Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. FireFox are continuing their roll-out of DoH, enabling it by default for new installs in the US — nakedsecurity.sophos.com/… Google stops indexing WhatsApp chats; other search engines still at it — nakedsecurity.sophos.com/… HomeKit Router […]
Continue readingCategory: Security Bits
Security Bits — 23 February 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Developments in the Avast Browser History Data Sales story: Avast kills off Jumpshot, the subsidiary that sold all your Web data — arstechnica.com/… 🇨🇿 Czech Authorities to Investigate Avast Over Sale of Users’ Browser […]
Continue readingSecurity Bits — 9 February 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🧯Intel have released a fix for yet another named bug in performance-enhancing features of their CPUs. This one is named CacheOut because it involves cache evictions. The key takeaway is that like the other […]
Continue readingSecurity Bits — 26 January 2020
Feedback & Followups Following on from Apple’s introduction of support for FIDO2 in iOS 13, Google now allow you to use an iPhone as a hardware security token — nakedsecurity.sophos.com/… 🇺🇸 Following on from YouTube’s recent $170 million fine for breaching COPPA, a bi-partisan bill has been introduced in the US House of Representatives named […]
Continue readingSecurity Bits – 12 January 2020
Commentary by Allison — Bart is testing out a new format which in theory will cut the time it takes him to do Security Bits in half. This week is 4 weeks worth of security news so it’s not the best test case, but the new format is here. We welcome feedback on it as […]
Continue readingSecurity Bits – 22 December 2019
Note: This is the second of two episodes both recorded on the 15th of December 2019, but released over two weeks. Security Medium 1 — An Over-hyped VPN Weakness The internet positively hyper-ventilated when security researchers claimed to have found a bug in the TCP/IP implementation on just about every OS that could compromise just […]
Continue readingSecurity Bits – 15 December 2019
Note: This is the first of two episodes both recorded on the 15th of December 2019, but released over two weeks. 🧯Security Medium Preview 1 — VPNs Not All Hacked We’ll dig into the details in the second part of this two-parter, but for now, I just want to set everyone’s mind at ease — […]
Continue readingSecurity Bits – 1 December 2019
Followups: DNS over HTTPS: DNS-over-HTTPS is coming to Windows 10 — nakedsecurity.sophos.com/… Related: 🎧 Steve Gibson reports the Windows 10 story, and uses it as a transition into a deep-dive into some of the exceptionally cool possible improvements HTTPS + HTTP2 & HTTP3 could bring to DNS — Security Now Episode 742: Pushing “DoH” — […]
Continue readingSecurity Bits – 17 November 2019
Followup 🇺🇸 Mozilla refute the very misleading (factually incorrect) presentation American ISPs gave to congress urging them to take action against encrypted DNS (DoH) — nakedsecurity.sophos.com/… Microsoft have issued yet another warning about the patch they released a few months ago for older versions of Windows to remove the so-called BlueKeep vulnerability. Attacks have now […]
Continue readingSecurity Bits – 1 Nov 2019
Security Bits – 1 Nov 2019 Notable Security Updates Apple updates just about everything: Everything you need to know about iOS and iPadOS 13.2 — arstechnica.com/… Some users experiencing bricked HomePod after updating to iOS 13.2 [Update: pulled] — 9to5mac.com/… Related: Apple resumes human reviews of Siri audio with iPhone update — apnews.com/… Related: iOS […]
Continue reading