Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Recently we were alerted by Allister Jenks and Joe Preiser in our slack at podfeet.com/slack to a problematic idea I had on the last Security Bits. We were talking about how choosing an alphanumeric […]
Continue readingMore TagTag: facebook
Security Bits — 30 August 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇺🇸 Pennsylvania has announced plans to release an Apple/Google-based COVID app in September — www.imore.com/… Which U.S. states are using Apple’s Exposure Notification API for COVID-19 contact tracing? 9to5mac.com/… 🇦🇺 Australia’s non-Google/Apple COVID app […]
Continue readingMore TagSecurity Bits — 26 June 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Zoom says it’ll provide end-to-end encryption even for free users now — thenextweb.com/… COVID Exposure Notification/Contact Tracing Apps continue to be developed around the world with continued varying levels of success: Amnesty International warn […]
Continue readingMore TagSecurity Bits — 14 June 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. As expected, Apple quickly patched the Kernel flaw powering the Unc0ver Jailbreak: Kernel Vulnerability Causes Apple to Update All Operating Systems — tidbits.com/… Apple is no longer signing iOS 13.5, stopping jailbreakers from downgrading […]
Continue readingMore TagSecurity Bits — 19 April 2020
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Correction: — the microphone cut-off switch in the new iPad Pros is not a physical disconnect, but it is completely independent of iOS and can’t be affected by malware because it’s in the T2 […]
Continue readingMore TagSecurity Bits – 8 September 2019
Followup Apple draws a line under the ‘Siri Grading’ kerfuffle with a a public letter apologising for not reaching their own high standards, explaining how Siri protects user privacy, and outline some changes to how grading will be carried out in future — www.apple.com/… Apple send as little as possible data to Siri, using on-device […]
Continue readingMore TagSecurity Bits – 27 August 2019
Followups GitHub joins WebAuthn club — nakedsecurity.sophos.com/… Human Review of Voice Assistant Recordings: Facebook got humans to listen in on some Messenger voice chats — nakedsecurity.sophos.com/… Microsoft have humans review your conversations, and they’re not up for changing that fact: Microsoft won’t shift on AI recordings policy — nakedsecurity.sophos.com/… Humans may have been listening to […]
Continue readingMore TagSecurity Bits – 25 July 2019
Followups The Zoom webcam/webserver issue We now have confirmation that the vulnerability was also present in the RingCentral and Zhumu apps — www.imore.com/… Apple have rolled out an additional automatic security update to address the issues with these apps — www.macobserver.com/… Related Opinion: John Gruber addresses the question Isn’t [Apple’s response] “nonconsensual technology” too? in […]
Continue readingMore TagSecurity Bits – 14 July 2019
Security Medium 0 (more of a Followup) — 3rd-party Parental Control Apps Return to iOS Editorial by Bart: I’ve seen some very lazy reporting on this story, and I think the context and nuance are important, hence giving this apparently simple story the ‘Security Medium’ treatment. To understand what happened this week, it’s important to […]
Continue readingMore TagSecurity Bits – 3 May 2019
Followups Marcus Hutchins, the young security researcher who shot to fame by killing the WannaCry malware and then to infamy when he was arrested and charged with cyber crimes while traveling to the US to present at a security conference, has pleaded guilty to writing and selling banking malware. The offences pre-date his work as […]
Continue readingMore Tag