• Newsletter Issue #931

    October 2nd, 2017


    On this weekend’s episode of The Tech Night Owl LIVE, we presented columnist Rob Pegoraro, who writes for USA Today, Yahoo Finance, Consumer Reports, Wirecutter and other publications. During this segment, Rob discussed his recent experience driving a Cadillac CT-6 equipped with a more powerful cruise control option, dubbed Super Cruise, which allowed him to travel to Cleveland, and not have to touch the steering wheel during a long stretch on an Interstate highway. Is this a major step towards autonomous driving? Gene and Rob also discussed reports of problems with the initial releases of macOS High Sierra, and iOS 11. And what about cable/satellite cord cutting? How do you cope with more and more services that charge separate fees, and how will that impact your ISP’s bandwidth cap? Gene mentioned that he plans to review a new 4K set supplied by VIZIO.

    Now about that self-driving experience, Rob explained that the Cadillac’s fancy cruise control scheme only worked if he remained in a single lane during his trip. That may be all right for a long stretch of interstate highway, but it’s hardly useful in most circumstances. It’s also an option that costs around $5,000, making an already expensive car more expensive for something of limited value to most drivers.

    There’s little doubt, though, that car makers will begin to add more and more of these autonomous driving features until they provide something that will allow the car to do everything for you. But if a fancy cruise control system costs about the same as an iMac Pro, what will a full-blown setup run? $10,000? More? Is this the sort of capability that will only be affordable by the well heeled at the beginning?

    Indeed, that might be Apple’s ace in the hole, which is to deliver a working self-driving technology that will be mostly affordable by regular people. As I reach the age where I might have to consider turning in my driver’s license, and I won’t predict when that might happen, I would like to think that I will be able to buy or lease a car that will be able to do all the work for me. Or should we expect a ride sharing company, such as Lyft or Uber, to simply provide a low-cost ride powered by such a system? And what will happen to all those people who depend on such companies to provide an income? Since I use both for some extra cash, I am concerned. Or maybe I’ll be too old to care by then.

    In a special encore presentation, you heard from columnist and podcaster Kirk McElhearn, who  joined Gene in a pop culture discussion, focusing on recent movies. What about a recent newspaper report about famous singers, most recently Adelle, who are losing their voices and have to undergo delicate microsurgery to resume their careers? Are they following the wrong singing techniques? There was also a lengthy discussion about the potential for Apple TV, and whether cord cutting makes sense. Is it possible to get all the TV shows you want with such streaming services as Netflix, or is there the danger of getting so many services and apps that you end up spending more than with a traditional cable and satellite TV package with hundreds of channels?

    On this week’s episode of our other radio show, The Paracast: Gene and Chris present researcher Micah Hanks, of The Gralien Report, Over the course of the last year, Micah has been researching a handful of unusual topics, which include a post World War II mystery in Chile. But this episode begins with Micah discussing classic UFO cases that, years later, may not be as compelling as they originally seemed. Were all or most of them conventional aircraft, perhaps undergoing tests? And what about evidence of possible nuclear events in ancient times? Micah and Chris also discuss ways to capture evidence of ongoing paranormal events, such as the San Luis Valley Camera Project, and other projects that may or may not have demonstrated progress.


    After I wrote a piece about the latest effort to push antivirus software onto the storage devices of Mac users, I came across another story about security, only this one appears to be dealing with a factual issue. But even then the fears may be overblown, and what about other computing platforms where the potential issues are far worse?

    As most of you know, there is a small piece of software that is run by your Mac when it’s first turned on. The latest technology is known as the Extensible Firmware Interface, EFI. It takes the Mac through a process where it identifies the hardware, makes sure there are no critical errors, such as bad RAM, and turns the startup chores over to the macOS.

    Every so often, Apple will issue firmware patches to fix bugs or possibly to deal with potential vulnerabilities to security exploits. And there have been a few of those through the years. What’s more, there was a recent report about the firmware-based tools such intelligence agencies as the CIA might use to break into one of these computers.

    And, of course, every computer nerd you see on TV or in the movies has a tool at his or her disposal to unlock a device. But the reel and real worlds don’t always intertwine.

    But there is a report that Apple’s firmware update process may not be as perfect as it should be. According to a survey involving some 73,000 Macs by Duo Security, an estimated 4.2% were running the wrong EFI version, possibly because the update process had failed. Or perhaps the owners hadn’t been diligent about installing Apple updates. The report claims that the number of vulnerable Macs hit a high of 43% with the 2015 21.5-inch iMac.

    On the surface or at any other level, it does appear that Apple might have a problem, a serious problem. Indeed, upon being presented with this report, Apple emailed a statement to the media promising to do better: “We appreciate Duo’s work on this industry-wide issue and noting Apple’s leading approach to this challenge. Apple continues to work diligently in the area of firmware security and we’re always exploring ways to make our systems even more secure. In order to provide a safer and more secure experience in this area, macOS High Sierra automatically validates Mac firmware weekly.”

    In other words, Apple clearly knew a problem existed, and crafted High Sierra to solve it. What makes this announcement more important is that Apple used to be regarded as being a little less devoted to Mac security issues than they should have been. This apparent lack of serious attention came into focus in 2012, when a Trojan known as Flashback allegedly infected several hundred thousand Macs. Now it’s not that the Trojan actually did anything untoward, except for being present.

    It was also traced not to a Mac security flaw, but one in Java, one that Apple should have updated so long as they were maintaining the software. But that’s now Oracle’s responsibility, and thus they handle the updates as needed, just as Adobe deals with the ongoing Flash vulnerabilities. Well, at least until Flash is gone. And I expect fewer and fewer web apps require Java these days.

    Now remember we’re dealing with the Mac, where Apple keeps close tabs on the operating system, and is thus responsible for pushing updates for as long as a device is supported. As I wrote above, Apple promises to do better, because 4.2% is, to them, still too high.

    But what about Linux, what about Windows?

    Well, Duo Security concludes the problems are much worse for these platforms because one company is not responsible for or managing the patch process. Sure, Microsoft will issue critical updates for Windows on a regular basis, but firmware matters are the province of the computer makers. It’s up to Dell, HP, Lenovo and all the others to be concerned enough about security flaws to make sure that they somehow push these updates to their customers.

    And what about smaller specialty PC makers? What about people who just buy the parts off the shelf from dealers and build their own computers? Will they be diligent enough to make sure that needed firmware updates are readily available?

    Since there are far more potentially vulnerable Windows PCs out there in the wild, I would think that Duo Security was taking the easy way out here by focusing strictly on Apple It will be a far more complicated process to examine tens thousands of computer setups to see if their motherboards have received the necessary updates from the parts manufacturer or the computer maker.

    Indeed, just finding out what firmware updates are needed — and the potential for hacker mischief — may be impossible to resolve in any meaningful way.

    The long and short is that, yes, perhaps a Mac with out-of-date firmware may be a potential candidate for criminal mischief, but it would also involve some level of direct access to the computer, or someone downloading and installing an app that messes with the firmware.

    On the Windows platform, it’s real messy, so messy in fact that it would be very easy to make an argument as to why Apple the most secure personal computing platform. It would be far easier to argue that tight control over the platform protects customers from evil hackers.

    While a business with a skilled IT staff should be keeping tabs on needed updates, what about the hundreds of millions of PC users with home systems, or who work for small businesses that don’t have the budgets to hire professionals to make sure their systems are up to date and appropriately protected?

    What about all those PCs still running Windows 7 from 2009, and, perish forbid, Windows XP from 2001? Can their firmware even be updated?

    The Duo Security report succeeded in one respect, which was to demonstrate that Apple needed to work harder. But the security firm needs to work harder to deliver a survey that will address the far greater vulnerability for customers of the largest computing platform on the planet.

    Are they up to the task, or was it easier just to generate some scare headlines about Apple?


    The Tech Night Owl Newsletter is a weekly information service of Making The Impossible, Inc.

    Publisher/Editor: Gene Steinberg
    Managing Editor: Grayson Steinberg
    Marketing and Public Relations: Barbara Kaplan
    Sales and Marketing: Andy Schopick
    Worldwide Licensing: Sharon Jarvis

    | Print This Issue Print This Issue

    Leave Your Comment