Thursday, 24 April 2014

Grr to the Mac

So today my Mac crashed, again, because I scrolled too fast, again, and it got me thinking about all those so&so's who claim "Mac's never crash", "Mac's are hassle free", "Mac's are virus free", so I did a little reading.

Did you know...

...The first ever replicating PC virus was written for a Mac? Rich Skrenta, at 15 years old in 1982 created the Elk Cloner virus as a prank. The self replicating boot sector virus was written for Apple II systems.

..The Flashback Trojan, masquerading as an Adobe Flash installer, was a drive-by-download style virus, which was able to install itself due to a JAVA flaw. Over 600,000 Macs were affected world wide; basically anyone who 1) had the vulnerable version of JAVA installed and 2) browsed a website hosting the virus. Apple took far longer to react to the virus than Microsoft, and left JAVA to issue the necessary updates. Microsoft took care of it themselves, weeks earlier, regardless of the fact it only affected Mac's.

Mac Defender is a known virus to affect Mac's, which Apple initially released instructions for on how to remove it. Instructions. Not a Hotfix or Update. Instructions. A DIY manual to cleaning your own system.

...The first Mac systems to revise their firmware after BIOS led to a lot of elilo hacking; attacking the boot sequence, which can affect everything from your hard drives to your network interaction. The main use for it on an Apple system appears to be to prevent people running alternative OS's on the system. There's no actual magic going on inside your Mac. They really are all the same on the inside.

...A Mac is made up of a motherboard, CPU, RAM, a GFX, HDD and a NIC (and other optional peripherals and add-on cards) just like a Microsoft system! In fact the MacBook Pro contains an Intel Core Processor, just like my Windows 7 system. It books off of the new fancy Solid State Disks, just like my Windows 7 system. It has an NVIDIA GFX, just like my old Windows XP system. It's like they're the same! And do you know what this means? They're both equally as likely to succumb to hardware failure.

...It's this easy to trick a Mac user into destroying his own system:-



FYI the command referred to in the image above reformats your hard drive.

...It took Apple until 2012 to start issuing Automatic Security Updates, reducing the amount of time Hackers have access to system vulnerabilities. That's right kids, Mac's require updates too. While you were moaning about XP and Windows 7 updating all the time, your Mac would have been wide open to attacks while you were busy not manually updating.

Mac's aren't perfect. They're computers. No, there's not as much Malware out there to attack them, but why would hackers waste their time attacking the system with only a 10% market share? If I was a hacker, I can only imagine I would be in it for the money so hacking some kids secret porn stash would not be on my agenda.

And just for clarification, here are the figures as of February 2014:-



As a final side note, as I come up against this all the time, Mac users who buy specific External Drives for compatibility purposes are being dupped. You can reformat an NTFS drive from your system, and you DO NOT have to select a Mac only or Microsoft only format. In fact you can use exFAT!! Developed by Microsoft for compatibility with XBox, this File System is compatible with both systems with none of the annoying 4GB file size limits of FAT32. Now we can all live in harmony.



Go PC.

Monday, 14 April 2014

Sony F55 Avid Media Composer 6.5.4 Workflow

Has anyone worked with the Sony F55 camera? I'm working on an Avid Media Composer 6.5.4 Workflow for it, using this cameras Slow-Mo features.

Our crews have filmed at 100fps, 150fps, 240fps etc. But the files themselves come in as 25fps .MXF files, which already play in Slow-Mo

We simply AMA link to these and transcode at 10:1 DNX for editing. This workflow is perfect, unless you want to know which files are what speed, so you can speed them back up to normal speed. We can't find a way of identifying which files are 100fps, 150fps etc.

Any clues?

Friday, 11 April 2014

The OpenSSL Heartbleed Bug explained, and what you, the User, needs to know.

To help explain The Heartblees Bug in OpenSSL:-

It is not a TLS/SSL encryption flaw. It's all in the TLS heartbeat extension; a 'handshake' between two systems including a missing bounds check... but this one didn't check the length parameter. This means a hacker can trick OpenSSL into allocating a 64KB buffer and take more information than was originally offered up. This space fills up with whatever was in your computers live memory at the time, or the live memory of any of these servers using OpenSSL, 64KB at a time.

This could have been your bank password, a document you just e-mailed someone, payment details, encryption keys (i.e. If you have your VPN) etc. However, there have been no documented instances of attacks exploiting the bug. The problem was found, patched, and then the information passed on so other OpenSSL users can patch their systems. The problem is that some tool tweeted about it and informed all our fellow hackers of the exploit before all servers could be patched. To make it worse, they've created tools to allow you to 'test' whether a site is still vulnerable. However, we can use these tests too.

At the end of the day, there's nothing the Users can do about it at this point. Even if you change all your passwords, it's not going to help if the exploit is still open, but, as I said, there's a chance here the vulnerability was never exploited.

The best you could do as a Systems Administrator for a webserver is to install the OpenSSL update, change your encryption certificates, clear your cookies and turn off your system, unplug it, take out the battery, for a couple of minutes, let the memory die out. As a User of websites, my advise would be to avoid as many varying websites as possible for now. Obviously, we don't know which websites are vulnerable but the patch is already available and has been implemented by all the major players, like Microsoft and Facebook, so don't worry about it.