Bart Busschots, Author at Podfeet Podcasts

Security Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb

Security Medium — The Efail Email Encryption Vulnerability

The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG.

Under certain circumstances, the bug allows an attacker to trick email clients into sending a copy of the decrypted versions of encrypted emails to a server of their choice. The bug is triggered in the client, so it affects every email opened by the client, regardless of when it was sent, so this bug could allow an attacker to read encrypted emails arbitrarily far back in time.

Continue reading “Security Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb”

Security Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy

DNS Correction

On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router.

It turns out it’s not possible to set system-wide DNS settings on iOS or Android. This means that the Hybrid Approach we described of setting a third-party DNS on your home router and then also hard-coding it on your mobile devices remains the best advice, but it’s not possible to do on iOS or Android devices. Annoyingly, that means there is no good solution to protect these devices 🙁. Thanks very much to Allister Jenks for drawing our attention to this in our Google Plus Community.

Followups

The Facebook/Cambridge Analytica Kerfuffle:
Continue reading “Security Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy”

Security Bits – Even More Cambridge Analytica/Facebook, WebAuthn

Followup 1 — Meltdown/Spectre

Followup 2 — The Cambridge Analytica/Facebook Kerfuffle

Continue reading “Security Bits – Even More Cambridge Analytica/Facebook, WebAuthn”

Security Bits Special — The Cambridge Analytica & Facebook Kerfuffle

The Cliff Notes Version of the Story

This story was broken by two major news paper organisations cooperating with each other — the Guardian (through it’s publication the Observer) in the UK, and the New York Times in the US:

Continue reading “Security Bits Special — The Cambridge Analytica & Facebook Kerfuffle”

NC #671 Hot Whiskey, MFi Hearing Aids, CES Wonder Workshop, AppleTV & AirPods, iCloud Photo Library Syncing, Mylio & Security Bits

Bart Busschots stands in for a vacationing Allison Sheridan. Since the show is recorded on St. Patrick’s Day, Bart starts with a recipe for an Irish hot whiskey. Then we have a review of MFi Hearing Aids from listener Gretchen, an interview with Wonder Workshop recorded by Allison & Steve at CES earlier this year, an AppleTV & AirPod dumb question & answer from listener Dick, an iCloud Photo library syncing story from Allison, a review of Mylio from listener Tom, and finally a solo Security Bits from Bart.

mp3 download

Continue reading “NC #671 Hot Whiskey, MFi Hearing Aids, CES Wonder Workshop, AppleTV & AirPods, iCloud Photo Library Syncing, Mylio & Security Bits”

Security Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey

March 17, 2018
by Bart Busschots

Spectre/Meltdown Update

Microsoft have removed the special registry flag which prevented the Spectre/Meltdown patches being applied on machines without AV that explicitly declares itself compatible with the patch. This approach made sense early in the response to these bugs, but it did have an undesirable side-effect, a machine with no AV would never get patched. That’s no longer the case now — arstechnica.com/…
Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips — arstechnica.com/…

Continue reading “Security Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey”

Security Bits – US Customs Epic Security Fail, Can Cellebrite Unlock Any iPhone

Spectre/Meltdown Update

Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake — arstechnica.com/…
Intel’s latest set of Spectre microcode fixes is coming to a Windows update — arstechnica.com/…
In an SEC filing in the US, Intel have revealed there are now 32 lawsuits against it over Spectre & Meltdown — arstechnica.com/…

Continue reading “Security Bits – US Customs Epic Security Fail, Can Cellebrite Unlock Any iPhone”

Security Bits – Google’s Ad Filter, iBoot Leak, iOS Teluga Text Bug

Security Medium 1 — Google’s Ad Filter

On February 15 Google’s Chrome browser gained a nice new feature for controlling ads. It’s been reported on as an ad blocker, but that coverage misses a very important subtlety. Google itself calls the feature ad filtering, and an ad filter describes this feature very well indeed.

Google is an advertising company, it is not in their interest to destroy the advertising industry. They’re trying to solve a subtly different problem — the rise of ad blockers!

Continue reading “Security Bits – Google’s Ad Filter, iBoot Leak, iOS Teluga Text Bug”

Security Bits – Spectre/Meltdown Update, Strava Heat Maps

Followup — Spectre & Meltdown News

Security Medium — Strava Heatmaps have Unintended Consequences

The popular exercise tracking app Strava regularly produces a really cool heat-map that shows where most people run, cycle, swim etc.. The data is anonymised, so it all seems like some innocent fun. The latest version of the heatmap was published back in November, and no one thought it was a problem.

Continue reading “Security Bits – Spectre/Meltdown Update, Strava Heat Maps”

Security Bits – Spectre & Meltdown Update (Again), Dark Caracal, chaiOS

Meltdown & Spectre Update

Steve Gibson of GRC (author of ShieldsUp & SpinRite) has released InSpectre, a free Windows app which clearly communicates your PC’s current level of protection against Meltdown & Spectre, and what kind of a performance hit you should expect — www.grc.com/…
RedHat have withdrawn their microcode patch for Spectre after it caused some systems to become unbootable (Linux supports dynamic updating of CPU microcode without the need for a BIOS update) — www.theregister.co.uk/…
A great post on the official Raspberry PI blog that primarily aims to explain why the Raspberry PIs are not vulnerable to Spectre, but in the process, explain Spectre in clearest and most understandable way I’ve yet seen — www.raspberrypi.org/…

Continue reading “Security Bits – Spectre & Meltdown Update (Again), Dark Caracal, chaiOS”

1 2 3 4

May 2018
S	M	T	W	T	F	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Security Medium — The Efail Email Encryption Vulnerability

DNS Correction

Followups

Followup 1 — Meltdown/Spectre

Followup 2 — The Cambridge Analytica/Facebook Kerfuffle

The Cliff Notes Version of the Story

Spectre/Meltdown Update

Spectre/Meltdown Update

Security Medium 1 — Google’s Ad Filter

Followup — Spectre & Meltdown News

Security Medium — Strava Heatmaps have Unintended Consequences

Meltdown & Spectre Update

Posts navigation