{"id":15428,"date":"2018-06-01T16:38:23","date_gmt":"2018-06-01T23:38:23","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=15428"},"modified":"2018-06-01T16:39:32","modified_gmt":"2018-06-01T23:39:32","slug":"sb-vpnfilter","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2018\/06\/sb-vpnfilter\/","title":{"rendered":"Security Bits &#8211; VPNFilter, CallKit Removal in China, No Telegram Updates in App Store, End of Flash &#038; Silverlight, Papua New Guinea Turns Off Facebook"},"content":{"rendered":"<h3>Followups<\/h3>\n<ul>\n<li>Spectre &amp; Meltdown\n<ul>\n<li>Details have been released of a new Spectre variant named <em>Speculative Store Bypass<\/em>, or SSB. The vulnerability affects AMD, ARM &amp; Intel chips. Thankfully it can be mitigated quite easily, so it&#8217;s just a matter of applying software, OS, firmware, and microcode updates as they are released \u2014 <a href=\"https:\/\/arstechnica.com\/gadgets\/2018\/05\/new-speculative-execution-vulnerability-strikes-amd-arm-and-intel\/\">arstechnica.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<p><!--more--><\/p>\n<li>GDPR Updates \u2014 as we discussed in <a href=\"https:\/\/www.podfeet.com\/blog\/2018\/04\/ccatp-534\/\">CCATP 534<\/a>, the new European General Data Protection Regulation, or GDPR came info force on the 25th of May, and there has been some fallout\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/instapaper-eu-gdpr-shut-down\/\">Instapaper Temporarily Shutting Down in European Union for GDPR \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>The people behind the privacy-oriented browser plugin Ghostery made a spectacular privacy gaff when they used the to-field instead of the BCC field when bulk-sending GDPR emails to hundreds of users at a time \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/27\/ghosterys-goofy-gdpr-gaffe-someones-in-trouble-come-monday\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>It turns out that not tracking people without their consent really speeds up the web!\n<ul>\n<li><a href=\"https:\/\/daringfireball.net\/linked\/2018\/05\/27\/usa-today-gdpr\">Daring Fireball: USA Today Serves Different Site to EU Visitors That Is Way Faster Than Regular Site \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/daringfireball.net\/linked\/2018\/05\/27\/tracking-scripts-the-verge\">Daring Fireball: Tracking Scripts Make The Verge 6 Times Slower \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>A report in the British newspaper <em>The Telegraph<\/em> caused some confusion and a lock outrage\/mocking when it claimed the European Commission would not be complying with the GDPR, a regulation of its own making. As Sophos point out on their Naked Security blog, the article in the Telegraph omits some key points. Firstly, from a practical point of view, a pan-European body can&#8217;t practically work under the GDPR because who would be the regulator? The commission itself is the only real option, and self-policing seems a bit odd. Would the EC really levy fines on the EC? Instead, the commission plans to subject it self to rules that are very similar to the GDPR in effect, but are structured in a practical way \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/31\/european-commission-doesnt-plan-to-comply-with-gdpr-well-sort-of\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Apple&#8217;s new data export function can show you how much you&#8217;ve spent with Apple (something you might not want to know &#x1f642;) \u2014 <a href=\"https:\/\/www.macobserver.com\/tips\/quick-tip\/apple-data-download-spending\/\">www.macobserver.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/how-use-apples-new-data-and-privacy-portal\">How to use Apple&#8217;s new data and privacy portal \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>The effect of the GDPR on the WHOIS database of domain name owners remains unclear as a German court finds against ICANN \u2014 <a href=\"http:\/\/www.circleid.com\/posts\/20180531_icann_vs_epag_tucows_german_court_rules_against_icann\/\">www.circleid.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Security Medium \u2014 VPNFilter<\/h3>\n<p>The FBI made headlines this week by requesting internet users around the world to re-boot their routers so as to neuter a massive botnet consisting of hacked routers around the work apparently controlled by the Russian government.<\/p>\n<p>The malware powering this botnet has been given the name <em>VPNFilter<\/em>. It has been found to be able to infect many routers and NAS devices by popular vendors Netgear, Linksys, TP-Link, QNAP, and MikroTik. The malware contains a network sniffer, and more importantly, the ability to phone-home for software updates, allowing it to be dynamically re-purposed at any time. As well as that it also has a very power self-destruct mechanism built in \u2014 it can <strong>completely<\/strong> wipe a device&#8217;s flash memory, leaving it genuinely bricked \u2014 as in <strong>permanently and irreversibly disabled<\/strong>. Just imagine the harm you could do to a nation if you simultaneously knocked a significant percentage of the population off the internet! What&#8217;s really scary is that in court filings, the FBI claimed to have evidence that the botnet was about to be used to attack the country of Ukraine.<\/p>\n<p>The malware was discovered by Cisco&#8217;s Talos security research division, and they report the botnet contained half a million routers and NAS boxes before the FBI&#8217;s intervention.<\/p>\n<p>The malware is also quite advanced, and it can survive a reboot, sort of. Because routers tend to have very minimal hardware resources, a permanently resident software addition needs to be small so as to fit. A full-featured piece of malware isn&#8217;t small, so how does VPNFilter square that circle? It only permanently stores a small part of itself, a loader that then fetches the rest of itself from the internet when the router boots up.<\/p>\n<p>If the malware is permanent, why is the FBI asking people to reboot their routers? Won&#8217;t the it just re-load itself? Ordinarily, yes, but the FBI have taken down the online resources the initial loader uses to fetch the rest of the malware! BTW, that loader used a novel technique to try find the current IP of the command-and-control server at any given time \u2014 the IP was encoded into the geolocation data of a photo on a social media site!<\/p>\n<p>Because the FBI has taken out the C&amp;C infrastructure, rebooting an infected router should prevent the loader from finding the remainder of the malware, so only small stub of the malware will remain active. This is much much better than having the full malware, and should stop the malware receiving attack instructions, but a half-infected router is still a problem. As well as re-booting your router, you might consider re-flashing it with the very latest firmware (directly fetched from the vendor) so as to be absolutely sure you&#8217;re not infected.<\/p>\n<p>BTW, it seems the malware did not use zero-day vulnerabilities to infect routers, but instead relied on the fact that most people don&#8217;t update their routers at all regularly, so most are a few firmware versions behind, and hence riddled with known vulnerabilities. So, updating seems like good advice anyway.<\/p>\n<h4>Links<\/h4>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/23\/vpnfilter-is-a-malware-timebomb-lurking-on-your-router\/\">VPNFilter \u2013 is a malware timebomb lurking on your router? \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.reuters.com\/article\/us-cyber-routers-ukraine\/cyber-firms-warn-on-suspected-russian-plan-to-attack-ukraine-idUSKCN1IO1U9\">U.S. seeks to take control of infected routers from hackers \u2014 www.reuters.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices\/\">FBI tells router users to reboot now to kill malware infecting 500k devices \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/fbi-kindly-reboot-your-router-now-please\/\">FBI: Kindly Reboot Your Router Now, Please \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>A detailed description of the issue on Security Now episode 665 (linked to start of segment) \u2014 <a href=\"https:\/\/overcast.fm\/+B3JXv6DFI\/1:35:06\">overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Notable Security Updates<\/h3>\n<ul>\n<li>Apple have released security updates for all their OSes, but unusually, have not released details of the bugs fixed, their <a href=\"https:\/\/support.apple.com\/en-ie\/HT201222\">security updates page<\/a> simply says <em>&#8216;details available soon&#8217;<\/em> (<strong>Editorial by Bart:<\/strong> I&#8217;ve never seen this before, I&#8217;m guessing this has something to do with some kind of coordinated release of information across operating systems as part of a responsible disclosure. Hopefully all will become clear in due course) (<strong>From Allison:<\/strong> The page was updated right during our recording)<\/li>\n<li>DrayTek have issued an important firmware fix for their Vigor range of routers \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/22\/draytek-router-user-patch-now-to-keep-the-crooks-out\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Many BMWs need to be patched against 14 security vulnerabilities over the next year or so. The researchers who found the bugs disclosed them to BWM responsibly, and have agreed to give BMW a year to get patches out into people&#8217;s cars before revealing the details. Thankfully as well as being responsibly disclosed, the bugs are also very difficult to exploit, so at leat for now, the real-world risk seems low \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/25\/does-your-bmw-need-a-security-patch\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Notable News<\/h3>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; The Washington post reported that the FBI repeatedly inflated the number of encrypted cellphones they have and are trying to unlock by a factor of about six, misleading both congress and the public (<strong>Editorial by Bart<\/strong>: while this definitely make the FBI look bad \u2013 either incompetent or dishonest \u2013 the number is irrelevant, mandatory back doors are just as bad an idea regardless of how many or how few phones we&#8217;re talking about!) \u2014 <a href=\"https:\/\/www.imore.com\/fbi-overstates-encryption-stats-theres-no-number-high-enough\">www.imore.com\/\u2026<\/a>, <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/24\/fbi-admits-to-inflating-number-of-crime-related-devices-it-cant-crack\/\">nakedsecurity.sophos.com\/\u2026<\/a>, <a href=\"https:\/\/www.imore.com\/fbi-overstates-encryption-stats-theres-no-number-high-enough\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/daringfireball.net\/linked\/2018\/05\/23\/fbi-encrypted-phones\">daringfireball.net\/\u2026<\/a><\/li>\n<li>It&#8217;s been a bad two weeks for government censorship of apps:\n<ul>\n<li>&#x1f1e8;&#x1f1f3; Following demands from the Chinese government, Apple are removing CallKit enabled apps from the Chinese app store \u2014 <a href=\"https:\/\/www.imore.com\/apple-removing-callkit-apps-china-because-china\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/arstechnica.com\/gadgets\/2018\/05\/apple-cracks-down-on-callkit-enabled-apps-in-chinas-app-store\/\">arstechnica.com\/\u2026<\/a><\/li>\n<li>&#x1f1f7;&#x1f1fa; Following demands from the Russian Government, Apple has removed Telegram from the Russian iTunes Store. That removal seems to have had some un-intended side-effects, resulting in Telegram not being able to update their app on any iTunes store since April \u2014 <a href=\"https:\/\/www.imore.com\/russia-asks-apple-remove-messaging-app-telegram-app-store\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/arstechnica.com\/?p=1316769\">arstechnica.com\/\u2026<\/a><\/li>\n<li>Apple have announced that from the 1st of July they will start to include government app take-down requests in their regular transparency reports \u2014 <a href=\"https:\/\/www.macobserver.com\/columns-opinions\/editorial\/apple-to-begin-reporting-government-app-store-removal-requests\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>A bug in Facebook&#8217;s Android app briefly caused it to erroneously ask for root permissions on rooted Android devices. The internet exploded with conspiracy theories, but it does seem to have just been a simple bug in their integration with a third-party library. A new version was quickly released which fixed the problem. Android using Facebook users should probably check they have the latest version of the app installed \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/21\/facebook-conspiracy-theories-after-android-app-tries-to-get-root\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>It appears that a very unlikely series of unfortunate events led to an Oregon couple&#8217;s Amazon Echo emailing a recording of a private conversation they were having in their home to a random contact in their address book without their knowledge or consent (<strong>Editorial by Bart<\/strong>: it seems there is nothing nefarious going on here, just a series of unfortunately miss-heard phrases that happened to align to something unexpected and disquieting. It seems very unlikely this will happen again, but it does underline the fact that like all conveniences, voice assistants definitely do bring security tradeoffs to users&#8217; lives) \u2014 <a href=\"https:\/\/www.imore.com\/amazon-echo-sent-someones-private-conversation-one-their-contacts\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.recode.net\/2018\/5\/24\/17391480\/amazon-alexa-woman-secret-recording-echo-explanation\">www.recode.net\/\u2026<\/a><\/li>\n<li>With just a small amount of effort Sophos Labs engineers found that four of fourteen popular Android apps they tested used HTTP connections to talk back to servers rather than HTTPS connections, and in the process, expose users personal data to eavesdroppers \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/29\/are-your-android-apps-sending-unencrypted-data\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Another nail in Flash&#8217;s coffin as Microsoft announces the end of support for embedded Flash and Silverlight in documents on Office365 \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/24\/office-365-will-automatically-block-flash-and-silverlight\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Facebook have updated their 2FA so you no longer need to associate a phone number with your account to use it \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/25\/facebook-2fa-no-longer-needs-a-phone-number-heres-how-to-set-it-up\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/29\/your-firefox-account-can-now-be-secured-with-2fa\/\">Your Firefox account can now be secured with 2FA \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Controversially, the nation of Papua New Guinea plans to block Facebook for a month, and to use that time to root out fake accounts so that in theory, all PNG residents on Facebook will be abiding by the site&#8217;s real-name policy. The country&#8217;s ministry of information wants to study how PNG&#8217;s citizens use the site as part of an attempt to somehow measure both the positive and negative effects of social media, and try figure out of the good out-weighs the bad \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/30\/facebook-to-be-blocked-in-papua-new-guinea-for-one-month\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Suggested Reading<\/h3>\n<ul>\n<li>PSAs, Tips &amp; Advice\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/31\/how-to-set-up-2fa-on-ebay-go-do-it-now\/\">How to set up 2FA on eBay \u2013 go do it now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.fbi.gov\/contact-us\/field-offices\/portland\/news\/press-releases\/fbi-tech-tuesday-building-a-digital-defense-with-credit-reports\">FBI Tech Tuesday: Building a Digital Defense with Credit Reports \u2014 www.fbi.gov\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/tips\/how-to\/see-where-apple-tracks-you-iphone-ipad\/\">How to See Where Apple Tracks You on Your iPhone and iPad \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/tips\/quick-tip\/macos-where-download-came-from\/\">macOS: How to See Where a Download Came From \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/daringfireball.net\/2018\/05\/10_strikes_and_youre_out\">10 Strikes and You\u2019re Out \u2013 the iOS Feature You\u2019re Probably Not Using But\u00a0Should \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<li>A neat tip \u2014 you can use iOS&#8217;s <em>Guided Access<\/em> feature to stop people swiping around through your photo library when you hand them your phone to show them a picture \u2014 <a href=\"https:\/\/www.imore.com\/guided-access-feature-stops-people-swiping-other-photos-when-showing-them-picture-your-iphone\">www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Notable Breaches &amp; Privacy Violations\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/teensafe-apple-id-password-leak\/\">TeenSafe Leaks 10,000 Kid\u2019s Apple IDs and Passwords \u2014 www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.imore.com\/teensafe-phone-monitoring-app-leaked-thousands-passwords\">TeenSafe phone monitoring app leaked thousands of passwords \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.zdnet.com\/article\/tmobile-bug-let-anyone-see-any-customers-account-details\/\">T-Mobile bug let anyone see any customer&#8217;s account details \u2014 www.zdnet.com\/\u2026<\/a><\/li>\n<li>&#x1f1e8;&#x1f1e6; <a href=\"https:\/\/www.imore.com\/canadian-banks-bmo-and-simplii-financial-warn-large-data-breaches\">Canadian banks BMO and Simplii Financial warn of large data breaches \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>News\n<ul>\n<li>The ACLU sound the alarm about <em>Rekognition<\/em>, a facial-recognition product Amazon are selling to governments. The ACLU describe the product as <em>dangerous<\/em> because it <em>&#8216;can be readily used to violate civil liberties and civil rights&#8217;<\/em> \u2014 <a href=\"https:\/\/www.aclunc.org\/blog\/amazon-teams-law-enforcement-deploy-dangerous-new-face-recognition-technology\">www.aclunc.org\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/man-tried-sell-his-facebook-data-ebay-and-it-went-better-you-would-expect\">A man tried to sell his Facebook Data on eBay and it went kinda of better than you would expect \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/24\/2-million-stolen-identities-used-to-make-fake-net-neutrality-comments\/\">2 million stolen identities used to make fake net neutrality comments \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/30\/california-tests-digital-license-plates-is-tracking-cars-next\/\">California tests digital license plates. Is tracking cars next? \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; The UK government is considering making the owners of phone spamming companies personally liable so they can&#8217;t use corporate bankruptcy to skirt the law \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/31\/nuisance-call-bosses-get-your-wallets-ready\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; The story that will not die \u2013 Google is in trouble over the <em>Safari Workaround<\/em> again, this time in the UK \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/23\/google-in-court-over-clandestine-tracking-of-4-4m-iphone-users\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/22\/server-what-server-site-forgotten-for-12-years-attracts-hacks-fines\/\">Server? What server? Site forgotten for 12 years attracts hacks, fines \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Opinion &amp; Analysis\n<ul>\n<li>&#x1f1fa;&#x1f1f8; An interesting series from Brian Krebs on US cell carrier&#8217;s practice of selling users real-time location data without notice or consent:\n<ul>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/mobile-giants-please-dont-share-the-where\/\">Mobile Giants: Please Don\u2019t Share the Where \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2018\/05\/why-is-your-location-data-no-longer-private\/\">Why Is Your Location Data No Longer Private? \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/messages-in-icloud-security\/\">So How Secure is Messages in iCloud Anyway? \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Propellor Beanie Teritory\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/31\/acoustic-attacks-can-blue-screen-windows-pcs\/\">Acoustic attacks can blue-screen computers \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Palate Cleansers<\/h3>\n<ul>\n<li>A cool diagram explaining the common disk usage related terminal commands from Julia Evans \u2014 <a href=\"https:\/\/mobile.twitter.com\/b0rk\/status\/1000953701090103302\">mobile.twitter.com\/\u2026<\/a><\/li>\n<li>The very cool story of an 1830s hack of the French semaphore messaging network via the clever use of the backspace character \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2018\/05\/31\/forget-vpnfilter-heres-backlash-a-networking-hack-from-way-way-back\/\">nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li>A 99% Invisible article about the same telegraph system with photos of a restored station and paintings of the originals \u2014 <a href=\"https:\/\/99percentinvisible.org\/article\/the-revolutionary-semaphore-high-speed-communications-in-18th-century-france\/\">99percentinvisible.org\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Followups Spectre &amp; Meltdown Details have been released of a new Spectre variant named Speculative Store Bypass, or SSB. The vulnerability affects AMD, ARM &amp; Intel chips. Thankfully it can be mitigated quite easily, so it&#8217;s just a matter of applying software, OS, firmware, and microcode updates as they are released \u2014 arstechnica.com\/\u2026<\/p>\n","protected":false},"author":4,"featured_media":14958,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[202,170,169,50,569,2594,2593],"class_list":["post-15428","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-amazon","tag-hack","tag-hackers","tag-security","tag-security-bits","tag-telegram","tag-vpnfilter"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2018\/04\/Security-Bits-Logo_1000px.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/15428","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=15428"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/15428\/revisions"}],"predecessor-version":[{"id":15429,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/15428\/revisions\/15429"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/14958"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=15428"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=15428"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=15428"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}