All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: photography and
Thank you for purchasing through links and ads on this site.
diglloyd Deal Finder...
Buy other stuff at
Capacities up to 56TB and speeds up to 1527MB/s
Handpicked deals...
$2998 $2498
SAVE $500

$1199 $920
SAVE $279

$1999 $1599
SAVE $400

$2799 $2399
SAVE $400

$400 $280
SAVE $120

$1798 $1598
SAVE $200

$3297 $2797
SAVE $500

$3397 $2797
SAVE $600

$1398 $898
SAVE $500

$3698 $2998
SAVE $700

$1799 $1329
SAVE $470

$1999 $1199
SAVE $800

$2299 $1599
SAVE $700

$2399 $2049
SAVE $350

$2799 $1899
SAVE $900

$997 $897
SAVE $100

$2099 $1699
SAVE $400

$1999 $1369
SAVE $630

$1349 $949
SAVE $400

$4499 $3999
SAVE $500

$1499 $1029
SAVE $470

$1499 $1289
SAVE $210

$2199 $1999
SAVE $200

$3399 $2199
SAVE $1200

OWC Thunderbolt 3 Dock
Ideal for any Mac with Thunderbolt 3

Dual Thunderbolt 3 ports
Gigabit Ethernet
5K and 4K display support plus Mini Display Port
Analog sound in/out and Optical sound out

Works on any Mac with Thunderbolt 3

Risky “Zero Day” Exploit Bugs Fixed in iOS 9.3.5 for iPhone, also in OS X

See also Apple Mail Security: Viewing Mail Headers in the Setting Up Your Mac For Better Security section as well as all security topics.

See my post two days ago on the frustrating experience of trying to update iOS—shame on Apple for making it so hard to install a critical security fix—there are simple ways to fix the software to not stand in the way of updating iOS, if only Apple would do it (e.g., just allow a backup to some other drive).

A “zero day” exploit is a security bug that remains unknown to the world at large, including the manufacturer of the device. When a zero day exploit can compromise a system, it can sometimes sell for big money—typically to spy agencies (including our own morally-impaired agencies here in the USA*). Thus some zero-day exploits can be extremely valuable. And potentially fatal, such as to activists whose phone and/or computers are compromised.

ComputerWorld reports in Apple patches iOS security flaws found in spyware targeting activist:

To spy on a human rights activist, hackers allegedly connected to a Middle Eastern government used three previously unknown vulnerabilities in Apple’s iOS.

The claims -- from research at Toronto-based Citizen Lab and mobile security firm Lookout -- focus on spyware that targeted Ahmed Mansoor, an activist in the United Arab Emirates.

Earlier this month, Mansoor received an SMS text message on his iPhone claiming to offer “new secrets” about tortured detainees in his country. However, inside the message was a link that, once clicked, can infect an iPhone with spyware, using three zero-day exploits of iOS, the research found.

The exploits work by remotely jailbreaking the device to secretly download the spyware – which can then access the iPhone’s camera, microphone, and messages.

Lookout called the attack the most sophisticated it’s ever seen on a device. The researchers have already informed Apple about the exploits, and iOS version 9.3.5 -- which was released on Thursday -- fixes the issues. The attack is rare because it used three previously unknown vulnerabilities, suggesting the hackers were well-funded. Just one of these exploits can be worth $1 million.


Apple apparently felt strongly enough about the bug to issue an emergency iOS and macOS update—kudos to Apple. Details on the Sept 1 security update page. Be sure to update macOS on your computer, and iOS on your iPhone or iPad.

MPG has long advised not clicking on links in emails or any similar behavior (OTOH, any at-risk activist willing to click on a hyperlink in an email is a sort of Darwinian fool).

This case makes a strong argument for Apple (and other companies) to offer an option so that hyperlinks are disabled in mail messages—why has Apple not done this yet? Such an option could allow a bypass of some kind, such as control-click. It would surely prevent 99.99% of casual users from opening hyperlinks by accident or cluelessness; most users simply cannot be trained to be smart about how to assess the risk. It ought to be standard fare for corporate and government email at the least.

* While tens or hundreds of millions of users may be at risk from a zero-day exploit, this country as yet does not have a policy of protecting people by getting zero day exploits fixed. Rather the NSA and CIA and FBI policies seems to be to exploit the bugs as long as feasible. This is a political and moral question which has arguments on both sides but since foreign governments also adore zero-day exploits, the obligation of our government to protect its own citizens seems to rise to the fore as something worthy of public debate (in Congress).

Apple Sept 1 2016 security update for zero-day exploits
USB-C Travel Dock

Fast charging with up to 100W!

HDMI, SD card reader,
USB-C port, 2 USB Type-A ports
Built-in cable self-stores neatly.
See also OWC 14-port Thunderbolt 3 Dock"

Save the tax, we pay you back, instantly!
View all handpicked deals...

Sony Alpha a7R III Mirrorless Digital Camera Body with Accessories Kit
$2998 $2498
SAVE $500 | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__