Followups 🇪🇺 EU Copyright Directive: Italy Wikipedia shuts down in protest at EU copyright law — www.bbc.com/… Copyright Directive legislation voted down by European Parliament — nakedsecurity.sophos.com/… (This is not the end of this legislation, but it is a significant setback.) Spectre/Meltdown Another variant has been discovered, but it’s similar enough to previous ones that […]
Continue readingMore TagAuthor: Bart Busschots
Security Bits – Mostly Good News
Followup Following on from security breaches at the 3rd-party companies all American cell phone companies were sharing real-time location data with, Verizon have announced they are ceasing all location data sharing (the other carriers have ended their relationships with some specifics companies, but not globally like this) — krebsonsecurity.com/… GDPR Fallout & Experiences: The Norwegian […]
Continue readingMore TagSecurity Bits – USB Restricted Mode, Apple’s Focus on Security in OS Announcements
Followups Telegram have now been able to update their apps on Apple’s non-Russian app stores — nakedsecurity.sophos.com/… The VPNFilter malware/botnet story continues to evolve as security researchers find more router makes and model are affected. Additions to the list include routers by Asus, D-Link, Huawei & ZTE — www.zdnet.com/…, nakedsecurity.sophos.com/… & www.imore.com/… 🇺🇸 As anticipated, […]
Continue readingMore TagSecurity Bits – VPNFilter, CallKit Removal in China, No Telegram Updates in App Store, End of Flash & Silverlight, Papua New Guinea Turns Off Facebook
Followups Spectre & Meltdown Details have been released of a new Spectre variant named Speculative Store Bypass, or SSB. The vulnerability affects AMD, ARM & Intel chips. Thankfully it can be mitigated quite easily, so it’s just a matter of applying software, OS, firmware, and microcode updates as they are released — arstechnica.com/…
Continue readingMore TagSecurity Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb
Security Medium — The Efail Email Encryption Vulnerability The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG. Under certain circumstances, the bug allows an attacker to […]
Continue readingMore TagSecurity Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy
DNS Correction On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router. It turns out it’s not possible to set system-wide DNS settings on iOS or Android. […]
Continue readingMore TagSecurity Bits – Even More Cambridge Analytica/Facebook, WebAuthn
Followup 1 — Meltdown/Spectre Intel won’t fix Spectre flaws in older chips — nakedsecurity.sophos.com/… AMD systems gain Spectre protection with latest Windows fixes — arstechnica.com/… Followup 2 — The Cambridge Analytica/Facebook Kerfuffle
Continue readingMore Tag
Security Bits Special — The Cambridge Analytica & Facebook Kerfuffle
The Cliff Notes Version of the Story This story was broken by two major news paper organisations cooperating with each other — the Guardian (through it’s publication the Observer) in the UK, and the New York Times in the US:
Continue readingMore Tag
NC #671 Hot Whiskey, MFi Hearing Aids, CES Wonder Workshop, AppleTV & AirPods, iCloud Photo Library Syncing, Mylio & Security Bits
Bart Busschots stands in for a vacationing Allison Sheridan. Since the show is recorded on St. Patrick’s Day, Bart starts with a recipe for an Irish hot whiskey. Then we have a review of MFi Hearing Aids from listener Gretchen, an interview with Wonder Workshop recorded by Allison & Steve at CES earlier this year, […]
Continue readingMore TagSecurity Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey
Spectre/Meltdown Update Microsoft have removed the special registry flag which prevented the Spectre/Meltdown patches being applied on machines without AV that explicitly declares itself compatible with the patch. This approach made sense early in the response to these bugs, but it did have an undesirable side-effect, a machine with no AV would never get patched. […]
Continue readingMore Tag