Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Following on from the iOS clipboard security weakness discussed in the previous instalment, security researchers have now observed many popular iOS apps periodically polling the clipboard for no apparent reason, and it’s not known […]
Continue readingMore TagCategory: Security Bits
Security Bits — 8 March 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. FireFox are continuing their roll-out of DoH, enabling it by default for new installs in the US — nakedsecurity.sophos.com/… Google stops indexing WhatsApp chats; other search engines still at it — nakedsecurity.sophos.com/… HomeKit Router […]
Continue readingMore TagSecurity Bits — 23 February 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Developments in the Avast Browser History Data Sales story: Avast kills off Jumpshot, the subsidiary that sold all your Web data — arstechnica.com/… 🇨🇿 Czech Authorities to Investigate Avast Over Sale of Users’ Browser […]
Continue readingMore TagSecurity Bits — 9 February 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🧯Intel have released a fix for yet another named bug in performance-enhancing features of their CPUs. This one is named CacheOut because it involves cache evictions. The key takeaway is that like the other […]
Continue readingMore TagSecurity Bits — 26 January 2020
Feedback & Followups Following on from Apple’s introduction of support for FIDO2 in iOS 13, Google now allow you to use an iPhone as a hardware security token — nakedsecurity.sophos.com/… 🇺🇸 Following on from YouTube’s recent $170 million fine for breaching COPPA, a bi-partisan bill has been introduced in the US House of Representatives named […]
Continue readingMore TagSecurity Bits – 12 January 2020
Commentary by Allison — Bart is testing out a new format which in theory will cut the time it takes him to do Security Bits in half. This week is 4 weeks worth of security news so it’s not the best test case, but the new format is here. We welcome feedback on it as […]
Continue readingMore TagSecurity Bits – 22 December 2019
Note: This is the second of two episodes both recorded on the 15th of December 2019, but released over two weeks. Security Medium 1 — An Over-hyped VPN Weakness The internet positively hyper-ventilated when security researchers claimed to have found a bug in the TCP/IP implementation on just about every OS that could compromise just […]
Continue readingMore TagSecurity Bits – 15 December 2019
Note: This is the first of two episodes both recorded on the 15th of December 2019, but released over two weeks. 🧯Security Medium Preview 1 — VPNs Not All Hacked We’ll dig into the details in the second part of this two-parter, but for now, I just want to set everyone’s mind at ease — […]
Continue readingMore TagSecurity Bits – 1 December 2019
Followups: DNS over HTTPS: DNS-over-HTTPS is coming to Windows 10 — nakedsecurity.sophos.com/… Related: 🎧 Steve Gibson reports the Windows 10 story, and uses it as a transition into a deep-dive into some of the exceptionally cool possible improvements HTTPS + HTTP2 & HTTP3 could bring to DNS — Security Now Episode 742: Pushing “DoH” — […]
Continue readingMore TagSecurity Bits – 17 November 2019
Followup 🇺🇸 Mozilla refute the very misleading (factually incorrect) presentation American ISPs gave to congress urging them to take action against encrypted DNS (DoH) — nakedsecurity.sophos.com/… Microsoft have issued yet another warning about the patch they released a few months ago for older versions of Windows to remove the so-called BlueKeep vulnerability. Attacks have now […]
Continue readingMore Tag