All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$1199 $779
SAVE $420

$250 $200
SAVE $50

$1699 $1299
SAVE $400

$1499 $1149
SAVE $350

$200 $140
SAVE $60

$89 $69
SAVE $20

$120 $35
SAVE $85

$178 $148
SAVE $30

$3498 $2998
SAVE $500

$3699 $1299
SAVE $2400

$1000 $700
SAVE $300

$3899 $1499
SAVE $2400

$748 $648
SAVE $100

$2999 $1999
SAVE $1000

$1699 $999
SAVE $700

$1698 $1398
SAVE $300

$4499 $4499
SAVE $click

$1399 $1049
SAVE $350

$1149 $799
SAVE $350

$1399 $1049
SAVE $350

$1498 $1198
SAVE $300

$2797 $2597
SAVE $200

$280 $250
SAVE $30

$699 $699
SAVE $click

$1699 $1299
SAVE $400

$8399 $8399
SAVE $click

$899 $799
SAVE $100

$1699 $1299
SAVE $400

Upgrade the memory of your 2020 iMac up to 128GB

Can you Trust Apple with Anything at All? Claimed 0-Day Exploit for Stealing Every Password in Your Keychain on macOS Mojave and earlier macOS

Update March 1: Linus Henze has provided (for free) the bug details to Apple, with no response and without reward. How can Apple be taken seriously when it ignores severe vulnerabilities like this?

...

The claim by Linus Henze is:

In this video, I'll show you a 0-day exploit that allows me to extract all your keychain passwords on macOS Mojave (and lower versions). Without root or administrator privileges and without password prompts of course.

This is not the first time. You might remember KeychainStealer from @patrickwardle, released 2017 for macOS High Sierra, which can also steal all your keychain passwords. While the vulnerability he used is already patched, the one I found still works, even in macOS Mojave. I won't release this. The reason is simple: Apple still has no bug bounty program (for macOS), so blame them.

https://www.youtube.com/watch?v=nYTBZ9iPqsU

Apple talks a good PR story (congratulations to Tim Cook for his persuasion), but the bottom line is that a mind-blowing run of serious security flaws in macOS is prima facie evidence of software development incompetence chained to a calendar-based ship-it-testing-be-damned schedule.

What MPG wants to know is whether Apple acknowledges or denies this bug and (particularly important) if Apple is paying bug bounties for such stuff, so that the Bad Guys don’t get hold of it. Tim? Where’s the beef, is it a nothingburger or what?

iOS

If you were an iOS hacker, would you rather sell a 0-day for $1.5M to a 3rd party, or $0.2M to Apple? Apple cannot be taken seriously on its economicallly illiterate approach to bugs.

iPhone Bugs Are Too Valuable to Report to Apple

OWC Accelsior 4M2 PCIe SSD
6000 MB/sec!
Mac or PC.


Ideal for Lightroom, Photoshop, video.
Capacity up to 16TB!
OWC Envoy Pro EX SSD
Blazingly fast Thunderbolt 3 SSD!

Up to 4TB capacity, USB-C compatible.

USB-C model also available


Great for travel or for desktop!
OWC Envoy Express

World’s first Thunderbolt 3 M.2 NVME SSD enclosure.

Super fast, bus-powered, 3.3 oz, DIY easy, rugged and compact!


See also OWC Express 4M2
√ No more slow and noisy hard drives!
OWC Thunderblade Thunderbolt 3 SSD

Blazing fast, up to 16TB.

YEE HAH!



√ No more slow and noisy hard drives!

Save the tax, we pay you back, instantly!
View all handpicked deals...

LG UM7370PUA 70" Class HDR 4K UHD Smart LED TV
$1199 $779
SAVE $420

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__