respond
dafna@macitwork.nl
bel: | T +31 06 81903536 
skype: macitwork.nl
Florijn 27 1102BA

løsd

Apple ordered to pay up to €13bn after EU rules Ireland broke state aid laws

By | all, Mac Book

Apple has been ordered to pay a record figure of up to €13bn (£11bn) in back taxes to Ireland by the European commission. This video explains the ‘sweetheart deal’ that the commission has ruled amounts to illegal state aid

Apple ordered to pay up to €13bn after EU rules Ireland broke state aid laws

Tim Cook, Apple’s chief executive, said the commission was rewriting Apple’s record in Ireland, overriding Irish law and disrupting the international tax system. He said Apple chose the Irish city of Cork as its European base 30 years ago and had expanded from 60 workers to almost 6,000 in Ireland.

He said Apple would appeal and that he was confident of winning.

Cook said: “We never asked for, nor did we receive, any special deals. We now find ourselves in the unusual position of being ordered to retroactively pay additional taxes to a government that says we don’t owe them any more than we’ve already paid.”

The commission’s decision is a rebuff to US efforts to persuade it to drop the case after warnings of retaliation from Washington.

Apple, which changed its tax arrangements with Ireland in 2015, should easily be able to pay the huge tax bill because it has a cash mountain of more than $230bn (£176bn) of cash

bug in macOS High Sierra

By | Mac Book

There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check.

The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username “root” with no password. This works when attempting to access an administrator’s account on an unlocked Mac, and it also provides access at the login screen of a locked Mac.


To replicate, follow these steps from any kind of Mac account, admin or guest:

1. Open System Preferences
2. Choose Users & Groups
3. Click the lock to make changes
4. Type “root” in the username field
5. Move the mouse to the Password field and click there, but leave it blank
6. Click unlock, and it should allow you full access to add a new administrator account.

At the login screen, you can also use the root trick to gain access to a Mac after the feature has been enabled in System Preferences. At the login screen, click “Other,” and then enter “root” again with no password.

This allows for admin-level access directly from the locked login screen, with the account able to see everything on the computer.

It appears that this bug is present in the current version of macOS High Sierra, 10.13.1, and the macOS 10.13.2 beta that is in testing at the moment. It’s not clear how such a significant bug got past Apple, but it’s likely this is something that the company will immediately address.

Until the issue is fixed, you can enable a root account with a password to prevent the bug from working. We have a full how to with a complete rundown on the steps available here.

Update: An Apple spokesperson told MacRumors that a fix is in the works:

“We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section.”

Update 2: Apple released a security update to address the vulnerability on Wednesday morning. The update can be downloaded on all machines running macOS 10.3.1 using the Software Update mechanism in the Mac App Store. Apple says it will automatically push out the update to all users who have not installed it later in the day.

In a statement provided to MacRumors, Apple said the company’s engineers began working on a fix as soon as the problem was discovered. Apple also apologized for the vulnerability and said its development process is being audited to prevent something similar from happening in the future.

Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS.

When our security engineers became aware of the issue Tuesday afternoon, we immediately began working on an update that closes the security hole. This morning, as of 8 a.m., the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra.

We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.

All users should download the new security update immediately.

Related Roundup: macOS High Sierra

Adobe Flash Advisory 

By | Mac Book

We are trying something new today. Riseup is sending this general security bulletin to all users in the hopes that it will keep all you amazing people safer. Although your Riseup service is not affected by these vulnerabilities, we feel it is important for you to take action in order to protect your devices and your data on other websites.

Contents:

* Adobe Flash Advisory
* Wi-Fi Advisory

Adobe Flash Advisory
====================================================

The problem
—————————————————-

Adobe Flash is a plugin for most web browsers that allows the browser to display interactive content such as games and videos. In a new vulnerability announced on Monday, Adobe Flash can be tricked by a website you visit or a document you open to allow a remote attacker to take control of your computer.

Who does this affect?
—————————————————-

The problem exists in all web browsers that have Adobe Flash, on all operating systems. It also affects Microsoft Office.

By combining this vulnerability with others, an attacker can take total control over your computer, read all your data, capture all your login accounts, spy on you through the webcam, and so on.

What can I do to protect myself?
—————————————————-

Disable Adobe Flash immediately. It is a constant source of security holes, and is being discontinued by Adobe.

Until recently, sites like YouTube relied heavily on Adobe Flash. Today, however, you don’t need Adobe Flash in order to use most sites with dynamic content or video. Because of this, you should disable or uninstall Flash entirely. If you have some burning reason you need Adobe Flash, you can also upgrade Flash to the new version without the vulnerability.

Disable Flash

* Chrome: Preferences: Settings > Show advanced settings > Content settings > Flash > uncheck “Allow sites to run Flash”.

* Firefox: Tools: Add-ons > Plugins > Flash > Never Activate.

Uninstall Flash

For instructions on how to uninstall Flash for every browser, see https://www.howtogeek.com/222275/how-to-uninstall-and-disable-flash-in-every-web-browser/

Upgrade Flash

See Adobe’s security advisory for instructions on how to get a patched release of Flash https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

More information
—————————————————-

An attack using this vulnerability in Adobe Flash was observed on October 10 by Kaspersky Lab. The vulnerability was being used to infect the victim’s computer with the FinFisher malware. The group behind the attack is believed to be BlackOasis, aka NEODYMIUM, which historically focuses on targeted attacks against civil society actors in Turkey. BlackOasis is classified as an “advanced persistent threat” and is believed by many researchers to be a customer of the Gamma Group, a German and UK corporation with along history of surveillance and monitoring of activists.

For further reading, see:

http://www.securityweek.com/middle-east-group-uses-flash-zero-day-deliver-spyware

https://threatpost.com/adobe-patches-flash-zero-day-exploited-by-black-oasis-apt/128467/

https://securelist.com/blackoasis-apt-and-new-targeted-attacks-leveraging-zero-day-exploit/82732/

https://en.wikipedia.org/wiki/Gamma_Group

Wi-Fi Advisory
===================================================

There is a new class of attacks against Wi-Fi networks. Most Wifi networks these days use a technology called WPA2 to protect the network from eavesdropping. Researchers found a way to break this.

These attacks allow an adversary within Wi-Fi range to read your network traffic and potentially to also send your device nefarious traffic, depending on what device you are using.

Who does this affect?
—————————————————

Nearly all Wi-Fi devices and operating systems are vulnerable, to varying degrees. This includes nearly all laptops, mobile phones, and Wi-Fi connected devices. In particular, most Android and Linux devices are highly vulnerable.

What is the danger?
—————————————————

There are many attacks that are made possible with this vulnerability. For example:

* An attacker could read your login username and password if not transmitted using HTTPS (encrypted browser connection). Riseup requires HTTPS on all servers — but many services do not.

* An attacker could downgrade your secure HTTPS web browser connection to an insecure HTTP connection, depending on the configuration of the server (Riseup servers are protected against this).

* If you click on a link to download a file, an attacker could attach a virus to that file while it was in transit to your device (in some cases).

What can I do to protect myself?
————————————————

If you have an Android device, you should disable Wi-Fi and use your telco’s data plan whenever possible. When possible, keep Wi-Fi disabled until an update becomes available for your device.

You should update your devices as soon as possible. Unfortunately, there are not fixes yet for most operating systems or Wi-Fi access points.

The use of HTTPS is always a good idea, particularly now. We recommend that everyone install the browser extension “HTTPS Everywhere” which will automatically switch your browser to use HTTPS when a website supports it. The new Wi-Fi attack makes it much easier for an attacker to try to downgrade your web browsing to use an insecure connection, and the HTTPS Everywhere extension will prevent this for most popular websites. See https://www.eff.org/https-everywhere to install this extension.

The use of a personal VPN is always a good idea, particularly now. A personal VPN encrypts your traffic to the entire internet, while a corporate VPN just encrypts your traffic to the corporate network. To read more about Riseup’s VPN service, see https://riseup.net/vpn

Current update status
————————————————

Android: There is no fix yet for Android. Devices with Android 6.0 or later are highly vulnerable.

iOS: No update is available yet.

macOS: No update is available yet.

Windows: Update is available.

Ubuntu and Debian Linux: Security patches are available. Run `sudo apt update; sudo apt upgrade`.

Red Hat Linux and Fedora: No fix yet released. See https://access.redhat.com/security/cve/cve-2017-13077 for latest status. You can keep trying to run `sudo yum update` until you see wpa_supplicant get updated.

Access points and home routers: check the website of the manufacturer.

More information
———————————————–

For an updated list of the state of security patches to client operating systems and AP firmware, see:

https://www.reddit.com/r/KRaCK/comments/76pjf8/krack_megathread_check_back_often_for_updated/

https://www.bleepingcomputer.com/news/security/list-of-firmware-and-driver-updates-for-krack-wpa2-vulnerability/

http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/

For more information on the flaw in WPA2, see:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/


To unsubscribe: <mailto:newsletter-unsubscribe@lists.riseup.net>
List help: <https://riseup.net/lists>

Gratis diagnose bij de reparatie.
annulering van de reparatie word voor de diagnose €25 in rekening gebracht.
Vraag voor een offerte , je krijg binnen een uur een melding van ons.

Voor huisbezoek binnen de ring van Amsterdam worden geen extra kosten berekend. 24 uurs spoedservice is beschikbaar voor €50 per uur Ook al kan niet ieder spoedgeval direct worden beantwoord, wij doen ons best om beschikbaar te zijn wanneer onze klanten ons nodig hebben.