Security Medium — The Efail Email Encryption Vulnerability The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG. Under certain circumstances, the bug allows an attacker to […]
Continue readingAuthor: Bart Busschots
Security Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy
DNS Correction On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router. It turns out it’s not possible to set system-wide DNS settings on iOS or Android. […]
Continue readingSecurity Bits – Even More Cambridge Analytica/Facebook, WebAuthn
Followup 1 — Meltdown/Spectre Intel won’t fix Spectre flaws in older chips — nakedsecurity.sophos.com/… AMD systems gain Spectre protection with latest Windows fixes — arstechnica.com/… Followup 2 — The Cambridge Analytica/Facebook Kerfuffle
Continue reading
Security Bits Special — The Cambridge Analytica & Facebook Kerfuffle
The Cliff Notes Version of the Story This story was broken by two major news paper organisations cooperating with each other — the Guardian (through it’s publication the Observer) in the UK, and the New York Times in the US:
Continue reading
NC #671 Hot Whiskey, MFi Hearing Aids, CES Wonder Workshop, AppleTV & AirPods, iCloud Photo Library Syncing, Mylio & Security Bits
Bart Busschots stands in for a vacationing Allison Sheridan. Since the show is recorded on St. Patrick’s Day, Bart starts with a recipe for an Irish hot whiskey. Then we have a review of MFi Hearing Aids from listener Gretchen, an interview with Wonder Workshop recorded by Allison & Steve at CES earlier this year, […]
Continue readingSecurity Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey
Spectre/Meltdown Update Microsoft have removed the special registry flag which prevented the Spectre/Meltdown patches being applied on machines without AV that explicitly declares itself compatible with the patch. This approach made sense early in the response to these bugs, but it did have an undesirable side-effect, a machine with no AV would never get patched. […]
Continue readingSecurity Bits – US Customs Epic Security Fail, Can Cellebrite Unlock Any iPhone
Spectre/Meltdown Update Intel ships (hopefully stable) microcode for Skylake, Kaby Lake, Coffee Lake — arstechnica.com/… Intel’s latest set of Spectre microcode fixes is coming to a Windows update — arstechnica.com/… In an SEC filing in the US, Intel have revealed there are now 32 lawsuits against it over Spectre & Meltdown — arstechnica.com/…
Continue readingSecurity Bits – Google’s Ad Filter, iBoot Leak, iOS Teluga Text Bug
Security Medium 1 — Google’s Ad Filter On February 15 Google’s Chrome browser gained a nice new feature for controlling ads. It’s been reported on as an ad blocker, but that coverage misses a very important subtlety. Google itself calls the feature ad filtering, and an ad filter describes this feature very well indeed. Google […]
Continue readingSecurity Bits – Spectre/Meltdown Update, Strava Heat Maps
Followup — Spectre & Meltdown News Intel asks customers to halt patching for chip bug, citing flaw — www.reuters.com/… New Windows patch disables Intel’s bad Spectre microcode fix — arstechnica.com/… macOS Sierra, OS X El Capitan Updates Patch Meltdown Flaw — www.intego.com/… Apple offers another Meltdown fix for Mac users… — nakedsecurity.sophos.com/… Security Medium — […]
Continue readingSecurity Bits – Spectre & Meltdown Update (Again), Dark Caracal, chaiOS
Meltdown & Spectre Update Steve Gibson of GRC (author of ShieldsUp & SpinRite) has released InSpectre, a free Windows app which clearly communicates your PC’s current level of protection against Meltdown & Spectre, and what kind of a performance hit you should expect — www.grc.com/… RedHat have withdrawn their microcode patch for Spectre after it […]
Continue reading