Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Log4Shell (Log4J): Log4Shell-like security hole found in popular Java SQL database engine H2 — nakedsecurity.sophos.com/… 🇺🇸 FTC threatens “legal action” over unpatched Log4j and other vulns — nakedsecurity.sophos.com/… 🇬🇧 Meta (né Facebook) have decided […]
Continue readingMore TagCategory: Security Bits
Security Bits — 22 December 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. NSO Group/Pegasus: Google’s Project Zero has released a very detailed report into how the ForcedEntry zero-click iMessage bug exploited by Pegasus worked — it’s deep deep reading, but this analysis highlights the key point […]
Continue readingMore TagSecurity Bits — 12 December 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 🇺🇬 Apple informed the US State Department that at least 9 iPhones used by their staff were infected with the NSO Group’s Pegasus malware. It’s not clear which NSO Group customer is responsible, […]
Continue readingMore TagSecurity Bits — 28 November 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Pegasus/NSO Group: Apple Lawsuit Goes After Spyware Firm NSO Group — tidbits.com/… Apple Digital IDs: Apple delays iOS 15’s driver’s license support until ‘early 2022’ — www.imore.com/… Reporting from CNBC reveals details of Apple’s […]
Continue readingMore TagSecurity Bits — 14 November 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Following on from our discussion of 2FA bypasses by tricking people into giving up their one-time-passwords, Vice did a detailed article describing one of the new 2FA-bypass-as-a-service cybercrime offerings: The Booming Underground Market for […]
Continue readingMore TagSecurity Bits — 29 October 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🎦 As I suspected last time, there was much more to the UK Ring doorbell case than simply “Ring doorbells are illegal in the UK”. Thanks to listener John for sending on this excellent […]
Continue readingMore TagSecurity Bits — 17 October 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Another example of 2FA-bypass attacks in use in the wild: How Coinbase Phishers Steal One-Time Passwords – Krebs on Security — krebsonsecurity.com/… 🇪🇺 Pegasus Project: European Parliament awards journalism prize to investigation of use […]
Continue readingMore TagSecurity Bits — 1 October 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇫🇷 Pegasus spyware found on 5 French cabinet members’ phones — www.intego.com/… Social Media Developments: Facebook pauses Instagram Kids development following widespread concerns — www.imore.com/… YouTube Is Banning Prominent Anti-Vaccine Activists and Blocking All […]
Continue readingMore TagSecurity Bits — 19 September 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The NSO Group/Pegasus Saga: Apple have patched the vulnerability used by the NSO Group to deploy their Pegasus spyware, and the Citizens Lab have published a report on their discovery of the vulnerability which […]
Continue readingMore TagSecurity Bits by Bart Busschots – 05 September 2021
Bart had Tom Merritt of the Daily Tech News Show on the August episode of Let’s Talk Apple this week to have an extended discussion of Apple’s proposed child protection features. It’s a great discussion with someone who has been described (by a good friend) as being “pathologically unbiased.” You can find this episode of […]
Continue readingMore Tag