New Router Malware might be affecting your home/office router

From Talos:

https://blog.talosintelligence.com/2018/05/VPNFilter.html

Given our observations with this threat, we assess with high confidence that this list is incomplete and other devices could be affected.

LINKSYS DEVICES:

E1200
E2500
WRVS4400N

MIKROTIK ROUTEROS VERSIONS FOR CLOUD CORE ROUTERS:

1016
1036
1072

NETGEAR DEVICES:

DGN2200
R6400
R7000
R8000
WNR1000
WNR2000

QNAP DEVICES:

TS251
TS439 Pro

Other QNAP NAS devices running QTS software

TP-LINK DEVICES:

R600VPN

WIRED has an article about this cybersecurity hazard here: https://www.wired.com/story/vpnfilter-router-malware-outbreak/

WIRED has reached out to Netgear, TP-Link, Linksys, MicroTik, and QNAP for comment on the VPNFilter malware. Netgear responded in a statement that users should update their routers’ firmware, change any passwords they’ve left as the default, and disable a “remote management” setting that hackers are known to abuse, steps it outlines in a security advisory about the VPNFilter malware. The other companies have yet to respond to WIRED’s request.

Solve when MacOS X 10.11 loses the ability to set a default browser

If your MacOS X 10.11 (El Capitan) loses the ability to set a default browser, you can clear up the bug by rebuilding the Apple Launch Services.

Symptoms:

1. You use two browsers (Firefox and Chrome)… the wrong browser starts launching as the (unintended) default after you opened it once for some task — despite the intended default browser launching fine up to that point, the unwanted browser takes over as a URL handler in other programs.

2. When you try to reset the default browser in System Preferences > General, there are no browsers showing in the picker!

Solution:

Run this terminal command:

/System/Library/Frameworks/CoreServices.framework/Frameworks/LaunchServices.framework/Support/lsregister -kill -r -domain local -domain system -domain user ; killall Dock

Immediately restart!

Then you’ll see your choices again:


Inspired by this specific answer on StackExchange Mac OS X 10.11 browser default.

Thunderbird Mail Program for Mac is blocked by Google

Google blocks Thunderbird from checking gmail if a certain setting is turned on via Google’s account security settings screen.

Some devices and apps use insecure sign-in technology to access your data.

Choosing Disable prevents these less secure devices and apps from accessing your Google Account.

Choosing Enable increases your chances of unauthorized account access but allows you to continue using these less secure devices and apps.

https://www.google.com/settings/security/lesssecureapps

Mozilla explains the problem here:

https://support.mozilla.org/en-US/kb/thunderbird-and-gmail

 

Apple creates iphone switcher tool

From the NYTimes  Bits blog:

Apple on Sunday released a web tool to address a problem that has affected some iMessage users: When they switched to a non-Apple smartphone, like an Android device, they could no longer receive messages from iPhones.

When someone with an iPhone switched to a different smartphone, like an Android phone, the phone number would remain attached to iMessage, which is usable only on Apple devices. So when iPhone customers tried to send text messages to that number, sometimes those messages would never make their way to the intended recipient.

Apple’s new tool, which many spotted on the web over the weekend, allows a former iPhone user to enter a phone number to detach it from iMessage. When a phone number is entered, a text message returns with a confirmation code, which also must be entered into the web tool.

Test for the Shellshock bug in BASH

From ArsTechnica:

There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
 this is a test

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case.

How to View Source in Safari on iPad

This bookmarklet is useful to view source in Safari on Apple’s iPad. There is no built-in menu tool to do this in iOS, unlike with all desktop browsers. Oh why, Apple, do you drift ever further from user-centric software development?

Here is the link to the article by Ole Michelsen.

http://ole.michelsen.dk/blog/view-source-on-the-ipad-and-iphone/

A fine solution is to create a bookmarklet, which is a piece of JavaScript saved as a bookmark. When you want to see the source of a web page, just click the bookmark and the source of the page is displayed. I was inspired by this bookmarklet by Rob Flaherty, but it has a few shortcomings. To improve upon the bookmarklet concept, I created my own version with a few more bells and whistles:

Do you dislike Apple Preview app’s auto-saving feature?

Apple has always decided what it thinks is the best experience for its Mac users, even against conventional wisdom or established, known user preference. This has been frustrating for power users through the years, from lack of two button mice to the latest reductionist “flat design” trend in iOS7.

The latest “we know better” feature is the automatic document auto-saving (with no warning) in its home-grown applications, like Preview, TextEdit or the iWork apps. I don’t want to recall how many original photos have been destroyed after a session of quick exposure experimentation.

Good news: you can completely disable the auto-saving via this terminal command:

defaults write com.apple.Preview ApplePersistence -bool no

This comes from a helpful topic on StackExchange.

http://apple.stackexchange.com/questions/27544/how-to-completely-disable-auto-save-and-versions-in-mac-os-x-lion

Add a password to your Mac Zip File

Apple makes it easy to compress files using the right-click contextual compression command, but it provides no easy way to add a password to the resulting zip file. You can use the Terminal program to add a password, but it’s prone to mistakes and more time consuming.

 

Instead, use this program called Keka.

http://www.kekaosx.com/en/

Keka is a free file archiver for Mac OS X. The main compression core is p7zip (7-zip port).

Compression formats supported:  7z, Zip, Tar, Gzip, Bzip2, DMG, ISO

Extraction formats supported:  RAR, 7z, Lzma, Zip, Tar, Gzip, Bzip2, ISO, EXE, CAB, PAX, ACE (PPC)