Hello, welcome to the Thursday, November 30th, 2017 edition of the Sandton and Storm Center's

Stormcast. My name is Johannes Ulrich, and the damn recording from Augusta, Georgia. Apple wasted no time

and released today an update for the high Sierra vulnerability that allowed logins as root without password.

The patch is only a little bit more than a megabyte in size.

It came out as Security Update 20071 and does not require a reboot of the system.

However, if you enabled the route account

either to protect yourself from the vulnerability or because you had another reason why you needed

the root account enabled, after you apply this patch it will be disabled again. So you will have

to reenable it if you need to on the other hand

if you do not need the route account then you're probably better off leaving it

disabled Apple also notes that after applying this patch you may have issues with

file sharing if you do run into the, there is a link to a fix within

the security bulletin. And mobile security company High Tech Bridge took a look at Android

Bitcoin application and shouldn't surprise anybody that they came up with some pretty grim

results. High Tech Bridge operates a free

online service, mobile x-ray that can be used to analyze mobile applications for vulnerabilities,

and of course they use that tool to examine a number of different crypto coin mobile applications.

Now just looking at the top 30 most popular applications, it looks like about a third of the applications

are vulnerable to man in the middle attacks, but the same number also has hard-coded sensitive

data like passwords or API key

70% of the applications do still support SSL version 3 or TLS 1.0 so if you are using a

mobile application to keep your crypto coins, take a look at their list

...