Deep Dive 1 — Opera’s ‘VPN’ is Useful but Poorly Named Opera made some news by expanding out their free in-browser security feature they call a VPN to iOS, this makes the feature truly cross-platform, covering Windows, Mac, Android, and now iOS. This news triggered me to look into the feature before linking to the […]
Continue readingMore TagCategory: Security Bits
Security Bits — 2 April 2023
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇦🇹 🇧🇪 🇮🇹 🇱🇺 🇳🇱 🇵🇹 Apple expands Emergency SOS via satellite to six more countries — appleinsider.com/… (Austria, Belgium, Italy, Luxembourg, the Netherlands & Portugal) Deep Dive — Two aCropalypses TL;DR — the […]
Continue readingMore TagSecurity Bits — 19 March 2023
Deep Dive — Critical Android Base-Band Vulnerabilities❗ TL;DR: this is bad — remote code execution without user interaction over the cellular network, combined with the usual level of security confusion that goes with Android’s model. Unless your Android device is on the list of known-patched devices, or unless your vendor has explicitly announced that they […]
Continue readingMore TagSecurity Bits — 5 March 2023
Deep Dive 1 — The Last Pass Breach Reports Since we last recorded, LastPass have released a lot of very detailed information. This is finally the level of detail I expect to see from responsible organisations. The structure and contents of the various reports are in line with industry norms at last. The best entry […]
Continue readingMore TagSecurity Bits – 19 February 2023
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Following on from the warning linked last time about the dangers of using AirTags to track pets, The Mac Observer have some recommendations for trackers that are specifically designed to safely track pets — […]
Continue readingMore TagSecurity Bits — 5 Feb 2023
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Anker admits that Eufy cameras were never encrypted — appleinsider.com/… Apple have released their support for hardware Fido tokens for iCloud 2FA — sixcolors.com/… Editorial by Bart: remember that this feature comes with a […]
Continue readingMore TagSecurity Bits — 22 January 2023 (Just Bart)
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. LastPass Update: It gets worse, we now know there were some people with just 500 rounds of PBKDF2, and even a few with one round 🙁 There was a brief false dawn when some […]
Continue readingMore TagSecurity Bits — 8 January 2023
Deep Dive 1 — Rethinking the Last Pass Breach (It’s Worse 🙁) Two weeks ago the latest details on the Last Pass breach were much fresher, and since then two things have happened: More facts have come to my attention More well-reasoned opinions have been expressed In terms of new information we have the following: […]
Continue readingMore TagSecurity Bits — 23 December 2022 🎄
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 Apple have released their opt-in new Advanced Data Protection for iCloud , but only in the US for now — appleinsider.com/… At least initially, enabling ADP could complicate the setup of new devices […]
Continue readingMore TagSecurity Bits — 11 December 2022 Deep Dives on Eufy Credibility Problems and Apple New Security Features
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The Twitter Chaos Continues: 🇪🇺 EU Commissioner Thierry Breton has warned Twitter that it needs to bring its moderation practices up to speed before the Digital Services Act (DSA) goes into effect next year […]
Continue readingMore Tag