LANSHARKS.NET – Apple, Internet and Network Consulting Services

Fixing Macs and Networks Since 1990

Thoughts on macOS Ventura

Update: 11/8/2022:
It appears there is a bug in macOS Ventura 13.0 which impacts security software, such as Malwarebytes: https://www.malwarebytes.com/blog/news/2022/11/macos-ventura-bug-disables-security-software

There is currently no permanent fix. We’re waiting for the macOS Ventura 13.1 update (currently in beta).

This is an excellent example of why it makes sense to wait and NOT install the initial release (.0) of a major operating system update.

Update 11/7/2022:
In regards to the loss of the ability to manually prioritize/reorder which WiFi networks are joined when a Mac running Ventura wakes from sleep or restarts, Apple has provided the following (quite confusing) Support article: https://support.apple.com/en-us/HT202831

Update 11/5/2022:
As noted below, Apple replaced the familiar “System Preferences” interface with a newly rewritten “System Settings” application. I’m not a fan. System Settings sports an entirely new user interface which requires some digging around to find familiar settings (Time Machine, Software Update, Startup Disk, etc, are now listed under different categories and take a bit of digging to find). But my biggest complaint is that System Settings no longer has the ability to re-order and prioritize which WiFi network(s) a device joins when waking from sleep or restarting. This is a major step backwards, particularly for users who join a number of different WiFi networks and need to make sure their machine joins the right network, every time.

From 10/25/2022:
Apple released macOS 13.0 (“Ventura”) to the public today (10/25/2022). Here is a list of the reported new features: https://www.apple.com/macos/ventura/

And a more detailed features breakdown: https://www.apple.com/macos/ventura/features/

In marketing copy and technical documentation, Apple specifies that macOS Ventura runs on these Macs:

Compared to the previous version of macOS Monterey (macOS 12) — macOS Ventura no longer supports these Macs: 

As of this morning, my 2022 MacBook Air is running this new operating system quite smoothly. I do *not* recommend installing Ventura on any Mac with a spinning hard drive (i.e. some entry-level iMac models).

Initial notes and observations:

  • System Preferences has been renamed “System Settings” and has a completely different user interface. If you spend any time configuring your Mac in the System Preferences app (i.e. Network, Displays, Privacy & Security, etc.), expect to spend some time scratching your head and searching for settings which may have been relocated. For example, the Time Machine settings are now hidden in the “General” section and there is no longer a way to prioritize which WiFi networks your Mac looks for when it wakes from sleep.
The new “System Settings” in Ventura

A good article on the newly redesigned System Settings: https://www.intego.com/mac-security-blog/get-to-know-the-system-settings-app-on-macos-ventura/

I will update this post as new features or bugs dictate mention.

Getting Loopy with Sonos

I’ve now untangled several home networks which were brought to a grinding halt due to network “broadcast storms” caused by Sonos music players. This is avoidable and stupid network engineering on Sonos’s part. Here’s more about why this happens:

With networks, it has always been best practice to connect devices via Ethernet cable, whenever possible. Ethernet cabling is faster and more reliable because it is impervious to radio/WiFi interference. Ethernet performance does not degrade over distance like WiFi.

Devices which are capable of being connected via Ethernet should be designed to disable WiFi (preferably automatically) when connected with a cable. This avoids loops in the network, which create “broadcast storms” and bring the network down. The video below explains this phenomenon and also introduces a technology known as “Spanning Tree Protocol” – something we find in more expensive, business-class Ethernet switches, not the usual “unmanaged” Ethernet gear most users have in their homes:

The problem here is two-fold:

  1. Sonos’s engineering team has made the decision to keep the “SonosNet” wireless network active, even when their device is connected via Ethernet. This is almost certainly going to cause broadcast storms on the user’s network.
  2. This requires the user/installer for a HOME network product to be network savvy and have the knowledge and forethought to avoid this serious problem.

If you have Sonos gear on your network and it is connected via Ethernet (as it should be, when possible), you might consider disabling WiFi on your Sonos products as described in the article here:

https://bsteiner.info/articles/disabling-sonos-wifi

Sonos seems to think keeping WiFi enabled on Ethernet connected devices provides some type of redundancy (I guess in case the Ethernet cable gets unplugged?), but I think it is ridiculous and irresponsible to propose the “fix” to be an expensive business-class Ethernet switch in a home environment. Google search for “Sonos Network Storm” and you’ll see how many users this dumb design has impacted. Here, I’ll do it for you:

http://lmgtfy.com/?q=sonos+network+storm

KRACK: WiFi WPA2 Encryption Broken?

Update: Thursday, October 19th 10:50pm:

Dave Hamilton and the folks at The Mac Observer are keeping and updating a list of router vendors who have updated their firmware to block the different CVE’s (vulnerabilities):

https://www.macobserver.com/news/list-of-krack-patches-routers/

(older updates in red at the bottom of this post, newest posts are a the bottom)

Reports are surfacing across the internet tonight with rumors of the WiFi WPA2 encryption mechanism as being “compromised.” What does this mean?

When you connect to a password protected WiFi network (you’re NEVER joining non-password protected WiFi networks, right?!?), the traffic between your device and the WiFi access point (often your internet router) is encrypted using WPA2 (“Wi-Fi Protected Access”).  This scrambling of your data means the information your Mac, iPhone or iPad sends/receives isn’t visible to another party (i.e. someone sitting in their car, outside your house) as it flies through the air, between your devices.

While some websites and software services also encrypt your data using something called “SSL”, this isn’t always the case and WiFi users have come to rely on the basic security of WPA2 to keep any non-SSL data transmission from prying eyes.

Tonight’s reports seem to indicate that researchers have found a way to break the security of WPA2. This means that even password protected WiFi networks are no longer secure.

This story is just coming to light and I anticipate big press coverage tomorrow and in the days following. I will update this as we know more. Here is the current take from Ars Technica:

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

For now, I (as always) recommend connecting devices with Ethernet whenever possible and securing WiFi connections using a VPN.

 

Update 10/16/2017 @ 8:15am:

All the gory details are available here: https://www.krackattacks.com

The KRACK vulnerability demonstrated:

https://www.youtube.com/watch?time_continue=263&v=Oh4WURZoR98

  • It appears this vulnerability in WPA2 *may* be able to be patched with a software update from either side (client device or the WiFi access point). If true, this is good news as it means you wouldn’t need to replace your router if the manufacturer is out of business or isn’t planning to release a firmware update for your model: “Implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available.” To exploit this, an attacker must be within range of your WiFi network (i.e ~several hundred feet). This does NOT allow someone to access your devices, data or network from afar.
  • Unless you have some serious enemies (foreign governments, a highly tech-savvy Ex), hackers are likely to start trying this vulnerability on larger targets (big companies with credit card data, health data, financial records), rather than your small office or home network.
  • This is reportedly worse for devices running Android (non-Apple mobile phones) and Linux (many servers).
  • My recommendations above remain true – use Ethernet where possible and VPN when on WiFi.

 

Update 10/16/2017 @ 11:45am:

A good podcast with relevant KRACK information from The Mac Observer here:

 

Update 10/16/2017 @ 3:50pm:

Apple says they’ve fixed the exploit in the latest beta releases of iOS 11.1:

https://www.macrumors.com/2017/10/16/krack-wifi-vulnerabilities-patched-apple-ios-macos/

This release is available to developers as well as a public beta now.

Still no word on a firmware update for AirPort hardware…

Update 10/17/2017 @ 5:25pm:

iDownloadblog.com is reporting “The hack doesn’t seem to exploit access points such as Apple’s AirPort wireless appliances.” and “AirPort hardware not vulnerable”:

http://www.idownloadblog.com/2017/10/17/wi-fi-wpa2-krack-attack-apple-os-betas-fixed/

I have not seen proof of this claim yet and Apple has’t officially commented, so take it with the appropriate grain of salt…

Kirk van Druten

LANsharks Consulting