Feedback & Followups
- Apple are letting Parler back into the iOS AppStore, they have apparently sufficiently reformed their moderation practices — www.imore.com/…
- SolarWinds are changing their name to N-able! — www.n-able.com/…
Deep Dive(s)
❗ Action Alerts
- Apple have released security and feature updates for just about everything — tidbits.com/… & us-cert.cisa.gov/… (more complete list)
- iOS 14.5 brings App Tracking Transparency, and, Apple Watch unlock when wearing a face mask — www.macobserver.com/…
- iOS 14.5: Here’s How to Start Blocking App Trackers — www.macobserver.com/…
- Apple confirms iOS 14 app tracking option disabled in some cases — www.imore.com/… (Kids, managed Apple IDs in Education/Business, and brand new accounts)
- How to Fix Your iPhone’s ‘App Tracking Transparency’ If It’s Grayed Out in iOS 14.5 – Lifehacker
- Related: 🎦 Another excellent WSJ video from Joanna Stern – she explains ATT including an interview with Apple’s Craig Federighi — youtu.be/…
- Related: No incentives for iOS 14.5 app tracking allowed, says Apple — www.imore.com/…
- Related: How to unlock your iPhone with your Apple Watch — www.imore.com/…
- MacOS 11.3 patches an important bug in GateKeeper: www.macobserver.com/…
- iOS 14.5 brings App Tracking Transparency, and, Apple Watch unlock when wearing a face mask — www.macobserver.com/…
- Gamers update! Nvidia patches GPU driver kernel escalation bugs — nakedsecurity.sophos.com/…
Worthy Warnings
- Security researchers at the Technical University of Darmstadt 🇩🇪 are warning about a significant data leak from Apple’s AirDrop when in contacts only mode, because they allow self-signed certs (dumb and easy to fix), and because they uses un-salted hashes, email addresses and phone numbers are exposed. For now, it seems best to leave AirDrop off when you don’t need it, and open to all when you do need it — nakedsecurity.sophos.com/…
- Editorial by Bart: this is such low-hanging security fruit Apple should be utterly ashamed of themselves. Clearly, this protocol has been left languishing for far too long. I use AirDrop a lot since it actually works well these days, so I really hope Apple fix these trivial short-comings quickly. Just stop accepting self-signed certs immediately, and add some salt!
- 🇺🇸 Experian API Exposed Credit Scores of Most Americans – Krebs on Security — krebsonsecurity.com/…
Notable News
- Renowned Internet Security Researcher Daniel Kaminsky Dies at 42 — daringfireball.net/…
- Dutch 🇳🇱 politicians were tricked by a sophisticated DeepFake — they had a video conferencing call with an imposter pretending to be Alexei Navalny’s chief of staff Leonid Volkov. There is talk of state actors being involved, and reports of other politicians in other European countries being similarly tricked — nltimes.nl/…
- Apple have launched their AirTags trackers, and they’ve baked security and privacy right into the heart of the design — www.fastcompany.com/…
- Firefox 88 has closed another tracking loop-hole (the unassuming
window.nameJavaScript variable), and other browser vendors are following their lead — nakedsecurity.sophos.com/… - Major tech/security firms including Amazon, Cisco, FireEye, McAfee & Microsoft are working to establish an international task force targeted at disrupting ransomware operations — krebsonsecurity.com/…
Interesting Insights
- The Verge tells the story of Kosta Eleftheriou’s one-man quest to draw attention to Apple’s utter failure to keep obvious scam subscriptions out of their iOS AppStore. They’re shockingly easy to find 🙁 — www.theverge.com/…
- Security researcher extraordinaire and co-author of the Signal Protocol (powering Signal, WhatsApp, Facebook Messenger and more) Moxie Marlinspike explains the spectacular insecurities he found in Cellebrite’s iPhone data extraction tools (TL;DR – these things are so insecure their outputs can’t be used in court, and the seem to violate Apple’s IP to boot) — signal.org/…
Palate Cleansers
- A wonderfully illustrated and animated guide to the mechanical marvel that is the internal combustion engine — ciechanow.ski/…
Legend
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |