{"id":13259,"date":"2017-10-29T16:44:45","date_gmt":"2017-10-29T23:44:45","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=13259"},"modified":"2017-10-29T16:44:45","modified_gmt":"2017-10-29T23:44:45","slug":"sb-29-10-17","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2017\/10\/sb-29-10-17\/","title":{"rendered":"Security Bits &#8211; Child Smart Watches, IRS Not Worried about Equifax, Microsoft Office DDE, Eltima Hacked"},"content":{"rendered":"<h3>Notable News<\/h3>\n<ul>\n<li>A report from the Norwegian Consumer Council finds that smart watches aimed at kids are a security and privacy train wreck \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/19\/kids-smartwatches-harbouring-major-security-flaws\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>The head of the IRS in the US tells reporters Americans should assume their identity has been stolen and act accordingly \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/19\/irs-chief-assume-your-identity-has-been-stolen\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>IRS freezes its fraud prevention contract with Equifax \u2014 <a href=\"https:\/\/www.engadget.com\/2017\/10\/13\/irs-freezes-equifax-fraud-prevention-contract\/\">engadget.com\/&#8230;<\/a><\/li>\n<li>Security researchers warn of a new way to abuse the DDE (Dynamic Data Exchange) Microsoft Office feature to get macro-less remote code execution. <strong>TL;DR \u2013 don\u2019t click on links in emails and be suspicious of office documents you didn\u2019t expect to receive<\/strong>:\n<ul>\n<li><a href=\"http:\/\/thehackernews.com\/2017\/10\/ms-office-dde-malware.html\">MS Office Built-in Feature Allows Malware Execution Without Macros Enabled \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/22\/office-dde-attack-works-in-outlook-too-heres-what-to-do\/\">Office DDE attack works in Outlook too \u2013 here\u2019s what to do \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/23\/just-say-no-how-to-stop-the-dde-email-attack-video\/\">Just say \u201cNo!\u201d \u2013 how to stop the DDE email attack \u2014 nakedsecurity.sophos.com\/\u2026<\/a> &#x1f3a6;<\/li>\n<\/ul>\n<\/li>\n<li>The download server for another Mac software developer, Eltima, have been hacked, and malware was injected into the non-App-Store versions of Elmedia Player (a media player) &amp; Folx (a download manager) \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/osxproton-malware-is-back-heres-what-mac-users-need-to-know\/\">www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<p><!--more--><\/p>\n<h3>Suggested Reading<\/h3>\n<ul>\n<li>PSAs, Tips &amp; Advice\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/how-manage-privacy-and-security-settings-safari-iphone-and-ipad\">How to manage privacy and security settings in Safari on iPhone and iPad \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/how-customize-security-iphone-and-ipad\">How to customize security on iPhone and iPad \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/how-restrict-music-movies-tv-web-and-more-parental-controls-your-iphone-or-ipad\">How to restrict content by age ratings, block websites, and hide explicit language with restrictions for iPhone or iPad \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Notable Breaches &amp; Privacy Violations\n<ul>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2017\/10\/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017\/\">Dell Lost Control of Key Customer Support Domain for a Month in 2017 \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>News\n<ul>\n<li>\u2b50\ufe0f <a href=\"https:\/\/krebsonsecurity.com\/2017\/10\/reaper-calm-before-the-iot-security-storm\/\">Reaper: Calm Before the IoT Security Storm? \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/24\/us-cert-hackers-are-targeting-our-critical-infrastructure\/\">US-CERT: hackers are targeting our critical infrastructure \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/26\/google-wants-you-to-hack-play-store-apps-and-its-paying\/\">Google wants you to hack Play Store apps, and it\u2019s paying \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/24\/bad-rabbit-ransomware-outbreak\/\">Bad Rabbit ransomware outbreak \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Opinion &amp; Analysis\n<ul>\n<li>\u2b50\ufe0f <a href=\"https:\/\/www.macobserver.com\/columns-opinions\/editorial\/ios-camera-permissions-privacy-loophole\/\">What You Need to Know about the iOS Camera Access Privacy Loophole \u2014 www.macobserver.com\/\u2026<\/a> (Editorial: I don\u2019t get why this is news \u2013 granting access to the camera grants access to the camera, is that not how it\u2019s supposed to work? I guess an indicator in the menubar next to the clock would do no harm, but ultimately, you should never grant access to an app you don\u2019t trust!)<\/li>\n<li>\u2b50\ufe0f <a href=\"https:\/\/www.imore.com\/no-apples-machine-learning-engine-cant-surface-your-iphones-secrets\">No, Apple\u2019s Machine Learning Engine can\u2019t surface your iPhone\u2019s secrets \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>The FaceID \u2018controversy\u2019 (Editorial: I don\u2019t see any \u2018there\u2019 in this story \u2013 IMO the John Gruber\u2019s analysis on his Daring Fireball blog is spot-on):\n<ul>\n<li>\u2b50\ufe0f <a href=\"https:\/\/daringfireball.net\/2017\/10\/face_id_fud\">Face ID FUD \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<li><a href=\"http:\/\/appleinsider.com\/articles\/17\/10\/25\/apple-denies-it-reduced-accuracy-of-face-id-to-aid-iphone-x-production\">Apple denies it reduced accuracy of Face ID to aid iPhone X production \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-bloombergs-face-id-claim-completely-false\">Apple: Bloomberg\u2019s Face ID claim is completely false \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>The Facebook Security Chief\u2019s \u2018College Campus\u2019 comment \u2018controversy\u2019 (Editorial: I don\u2019t see what all the fuss is about \u2014 I think that in context, his comments were insightful and confidence-inspiring)\n<ul>\n<li><a href=\"http:\/\/www.zdnet.com\/article\/leaked-audio-facebook-security-boss-says-network-is-like-a-college-campus\/\">Leaked: Facebook security boss says its corporate network is run \u201clike a college campus\u201d \u2014 www.zdnet.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/23\/facebook-security-chief-stands-by-college-campus-comments\/\">Facebook security chief stands by \u201ccollege campus\u201d comments \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Propellor Beanie Teritory\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2017\/10\/27\/android-takes-aim-at-isp-surveillance-with-dns-privacy\/\">Android takes aim at ISP surveillance with DNS privacy \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/your-dns-settings-may-be-giving-your-privacy\">Your DNS settings may be giving up your privacy \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"http:\/\/blog.lukaszolejnik.com\/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api\/\">Stealing sensitive browser data with the W3C Ambient Light Sensor API \u2014 blog.lukaszolejnik.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Notable News A report from the Norwegian Consumer Council finds that smart watches aimed at kids are a security and privacy train wreck \u2014 nakedsecurity.sophos.com\/\u2026 The head of the IRS in the US tells reporters Americans should assume their identity has been stolen and act accordingly \u2014 nakedsecurity.sophos.com\/\u2026 IRS freezes its fraud prevention contract with [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13191,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147],"tags":[1952,532,233,398,50,569],"class_list":["post-13259","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","tag-eltima","tag-iot","tag-microsoft","tag-office","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2017\/10\/security_bits_logo_300px.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/13259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=13259"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/13259\/revisions"}],"predecessor-version":[{"id":13261,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/13259\/revisions\/13261"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/13191"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=13259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=13259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=13259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}