{"id":15137,"date":"2018-05-05T21:18:26","date_gmt":"2018-05-06T04:18:26","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=15137"},"modified":"2018-05-05T21:21:33","modified_gmt":"2018-05-06T04:21:33","slug":"sb-2018-05-04","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2018\/05\/sb-2018-05-04\/","title":{"rendered":"Security Bits &#8211; Facebook\/Cambridge Analytica, GDPR, Security Updates, Greyshift Backdoor, UPnProxy"},"content":{"rendered":"<h3>DNS Correction<\/h3>\n<p>\nOn  <a href=\"https:\/\/www.podfeet.com\/blog\/2018\/04\/ccatp-533\/\">Chit Chat #533<\/a>, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router.<\/p>\n<p>\n\tIt turns out it&#8217;s not possible to set system-wide DNS settings on iOS or Android. This means that the <em>Hybrid Approach<\/em> we described of setting a third-party DNS on your home router and then also hard-coding it on your mobile devices remains the best advice, but it&#8217;s not possible to do on iOS or Android devices. Annoyingly, that means there is no good solution to protect these devices &#x1f641;.  Thanks very much to Allister Jenks for drawing our attention to this in our Google Plus Community. <\/p>\n<h3>Followups<\/h3>\n<ul>\n<li>The Facebook\/Cambridge Analytica Kerfuffle:<br \/>\n<!--more--><\/p>\n<ul>\n<li>&#x1f1ec;&#x1f1e7; <a href=\"http:\/\/www.theguardian.com\/uk-news\/2018\/apr\/17\/facebook-users-data-compromised-far-more-than-87m-mps-told-cambridge-analytica\">Far more than 87m Facebook users had data compromised, MPs told \u2014 www.theguardian.com\/\u2026<\/a><\/li>\n<li>Facebook&#8217;s Product Management Director David Baser explains why Facebook track non-users \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/18\/facebook-3-reasons-were-tracking-non-users\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.reuters.com\/article\/us-facebook-privacy-eu-exclusive\/exclusive-facebook-to-change-user-terms-limiting-effect-of-eu-privacy-law-idUSKBN1HQ00P\">Facebook to put 1.5 billion users out of reach of new EU privacy law \u2014 www.reuters.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/01\/twitter-sold-user-data-to-cambridge-analyticas-aleksandr-kogan\/\">Twitter sold user data to Cambridge Analytica\u2019s Aleksandr Kogan \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Facebook announces a new <em>Clear History<\/em> button \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/03\/facebooks-getting-a-clear-history-button\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><strong>Related<\/strong>: <a href=\"https:\/\/www.macobserver.com\/news\/the-father-of-the-web-is-backing-a-private-social-network\/\">The Father of the Web is Backing a Private Social Network \u2014 www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.macobserver.com\/reviews\/quick-look\/mewe-private-social-network\/\">Review: MeWe is a Private Social Network Taking on Facebook \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><strong>Related<\/strong>: <a href=\"https:\/\/www.washingtonpost.com\/business\/economy\/whatsapp-founder-plans-to-leave-after-broad-clashes-with-parent-facebook\/2018\/04\/30\/49448dd2-4ca9-11e8-84a0-458a1aa9ac0a_story.html\">WhatsApp founder plans to leave after broad clashes with parent Facebook \u2014 www.washingtonpost.com\/\u2026<\/a><\/li>\n<li><strong>Opinion<\/strong>: <a href=\"https:\/\/slate.com\/technology\/2018\/04\/mark-zuckerbergs-misleading-promise-that-eu-privacy-rules-will-apply-to-american-facebook-users.html\">Ignore Mark Zuckerberg &#8211; His promise that new EU data privacy guidelines will be \u201crolled out\u201d to American users is misleading \u2014 slate.com\/\u2026<\/a><\/li>\n<li><strong>Opinion<\/strong>: <a href=\"https:\/\/www.eff.org\/deeplinks\/2018\/04\/facebook-not-what-complete-user-control-looks\">Facebook, This Is Not What \u201cComplete User Control\u201d Looks Like | Electronic Frontier Foundation \u2014 www.eff.org\/\u2026<\/a><\/li>\n<li><strong>Opinion<\/strong>: <a href=\"http:\/\/social.techcrunch.com\/2018\/04\/17\/facebook-gdpr-changes\/\">A flaw-by-flaw guide to Facebook\u2019s new GDPR privacy changes \u2014 social.techcrunch.com\/\u2026<\/a><\/li>\n<li>Data Analytics firm SCL Group and its affiliate Cambridge Analytica has shut down.<br \/>\nHowever, the chairman and chief data officer have set up anothercompany called Emerdata with former Cambridge Analytica CEO Alexander Nix as a director. Emerdata&#8217;s address is the same as SCL Group&#8217;s.\t<a href=\"https:\/\/arstechnica.com\/tech-policy\/2018\/05\/cambridge-analytica-shuts-down-after-facebook-user-data-scandal\/\" target=\"_blank\" rel=\"noopener\">arstechnica.com\/&#8230;<\/a><\/li>\n<\/ul>\n<\/li>\n<li>GDPR\n<ul>\n<li>Instagram rolls out user data export feature \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/26\/know-what-instagram-knows-heres-how-you-download-your-data\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Apple roll out a new user data export feature for European users (for now, coming world-wide soon) \u2014 <a href=\"https:\/\/www.macobserver.com\/tips\/how-to\/download-apple-id-data\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li>Twitter has rolled out updated terms to come into compliance with the GDPR \u2014 <a href=\"https:\/\/help.twitter.com\/en\/rules-and-policies\/update-privacy-policy\">help.twitter.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Notable Security Updates<\/h3>\n<ul>\n<li>Apple releases a number of security updates\n<ul>\n<li>MacOS 10.13.4 &amp; macOS Security Update 2018&#8211;001 (includes a fix of the APFS encryption password leak we mentioned recently) \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/macos-security-update-2018-001\/\">www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/27\/apples-latest-updates-are-out-apfs-password-leakage-bug-squashed\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>iOS 11.3.1 (fixes the QRCode URL parsing bug mentioned on previous Security Bits) \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/product-news\/apple-releases-ios-11-3-1\/\">www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-security-updates-patches-camera-app-qr-code-flaw\/\">www.intego.com\/\u2026<\/a><\/li>\n<li>Safari 11.1 \u2014 <a href=\"https:\/\/support.apple.com\/en-us\/HT208741\">support.apple.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Drupal have patched another <em>&#8216;highly critical&#8217;<\/em> vulernability that is being actively exploited \u2014 <a href=\"https:\/\/www.drupal.org\/sa-core-2018-004\">www.drupal.org\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Notable News<\/h3>\n<ul>\n<li>Poor configuration leaves controversial GreyShift iOS cracking boxes exposed to the internet. It seems it&#8217;s easy for police departments who buy these boxes to accidentally leave them in an insecure state. Also, someone tried to extort the makers of the boxes with a threat to release the source code. (<strong>Editorial by Bart:<\/strong> this just proves yet again that you can&#8217;t keep any back door secret so that only <em>good guys<\/em> can use it) \u2014 <a href=\"https:\/\/www.macobserver.com\/columns-opinions\/editorial\/grayshift-data-breach\/\">www.macobserver.com\/\u2026<\/a>, <a href=\"https:\/\/www.macobserver.com\/analysis\/need-strong-iphone-passcodes\/\">www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/qvx9jx\/iphone-crackers-grayshift-graykey-leaked-code-extortion\">motherboard.vice.com\/\u2026<\/a><\/li>\n<li>Security researchers have found a new way to abuse UPnP (<em>Universal Plug and Play<\/em>) to subvert routers with UPnP exposed on the WAN side into becoming proxies for malicious use. This bug has been given the name <em>UPnProxy<\/em> (Editorial by Bart: now would be a great time to check and see if you have UPnP disable on your router or not) \u2014 <a href=\"https:\/\/searchsecurity.techtarget.com\/news\/252439026\/A-UPnP-vulnerability-hides-bad-traffic-in-a-new-way\">searchsecurity.techtarget.com\/\u2026<\/a>.  Too test your router, run Steve Gibson&#8217;s Shields Up and then look for the UPnP test: <a href=\"https:\/\/www.grc.com\/x\/ne.dll?bh0bkyd2\" target=\"_blank\" rel=\"noopener\">grc.com\/&#8230;<\/a> <\/li>\n<li>Security researchers warn of the dangers of iOS <em>trustjacking<\/em>. Bottom line, never trust a computer you don&#8217;t actually trust, because using wifi sync, it could remotely trigger a backup of all your personal data at any future time! \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-trustjacking-how-attackers-can-hijack-your-iphone\/\">www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/16\/tracking-protection-in-firefox-for-ios-now-on-by-default-why-this-matters\/\">Tracking protection in Firefox for iOS now on by default \u2013 why this matters \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Keep an eye out for firmware patches for your Intel CPUs, Intel have patched a firmware bug that could allow locally running malware to alter your firmware and cripple your computer in a kind of suicidal denial of service (DOS) attack \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/17\/could-an-intel-chip-flaw-put-your-whole-computer-at-risk\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>The Russian government has obtained a court order requiring Telegram be blocked within the country \u2014 <a href=\"https:\/\/www.reuters.com\/article\/us-russia-telegram-blocking\/russia-starts-blocking-telegram-messenger-idUSKBN1HN13J\">www.reuters.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/apple-microsoft-uae-facetime-skype-ban\/\">Apple and Microsoft in Talks with UAE to End Ban on FaceTime and Skype \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>Welsh police manage to identify a drug dealer from his fingerprints in a WhatsApp photo \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/fingerprints-social-media-posts\/\">www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/17\/whatsapp-image-showing-drug-dealers-fingerprints-leads-to-arrest\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Security researchers discover <em>Mettle<\/em>, a Mac version of the popular hacking tool <em>Metterpreter<\/em> (<strong>Editorial by Bart:<\/strong> this is no cause for panic, but it&#8217;s yet more evidence that cyber criminals are turning their attention towards the Mac) \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/caution-mac-specific-hack-tool-mettle-discovered\/\">www.intego.com\/\u2026<\/a><\/li>\n<li>A report into Android apps published to the Play Store as part of Google&#8217;s <em>Designed for Families<\/em> (DFF) program by the <em>International Computer Science Institute<\/em> find serious problems including the fact that 40% of the tested apps did not properly secure communications between the apps and back-end servers, and that 57% of the apps were in breach of the US COPPA law \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/19\/google-in-hot-water-over-privacy-of-android-apps-for-kids\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>DNA from a Genealogy database leads to the arrest of a suspected serial killer (<strong>Editorial by Bart:<\/strong> this story is interesting because of the ethical questions it raises, if I choose to give away my DNA, I&#8217;m also effectively giving away most of the DNA for my close relatives, should I need their consent for that?) \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/30\/dna-in-genealogy-database-leads-to-arrest-of-suspected-serial-killer\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Google have announced that they will be improving their OAuth-based Single Sign On (SSO) offering to make it more secure, and to make phishing attacks like the infamous one against Google Docs users last year impossible in future \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/30\/google-adds-sso-verification-check-to-g-suite\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Research by security journalist Brian Krebs shows that employees in many companies are inadvertently publishing passwords through services like Trello, and that they can be systematically searched for with Google. Beware what you and your employees share! \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/when-your-employees-post-passwords-online\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>The <em>Reform Government Surveillance<\/em> coalition (which includes tech giants like Apple, Google, Microsoft, Dropbox, Snap, Evernote, LinkedIn, &amp; Facebook) have released a statement condemning moves towards compulsory backdoors and governments <em>hacking back<\/em> \u2014 <a href=\"https:\/\/www.macrumors.com\/2018\/05\/02\/apple-coalition-condemns-device-backdoors\/\">www.macrumors.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/04\/tech-companies-resist-government-hacking-back-and-backdoors\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>465K patients need a firmware update for their Abbots (formerly St Jude Medical) pacemaker. Without the update they&#8217;re at risk of cyber security attack and sudden battery loss \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/04\/half-a-million-pacemakers-need-a-security-patch\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Suggested Reading<\/h3>\n<ul>\n<li>PSAs, Tips &amp; Advice\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.macobserver.com\/tips\/how-to\/what-to-do-suicide-threats-social-networks\/\">Here\u2019s What You Can Do When You See Suicide Threats on Social Networks \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.macobserver.com\/tips\/quick-tip\/5-private-chat-apps\/\">5 Private Chat Apps and How They Compare With Each Other \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.macobserver.com\/tips\/deep-dive\/stolen-iphone-guide-what-you-can-do-if-your-iphone-is-stolen\/\">Stolen iPhone Guide: What You Can Do if Your iPhone is Stolen \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/26\/gmail-users-heres-how-and-why-you-should-set-up-prompt-based-2fa\/\">Gmail users, here\u2019s how (and why) you should set up prompt-based 2FA \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/be-lookout-whatsapp-scam\">Be on the lookout for this WhatsApp scam \u2014 imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/how-edit-your-macs-hosts-file-and-why-you-would-want\">How to edit your Mac&#8217;s Hosts file and why you would want to \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Notable Breaches &amp; Privacy Violations\n<ul>\n<li>&#x2b50;&#xfe0f; More fallout form the Yahoo Mega-breach:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/26\/yahoo-fined-35m-for-staying-quiet-about-mega-breach\/\">Yahoo fined $35m for staying quiet about mega breach \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/23\/yahoo-mega-breach-hacker-faces-nearly-8-years-in-prison\/\">Yahoo mega-breach hacker faces nearly 8 years in prison \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x2b50;&#xfe0f; Twitter are asking all users to reset their passwords after the accidentally wrote them to an internal log in plain text \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/04\/twitter-admits-to-password-storage-blunder-change-your-password-now\/\">nakedsecurity.sophos.com\/\u2026<\/a> &amp; <a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/twitter-to-all-users-change-your-password-now\/\">krebsonsecurity.com\/\u2026<\/a>\n<ul>\n<li><strong>Related<\/strong>: <a href=\"https:\/\/www.imore.com\/how-set-two-factor-authentication-twitter\">How to set up two-factor authentication for Twitter \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/25\/ride-hailing-service-careem-lost-14-million-users-data-in-january\/\">Ride-hailing service Careem lost 14 million users\u2019 data in January \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; US medical transcription firm MEDantex leaked patient records from thousands of US doctors \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2018\/04\/transcription-service-leaked-medical-records\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/23\/linkedin-patches-serious-leak-in-its-autofill-plugin\/\">LinkedIn patches serious leak in its AutoFill plugin \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>News\n<ul>\n<li>Microsoft have released a <em>Windows Defender Browser Protection<\/em> Chrome extension \u2014 <a href=\"https:\/\/arstechnica.com\/gadgets\/2018\/04\/microsoft-claims-to-make-chrome-safer-with-new-extension\/\">arstechnica.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/20\/chrome-anti-phishing-protection-from-microsoft\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/02\/volkswagen-and-audi-car-infotainment-systems-hacked-remotely\/\">Volkswagen and Audi car infotainment systems hacked remotely \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/02\/medical-devices-vulnerable-to-krack-wi-fi-attacks\/\">Medical devices vulnerable to KRACK Wi-Fi attacks \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/27\/infamous-revenge-porn-site-anon-ib-seized-by-police\/\">Infamous revenge porn site Anon-IB seized by police \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>US and UK government agencies have issued a joint warning about worrying Russian cyber activity \u2014 <a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2018\/04\/16\/Russian-Malicious-Cyber-Activity\">www.us-cert.gov\/\u2026<\/a> &amp; <a href=\"https:\/\/www.macobserver.com\/news\/psa-russians-hacking-everything\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li>Opera are shutting down their in-browser VPN service \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/opera-vpn-shutting-down\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li>Law enforcement agencies from around the world cooperated to take down the world&#8217;s largest DDOS-for-hire service <em>Webstresser<\/em> \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2018\/04\/ddos-for-hire-service-webstresser-dismantled\/\">krebsonsecurity.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/26\/access-denied-worlds-largest-denial-of-service-site-busted\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/20\/how-porn-bots-abuse-government-websites\/\">How porn bots abuse government websites \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>A new grey-hat security firm is offering millions for bugs that it then sells for profit, much more than vendors are offering as part of their official bug bounty programs \u2014 <a href=\"https:\/\/www.macobserver.com\/columns-opinions\/the-back-page\/crowdfense\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/01\/google-maps-open-redirect-flaw-abused-by-spammers\/\">Google Maps open redirect flaw abused by scammers \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Opinion &amp; Analysis\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"http:\/\/nymag.com\/selectall\/2018\/04\/an-apology-for-the-internet-from-the-people-who-built-it.html\">An Apology for the Internet \u2014 From the People Who Built It \u2014 nymag.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/04\/19\/nsa-reveals-how-it-beats-0-days\/\">NSA reveals how it beats 0-days \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2018\/04\/a-sobering-look-at-fake-online-reviews\/\">A Sobering Look at Fake Online Reviews \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/month-in-review-apple-security-in-march-2018\/\">Month in Review: Apple Security in March 2018 \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Propellor Beanie Teritory\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/04\/breakthrough-pushes-quantum-key-distribution-beyond-500km\/\">Breakthrough pushes Quantum Key Distribution beyond 500km \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/cloudplatform.googleblog.com\/2018\/05\/Introducing-Asylo-an-open-source-framework-for-confidential-computing.html\">Introducing Asylo: an open-source framework for confidential computing \u2014 cloudplatform.googleblog.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/gadgets\/2018\/04\/intel-microsoft-to-use-gpu-to-scan-memory-for-malware\/\">Intel, Microsoft to use GPU to scan memory for malware \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/03\/google-and-amazon-put-an-end-to-censorship-dodging-domain-fronting\/\">Google and Amazon put an end to censorship-dodging domain fronting \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-osxshlayer-malware-variant-found-using-a-dirty-new-trick\/\">New OSX\/Shlayer Malware Variant Found Using a Dirty New Trick \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Palate Cleansers<\/h3>\n<ul>\n<li><img decoding=\"async\" src=\"https:\/\/imgs.xkcd.com\/comics\/paperwork.png\" alt=\"Plus, the photo was geotagged, my unlocked password manager was visible on the laptop, AND you could see my naked reflection in the dark part of the screen.\" \/> <a href=\"https:\/\/xkcd.com\/1977\/\">xkcd.com\/\u2026<\/a><\/li>\n<li>&#x1f3a6; <a href=\"https:\/\/www.youtube.com\/watch?v=t6rHHnABoT8\">Astronaut Chris Hadfield Debunks Common Space Myths \u2014 www.youtube.com\/\u2026<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>DNS Correction On Chit Chat #533, Bart did a deep dive into how the Domain Name System works and in that session, he suggested a hybrid approach where your mobile devices had the improved DNS along with your home router. It turns out it&#8217;s not possible to set system-wide DNS settings on iOS or Android. [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":14958,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[2518,2402,156,170,50,569,2003],"class_list":["post-15137","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-back-dorr","tag-cambridge-analytica","tag-facebook","tag-hack","tag-security","tag-security-bits","tag-vulnerabilities"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2018\/04\/Security-Bits-Logo_1000px.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/15137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=15137"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/15137\/revisions"}],"predecessor-version":[{"id":15140,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/15137\/revisions\/15140"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/14958"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=15137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=15137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=15137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}