It’s another action-packed episode this week. I’ll start by telling you about the August Smart Lock Pro and how Steve and I got prepared psychologically for such a scary idea. Then we’ll hear a CES interview about the LIZN Wireless Hearpieces, Bluetooth headphones that could improve your hearing. Then we’ll head back to CES to hear about the Wagz Smart Pet Collar. If you’ve ever wanted to sit with someone but watch something completely different from them on TV, you’ll be interested in our CES interview about the MirraViz Multiview Displays. Everything has to be smart these days, and GE tells us how their Connected Lighting products fulfill that dream. As if that wasn’t enough goodness, we have Bart back with another great Security Bits segment.
Security Medium 1 — Google’s Ad Filter
On February 15 Google’s Chrome browser gained a nice new feature for controlling ads. It’s been reported on as an ad blocker, but that coverage misses a very important subtlety. Google itself calls the feature ad filtering, and an ad filter describes this feature very well indeed.
Google is an advertising company, it is not in their interest to destroy the advertising industry. They’re trying to solve a subtly different problem — the rise of ad blockers!
Followup — Spectre & Meltdown News
- Intel asks customers to halt patching for chip bug, citing flaw — www.reuters.com/…
- New Windows patch disables Intel’s bad Spectre microcode fix — arstechnica.com/…
- macOS Sierra, OS X El Capitan Updates Patch Meltdown Flaw — www.intego.com/…
- Apple offers another Meltdown fix for Mac users… — nakedsecurity.sophos.com/…
Security Medium — Strava Heatmaps have Unintended Consequences
The popular exercise tracking app Strava regularly produces a really cool heat-map that shows where most people run, cycle, swim etc.. The data is anonymised, so it all seems like some innocent fun. The latest version of the heatmap was published back in November, and no one thought it was a problem.
All the cool kids are moving to Discord for podcasting and chat, and so is the NosillaCast. We’ll hear a CES interview with August about their smart locks (spoiler, I’ve got one). TJ gives us his review of the HiFi ELITE Super66 headphones. Back to CES with the Velco Connected Handlebars for bicycles, and the new fleet of Jabra wireless headphones. In Security Bits, Bart Busschots brings us up to date on Spectre and Meltdown, along with an interesting lesson about spareness and density of data collection regarding how the exercise app Strava showed military installations.
It’s another big big show, with four CES interviews with Analogix SlimPort video connectors, Netgear about their outdoor Orbi, Acronis backup solution, and L’Oréal’s UV Sense product. We’ve also got a photography tip by Rally about digital zoom vs cropping (followed by some fun experiments by me) and a review of the free iOS app Klok by Helma. Bart brings us up to speed with the latest on Security Bits.
Meltdown & Spectre Update
- Steve Gibson of GRC (author of ShieldsUp & SpinRite) has released InSpectre, a free Windows app which clearly communicates your PC’s current level of protection against Meltdown & Spectre, and what kind of a performance hit you should expect — www.grc.com/…
- RedHat have withdrawn their microcode patch for Spectre after it caused some systems to become unbootable (Linux supports dynamic updating of CPU microcode without the need for a BIOS update) — www.theregister.co.uk/…
- A great post on the official Raspberry PI blog that primarily aims to explain why the Raspberry PIs are not vulnerable to Spectre, but in the process, explain Spectre in clearest and most understandable way I’ve yet seen — www.raspberrypi.org/…
In this mammoth episode, we’ve got some random CES observations, a review of the Avantree Bluetooth over-the-ear headset from George from Tulsa, a CES interview with an innovative hearing aid called Eargo, a story of Thunderbolt docks and USB-C from me, another CES interview about LiFi for Internet connectivity with OLEDcomm, a hot tip from Knightwise about how to reinstall Mac App Store apps using the command line, an augmented reality toothbrush from Kolibree called Magik from CES, and as if that weren’t enough content, we’ve got an out-of-band Security Bits update with Bart Busschots with the lates news about Spectre and Meltdown.
I’ve got a couple of announcements to tell you, then a listener story from David Bogdan from Japan, and one from Denise Crown. At that point, I’m going to hand you over to Bart and me in Security Bits because there was so much to talk about with so many big stories. We’ll talk about password managers being used as trackers, the IOHIDeous vulnerability, and then spend a lot of time learning the truth (as of now) about the Meltdown and Spectre vulnerabilities. It’s a fascinating session and Bart unpacks all of this for us beautifully of course.
Security Bits – 5 Jan 2018
Security Medium 1 — Password Managers as Trackers
This problem affects all features that auto-fill usernames and passwords, whether or not they are native to the browser, or, provided by third-party plugins, so this affects everyone who saves passwords in their browser in any way.
This week I was on the Clockwise Podcast episode 220 at relay.fm/…. Leo Laporte and Megan Morrone talked about my iOS 11 settings Mind Map of Doom on iOS Today episode 372 at around 57:30 into the show. Helma from the Netherlands brings us some networking tips. I bring you the first half of my 2017 Year in Review where I talk about the different software and hardware I’ve told you about during the year and tell you whether they’re still in use and why (or why not). Then Bart Busschots is back with Security Bits where we have two Security Mediums, the HP Keylogger, and Mailsploit.