Followups Telegram have now been able to update their apps on Apple’s non-Russian app stores — nakedsecurity.sophos.com/… The VPNFilter malware/botnet story continues to evolve as security researchers find more router makes and model are affected. Additions to the list include routers by Asus, D-Link, Huawei & ZTE — www.zdnet.com/…, nakedsecurity.sophos.com/… & www.imore.com/… 🇺🇸 As anticipated, […]
Continue readingCategory: Security Bits
Security Bits – VPNFilter, CallKit Removal in China, No Telegram Updates in App Store, End of Flash & Silverlight, Papua New Guinea Turns Off Facebook
Followups Spectre & Meltdown Details have been released of a new Spectre variant named Speculative Store Bypass, or SSB. The vulnerability affects AMD, ARM & Intel chips. Thankfully it can be mitigated quite easily, so it’s just a matter of applying software, OS, firmware, and microcode updates as they are released — arstechnica.com/…
Continue reading
NC #680 Keep It, Backblaze B2, Airtable, Security Bits
There won’t be a live show next week, and the NosillaCast will be out on Tuesday instead of Sunday (sorry guys). Check out the tutorial I did on Keep It for ScreenCasts Online at screencastsonline.com. We’ve got another of Steve’s videos from NAB, this time from Backblaze about their B2 cloud storage. Then I’ll tell […]
Continue readingSecurity Bits – Efail, 4th Amendment, Glitch & ThrowHammer, Black Dot & Text-Bomb
Security Medium — The Efail Email Encryption Vulnerability The latest bug with a cool name and a cute logo is Efail, a mashup of the words email and fail. The bug affects encrypted email sent with both of the common email encryption protocols S/MIME & PGP/GPG. Under certain circumstances, the bug allows an attacker to […]
Continue readingNC #678 StepShot Guides, Monoprice SlimRun Ethernet & HDMI Cables, Security Bits
We’ll take a look at StepShot Guides to see if it’s a worthy replacement for Clarify after all. Then we have an interview with Monoprice from NAB where we’ll have a surprisingly interesting and funny interview about SlimRun Ethernet and HDMI cables. Bart and I haven’t talked Security Bits in ages, so we have a […]
Continue readingSecurity Bits – Facebook/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy
DNS Correction On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router. It turns out it’s not possible to set system-wide DNS settings on iOS or Android. […]
Continue readingNC #673 Dumb Mistakes, Monosnap Screencast, Worst Book Creation Apps, Security Bits
We start with how wrong I was last week, with two huge mistakes. I posted a teaser video about a Monosnap screencast I did for ScreenCasts Online, and how I was on Daily Tech News Show #3248 where we talked about whether the announcements from Apple will help them get back in the game with […]
Continue readingSecurity Bits – SESTA/FOSTA, CLOUD Act, Apple’s HSTS Clever Fix
Followups Cambridge Analytica & Facebook Kerfuffle Followup Additional developments: It’s been revealed that Facebook scraped call and text data from Android phones for years. Technically users did opt in to the collection, but it doesn’t seem to have been informed consent based on the public reaction to the reporting: Facebook scraped call, text message data […]
Continue reading
Security Bits Special — The Cambridge Analytica & Facebook Kerfuffle
The Cliff Notes Version of the Story This story was broken by two major news paper organisations cooperating with each other — the Guardian (through it’s publication the Observer) in the UK, and the New York Times in the US:
Continue readingSecurity Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey
Spectre/Meltdown Update Microsoft have removed the special registry flag which prevented the Spectre/Meltdown patches being applied on machines without AV that explicitly declares itself compatible with the patch. This approach made sense early in the response to these bugs, but it did have an undesirable side-effect, a machine with no AV would never get patched. […]
Continue reading