I'm watching Bill Morrow and Senator Fifield spew some verbal diarrhoea. So far, the main revelation to come out is that the TIO doesn't record what type of NBN tech someone complaining is using, making it difficult to assess if say, HFC is shittier than fibre. The TIO said it wouldn't actually help them much to know this info, but they'll look into collecting it anyways.


The Elgato Stream Deck looks cool
If you're into live streaming stuff online, Elagto's Stream Deck might be of interest to you. It's a control pad with 15 keys that have built-in LCDs that you can program to do whatever you want. It's pitched as a way to drop spicy memes and wicked sound effects while you stream, but could be programmed to do anything really. It comes out in May, but there's already a reviews from EposVox and Blunty on YouTube if you're keen.

Personalised dietary advice via an at home blood test? Probably too good to be true
Habit claims that if you give them some blood, they'll tell you what you should be eating in order to lose weight. Customised dietary advice based on your own body's metric - what's not to love!? "Habit doesn’t disclose the algorithm it uses to make its analyses, nor has it published any peer-reviewed research on the efficacy of its dietary prescriptions, so it’s not clear which of the 60 biometric markers the company tests for triggered the advice" Oh. Okay, just another Theranos then hey?

A hotel full of IP connected lights is a hackers delight
Matthew Garrett stayed in a hotel that had all its lights and curtains controlled via Android tablets instead of light switches. Weird and unnecessary, but not that unusual in this age of internet of things and all. Being the inquisitive type, Matthew decided to unplug the tablet from its Ethernet socket and see what kind of traffic is flowing around the control these lights. I won't spoil what happens next for you, but it's as bad as you think an Ethernet controlled light switch in a hotel would be.

Here endeth the sizzle (until Monday!)

The Sizzle is curated by Anthony "@decryption" Agius and emailed every weekday afternoon. Like The Sizzle? Like it on Facebook!

I use these services to run The Sizzle: ING Direct (use code EID350), DNSimple, Crazy Domains, Vultr, Mailchimp and Fastmail. If you want to use them too, sign up using these links and I get a tiny kickback that goes towards supporting this silly little newsletter.