Apple's macOS High Sierra, the newest version of its Mac and MacBook operating system, is available now. The operating system software, which launched to the public on 25 September 2017, brings new core technologies, including an entirely new file system, opportunities for developers looking to jump on the VR bandwagon, and refinements to apps such as Safari, Photos and Mail.

In this article, you will learn everything you need to know about High Sierra: interface changes, new features and which Macs are compatible with the macOS High Sierra.

We also have the details about the latest updates to High Sierra, the beta versions, and the new features Apple is adding to the operating system that all users will eventually see in the next update to High Sierra.

Below we will run through the various version of High Sierra that are available, and the beta and public beta versions that have been issued so far.

High Sierra's most recent update came on 29 November when Apple issued an update following the discovery of a macOS High Sierra root bug.

Apple said that it was working on a software update to address this issue and the fix came 24 hours after the developer revealed the bug.

Apple apologized saying that: "Security is a top priority for every Apple product and regrettably we stumbled with this release of macOS".

Apple says that this update improves the stability, compatibility and security of your Mac, and is recommended for all users.

According to the company, the update

·        Improves compatibility with certain third-party USB audio devices

·        Improves VoiceOver navigation when viewing PDF documents in Preview

·        Improves compatibility of Braille displays with Mail

In January 2018, Apple confirmed that macOS 10.13.2 also protects users from the Meltdown bug associated with flaws in Intel chips. The company issued a statement saying: "Apple released mitigations for Meltdown in iOS 11.2, macOS 10.13.2, and tvOS 11.2. watchOS did not require mitigation.

Following the revelations about Intel's chips being affected by the Meltdown and Spectre flaws, Microsoft confirmed that its own update that protects PCs from the vulnerabilities could slow older PCs down. Luckily it doesn't appear that macOS 10.13.2 has a detrimental effect on Macs. We ran Geekbench and Cinebench before and after installing the update on a 2013 iMac and saw slightly lower Geekbench - 11213 before, 11142 after, while Cinebench seemed to be better scoring 67.98fbs & 410cb CPU before, and 69.89 fps, 456 cb CPU after. We don't think there is any reason to be concerned about these slight differences in test results.

High Sierra 10.13.2 came in conjunction with Security Update 2017-002 for Sierra and Security Update 2017-005 for El Capitan. This Security Update addresses 22 security issues across the three versions of the operating system.

According to Intego: "Apache, Directory Utility, Intel Graphics Driver and Kernel all received some attention. Mail received a fix for an issue that could cause S/MIME encrypted emails to be sent out unencrypted. Directory Utility and Screen Sharing Server had some work done to it to fix what was left of the root vulnerability. The Kernel received the most attention with 8 issues addressed that could lead to an application reading restricted memory contents and execute arbitrary code with kernel privileges."

1.     Open the Terminal app, which is in the Utilities folder of your Applications folder.

2.     Type what /usr/libexec/opendirectoryd and press Return.

3.     If Security Update 2017-001 was installed successfully, you will see one of these project version numbers:

·       opendirectoryd-483.1.5 on macOS High Sierra 10.13

·       opendirectoryd-483.20.7 on macOS High Sierra 10.13.1

·       The update fixes a vulnerability in the WPA2 Wi-Fi standard that could allow attackers to exploit weaknesses in the WPA2 protocol to decrypt network traffic.

·       It also includes new emoji including t-rex, vampire, brain, zebra, giraffe hedgehog, a gender-neutral face and more. (The inclusion of Halloween related emoji was a good indication that the update would arrive by 31 October).

·       A vulnerability that could expose the passwords of encrypted Apple File System volumes.

·       A vulnerability that could allow a hacker to steal usernames and passwords of accounts stored in Keychain using a third-party app.

·       A cursor bug in Adobe InDesign.

·       An issue where Yahoo messages couldn't be deleted in Mail.

·       A new Apple File System that will change the way the Mac stores your data, as well as make copying files faster.

·       Improvements that will enhance 4K video playback (and reduce the space taken up by those videos).

·       The graphics capabilities will be improved, bringing VR to supported Macs.

·       Mail

·       Siri

·       iCloud

·       Spotlight

·       Notes

·       Messages

There will be a redesigned Edit view along with new editing tools including Curves for fine-tuning and Selective Color for making adjustments within a defined colour range. You'll also find new professionally inspired filters.

·       Viewing past imports in chronological order

·       The ability to do various functions right from the toolbar, such as rotate and favourite batches of images

·       The selection counter will tell you how many things you have selected

·       Filtering photo collections according to criteria

·       Photos will support external editors, e.g. Photoshop can launch within Photos and save edits to the Photos library

·       Third-party projects extensions that let you order framed prints, create web pages and more

·       Sonnet external GPU chassis with Thunderbolt 3 and 350W power supply

·       AMD Radeon RX 580 8GB graphics card

·       Belkin USB-C to 4-port USB-A hub

·       Promo code for $100 towards the purchase of HTC Vive VR headset

There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.

The scope and severity of the fallout from the WannaCry attacks over the past week elicits plenty of "we told you so" head shakes about the dangers of ransomware. With a lightning-fast speed, the blackmail worm spread quickly.

According to Europol, the attack had reached about 150 countries and more than 200,000 systems. When security researchers found a kill-switch for the attack that they used to their advantage, it didn't take long for new variants to start up again with infections occurring at a rate of 3,600 systems per hour.

It was a nasty bit of business and while the hue and cry over ransomware shouldn’t be ignored, there are a lot more valuable lessons beyond those that have to do with cyber blackmail. Here are just a few of them.

1: Vulnerability and Patch Management overshadows everything

Patch, patch and patch. It's been the overwhelming mantra of security pros for decades, and this attack campaign shows us why. The rapid spread of the worm was made possible by the ubiquity of systems worldwide running on unsupported or unpatched operating systems.
Hopefully, after this attack, organizations will significantly alter their continuous patch hygiene. Microsoft also released new emergency patches for Windows XP and 2003, even though it has stopped all security updates and technical support for XP since April 2014, which simply shows the seriousness of the attack and the risk of deploying out-of-date operating systems in work environments."

2: Unknown Assets can cause you so much problems

It's just about impossible to patch systems an organization doesn't even know exists. The insidious effects of WannaCry offer up a good illustration of how easy it is for attackers to scale attacks against the forgotten systems that can be lost through inconsistent asset management.
"Attackers performing reconnaissance will often find unknown, unprotected, and unmonitored assets to use as attack vectors," says Steve Ginty, senior product manager at RiskIQ. "For a large enterprise, these types of assets are typically easy for even novice hackers and threat groups to find, and because they’re unmonitored, they provide an easy way in and out. To defend yourself, you need to know what attackers see when they’re looking at your business from outside the firewall."

3: Network Segmentation Can Be a Valuable Risk Reducer

Of course, patch management isn't as simple as just finding every system and waving a magic wand over them. Many organizations struggle to update legacy and embedded systems due to a host of technical problems. It's why WannaCry found such fertile ground in healthcare organizations, since many medical devices are built on top of old Windows operating systems that are very difficult to update due to government regulations and the organizations' own concerns about causing system disruptions during updates. We all have faced challenge(s) while updating our work and personal devices at one point or the other.
"In many cases, devices will never receive updates either because the OS is no longer supported and memory, storage, and processing constraints may prevent the device from operating effectively with the latest software. Finally, I suspect that many hospital administrators may not recognize the danger from using outdated software on these devices, and simply avoid patching because the device works. Thus 'if it ain’t broke, don’t try to fix it' mentality can be tremendously detrimental to hospital security."
This scenario is a perfect example of how compensating controls - like network segmentation - should have kicked in for a lot of organizations.
"Of course, today, completely disconnecting a machine from the Internet typically renders it of little use. But network connectivity can be limited as much as possible," says Brighten Godfrey, co-founder and CTO of Veriflow. "Segmentation requires careful network architecture, especially in a complex environment where configurations of firewalls, routers and other devices are continually changing. Rigorous network verification methods can help ensure that the intended segmentation is continually realized."

4: Security Has Real-World Repercussions

Speaking of healthcare, one of the big-picture lessons that security professionals around the world should be thinking deeply about is the fact that cybersecurity is no longer just a game of protecting data. When attacks happen today, they have real-world repercussions that can affect the safety of people's life and limb.
"With so many medical devices connected to the internet, it’s not surprising to know that some of these devices were rendered useless by WannaCry," says Terry Ray, chief product strategist for Imperva.
The attacks against the UK's National Health Service put hospital operations at a standstill and threatened the health of real people. As much as the security industry talks about its struggle with attackers as a game, using terminology like "whack-a-mole" and "cat-and-mouse" to describe the back-and-forth exchanges, the truth that WannaCry should bring home is that what we're engaged in is not frivolous or fun. The consequences are real and serious.

5: It's Easy to Forget the 'A' in Security's 'CIA'

So many security organizations get hung up on the confidentiality and integrity part of IT risk management that they forget the final leg of that three-legged stool: availability. According to estimates from Cyence researchers, the business interruption costs to companies from WannaCry will add up to over $8 billion.
"Business interruption caused by the WannaCry malware is probably the most substantial and problematic component to this event. Organizations will suffer interruptions to their business, lost income, and extra expenses while the infection is being remediated – and it will take some time to get back to full productivity even after systems are restored.
Obviously, these are big-picture lessons. And it will take time to turn these lessons into meaningful action. In the meantime, for those who've found they've lost access to their WindowsXP systems, there's at least some good news on that front. Security researchers with the French security firm Quarkslab have released a tool called Wannakey, which can help recover the private encryption key for infected WindowsXP systems.

A basic guide to the Internet's underbelly -- the Dark Web.




Deep or Dark?

There's a difference between the "Deep Web" and "Dark Web." While the "Clear Web" is the surface area which is indexed by search engines such as Google and Yahoo, the Deep Web is an area search engines can't crawl for or index. Plunging in further, the Dark Web is a small area within the Deep Web which is intentionally hidden from discovery.


How do you access the Dark Web?

You can't use standard access methods to gain entry into the Dark Web. The most common method is through the Tor network, an anonymous network created from nodes which disguise online activity. In order to use Tor, you need the Tor browser, and may also need to be issued an invitation to access certain .onion domains hidden within the Dark Web.


Wait, .onion domains?

An .onion address is the result of Onion networking -- low-latency communication designed to resist traffic analysis and surveillance. The use of Onion networking is not a perfect solution to maintain anonymity, but it does help disguise who is communicating with whom.


It's not just drugs

Many of us heard when the underground marketplace Silk Road, one of the largest hidden within the Tor network, was taken down following an investigation by US authorities. However, there are many more vendors peddling their wares within the Dark Web. While drugs are the most commonly-thought of when it comes to the secretive area, you can also purchase a plethora of other illegal goods. Weapons, porn, counterfeit money and fake identities, hacked accounts and even hitmen can be found if you have the cash. If someone annoys you, sending over a SWAT team as a "prank" is also possible.


It's also something of an eBay for peculiar items.

A quick browse and I could buy lifetime membership passes to popular services such as Netflix, old consoles, clothing, emulators and DVDs, a car or two and bulk weight loss pills. Technology is also popular -- there is a wealth of devices available -- both counterfeit and apparently legitimate -- if you know where to look.



The Dark Web is used for more than buying and selling.

So-called "ethical" hacking and political forums, archives of forbidden books, tips on how to care for your cat -- there are potentially thousands of private .onion addresses hosted which go beyond marketplaces.


Trading is hardly safe or risk-free

Whether you take a risk with buying bargain designer clothes on the Clear Web or sink a few Bitcoins in purchasing illegal items through the Dark Web, neither is risk-free.
Vendors and sellers might be trying to avoid the eyes of legal enforcement in the darker side of the Internet, but this doesn't stop scams from taking place. Scam vendors and quick grab-and-run schemes run rampant -- especially as there is no way to follow up with failed sales down the legal route.


Buying and selling through the Dark Web

How do you trade without being linked to bank accounts? Virtual currency is the most common method, which includes "tumbling," a laundering process which destroys the connection between a Bitcoin address which sends virtual currency and the recipient in the hopes of covering a user's tracks. Some vendors offer escrow services which holds Bitcoin in trust until goods have been delivered and both parties are happy -- although value fluctuations linked to Bitcoin use makes this move risky.


Avoiding spying eyes

Aside from using the Tor browser and VPNs, a number of buyers and sellers use "Tails," free software which can be booted from flash storage to provide end-to-end encryption for your browsing sessions.
To further cover their tracks, vendors and sellers will often also use public Wi-Fi hotspots to conduct their business.


Reddit is used as a communication platform for Dark Web transactions

Although far from exhaustive, the best Clear Web resource to bounce around and learn a little about the darker, nastier aspects of the Internet is on Reddit. There are sub-forums in which Dark Web vendors and buyers exchange news, thoughts and seller reviews. Advice is also issued on how best to "clean house," create safe "drop" zones to pick up packages ordered from the Dark Web and what to do if you think law enforcement is keeping an eye on you.

There is a whole lot more to know about the Deep web. Click this link to read more.