All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Handpicked deals...
$30 $15
SAVE $15

$2998 $2498
SAVE $500

$1199 $920
SAVE $279

$1999 $1599
SAVE $400

$2799 $2399
SAVE $400

$89 $59
SAVE $30

$400 $280
SAVE $120

$1798 $1598
SAVE $200

$3297 $2797
SAVE $500

$3397 $2797
SAVE $600

$150 $90
SAVE $60

$1398 $898
SAVE $500

$3698 $2998
SAVE $700

$1799 $1329
SAVE $470

$1999 $1199
SAVE $800

$2299 $1599
SAVE $700

$2399 $2049
SAVE $350

$2799 $1899
SAVE $900

$997 $897
SAVE $100

$2099 $1699
SAVE $400

$1999 $1369
SAVE $630

$1349 $949
SAVE $400

$4499 $3999
SAVE $500

$329 $329
SAVE $0

$1499 $1029
SAVE $470

$1499 $1289
SAVE $210

$2199 $1999
SAVE $200

$3399 $2199
SAVE $1200

Upgrade the memory of your 2018 Mac mini up to 64GB

Spotlight Builds in a Feature Spammers Could Only Dream About

How would you like it if every spam email you received reports your IP address back to the spammer who sent it? Even if you never see the email, never open it, never view it?

That’s apparently what Apple’s Spotlight does at present. More Apple Core Rot, but this time with a security/privacy twist. Macworld Magazine reports:

OS X Spotlight Search glitch can expose private details of Apple Mail users

At the moment, the only way to work around the issue seems to be to uncheck the “Mail & Messages” box for Spotlight in System Preferences. When this option is disabled no mails are returned in Spotlight’s search results, and thus, no preview is shown.

This is just plain sloppy engineering by Apple. With a fixed release schedule, not a little manure has to get shoveled out along with the hay. Where is the security review team in all this (is there one?).

The workaround is a disaster: MPG uses search within mail many times a day and receives dozens of emails from spammers a day. So either no search, or let the spammers have a field day/week/month until Apple gets it sh*t together.

Update: Possible Work-Around for Spotlight Privacy/Security bug of Indexing Spam Email.

Update 2: the scope of the issue may well be less than MPG originally understood. MPG understood the issue as happening with indexing, but it might actually be restricted to when searching (by the user) actually occurs and previews are shown. If so , the scope of the issue is much reduced, and we can all breath a lot easier. Still, the bug should be fixed, because searching by its nature pulls in just about everything. So the workaround above still has some value in sidestepping the issue.

...

Virtually all users have Spotlight indexing their mail. And because junk mail has things like tiny hidden images (you can’t see ’em), when loaded, every spam receive reports the computer’s IP address back to the spammer, telling the spammer you are a “live one”. Spammers might think they’ve died and gone to spammer heaven in terms of culling email lists for known-good emails.

But it’s not just spammers: consider for example that any forwarded or replied-to email would let the orginal sender know just what IP addresses it landed at, even if never opened or viewed (because of Spotlight loading images while indexing). That’s nasty. For security in government and corporations, this gets interesting. There may be other unforseen implications as well. In MPG’s view, this bug ought to be a top priority fix, or Apple is in effect an accessory to unsavory actors.

The serious bugs, and degraded usability in the past few OS releases are seeing a rising tide of criticism, but MPG posted Apple Core Rot a year ago, after watching it rot develop for 2-3 years prior. MPG’s view is that good judgment is in very short supply at Apple these days. This is not a bug out of the blue; a good software engineering team needs a core set of experienced engineers skilled in security and privacy issues. Someone had to write that code to load those images in emails. This and many other recent issues show slipshod software development practices extant today at Apple.

Tim Cook has emphasized how much Apple values your privacy, but can he be taken seriously when this kind of sloppy engineering is happening on his watch? Big flashy statements are easy to make. But engineering an operating system to deliver on promises requires sober thought and experienced judgment.

See also:

OWC Thunderblade Thunderbolt 3 SSD
Gen 2!

Blazing fast, 1TB, 2TB, 4TB, 8TB.

Lloyd’s all-time favorite SSD!

√ No more slow and noisy hard drives!
OWC
USB-C Travel Dock

Fast charging with up to 100W!

HDMI, SD card reader,
USB-C port, 2 USB Type-A ports
Built-in cable self-stores neatly.
See also OWC 14-port Thunderbolt 3 Dock"
OWC Thunderbolt 3 Dock
Ideal for any Mac with Thunderbolt 3


Dual Thunderbolt 3 ports
USB 3 • USB-C
Gigabit Ethernet
5K and 4K display support plus Mini Display Port
Analog sound in/out and Optical sound out

Works on any Mac with Thunderbolt 3

Deals Updated Daily at B&H Photo
View all handpicked deals...

Pelican 3rd-Generation 1910B LED Flashlight (Black)
$30 $15
SAVE $15

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__