Security Bits logo - a green padlock with the words Security Bits to the right and in tiny letters below ithat it says 10101010 indicating a digital lock

Security Bits — 14 April 2024

Feedback & Followups

  • An excellent writeup detailing the fascinating story of the XZUtils compromise we discussed last time —… (Editorial by Bart: Definitely one of the nearest misses we’ve had in the supply chain for some time, hopefully, it focuses some more eyes on the importance of supporting important open source projects that underpin many systems)
  • 🇺🇸 AT&T have not yet explained how they were breached, but they have now admitted the breach was bigger than they first realised, and have now notified 51M current and past customers —…
  • The Sunbird iMessage client for Android is back, but while the glaring security bugs may be gone, the fundamental problem m remains – you need to give the app your Apple ID users and password for it to work —… (Editorial by Bart: don’t, just don’t!)
  • Supply-chain attacks targeting developed continue – attackers have been discovered gaming the GitHub search rankings to boost their malicious packages up the rankings —… (Editorial by Bart: my advice remains the same, start on the project’s website, don’t search on NPM or GitHub or anywhere like that, you can’t trust the results)
  • When given a choice, Europeans seem to prefer privacy-focused browsers: Report: People are bailing on Safari after DMA makes changing defaults easier —… (Based on reporting and a survey carried out by Reuters)
  • 🧯 There is another new variant of the Spectre 2 attack against the Linux kernel, it is more potent than the original Spectre 2 attacks, but it’s still not relevant to home users, and the major Linux distros used to power the cloud are on it —…

Deep Dive(s)

❗ Action Alerts

Worthy Warnings

Notable News

Excellent Explainers

Interesting Insights

  • A nice overview of Mac malware for the first quarter of 2024 —… (for the most part, not pirating software, steering clear of crypto currency, and being careful in the App Store still keeps you safe)

Just Because it’s Cool 😎

  • A wonderfully geeky post from The Eclectic Light Company explaining just how macOS decides what app to open when you double-click on a file in the Finder —…

Palate Cleansers

  • From Bart:
    • A timely XKCD making a point I make over and over again – seeing a 99% total solar eclipse is cool, but it’s absolutely nothing like a total eclipse, if you haven’t experienced totality, you have no idea what an amazing experience it is! —…
    • From Allison:
      xckd on clouds and eclipses:…
    • 🎧 A short new weekly podcast I’ve been enjoying a lot, and now they’ve tackled a NosillaCast-adjacent topic: The Economics of Everyday Things: 43. Top-Level Domains —…


When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji Meaning
🎧 A link to audio content, probably a podcast.
A call to action.
flag The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
📊 A link to graphical content, probably a chart, graph, or diagram.
🧯 A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵 A link to an article behind a paywall.
📌 A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩 A tip of the hat to thank a member of the community for bringing the story to our attention.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top