Apple has addressed their “logic error” surrounding credentials. Please patch your MacOS High Sierra deployments as soon as possible.
If you are a Mac user or have Mac users you support, please take time to mitigate this problem by setting the root password by following the instructions provided by Apple and referenced in these articles. Hopefully a patch is coming soon.
This is a fantastic read for anyone who has followed the saga of the NSA and The Shadow Brokers. Mr. Krebs is doing a tremendous job running these leads to ground.
This is yet another Federal example of “Do as I say…not as I do.” There is no excuse for the Federal government not following and meeting or exceeding the standards it sets for websites and website security.
Here is a little bit of warm and fuzzy reading for all as we enter into a huge travel season. Uber was breached. Bad! Uber paid the bad guys to cover it up. Worse! Ultimately, the expense was passed along to a trusting consumer. Worst and sadly typical!
I think it might be time to shift to Lyft or maybe even go back to supporting all the hard working taxi drivers out there. Bad form Uber. Bad form!
The thread responses in this post from Bruce Schneier are almost as entertaining as the linked content from the Washington Post. If you ever doubted that the cloud movement was unstoppable, it is time to reconsider.
On a lighter note, the arguments many will have with HIPAA and PCI consultants over cloud storage of sensitive data should get more entertaining. “But Uncle Sam gets to do it…why can’t I?”