Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. A little sting in the tail of that disgraceful threat by the Missouri Governor to prosecute a journalist for noticing personal data leaked in HTML source code of a government site – it was […]
Continue readingCategory: Security Bits
Security Bits — 20 Feb 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 An update on a story Allison referenced last time: Missouri governor rebuffed: Journalist won’t be prosecuted for viewing HTML — arstechnica.com/… 🇮🇱 The NSO Group/Pegasus Saga: The Israeli government has opened an investigation […]
Continue readingSecurity Bits — 5 Feb 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 ID.me developments: ID.me CEO Admits Company Uses ‘1:Many’ Facial Recognition — www.macobserver.com/… Treasury Considers ID.Me Alternatives Over Privacy Concerns — money.usnews.com/… Related: Tax scam emails are alive and well as US tax season […]
Continue readingSecurity Bits — 23 January 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 Un-redactions in an ongoing antitrust case against Google led by the state of Texas have revealed more details on how Google abuse their position of power in the ad world — in effect, […]
Continue readingSecurity Bits — 9 January 2022
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Log4Shell (Log4J): Log4Shell-like security hole found in popular Java SQL database engine H2 — nakedsecurity.sophos.com/… 🇺🇸 FTC threatens “legal action” over unpatched Log4j and other vulns — nakedsecurity.sophos.com/… 🇬🇧 Meta (né Facebook) have decided […]
Continue readingSecurity Bits — 22 December 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. NSO Group/Pegasus: Google’s Project Zero has released a very detailed report into how the ForcedEntry zero-click iMessage bug exploited by Pegasus worked — it’s deep deep reading, but this analysis highlights the key point […]
Continue readingSecurity Bits — 12 December 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 🇺🇬 Apple informed the US State Department that at least 9 iPhones used by their staff were infected with the NSO Group’s Pegasus malware. It’s not clear which NSO Group customer is responsible, […]
Continue readingSecurity Bits — 28 November 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Pegasus/NSO Group: Apple Lawsuit Goes After Spyware Firm NSO Group — tidbits.com/… Apple Digital IDs: Apple delays iOS 15’s driver’s license support until ‘early 2022’ — www.imore.com/… Reporting from CNBC reveals details of Apple’s […]
Continue readingSecurity Bits — 14 November 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Following on from our discussion of 2FA bypasses by tricking people into giving up their one-time-passwords, Vice did a detailed article describing one of the new 2FA-bypass-as-a-service cybercrime offerings: The Booming Underground Market for […]
Continue readingSecurity Bits — 29 October 2021
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🎦 As I suspected last time, there was much more to the UK Ring doorbell case than simply “Ring doorbells are illegal in the UK”. Thanks to listener John for sending on this excellent […]
Continue reading