Security Bits – 1 Nov 2019 Notable Security Updates Apple updates just about everything: Everything you need to know about iOS and iPadOS 13.2 — arstechnica.com/… Some users experiencing bricked HomePod after updating to iOS 13.2 [Update: pulled] — 9to5mac.com/… Related: Apple resumes human reviews of Siri audio with iPhone update — apnews.com/… Related: iOS […]
Continue readingMore TagAuthor: Bart Busschots
Security Bits – 20 October 2019
Security Medium 1 — Apple Card is not Magic A story made a lot of news this week because it involved a physical Apple Card being skimmed. It underlines the fact that people do not understand that when they fall back to using the physical card or entering the virtual number into a website manually, […]
Continue readingMore TagSecurity Bits – 5 October 2019
Followup Bluetooth permissions on iOS A nice article explaining some of the most common legitimate reasons apps me request BlueTooth access: Here’s why so many apps are asking to use Bluetooth on iOS 13 — www.theverge.com/… CloudFlare’s Warp VPN has Finally been Released — blog.cloudflare.com/…, nakedsecurity.sophos.com/… & www.imore.com/… Note that VPNs can provide encryption and […]
Continue readingMore TagSecurity Bits – 21 September 2019
Security Medium 1 — SimJacker A remotely exploitable vulnerability has been found in the firmware running on billions of SIM cards around the world. The vulnerability can be triggered by sending a malicious SMS message to the phone number served by the victim SIM card. Once the SIM card is infected it can then reach […]
Continue readingMore Tag
CCATP #607 – Bart Busschots’s Podcast Recommendations
In this week’s episode of Chit Chat Across the Pond Bart Busschots joins us to talk about how he arranges his podcast listening, how he categorizes them and then what kinds of shows he likes. Bart listens to around 6 hours of podcasts per day so this is quite a long list. He purposely didn’t […]
Continue readingMore TagSecurity Bits – 8 September 2019
Followup Apple draws a line under the ‘Siri Grading’ kerfuffle with a a public letter apologising for not reaching their own high standards, explaining how Siri protects user privacy, and outline some changes to how grading will be carried out in future — www.apple.com/… Apple send as little as possible data to Siri, using on-device […]
Continue readingMore TagSecurity Bits – 27 August 2019
Followups GitHub joins WebAuthn club — nakedsecurity.sophos.com/… Human Review of Voice Assistant Recordings: Facebook got humans to listen in on some Messenger voice chats — nakedsecurity.sophos.com/… Microsoft have humans review your conversations, and they’re not up for changing that fact: Microsoft won’t shift on AI recordings policy — nakedsecurity.sophos.com/… Humans may have been listening to […]
Continue readingMore TagSecurity Bits – 10 August 2019
Security Medium 1 — Human Review of Voice Assistant Recordings The Guardian newspaper started what turned out to be a far-ranging controversy be reporting that when Apple said they kept anonymised Siri recordings for analysis, that analysis included grading by human beings. Specifically, by outside contractors.
Continue readingMore Tag
FIDO2 — Why Do We Care?
DISCLAIMER I’m not a FIDO expert. I understand the principles and the concepts, but I have no experience with the minute details. I’ve done my best to read as much as I can, and I believe everything here is accurate, but I may have made the odd mistake, and if I have, I apologise! The […]
Continue readingMore Tag
Security Bits – 25 July 2019
Followups The Zoom webcam/webserver issue We now have confirmation that the vulnerability was also present in the RingCentral and Zhumu apps — www.imore.com/… Apple have rolled out an additional automatic security update to address the issues with these apps — www.macobserver.com/… Related Opinion: John Gruber addresses the question Isn’t [Apple’s response] “nonconsensual technology” too? in […]
Continue readingMore Tag