Open post
Security Bits Logo

Security Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb

Security Medium — The Efail Email Encryption Vulnerability

The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG.

Under certain circumstances, the bug allows an attacker to trick email clients into sending a copy of the decrypted versions of encrypted emails to a server of their choice. The bug is triggered in the client, so it affects every email opened by the client, regardless of when it was sent, so this bug could allow an attacker to read encrypted emails arbitrarily far back in time.

Continue reading “Security Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb”

Open post
Security Bits Logo

Security Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy

DNS Correction

On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router.

It turns out it’s not possible to set system-wide DNS settings on iOS or Android. This means that the Hybrid Approach we described of setting a third-party DNS on your home router and then also hard-coding it on your mobile devices remains the best advice, but it’s not possible to do on iOS or Android devices. Annoyingly, that means there is no good solution to protect these devices 🙁. Thanks very much to Allister Jenks for drawing our attention to this in our Google Plus Community.

Followups

Open post
NosillaCast Logo

NC #671 Hot Whiskey, MFi Hearing Aids, CES Wonder Workshop, AppleTV & AirPods, iCloud Photo Library Syncing, Mylio & Security Bits

Bart Busschots stands in for a vacationing Allison Sheridan. Since the show is recorded on St. Patrick’s Day, Bart starts with a recipe for an Irish hot whiskey. Then we have a review of MFi Hearing Aids from listener Gretchen, an interview with Wonder Workshop recorded by Allison & Steve at CES earlier this year, an AppleTV & AirPod dumb question & answer from listener Dick, an iCloud Photo library syncing story from Allison, a review of Mylio from listener Tom, and finally a solo Security Bits from Bart.

mp3 download

Continue reading “NC #671 Hot Whiskey, MFi Hearing Aids, CES Wonder Workshop, AppleTV & AirPods, iCloud Photo Library Syncing, Mylio & Security Bits”

Security Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey

Spectre/Meltdown Update

Continue reading “Security Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey”

Open post
Security Bits Logo

Security Bits – US Customs Epic Security Fail, Can Cellebrite Unlock Any iPhone

Spectre/Meltdown Update

Continue reading “Security Bits – US Customs Epic Security Fail, Can Cellebrite Unlock Any iPhone”

Open post
Security Bits Logo

Security Bits – Google’s Ad Filter, iBoot Leak, iOS Teluga Text Bug

Security Medium 1 — Google’s Ad Filter

On February 15 Google’s Chrome browser gained a nice new feature for controlling ads. It’s been reported on as an ad blocker, but that coverage misses a very important subtlety. Google itself calls the feature ad filtering, and an ad filter describes this feature very well indeed.

Google is an advertising company, it is not in their interest to destroy the advertising industry. They’re trying to solve a subtly different problem — the rise of ad blockers!

Continue reading “Security Bits – Google’s Ad Filter, iBoot Leak, iOS Teluga Text Bug”

Open post
Security Bits Logo

Security Bits – Spectre/Meltdown Update, Strava Heat Maps

Followup — Spectre & Meltdown News

Security Medium — Strava Heatmaps have Unintended Consequences

The popular exercise tracking app Strava regularly produces a really cool heat-map that shows where most people run, cycle, swim etc.. The data is anonymised, so it all seems like some innocent fun. The latest version of the heatmap was published back in November, and no one thought it was a problem.

Continue reading “Security Bits – Spectre/Meltdown Update, Strava Heat Maps”

Open post
Security Bits Logo

Security Bits – Spectre & Meltdown Update (Again), Dark Caracal, chaiOS

Meltdown & Spectre Update

  • Steve Gibson of GRC (author of ShieldsUp & SpinRite) has released InSpectre, a free Windows app which clearly communicates your PC’s current level of protection against Meltdown & Spectre, and what kind of a performance hit you should expect — www.grc.com/…
  • RedHat have withdrawn their microcode patch for Spectre after it caused some systems to become unbootable (Linux supports dynamic updating of CPU microcode without the need for a BIOS update) — www.theregister.co.uk/…
  • A great post on the official Raspberry PI blog that primarily aims to explain why the Raspberry PIs are not vulnerable to Spectre, but in the process, explain Spectre in clearest and most understandable way I’ve yet seen — www.raspberrypi.org/…

Continue reading “Security Bits – Spectre & Meltdown Update (Again), Dark Caracal, chaiOS”

Posts navigation

1 2 3 4
Scroll to top