{"id":18259,"date":"2019-05-03T17:53:01","date_gmt":"2019-05-04T00:53:01","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=18259"},"modified":"2019-05-03T17:53:01","modified_gmt":"2019-05-04T00:53:01","slug":"sb-2018-05-03","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2019\/05\/sb-2018-05-03\/","title":{"rendered":"Security Bits \u2013 3 May 2019"},"content":{"rendered":"<h3>Followups<\/h3>\n<ul>\n<li>Marcus Hutchins, the young security researcher who shot to fame by killing the WannaCry malware and then to infamy when he was arrested and charged with cyber crimes while traveling to the US to present at a security conference, has pleaded guilty to writing and selling banking malware. The offences pre-date his work as a security researcher, so it does appear he did turn over a new leaf and switch has black hat for a white one, but not quickly enough \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2019\/04\/marcus-malwaretech-hutchins-pleads-guilty-to-writing-selling-banking-malware\/\">krebsonsecurity.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/21\/wannacry-hero-hutchins-now-officially-a-convicted-cybercriminal\/\">nakedsecurity.sophos.com\/\u2026<\/a><br \/>\n<!--more--><\/li>\n<li>&#x1f1fa;&#x1f1f8; The NY attorney general is investigating Facebook over their &#8216;inadvertent&#8217; stealing of users&#8217;  address books when they inappropriately asked them for their email usernames and passwords when creating a Facebook account (as discussed in the previous Security Bits) \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/30\/facebook-under-investigation-for-harvesting-1-5m-users-contact-lists\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Details stolen in the Microsoft email data leak reported in the previous Security Bits are being used to steal cryptocurrency \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/01\/criminals-used-hacked-microsoft-email-accounts-to-pilfer-cryptocurrency\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Security Medium 1 \u2014 3rd-Party Parental Control Apps on iOS<\/h3>\n<p>We recently saw the dangers of corporations abusing iOS features intended for internal company use being used in consumer apps when Facebook and Google abused Apple&#8217;s Enterprise Developer Program to give their analytics apps staggering power to spy on users who agreed to side-load the apps and install their matching configuration profile. When news broke of the dodgy apps, Apple responded by revoking the developer certs and cracking down on inappropriate users of enterprise developer certs in general.<\/p>\n<p>It turns out the Enterprise Developer Program was not the only enterprise feature being abused.<\/p>\n<p>Mobile Device Management, or MDM, is a suite of APIs that is starting to standardise across OSes which is designed to allow enrolled devices to be centrally controlled. MDM is designed to allow organisations to manage fleets of mobile devices they own. When a device is enrolled in an organisation&#8217;s MDM service that organisation&#8217;s IT department effectively get total control over that device. They can impose security requirements above and beyond what the OS requires by default, like requiring a long alphanumeric password. They can push settings to the devices, including settings for specific apps, and they can even push apps to the devices. They can also impose restrictions on feature and app usage, perhaps disabling the camera, or restricting browsing to certain well-trusted sites. A device enrolled in an organisation&#8217;s MDM service can even be remotely wiped by the IT department.<\/p>\n<p>It&#8217;s difficult to overstate the amount of power an MDM service operator has over-enrolled devices.<\/p>\n<p>So, a corporate context, MDM is a sensible and necessary tool. But it has no place in a consumer app! The fact that MDM APIs allow control over apps means some developers have used MDM to implement non-standard parental control features. Users of these consumer apps must enroll them into an MDM service operated by the software vendor, effectively giving that vendor total control over thousands of devices they do not own.<\/p>\n<p>To say this is open to potential abuse is putting it mildly!<\/p>\n<p>Apple became aware of this behaviour some time ago, and have been quietly working to remove these abuses of MDM from the app store.<\/p>\n<p>Why talk about this now? Because the NYT wrote a click-bait article that tried to spin this story into a scandal about Apple prioritising their own apps over third-party apps. The article is deeply flawed journalistically, and commits the cardinal sin of excerpting a statement from Apple for the piece so it omitted key points.<\/p>\n<p>Basically, Apple took pro-active action to nip a potentially very dangerous privacy and security problem in the bud, and the NYT tried to turn it into a scandal. Of course, had Apple not taken action to protect users, they would have been rightly pilloried in the press for not protecting children!<\/p>\n<h4>Links:<\/h4>\n<ul>\n<li>The original NYT article \u2014 <a href=\"https:\/\/www.nytimes.com\/2019\/04\/27\/technology\/apple-screen-time-trackers.html\">www.nytimes.com\/\u2026<\/a><\/li>\n<li>Apple&#8217;s official response: <a href=\"https:\/\/www.apple.com\/newsroom\/2019\/04\/the-facts-about-parental-control-apps\/\">The facts about parental control apps \u2014 www.apple.com\/\u2026<\/a><\/li>\n<li>Excellent analysis from Rene Richie which explains the facts very well, and highlights the journalistic flaws in the NYT article \u2014 <a href=\"https:\/\/www.imore.com\/why-apple-pulled-screen-time-apps-app-store\">www.imore.com\/\u2026<\/a><\/li>\n<li>A good but short summary from Dave Mark at The Loop \u2014 <a href=\"http:\/\/www.loopinsight.com\/2019\/04\/29\/apple-the-facts-about-parental-control-apps\/\">Apple: The facts about parental control apps \u2014 www.loopinsight.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Security Medium 2 \u2014 Understanding Today&#8217;s CyberCrime Economy<\/h3>\n<h4>The Black Market for Credit Cards is Changing<\/h4>\n<p>One of my favourite catch phrases is <em>&#8216;follow the money&#8217;<\/em>. If you want to understand human behaviour, figure out who getting paid by who for what!<\/p>\n<p>Two stories broke this week that shed light on how cybercriminals are making money in 2019, and what that means for us.<\/p>\n<p>Firstly, the fact that the US is finally moving away from mag stripe credit cards to chip and pin is having massive effects on the stolen credit card markets. Card skimming is becoming much less lucrative, because it only works in places that will accept a mag stripe card. This is driving a resurgence in so-called <em>&#8216;card not present&#8217;<\/em> credit card fraud. What this means in practical terms is that there is much less money to be made from compromising credit card terminals in physical stores (like Target), and much more money to be made in stealthy long-term compromises at online organisations that take card payments (like hotels).<\/p>\n<p>You can read more about this change at Krebs on Security \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2019\/04\/data-e-retail-hacks-more-lucrative-than-ever\/\">krebsonsecurity.com\/\u2026<\/a><\/p>\n<h4>Password Reuse Now Powers a Mature Cybercrime Industry<\/h4>\n<p>Secondly, security researchers have described in detail the underground market place for username and password combinations. The picture that emerges is of a well developed and mature industry which uses leaked passwords as its raw materials.<\/p>\n<p>This black-market economy works something like this. Firstly, password breaches are so ubiquitous that anyone can trivially get their hands on a database of millions of username\/email and password combinations. Using these as their raw material, attackers automate bulk-testing of these credentials against high-value sites in the knowledge that many people re-use passwords. Whenever they find a match they immediately log out, leaving as. few digital footprints as they can. These known-good logins are then sold on black market places.<\/p>\n<p>This kind of mass-testing of leaked credentials from other sites against popular sites has been named <em>credential stuffing<\/em>.<\/p>\n<p>You can read more about this impressively resourced and lucrative underground industry in this report \u2014 <a href=\"https:\/\/www.recordedfuture.com\/credential-stuffing-attacks\/\">The Economy of Credential Stuffing Attacks \u2014 www.recordedfuture.com\/\u2026<\/a>. Security Now Episode 712 goes through this same report in some detail \u2014 <a href=\"https:\/\/www.grc.com\/sn\/sn-712.htm\">www.grc.com\/\u2026<\/a><\/p>\n<p>The bottom line is that password re-use is absolutely not conscionable anymore in 2019 \u2014 if you&#8217;re still doing it you&#8217;re putting yourself a great risk, and you&#8217;re helping fund dangerous cybercriminals, which is bad for our entire global society.<\/p>\n<h3>Security Medium 3 \u2014 Facebook Rolls Out a New Look with a New Privacy Focus<\/h3>\n<p>Mark Zuckerberg revealed a new design for Facebook&#8217;s interface at this year&#8217;s F8 Facebook developer conference. The new interface aims to steer users towards using private group chats rather than making public postings. Zuckerberg&#8217;s presentation was entirely themed around privacy, and he repeatedly stressed that private chats will be end-to-end encrypted so Facebook will not be able to see the content of the conversations.<\/p>\n<p>Clearly, Facebook have realised that they are losing the PR battle when it comes to privacy and that they have to make changes. But what does this really mean?<\/p>\n<p>Does it mean Facebook are fundamentally changing their business model? If they can&#8217;t read everything their users type into the service, can they maintain their profile-building and ad-selling business model? Yes, absolutely!<\/p>\n<p>The actual content of communications is not actually all that valuable when it comes to building out user profiles, what&#8217;s really valuable is the context, and Facebook are losing none of that. They will know who you are talking to, when, and for how long. They know what humans you have relationships with, what organisations you have relationships with, and they are still following you all over the web at all times thanks to their ubiquitous &#8216;like&#8217; buttons and tracking cookies.<\/p>\n<p>You can even argue that moving conversations from public to private is a big win for Facebook, because they can&#8217;t be expected to police or moderate end-to-end encrypted communications they can&#8217;t even see! Policing a virtual town square is proving to be a challenge, but there&#8217;s no expectation on Facebook to police virtual homes.<\/p>\n<p>When you follow the money, what you find is that nothing has really changed. Facebook is still <a href=\"https:\/\/bartb.ie\/freepi\"><em>FreePI<\/em><\/a> \u2014 their customers continue to be advertisers, and their product continues to be their users&#8217; profiles and attention.<\/p>\n<p>Speaking of money \u2014 Facebook&#8217;s earnings were released this week, and despite all the recent scandals, their earnings are up! Clearly, we cannot rely on market forces to protect users by punishing Facebook financially for bad behaviour. If you think about how Facebook make their money, that actually makes perfect sense. Invading users privacy does not make Facebook less valuable to advertisers, it makes them <strong>more<\/strong> valuable!<\/p>\n<h4>Links<\/h4>\n<ul>\n<li>A report describing Zuckerberg&#8217;s presentation at the F8 conference \u2014 <a href=\"https:\/\/www.nytimes.com\/2019\/04\/30\/technology\/facebook-private-communication-groups.html\">www.nytimes.com\/\u2026<\/a><\/li>\n<li><strong>Analysis:<\/strong> <a href=\"https:\/\/theoutline.com\/post\/7377\/facebook-is-trying-to-make-the-word-private-meaningless?zd=1&amp;zi=rhdgpadu\">Facebook is trying to make the word \u201cprivate\u201d meaningless \u2014 theoutline.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.barrons.com\/articles\/facebook-stock-is-up-because-its-earnings-report-was-mostly-positive-51556138491\">Facebook Stock Is Up Because Its Earnings Report Was Mostly Positive \u2014 www.barrons.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Notable News<\/h3>\n<ul>\n<li>&#x1f1f7;&#x1f1fa; <a href=\"https:\/\/www.macobserver.com\/link\/vladimir-putin-russia-sovereign-internet-bill\/\">Vladimir Putin Approves Russia \u2018Sovereign Internet\u2019 Bill \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>The spring 2019 feature updates for Windows 10 and Windows Server drop the long-standing and much-bemoaned default 60-day password expiration policy \u2014 <a href=\"https:\/\/arstechnica.com\/?p=1496017\">arstechnica.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/26\/microsoft-drops-password-expiration-from-windows-10-security\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Surprising no one, security researchers have found that piracy streaming devices are often stuff with malware \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/29\/piracy-streaming-apps-are-stuffed-with-malware\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f9ef;There have been many hyperbolic media reports describing an interesting new malware proof of concept named <em>ExtraPulsar<\/em> as being <em>&#8216;undetectable&#8217;<\/em>, that&#8217;s not actually true. While the released code is very cool, and it uses some novel techniques to improve on techniques used by the <em>DoublePulsar<\/em> malware leaked from the NSA, there&#8217;s absolutely no need for regular users to panic about this. The release code can&#8217;t be used in real-world attacks on modern and patched versions of Windows, and this type of malware can absolutely be detected by security and AV products \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/25\/extrapulsar-backdoor-based-on-leaked-nsa-code-what-you-need-to-know\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Security researchers warn that the fingerprint scanner on the new Nokia 9 smartphone appears to be extremely poorly implemented, being easily fooled by other people&#8217;s fingers, and apparently even random objects like chewing gum packets \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/23\/phone-fingerprint-scanner-fooled-by-chewing-gum-packet\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; US courts continue to grapple with the problems of applying the existing constitution and laws in our modern technological world:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/29\/cops-need-warrant-for-both-location-history-and-phone-pinging-says-judge\/\">Cops need warrant for both location history and phone pinging, says judge \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>A warrant that explicitly allows law enforcement to force a suspect&#8217;s finger onto the fingerprint scanner on their phone adds more confusion to the question of how the 5th amendment to the US constitution should apply to deeply personal modern devices with biometric protections \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/26\/cops-can-try-suspects-fingers-on-locked-iphones-found-at-crime-scene\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/03\/google-rolling-out-auto-delete-for-your-location-and-activity-history\/\">Google rolling out auto-delete for your location and activity history \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; The UK government is working on laws for regulating the security of IoT devices, including a mandatory labeling scheme that would force vendors to explicitly state, on the box, how many years of security updates they will be providing for the device \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/uk-cyber-security-laws-iot-devices\/\">www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/02\/is-a-sticky-label-the-answer-to-the-iots-security-problems\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Suggested Reading<\/h3>\n<ul>\n<li>PSAs, Tips &amp; Advice\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/30\/researcher-discovers-inception-attack-on-chrome-mobile\/\">Android users: watch out for this fake address bar trick \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/overcast.fm\/+K8ljSS7gk\">Natural Disasters: Phone, App, and Tech Tips to Help You Survive \u2014 Vector with Rene Ritchie \u2014 Overcast \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/01\/keeping-your-data-safe-when-traveling\/\">Keeping your data safe when traveling \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-reset-the-advertising-identifier-on-your-mac-ios-device-or-apple-tv\/\">How to Reset the Advertising Identifier on your Mac, iOS Device, or Apple TV \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Notable Breaches &amp; Privacy Violations\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/01\/mystery-database-exposes-data-on-80-million-us-households\/\">Mystery database exposes data on 80 million US households \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><em>WiFi Finder<\/em>, a wifi hotspot finding app collected and then leaked a database of 2 million wifi network passwords \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/23\/hotspot-finder-app-blabs-2-million-wi-fi-network-passwords\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/30\/docker-breach-of-190000-users-exposes-lack-of-two-factor-authentication\/\">Docker breach of 190,000 users exposes lack of two-factor authentication \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/02\/extortionists-leak-data-of-huge-firms-after-it-provider-refuses-to-pay\/\">Extortionists leak data of huge firms after IT provider refuses to pay \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>News\n<ul>\n<li>&#x2b50;&#xfe0f; &#x1f1fa;&#x1f1f8; Testimony from US Customs &amp; Border Patrol reveals the have effectively unlimited and arbitrary power to cease any electronic device at US borders \u2014 <a href=\"https:\/\/www.aclu.org\/blog\/privacy-technology\/privacy-borders-and-checkpoints\/we-got-us-border-officials-testify-under\">www.aclu.org\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; &#x1f1fa;&#x1f1f8; The WSJ is reporting that the NSA have asked the Whitehouse to end the so-called CDR (Call Data Records) phone surveillance program because the cost of running it out-weighs the intelligence value it provides \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/26\/nsa-asks-to-end-mass-phone-surveillance\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; A security researcher has found a dangerous vulnerability in a peer-to-peer API used widely in IoT products from many vendors. What makes things even worse is that the problem seems to be impractical if not impossible to fix \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2019\/04\/p2p-weakness-exposes-millions-of-iot-devices\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/pajbj8\/slack-warns-investors-its-a-target-for-nation-state-hacking\">Slack Warns Investors It&#8217;s a Target for Nation-State Hacking \u2014 motherboard.vice.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/krebsonsecurity.com\/2019\/05\/credit-union-sues-fintech-giant-fiserv-over-security-claims\/\">Credit Union Sues Fintech Giant <em>Fiserv<\/em> Over Security Claims \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/02\/us-government-halves-deadline-for-applying-critical-patches-to-15-days\/\">US Government halves deadline for applying critical patches to 15 days \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Opinion &amp; Analysis\n<ul>\n<li>&#x2b50;&#xfe0f; A great article from Ars Technica throwing some cold water on a lot of the hyperbole around the Huawei and Vodafone Italy story \u2014 <a href=\"https:\/\/arstechnica.com\/?p=1498049\">arstechnica.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.macobserver.com\/columns-opinions\/editorial\/notarization-apple-greatly-reduce-malware-on-macs\/\">With Notarization, Apple Moves to Greatly Reduce Malware on Macs \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.recode.net\/2019\/3\/8\/18245536\/exclusive-twitter-healthy-conversations-dunking-research-product-incentives\">Exclusive: Inside Twitter\u2019s secret plan to kill \u201cdunking\u201d  \u2014 www.recode.net\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/05\/03\/criminals-are-hiding-in-telegram-but-backdoors-are-not-the-answer\/\">Criminals are hiding in Telegram \u2013 but backdoors are not the answer \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Propellor Beanie Territory\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/gizmodo.com\/a-new-storage-breakthrough-could-squeeze-a-librarys-wor-1834471686\">A New Storage Breakthrough Could Squeeze a Library&#8217;s Worth of Data Into a Teaspoon of Protein \u2014 gizmodo.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; Beta versions of the next iOS and macOS add interesting new tweaks to how Apple&#8217;s <em>Intelligent Tracking Protection<\/em> deals with cookies. The end result is likely to make persistent tracking much harder \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/product-news\/intelligent-tracking-prevention-2-2\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/04\/29\/nist-tool-boosts-chances-of-finding-dangerous-software-flaws\/\">NIST tool boosts chances of finding dangerous software flaws \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Palate Cleansers<\/h3>\n<ul>\n<li>&#x1f3a6; Watch the great computing pioneer Grace Hopper explain her famous portable nanosecond \u2013 <a href=\"http:\/\/www.loopinsight.com\/2019\/05\/03\/what-is-a-nanosecond-anyway-computing-pioneer-grace-hopper-shows-us\/\">www.loopinsight.com\/\u2026<\/a><\/li>\n<li>&#x1f508; A thoughtful discussion of the effect social media is having on elections around the world on BBC World&#8217;s <em>The Real Story<\/em> podcast \u2014 <a href=\"https:\/\/overcast.fm\/+Ip8z8NBic\">overcast.fm\/\u2026<\/a><\/li>\n<li>&#x1f508; The fascinating story of the CAPTCHA explained on the great Planet Money podcast \u2014 <a href=\"https:\/\/overcast.fm\/+HuIgzVmXQ\">overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<p><em><strong>Note:<\/strong> When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Followups Marcus Hutchins, the young security researcher who shot to fame by killing the WannaCry malware and then to infamy when he was arrested and charged with cyber crimes while traveling to the US to present at a security conference, has pleaded guilty to writing and selling banking malware. The offences pre-date his work as [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":16218,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[46,3380,156,3379,135,114,50,569,1743],"class_list":["post-18259","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-apple","tag-cybercrime","tag-facebook","tag-parental-controls","tag-passwords","tag-privacy","tag-security","tag-security-bits","tag-wannacry"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2018\/08\/PBS_logo-16-grey.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/18259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=18259"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/18259\/revisions"}],"predecessor-version":[{"id":18261,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/18259\/revisions\/18261"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/16218"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=18259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=18259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=18259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}