I got a new Mac, now what?

So you just got a new Mac computer, what are the first things you should do after unboxing and relishing in that new computer smell? Here are some of the basics you should do before you even connect to your social life …
Continue reading I got a new Mac, now what?

Advertisements

Windows God Mode – How To

Windows users on Windows 7 got a treat in a secret feature called God Mode that gave them access to just about ALL of the controls, settings and options built into Windows. In this article we’ll walk you through unlocking God Mode in Win8. I am told this can be done with Windows Vista as well.

  • Right click on the desktop and create a new folder, name it whatever you like.
  • Right click on the folder and click rename.
  • Copy and paste the following as the new file name:

Gmode.{ED7BA470-8E54-465E-825C-99712043E01C}

  • The icon will change from a folder to the control panel icon.
  • If you start up the panel you will get a window with all settings broken down by categories.

Go have fun, careful not to break anything 😉

Edit

This works in Windows 10 as well.. 😉

Shellshock: Better ‘bash’ patches now available

The first patches for Shellshock didn’t offer complete protection. The latest revisions of this patch for the popular Mac OS X, Linux, and Unix bash shell security problem were released on Friday, offering greater defenses against hackers.

The problem with the first patch, as Red Hat explained in its Shellshock FAQ, was that it only took care of the original bash flaw CVE-2014-6271. This, the true Shellshock bug, is the worst bash security hole. There were also others.

Red Hat said: “Shortly after that issue went public a researcher found a similar flaw that wasn’t blocked by the first fix and this was assigned CVE-2014-7169.” This bug is also a security problem, but it’s not as bad as the other flaw.

Later, Red Hat Product Security researcher Florian Weimer found additional problems and these were designated CVE-2014-7186 and CVE-2014-7187. Fortunately, these bugs are less serious and the latest patch takes care of these as well. As Red Hat’s Huzaifa Sidhpurwala told me: “The latest version of bash fixes all the CVE issues.”

So, what you want to do now, if you haven’t already, is check to see if you’re running a vulnerable version of bash. Continue reading Shellshock: Better ‘bash’ patches now available

FOSS Around the World: Latin America

Too often coverage of free/open source software news and commentary tends to focus on either developments and activities in North America or in Europe. While much of the news is made on these two continents, there’s a wider world out there where folks are doing some substantial things, and promoting FOSS in their own way in their own areas.

Periodically, we at FOSS Force will be looking at areas of the world which have been either overlooked or neglected in digital news coverage. Today we’ll start south of the U.S. border with Latin America — Mexico, along with Central and South America, for those of you keeping track on maps at home.

We start this with a quick overview of the region itself, and the canvas is a large one.

Jon ‘maddog’ Hall travels extensively as executive director of Linux International and is likely the most well known de facto ambassador for all things Linux and FOSS. A world traveler, he regularly speaks in South America where he says the use of FOSS is varied.

“Central and South America is a very big region,” Hall said. “The spread of FOSS is uneven, as you might expect. Likewise, FOSS is more than just GNU/Linux, so the use of FOSS is also uneven.”

Who is the top FOSS user in this hemisphere south of the equator?

“Brazil continues to be the biggest user of FOSS, due to both laws and attitudes of its government,” he said. “However, in some places where FOSS was used, proprietary software has reasserted itself due to changes in management, usually management that is friendly to closed-source companies.”

Complete Story

Heartbleed is back and it’s looking for enterprise wireless networks

A researcher has uncovered new ways to exploit the Heartbleed OpenSSL vulnerability, potentially exposing enterprise wireless networks, and the devices that connect to them, to a new wave of Heartbleed attacks.

Originally exposed in April, Heartbleed is a critical vulnerability in the OpenSSL encryption library that could expose up to 64 KB of memory on a vulnerable client or server if exploited, including keys used for X.509 certificates, authentication credentials and other communication protected by the open source encryption project.

The Heartbleed flaw was the result of a missing bounds check in the handling of the TLS heartbeat extension, and was thought to be exploitable only over TCP connections and after the TLS handshake. However, Luis Grangeia, a researcher with Portugal-based infosec consulting firm Sysvalue, found new ways to exploit the OpenSSL vulnerability.

In a May 30 blog post, Grangeia provided details on the new proof-of-concept, dubbed Cupid, which exposes TLS connections over the Extensible Authentication Protocol (EAP), and that allows for the deployment of authentication mechanisms like smart cards and one-time passwords over wireless networks. Grangeia explained that the EAP mechanisms potentially affected by Cupid include those that use TLS, namely EAP-PEAP, EAP-TLS and EAP-TTLS. Continue reading Heartbleed is back and it’s looking for enterprise wireless networks

Beta Testers needed for Next OS X Mavericks Update

Apple launched beta testing for OS X 10.9.3 a bit ago, giving interested people a chance to test drive the next update to the company’s Mac operating system. The OS X Beta Seed Program requires an Apple ID and is free to Mac users signing up to participate and prepared to adhere to a confidentiality agreement associated with the beta testing process. Apple did not reveal when OS X 10.9.3 will be released as a general update to Macs running OS X, currently updated at version 10.9.2, or Build 13C64.

Customers who download the beta seed of the OS X 10.9.3 update will be required to “provide feedback to Apple directly” via automated dialog boxes and other correspondence methods, Apple said. The OS X Beta Seed Program is distinct from Apple’s Mac Developer Program, which furnishes additional tools for developers of software for OS X, the company said.

Participants in the program won’t be compensated, Apple said in a OS X Beta Seed Program FAQ, and the confidentiality agreement serves up some pretty strict guidelines for how to use the 10.9.3 download for those choosing to register.

Apple also noted that installing the OS X 10.9.3 beta update won’t void hardware warranties and recommend that program participants back up their Macs via Time Machine, with the promise that AppleCare customer support specialists would be on hand to help beta testers with any problems that might arise.

Interested parties can visit Apple’s OS X Beta Seed Program landing page to begin the process of registering for the program and downloading the update.

Active 0day attack hijacking IE users threatens a quarter of browser market

If you are still using Windows and live your online life using any version of Internet Explorer you will want to keep up with this. My suggestion? Start using an alternate browser like Firefox or Chrome.

No patch available yet for critical bug affecting all supported versions of IE.

Attackers are actively exploiting a previously unknown vulnerability in all supported versions of Internet Explorer that allows them to surreptitiously hijack vulnerable computers, Microsoft warned Sunday.

The zero-day code-execution hole in IE versions 6 through 11 represents a significant threat to the Internet security because there is currently no fix for the underlying bug, which affects an estimated 26 percent of the total browser market. It’s also the first severe vulnerability to target affect Windows XP users since Microsoft withdrew support for that aging OS earlier this month. Users who have the option of using an alternate browser should avoid all use of IE for the time being. Those who remain dependent on the Microsoft browser should immediately install EMET, Microsoft’s freely available toolkit that greatly extends the security of Windows systems. Continue reading Active 0day attack hijacking IE users threatens a quarter of browser market