Blazing-fast PCIe storage for Mac Pro Tower

Black Friday Sneak Preview Deals at OWC + Note on Big Fast Thunderbolt Storage

See my Mac wish list.

See also suggested storage/cable/memory for Macs and PC.

Related note: I’m about to run short using 8TB hard drivesevery photographer and videographer can use ample storage, and the OWC Thunderbay 4 is the best external storage unit I have ever used. Soon I’ll go to the 48TB Thunderbay 4 unit for my main storage; the 48TB unit has 4 X 12TB hard drives.

Right now, OWC has the Seagate 12TB Enterprise Capacity 3.5-inch HDD Helium for only $450, which is a great price for this humongous top-of-the-line drive. DIY folks can buy 4 of them and install in Thunderbay 4 case, which is an awesome deal. I do recommend SoftRAID however, even if not using RAID (running singly).

Seagate 12TB Helium

I already have 5 Thunderbay 4 units for main and backup storage (some always online, some offline away from computer). A Thunderbolt 3 version is coming soon and I will get an early review unit. LaCie has a 48TB Thunderbolt 3 solution, but those requires 6 or 12 drives, but that makes for a very large and heavy solution.

Deals...

See all OWC Black Friday Sneak Preview deals.

MacSales.com Black Friday deals

Macs

There are many discounted Macs to fit many needs, but my pro picks are in my Apple Mac wishlist. Be sure to click through for latest pricing.

B&H Photo Black Friday Deals

Nikon, Canon, Sigma camera gear

Which Camera System / Lenses Should Are Best?
✓ Get the ideal system for your needs: diglloyd photographic consulting.

Ordered a 2017 iMac 5K: Why Now and what about iMac Pro?

Get memory for iMac 5K or other Macs at OWC / MacSales.com.
See also suggested storage options and more.
My top deals pages for Macs at B&H Photo are updated daily and worth bookmarking to quickly scan each day.

Related articles, the first of which is background for this post.

Why order a 2017 iMac 5K now, a model that is 6 months old with presumably a new model due out within another 6 months?

This configuration of the 2017 iMac 5K is on the way. It will be upgraded with 64GB OWC memory, saving about $700 over Apple prices.

I think there is a good chance that I’ll settle on the iMac Pro 8 or 10 core with 64GB memory and 2TB, but that depends on performance and pricing (estimated $4999 to $16999).

  • A 30-day return policy means that I might have time overlap between the 2017 iMac 5K and the 2017 iMac Pro to do comparative testing. If there is some delay, I’ll just return it and re-buy—I want to find the best machine for my needs.
  • I want the iMac Pro to prove that it is actually faster than the 2017 iMac 5K for my particular workflow. The iMac Pro could be slower. To do that, tests must be re-run on macOS High Sierra so both can be compared fairly.
  • An iMac Pro with 4TB SSD, top-end graphics, and 128GB memory and 18-core CPU is nice to think about, but it will cost more than many new cars. A fast 4-core CPU with 2TB SSD and 64GB is acceptable, if disappointing on the CPU core count. Paying $9K or so for an iMac Pro versus about $4300 for a 2017 iMac 5K with 64GB memory and 2TB SSD is money better saved if the performance is not very different for my actual workflow.
  • Personal need: I will need either the 2017 iMac 5K or the iMac Pro for my traveling and home photography usage and Thunderbolt 3 / USB-C testing and peripheral connectivity.
  • For the past decade, the cost of having two desktops and a laptop was painful and there appears to no longer be any need to do so. I hope to move to one and only one primary machine, one that works great on my desk at home or inside my Mercedes Sprinter photography adventure van. That means (a) it must be portable with a good case and (b) it must have a 5K display built in and (c) it must be at least as powerful as my bulletproof 2013 Mac Pro. Keeping the 2015 MacBook Pro as a spare and also for the rare times I travel by airline makes sense of course, but no need for something new there.
  • The move to Thunderbolt 3 is starting, with a slew of peripherals emerging within the next 3 months including storage products that MPG will be reviewing very soon. All MPG machines are Thunderbolt 2, thus the requirement is to have a Thunderbolt 3 machine, and one that is suitable for a wide range of tests, particularly Photoshop work and similar tests.
  • My Mercedes Sprinter photography adventure van has proved out the 2015 iMac 5K with 64GB OWC memory and NEC PA302W wide-gamut display as rock solid to an extreme altitude of 11,600' / 3530m. And to have no issues down to van interior ambient temperature of 22°F (though it has to warm up, it has a built-in mechanism to slow itself when too cold).
  • Disappointments with 2017 iMac 5K: single Thunderbolt 3 bus with only 2 ports, limited to 4 cores.
  • Disappointments with iMac Pro: should have had an 8K display in 32" form factor, not 5K. Price may put it out of reach.

The iMac Pro is a super high end “halo” product. Maybe it will show some breakthrough performance characteristics on my workflow, but I remain skeptical until this is proven—and all that counts is performance with one’s actual workflow, not benchmarks or Apple claims about “3X faster GPU” and similar claims.

Buy the iMac 5K with 8GB memory, then save about $700 by adding 64GB OWC memory. It is easy and fast to install.

MPG recommended configuration for 2017 iMac 5K for pro use

Regarding the image below, see my Mercedes Sprinter photography adventure van area including the desk and computer setup and the excellent carry case for the iMac 5K or iMac Pro. The setup has proven itself in 6 weeks of field use, all if it from 9000 to 11,600' elevation and in temperatures down to 16°F so far.

Early Night
f2.8 @ 1177.0 sec, ISO 64; 2017-10-12 19:21:27
NIKON D850 + Zeiss Milvus 18mm f/2.8

[low-res image for bot]

Security Expert Bruce Schneier Weighs In on the Equifax Breach

Back in October MPG discussed the heinous Equifax security breach.

I recently read in the WSJ that the Equifax CEO doesnn’t know to whether the information on you and me Equifax sells is encrypted or not. You cannot make this stuff up! That guy should be fired for incompetence immediately.

Bruce Schneier’s testimony is jaw-droppingly disturbing, in that a company like Equifax was so lax in its security. MPG insists again on the corporate death penalty. There should be zero tolerance for any company profiting from private information to put 145+ million in harm’s way. Or 1 million or 1 thousand.

Security expert Bruce Schneier testified before the the House Energy and Commerce committee on the Equifax hack. Video and written testimony in essence says that the Equifax breach put all exposed at risk of identity theft and was completely Equifax’s fault. Further, there are other data brokers out there with similar information who are also at risk in the future and the current regulatory environment is insufficient to the task. “All at risk” means 145+ million people.

B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 93 min unless noted. Certain deals may last longer.
$2699 SAVE $300 = 10.0% Canon 11-24mm f/4 EF L USM in Lenses: DSLR

Black Friday Deals at B&H Photo

See my Mac wish list.

See all Black Friday discounts on Macs and iPads and more at B&H Photo.

Shopping deals on computers, cameras, mobile, TVs, etc.

Black Friday deals on TVs & Entertainmant

Camera gear

Nikon deals | Canon deals | Sony deals | Sigma deals

See all B&H Photo featured savings.

For example, the Sony A7R II is only $2398 with a free 4TB external hard drive.

Deal on Sony A7R II

 

Macs

There are many discounted Macs to fit many needs, but my pro picks are in my Apple Mac wishlist. Be sure to click through for latest pricing.

B&H Photo Black Friday Deals

 

SSD Upgrade for MacBook Pro Retina
Internal SSD Wishlist…

Reader Question: Best Mac if Buying Now

See my Mac wish list.

Del B writes:

Time to buy a new iMac, and plan on doing so through your link around black Friday. Will go with your publisher preference. Will the new Mac com with the not ready for prime time filing system.

Somewhere I read that the new file structure will initially be focused on the iMac Pro. Do you know? Part of me wants to wait for the new design rumored for '18 but I really need to buy something very shortly

DIGLLOYD: My top deals pages are updated daily and always a good place to bootmark and scan each day. There are many such pages sorted by category.

The fastest Mac today for most users (and indeed one I’d consider switching to) is model which is currently $200 off, the $2899 Apple 27" iMac with Retina 5K Display (Mid 2017) model #APIMTRMNED43. Of course, add 64GB OWC memory, and you’ll probably want big fast external storage too.

As for value, the iMac Pro is a massive losing proposition for most users, unless money is meaningless to you. The iMac Pro could actually be *slower* for many things than the 2017 iMac 5K.

File system is code and I can see no reasonable argument that Mac Pro SSD would perform better than the 2017 iMac Pro SSD—unless it is due to the fact that Apple put a *slower* SSD into the 2017 iMac 5K than the 2015 iMac 5K (for transfers up to 1MB or so). Presumably the iMac Pro will rectify that, but who knows.

See all iMac articles.

SSD Upgrade for MacBook Pro Retina
Internal SSD Wishlist…

Reader Comment: Thunderbolt 3 Crash with High Sierra

Mac wish list •  all 15" Apple MacBook Pro 2017 models •  MPG gets credit if you buy through those links.
MPG tested a fully-loaded 2017 MacBook Pro with 1TB SSD.
Suggested accessories include the OWC Thunderbolt 3 Dock, the 1TB Envoy Pro EX.

Grant G writes:

I’m a long time reader of your site and have found your blog and ordering links quite helpful over the years.

Just curious if any of your other readers have been having a lot of stability problems with OSX 10.13 and 10.13.1 with there Thunderbolt 3 MacBook Pro.

Any time I have one of my Thunderbolt 3 raids connected I get a full system crash.

MPG: MPG has not heard of this one, but it does not sound surprising. Could be the specific unit involved perhaps.

For the first time ever, I have upgraded none of my machines to the current macOS, since they all must function properly with new bugs and crashes.

As discussed, MPG strongly advises to not upgrade to High Sierra until at least 3 months pass from its release, preferably 6 months. Apple has been shoveling out whatever manure is ready when the scheduled date arrives—it’s all driven by calendar dates, not not by quality metrics.

See also the following. Certain things might now be fixed, the point is the negligence of macOS releases foisted on the public by ship dates of the iPhone:

It’s Television Discount season!

Buying tips/pages:

Thanksgiving, Christimas, Hanukkah, football season, etc—what’s not to like about the a great new TV? Those OLED models are amazing—I saw them at CES last January.

Television Deals at B&H Photo

 

OWC ThunderBay 4 20TB RAID-4/5
4TB to 40TB, configure single drives or as RAID-5, RAID-0, RAID-10.
Now up to a whopping 40 Terabytes! TOP PICK

OWC Halloween savings

Mac wish list •  all 15" Apple MacBook Pro 2017 models •  MPG gets credit if you buy through those links.
MPG tested a fully-loaded 2017 MacBook Pro with 1TB SSD.
Suggested accessories include the OWC Thunderbolt 3 Dock, the 1TB Envoy Pro EX.

Get stuff before it's over and while they last.


Boo!

OWC Halloween savings

Apple Kernel Bug? 2015 iMac 5K Runs at 0.8 GHz When Cold, Even with Warm Air Out Rear Vents

Mac wish list •  all 15" Apple MacBook Pro 2017 models •  MPG gets credit if you buy through those links.
MPG tested a fully-loaded 2017 MacBook Pro with 1TB SSD.
Suggested accessories include the OWC Thunderbolt 3 Dock, the 1TB Envoy Pro EX.

Back in August, I reported on the 2015 MacBook Pro dropping to 0.8 GHz when temperatures rose, making it unusable for any useful work.

It turns out that cold also causes an issue, and this time it looks like a bug that does not go away without shutting down and restarting—rebooting did not fix the problem.

Conditions: 33°F inside of my Mercedes Sprinter photography adventure van, rapidly warming interior to 73°F within about 20 minutes.

Clock speed starts at 0.8 GHz and stays there

The graph below from Intel Power Gadget shows the 2015 iMac 5K running like molasses in a refrigerator, at 0.8 GHz. All four CPU cores are at 100%, but at 0.8GHz. User tasks do run, but very slowly, in slow motion.

Initial ambient temperatures of 33°F might explain this behavior as some self-protective measure, but rebooting twice and with warm air coming out of the back of the iMac and with cabin temperature of 73°F the iMac still ran at 0.8 GHz with no sign of changing behavior.

Not until the iMac was shutdown and rebooted did it run at normal speeds.

The Intel CPU seems unlikely to be responsible, since it was at 33.3°C as shown below. Accordingly, a reasonable theory is yet another Apple macOS kernel bug.

Intel Power Gadget showing 2015 iMac 5K running at 0.8 GHz

When this behavior occurs, kernel task consumes all four real CPU cores.

With 2015 iMac 5K running at 0.8 GHz, kernel task consums all four real CPU core at 100%
SSD Upgrade for MacBook Pro Retina
Internal SSD Wishlist…

Caution on Upgrading to macOS High Sierra: Sony Firmware Updates

See my Nikon wish list and get Nikon D850 at B&H Photo.

MPG has advised users, particularly profeessional users, not to upgrade to macOS High Sierra for at least 6 months.

Apple quality control has gone seriously downhill over the past 5 years. The most recent evidence for that is exposing cleartext passwords + a new zero day exploit and having to rush out a fix. It speaks volumes.

Below is a camera-related issue issue I received in email today: you might not be able to update firmware for Sony cameras when running macOS HighSierra. Sony ought to be more clear, is it it “may not” [sic] or “will not”.

See also:

  
Fujifilm GFX and Nikon D850
Rigorously lab tested and OWC certified.

Will the iMac Pro Be Worth The Cost?

See also Assessing the Dec 2017 Apple iMac Pro.

It’s about 6 weeks until the alleged debut of the 2017 iMac Pro, and nary a peep from Apple.

The best 2017 iMac 5K with 1TB SSD has been $200 off at B&H Photo on and off recently. At about half the price of the most basic iMac Pro. That “best” presumes an upgrade to 32GB or 64GB of memory. Even better is the best 2017 iMac 5K with 2TB SSD. Both are a lot less than the imac Pro.

See best deals on Apple desktops and best deals on Apple laptops.

What do you get for the extra $2200 or so of a starter iMac Pro over the 2017 iMac 5K, and does it matter to most users?

Early-access test results

Early-access tests using GeekBench state the following, emphasis added. The author seems clueless about the implications of what he has written, including the fact that the 18 core is likely to be even slower than the 8 core or 10 core CPU on single threaded tests.

When it comes to actual scores, the 8-core iMac Pro averages at 23,536 in multi-core tests, making it the highest performance of any iMac ever, nearly 22% faster than the top-of-the-line 5K iMac.

The 10-core iMac does even better, reaching a multi-core score of 35,917, some 41% better than the high-end Mac Pro featuring a 12-core Xeon E5 processor.

The single-core result, 5,345, is faster than all but the highest 5K iMac released this year. If that’s not enough, then you should remember that Apple will also have an 18-core iMac Pro on sale this December, but that model was not benchmarked yet.

Let’s restate the biased viewpoint above in its proper context:

  • With 8 CPU cores on the iMac Pro vs 4 cores for the 2017 iMac 5K (double the core count!), there is a pathetic 22% gain over the 4-core top of the line 2017 iMac 5K.
  • The single-core speed of the iMac Pro is inferior to the fastest 2017 iMac 5K. Since many programs run with only a single core much of the time, the iMac Pro is going to be slower than the 2017 iMac 5K for many common tasks.

The implications here are that for many users, the iMac Pro will perform less well than the 2017 iMac 5K 4.2 Ghz on many tasks, at a huge price premium. The iMac Pro might make sense for video users and applications driving all the cores for significant periods of time, but it seems doubtful to be of much benefit for Photoshop users, since Photoshop rarely uses more than 2 CPU cores except in short bursts.

The about $3079 top-of-the-line 2017 iMac 5K is starting to look like a bargain for most users, particularly when discounted by $200 or more, as has happened recently.

Feature set

  • Choice of 8 or 10 or 18 core CPU. Even for my work, 8 cores is going to do little to speed up my work unless there are other jobs running at the same time. And the lower clock speed might actually make it inferior to the 2017 iMac 5K since the most time wasting part of my work usually does not hit more then 3 cores due to Photoshop limitations. My instinct on this for *my* workflow is that 8 cores will be enough. But there is reduced bandwidth (apparently) for the 8 core CPU, so that pushes me to the 10 core, and that will probably be another $500 or $1000.
  • Dual Thunderbolt 3 busses. This is a win, but maybe makes no difference in my everyday workflow and imparts hassles like not being able to directly connect a Mini DisplayPort display like my NEC PA302W. Ironically, it is also the most important feature to me—for testing a new crop of high performance Thunderbolt peripherals.
  • 10 gigabit ethernet port. This is a win if/when it applies. But it has zero value for most users, who won’t have a 2nd or 3rd Mac also having 10 gigabit. I don’t plan on buying a pair of $5K to $15K iMac Pro systems.
  • Up to 128GB of ECC memory. ECC memory is important in some cases, but for most users it offers no benefit. For my uses 64GB is enough and the 2017 iMac 5K already offers that. So the ECC memory is the advantage for me, but not a compelling one.
  • Faster GPU. This is a win for Photoshop presumably, but quite possibly the real world Photoshop performance gains will be fractional for my work, so it’s no clear win until I actually see what actually happens in real world work.
  • Display is apparently no better. What a pity it isn’t at least a 6K display in a 30" form factor.
  • Support for external 4K or 5K displays is a clear win for the iMac Pro, and it might even be able to support an 8K display by using both Thunderbolt 3 busses via Multi Stream Transport. Now that is something that gets exciting, but such displays might be 1-2 years off.

There you have it—no clear win for any but specialized users.

To add a small insult to injury, Apple has discontinued the full size keyboard and changed the position of the control keys on the toy wireless keyboard, breaking years of “finger training” for me.

Still, I am likely to consider the iMac Pro rather than wait for the new Mac Pro, which is still vaporware on the distant horizon—because of the dual Thunderbolt 3 busses for testing coming high performance peripherals. Waiting another 12-18 months for a mythical 2019 Mac Pro is not appealing.

Martin D writes:

I’m pretty sure the iMac Pro is 95% for 3D (games, video effects and VR development), and for (a rather pitiful and short-lived form of) bragging rights.

Of course, you can build a cheaper, more powerful 3D system, today, if you’re willing to use Windows, which, of course, is where most of the 3D software is anyway. The other 5% would be Xcode programmers who think it will be a comparatively helpful architecture to speed compiling.

MPG: I'll stay open to being 'sold' if 8K support is possible and when I test one and see if it outperforms for my actual real-world tasks. I’d also like a design that makes it easy to clean out dust, which the iMac Pro looks to not have, making it a non-pro machine from the outset.

Mobile Phone Companies Sell your Name and Location Data

From EasyDNS.com:

TechCrunch reported Shotwell Labs’ co-founder findings that even after the FCC penalized Verizon for injecting markers into their customers’ data that enabled them to be tracked without customer consent, the practice is still thriving across mobile providers and being used to sell name and location data to whoever ponies up for it.

The mobile providers are injecting a new data element similar to Verizon’s Unique Identifier Header (UIDH) which is appended to HTTP requests and allows websites visited to see personally identifiable data, including billing and location info, if they subscribe to the carriers data feed for it. While the article does enumerate some legitimate reasons for websites to gain access to this (employee tracking), it’s still concerning.

MPG: scum bags.

From TechCrunch Mobile phone companies appear to be providing your number and location to anyone who pays:

The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)

MPG: the one site linked-to is now offline:

Want to see something crazy? Open this link on your phone with WiFi turned off

Note: this demo site may have been taken down after this report got traction.

Click “Begin,” enter the ZIP code and then click “See Underlying Data.”

What you should see is your home address, phone number, cell phone contract details, and — depending on what kind of cell phone towers you’re currently connected to — a latitude and longitude describing the current location of your cell phone.

MPG: So nice of the Feds to require that mobile devices be locatable to within 100 feet or so.

A few CEOs in prison for a few years would get things moving on eliminating or reducing some of these issues.

Private data is just too dangerous to trust to companies, or the government, since even the NSA cannot do it, an the IRS contracted with Equifax, which served up malware. Identity theft can land you in prison if the thief commits a crime in your name. It’s time to impose severe penalities for mis-use of private information, including the corporate death penalty.

Michael C write:

I was reading this morning your post and wanted to offer a few observations:

1 – Attached is a redacted privacy page from my Verizon wireless account here in San Francisco. Well hidden on the Verizon Wireless customer page, one can get to an opt-out page (My Profile > Privacy Settings)

2- Once on that Privacy Settings page, you will see three areas where OPT OUT selections can be made. I am presuming that Verizon is honoring those OPT OUTS. If they are not, then we are back to beating the snot out the scumbags in court, AGAIN.

3- The relevant FCC order is:

“5. To settle this matter, Verizon Wireless will pay a fine of $1,350,000 and implement a compliance plan that requires it to obtain customer opt-in consent prior to sharing a customer’s UIDH with a third party to deliver targeted advertising. With respect to sharing UIDH internally within Verizon Communications Inc. and its subsidiaries,6 it must obtain either opt-in or opt-out consent from its customers. Verizon Wireless will also generate customer UIDH using methods that comply with reasonable and accepted security standards.”

Like most other rational adults, I loathe the data-hoovering that goes on around us. I am concerned, though, that the Shotwell and TechCrucnh folks may have gone off half-cocked UNLESS the telcos are willfully violating these FCC orders.

MPG: good points—important to see proof of willful violaton—might be less bad than it seems.

It seems that Verizon has at least one bad link to opt out. A company with tens of millions of customers (probably more) cannot be bothered to make its opt-out links work? That should leave anyone incredulous.

Michael C wrote to Verizon:

Thank you for the information. You might make sure 611 Customer Service is equally aware. The answer " we have no control over security settings" is both inaccurate and inappropriate. Second, I note the link http://privacy.aol.com/advertising-and-privacy/#Adchoices located on https://wbillpay.verizonwireless.com/vzw/secure/setPrivacy.action is broken and thus

Verizon Wireless is not properly providing access to the necessary OptOut that is part of the OATH alliance "Verizon's Relevant Mobile Advertising program helps make the ads you see more interesting and useful. This program shares information with Oath (formed by the combination of AOL and Yahoo)"

I wish to ensure and verify that I am opted out of any information sharing related to my account, my usage, my location, or my web services. Under no circumstances is Verison to share my data with OATH or any other partners.

I look forward to (1) Verizon fixing the broken link on the privacy page and (2) your response.

with Verizon responding (whether ever fixed or if the message gets through, who knows):

I apologize for any inconvenience this may have caused to you. I will report that the link is not working correctly to opt out of Oath. After further review, I did verify that you can visit http://privacy.aol.com/mobile-choices/ to opt out of Oath on your mobile devices. If you have any other additional questions. Please feel free to email me.

Equifax: It Just Keeps Getting Better, for Hackers

MPG insists upon the corporate death penalty for Equifax. Let that be a lesson to a company profiting from information that is private.

Equifax consumer assistance website infected with malware

From EasyDNS.com:

The hits just keep on coming for Equifax. After one of the worst data breaches in history the company received further criticism for winning a “no-bid” contract with the IRS to “secure taxpayer data”.

Now it turns out the public information website it set up to help consumers understand the nature of the data breach was itself infected and thus served up malware to those browsing it. The hostile code took form of a fake “Adobe Flash Update” which instead of updating Flash, installed third-party spyware on the subject computer. Keep up the good work Equifax!

MPG: many people are going to lose everything to identify theft, or be imprisoned because an imposter commits a crime. Just try proving “it wasn’t me” with a stolen identify problem. Extremely dangerous stuff here.

Update: security expert Bruce Schneier testified before the the House Energy and Commerce committee on the Equifax hack. Video and written testimony in essence says that the Equifax breach put all exposed at risk of identity theft and was completely Equifax’s fault. Further, there are other data brokers out there with similar information who are also at risk in the future and the current regulatory environment is insufficient to the task. “All at risk” means 145+ million people.

All your WIFI are belong to us: Major vulnerability in WPA2 to be released

MPG has long advised wired internet for performance reasons, as well as advising against public WiFi locations.

WiFi is apparently vulnerable to a complete loss of security.

For the techie, emphasis added:

Key Reinstallation A acks: Forcing Nonce Reuse in WPA2

We introduce the key reinstallation attack. This attack abuses design or implementation aws in cryptographic protocols to reinstall an already-in-use key. This resets the key’s associated parameters such as transmit nonces and receive replay counters. Several types of cryptographic Wi-Fi handshakes are a ected by the attack.

...

Finally, we confirmed our findings in practice, and found that every Wi-Fi device is vulnerable to some variant of our attacks. Notably, our attack is exceptionally devastating against Android 6.0: it forces the client into using a predictable all-zero encryption key.

...

All Wi-Fi clients we tested were vulnerable to our attack against the group key handshake. This enables an adversary to replay broadcast and multicast frames. When the 4-way or fast BSS tran- sition handshake is attacked, the precise impact depends on the data-confidentiality protocol being used. In all cases though, it is possible to decrypt frames and thus hijack TCP connections. This enables the injection of data into unencrypted HTTP connections. Moreover, against Android 6.0 our attack triggered the installation of an all-zero key, completely voiding any security guarantees.

Rather worryingly, our key reinstallation attack even occurs spontaneously if certain handshake messages are lost due to back- ground noise. This means that under certain conditions, implementations are reusing nonces without an adversary being present.

Less technical, from an email I received from EasyDNS.com:

WPA2, the encryption algorithm in use today on nearly all WIFI access points has been discovered to have a major security flaw which renders them hackable.

The upshot is that attackers will be able to read all data traversing the WIFI access point (another reason to use VPN sessions to further encrypt your data before it flows over the air). Security researchers will release their findings at Computer and Communications Security (CCS) on November 1, 2017. My understanding of this so far is that once the paper drops and the inevitable exploits follow, both the access point and the clients will need vendor patching to be secure. Think “heart bleed” to the exponent “shell shock”.

Security researchers will release their findings at Computer and Communications Security (CCS) on November 1, 2017. My understanding of this so far is that once the paper drops and the inevitable exploits follow, both the access point and the clients will need vendor patching to be secure. Think “heart bleed” to the exponent “shell shock”.

MPG: every iPhone and iPad and laptop and similar user relying on WiFi should take pause, particularly at public WiFi access points that might not get patched (remember Equifax screw-up? No need to remember, it is now at present a worse screwup).

Don H writes that Apple already has a patch, albeit only in beta versions of macOS and iOS. The claims in that link are that once the iPhone/iPad/Mac are patched that they will be safe to use anywhere. Kudos to Apple for rolling this out quickly (assuming that happens).

This site and diglloyd.com use https which and as far as I understand it protects user data, but that is not a statement of fact, only what I believe is correct, having worked with encryption as an engineer for some years.

It might be a discard your WiFi routers and get secure ones, if they cannot be updated to address the flaw.

More:

WPA2: Broken with KRACK. What now?

Falling through the KRACKs

Reddit.com list of patches

GitHub list of vendor patches

OWC Thunderbolt 2 Dock
Review of Thunderbolt 2 Dock
SSD Upgrade for MacBook Pro Retina
Internal SSD Wishlist…

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2008-2017 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__