{"id":20021,"date":"2020-01-12T12:03:29","date_gmt":"2020-01-12T20:03:29","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=20021"},"modified":"2020-01-12T12:03:29","modified_gmt":"2020-01-12T20:03:29","slug":"sb-2020-01-12","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/01\/sb-2020-01-12\/","title":{"rendered":"Security Bits \u2013 12 January 2020"},"content":{"rendered":"<p><em>Commentary by Allison<\/em> \u2014 Bart is testing out a new format which in <em>theory<\/em> will cut the time it takes him to do Security Bits in half. This week is 4 weeks worth of security news so it&#8217;s not the best test case, but the new format is here.  We welcome feedback on it as always!<br \/>\n<!--more--><\/p>\n<h3>Feedback &amp; Followups<\/h3>\n<h4>Listener Feedback<\/h4>\n<blockquote><p>\n  Hi Allison,<\/p>\n<p>  Just want to clarify a law in regards to the Singapore law that Bart was talking about.<\/p>\n<p>  The law states that if the government finds a post that is considered fake news, the original post is to remain but Facebook (or whoever) has to add a section to it stating that the Singapore government considers this fake news and the carry a link to a page that would explain why the Singapore government considers it fake.<\/p>\n<p>  So all Singaporeans who view this page would be allowed to read the government\u2019s side of the story and it would be up to the user to decide who is right.<\/p>\n<p>  The law never state that the original post is to be edited by the author or Facebook.<\/p>\n<p>  If you are interested, you can have a read of this article <a href=\"https:\/\/www.straitstimes.com\/singapore\/officials-rebut-bloomberg-scmp-reports-on-pofma\">www.straitstimes.com\/&#8230;<\/a><\/p>\n<p>  I mean, you can look at it from a negative point of view and say that another government is treading on people\u2019s rights. But you can also look at it from the point of view that that everyone should be give a right to read both sides of a statement and make a decision themselves.<\/p>\n<p>  I know that most of your listeners would believe that Singapore is an authoritarian state but if you ever live here or talk to others from USA or UK that live here, that is far from the truth. The government doesn\u2019t listen to all conversations and does not shutdown dissent if they are allowed to rebut. Whether that is the right thing to do is another question.<\/p>\n<p>  And I am critical of my government but in my view this law shouldn\u2019t be a big issue as nobody needs to change their posts if they don\u2019t want to.<\/p>\n<p>  Desmond<br \/>\n  from Singapore\n<\/p><\/blockquote>\n<p>And an addendum from Desmond:<\/p>\n<blockquote><p>\n  Just want to make a correction in my email. It seems that there is part of the law which requires the user to take down their post but it has not been used as of now. But from the looks of it, I think this part will be used if it is somehow related to national security (an overused phrase that is so loaded).  There are of course appeals to the directive the highest of which is going to court.\n<\/p><\/blockquote>\n<h4>Updates\/Developments<\/h4>\n<ul>\n<li>The human review\/grading &#8220;gate&#8221; from a few months ago has developed an embarrassing sting in the tail for Microsoft \u2013 a former contractor has spilled the beans on just how badly run the program was, and how little security was in place to protect Skype and Cortana user data \u2014 <a href=\"https:\/\/www.theguardian.com\/technology\/2020\/jan\/10\/skype-audio-graded-by-workers-in-china-with-no-security-measures\">www.theguardian.com\/\u2026<\/a><\/li>\n<li>As part of their on-going effort to fight the trend towards malicious plugins, Mozilla has forced all add-on developers to enable 2FA \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/17\/mozilla-mandates-2fa-security-for-firefox-developers\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Mozilla have added NextDNS as a second built-in DOH provider \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/18\/mozilla-adds-nextdns-to-list-of-dns-over-https-providers\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Elcomsoft have updated their iOS forensics toolkit to make use of the <em>Checkm8<\/em> vulnerability, allowing it to extract a small amount of specific data from locked iPhones \u2014 <a href=\"https:\/\/www.imore.com\/elcomsoft-says-its-ios-forensic-toolkit-can-now-extract-some-data-bfu-mode\">www.imore.com\/\u2026<\/a><br \/>\n> &#8230; almost everything inside the iPhone remains encrypted until the user unlocks it with their passcode after the phone starts up<br \/>\n><br \/>\n> It is the &#8220;almost&#8221; part of the &#8220;everything&#8221; that we target in this update. We&#8217;ve discovered that certain bits and pieces are available in iOS devices even before the first unlock. In particular, some keychain items containing authentication credentials for email accounts and a number of authentication tokens are available before first unlock. This is by design; these bits and pieces are needed to allow the iPhone to start up correctly before the user punches in the passcode.<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/08\/youtube-to-treat-all-kid-aimed-videos-like-theyre-coppa-liable\/\">YouTube to treat all kid-aimed videos like they\u2019re COPPA-liable \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Google have tweaked their Project Zero rules to encourage higher quality patches \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/09\/googles-project-zero-highlights-patch-quality-with-policy-tweak\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1f7;&#x1f1fa; Russia&#8217;s nation-wide intra-net came a step closer: <a href=\"https:\/\/www.zdnet.com\/article\/russia-successfully-disconnected-from-the-internet\/\">Russia successfully disconnected from the internet \u2014 www.zdnet.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.cnbc.com\/2019\/12\/19\/court-awards-80-million-to-consumer-attorneys-in-equifax-case.html\">If you made a claim for $125 from Equifax, you&#8217;re not getting it after court awards nearly $80 million to attorneys \u2014 www.cnbc.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; California&#8217;s big new privacy law, the CCPA (California Consumer Privacy Act), came into force at the start of the year \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/new-california-privacy-law-comes-into-force-tomorrow\/\">www.macobserver.com\/\u2026<\/a>\n<ul>\n<li>&#x1f3a7; <strong>Related Podcast Suggestion:<\/strong> <a href=\"https:\/\/overcast.fm\/+UC_VJEjiY\">Reset: What California\u2019s new data privacy law means for all of us \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>&#x1f9ef;Deep Dive \u2014 Plundervolt<\/h3>\n<p>In December security researchers released details of a bug in some Intel CPUs that they&#8217;ve given the catch name <em>Plundervolt<\/em>.<\/p>\n<p>The vulnerability uses that fact that very subtly reducing the CPU&#8217;s voltage can cause the CPU to start to make predictable mistakes when multiplying numbers together. This can be used to trick SGX (Security Guard Extensions), Intel&#8217;s equivalent of Apple&#8217;s secure enclave, into read the wrong memory address when it&#8217;s trying to read a cryptographic key. This effectively defeats SGX.<\/p>\n<p>Intel have released a BIOS patch that removes the instruction for tweaking the voltage, making the attack impossible.<\/p>\n<p>There&#8217;s no need for regular users to worry because most computers don&#8217;t support SGX, and those that do have it turned off by default, and very few home users would go to the trouble of opening their BIOS settings to turn it on.<\/p>\n<h4>Links<\/h4>\n<ul>\n<li>A really good explanation of how the attack works, what the implications are, and why we don&#8217;t need to stress over it \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/16\/plundervolt-stealing-secrets-by-starving-your-computer-of-voltage\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Action Alerts<\/h3>\n<ul>\n<li>&#x2757;<a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/09\/browser-zero-day-update-your-firefox-right-now\/\">Browser zero day: Update your Firefox right now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>WhatsApp has been patched to fix a bug that could allow an attacker to permanently delete group chats and crash the app \u2014 <a href=\"https:\/\/www.zdnet.com\/article\/this-whatsapp-bug-could-allow-hackers-to-crash-the-app-and-delete-group-chats-forever\/\">www.zdnet.com\/\u2026<\/a><\/li>\n<li>Noteworthy Breaches\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/massive-data-breach-leaves-267-million-facebook-users-data-exposed\">Massive breach leaves 267 million Facebook users&#8217; data exposed \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/techcrunch.com\/2019\/12\/24\/twitter-android-bug-phone-numbers\/\">A Twitter app bug was used to match 17 million phone numbers to user accounts \u2014 techcrunch.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.cnet.com\/how-to\/wyze-camera-data-leak-how-to-secure-your-account-right-now\/\">Wyze camera data leak: How to secure your account right now \u2014 www.cnet.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/07\/google-suspends-xiaomi-from-home-hub-over-camera-privacy-glitch\/\">Google suspends Xiaomi from Home Hub over camera privacy glitch \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Worthy Warnings<\/h3>\n<ul>\n<li>Brian Krebs warns of the rise of a particularly tricky kind of phishing \u2013 fake app permissions requests on OAuth2-based federated login systems like those offered by Office365, GSuite, Facebook &amp; Twitter. These phishes are particularly dangerous because the permissions are not removed by changing your password! \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2020\/01\/tricky-phish-angles-for-persistence-not-passwords\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/01\/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware\/\">US Government-funded Android phones come preinstalled with unremovable malware \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/08\/us-warns-of-iranian-cyber-threat\/\">US warns of Iranian cyber threat \u2014 nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.macobserver.com\/link\/texas-surge-iran-cyber-attacks\/\">Texas Sees Surge in Iranian Cyber Attacks \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.macobserver.com\/link\/fake-military-draft-texts\/\">PSA: People Have Been Getting Fake Military Draft Texts \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Notable News<\/h3>\n<ul>\n<li>The FBI have sent Apple a letter asking for help cracking two iPhones belonging to the shooter who killed 3 at a naval base in Florida in December 2019. The letter makes clear that the FBI have exhausted all avenues other than Apple&#8217;s help \u2014 (<strong>Editorial Note by Bart:<\/strong> I make it a point to avoid naming murders who want to be infamous) \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/09\/fbi-asks-apple-to-help-it-unlock-iphones-of-naval-base-shooter\/\">nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/apple-privacy-director-says-back-doors-iphone-data-cant-help-solve-crimes\">Apple privacy director says back doors to iPhone data can&#8217;t help solve crimes \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related Opinion:<\/strong> <a href=\"https:\/\/www.schneier.com\/blog\/archives\/2019\/12\/scaring_people_.html\">Schneier on Security \u2014 www.schneier.com\/\u2026<\/a><\/li>\n<li><strong>Related Opinion:<\/strong> <a href=\"https:\/\/daringfireball.net\/linked\/2020\/01\/08\/fbi-apple-pensacola-shooter\">FBI vs. iPhone Encryption, Round Two: Pensacola Shooter \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Security Improvements from Apple:\n<ul>\n<li>Apple have published an up-dated platform security guide \u2014 <a href=\"https:\/\/www.imore.com\/apples-new-platform-security-guide-details-security-feature-iphone-ipad-and-mac\">www.imore.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/support.apple.com\/en-ie\/guide\/security\/welcome\/1\/web\">The Guide \u2014 support.apple.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Apple have expanded their bug bounty program to cover all their OSes and increase the maximum payout to $1M \u2014 <a href=\"https:\/\/www.imore.com\/you-could-earn-1-million-through-apples-new-security-bounty-program\">www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/apple-says-its-scanning-photos-uploaded-icloud-weed-out-child-abusers\">Apple says it&#8217;s scanning photos uploaded to iCloud to weed out child abusers \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> An illustration of why Mac users can&#8217;t afford to be careless about security. Note that this malware is a so-called Trojan, so is spreads by tricking users into installing it in some way: <a href=\"https:\/\/www.macobserver.com\/news\/north-korea-upgrades-apple-jeus\/\">North Korea Upgrades \u2018AppleJeus\u2019 Malware for Macs \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Apple, Amazon, Google, the Zigbee Alliance, and other tech companies\/groups join together to form the <em>Connected Home over IP project<\/em>. The aim is to develop a <a href=\"https:\/\/www.imore.com\/apple-joins-amazon-zigbee-alliance-and-others-help-develop-smart-home-connectivity-standard\">single secure standard for IoT devices to interact with all smart assistants \u2014 www.imore.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/apple-publishes-open-source-version-its-homekit-accessory-development-kit\">Apple publishes open-source version of its HomeKit Accessory Development Kit \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/microsoft-project-artemis\/\">Microsoft\u2019s Project Artemis Tool Will Help Find Online Predators \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/protonmail-protoncalendar-beta\/\">ProtonMail Launches ProtonCalendar Beta \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>Notable Social Media News:\n<ul>\n<li><a href=\"https:\/\/www.theverge.com\/2019\/12\/23\/21035855\/twitter-bans-apngs-trolls-seizures-epilepsy-foundation-attack\">Twitter bans A[nimated]PNGs after attack on Epilepsy Foundation handle \u2014 www.theverge.com\/\u2026<\/a><\/li>\n<li>Google have rolled out a new anti-spam\/phishing message validation system for SMS messages received in the Android messages app. Senders need to actively partake in the system, and its currently only available in some countries (US, the UK, Canada, Mexico, India, Brazil, France, the Philippines, &amp; Spain), but it allows the messages app to mark known-genuine messages as such in the app \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/16\/google-adds-verified-sms-and-anti-spam-feature-to-messages-app\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/09\/google-voice-assistant-gets-new-privacy-undo-commands\/\">Google voice Assistant gets new privacy \u2018undo\u2019 commands \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/08\/facebook-bans-deepfakes-but-not-cheapfakes-or-shallowfakes\/\">Facebook bans deepfakes, but not cheapfakes or shallowfakes \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Following the lead of parent company Facebook, Instagram has rolled out new features to combat fake news and hate speech, but with the same exception for politicians \u2014 <a href=\"https:\/\/www.imore.com\/instagram-rolls-out-new-features-combat-fake-news-and-hate-speech\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/19\/instagram-hides-false-content-unless-its-from-a-politician\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Last month Facebook replied to questions from US senators with a reply that seemed to say they continued to track location data by non-GPS means even when users disabled location services access on the Facebook app. The senators followed up with Facebook asking for more clarification, and now Facebook&#8217;s reply has been leaked. We understood them correctly, they do indeed track location even when location services access is denied. The senators are not happy with this response. \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/20\/facebooks-location-tracking-policy-still-worries-us-senators\/\">nakedsecurity.sophos.com\/\u2026<\/a>, <a href=\"https:\/\/www.imore.com\/facebook-tracking-your-location-even-when-you-turn-location-services\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.macobserver.com\/news\/lawmakers-dont-think-facebook-needs-to-constantly-track-your-location\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/techcrunch.com\/2020\/01\/06\/facebook-data-misuse-and-voter-manipulation-back-in-the-frame-with-latest-cambridge-analytica-leaks\/\">Facebook data misuse and voter manipulation back in the frame with latest Cambridge Analytica leaks \u2014 techcrunch.com\/\u2026<\/a><\/li>\n<li>&#x1f1e7;&#x1f1f7; <a href=\"https:\/\/www.macobserver.com\/news\/facebook-receives-1-6-million-fine-from-brazil-over-cambridge-analytica-case\/\">Facebook Receives $1.6 Million Fine From Brazil Over Cambridge Analytica Case \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/23\/facebook-will-stop-mining-contacts-with-your-2fa-number\/\">Facebook will stop mining contacts with your 2FA number \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/twitter-removed-5929-accounts-linked-to-state-backed-information-operations\/\">Twitter Removed 5,929 Accounts Linked to \u2018State-Backed Information Operations\u2019 \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/10\/fake-review-purge-facebook-boots-188-groups-ebay-bans-140-shills\/\">Fake-review purge: Facebook boots 188 groups, eBay bans 140 shills \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; <a href=\"https:\/\/www.macobserver.com\/news\/google-and-facebook-ad-dominance-faces-scrutiny-in-uk\/\">Google And Facebook ad Dominance Faces Scrutiny in UK \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/16\/police-get-unprecedented-data-haul-from-google-with-geofence-warrants\/\">Police get \u201cunprecedented\u201d data haul from Google with geofence warrants \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Top Tips<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/8-mac-security-and-privacy-features-to-set-up-right-away\/\">8 Mac security and privacy features to set up right away \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/how-remotely-help-someone-fix-their-iphone-ipad-and-mac-using-messages-screen-sharing\">How to remotely help someone fix their iPhone, iPad, and Mac using Messages screen sharing \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-remove-gps-location-data-from-photos-on-iphone-or-mac\/\">How to remove GPS location data from photos on iPhone or Mac \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Excellent Explainers<\/h3>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/28\/7-types-of-virus-a-short-glossary-of-contemporary-cyberbadness\/\">7 types of virus \u2013 a short glossary of contemporary cyberbadness \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/icloud-photo-library-and-security-what-you-need-know\">iCloud Photo Library and security: What you need to know! \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/privacyinternational.org\/long-read\/3300\/cloud-extraction-technology-secret-tech-lets-government-agencies-collect-masses-data\">Cloud extraction technology: the secret tech that lets government agencies collect masses of data from your apps \u2014 privacyinternational.org\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Interesting Insights<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.nytimes.com\/interactive\/2019\/12\/19\/opinion\/location-tracking-cell-phone.html\">Twelve Million Phones, One Dataset, Zero Privacy \u2014 www.nytimes.com\/\u2026<\/a>\n<ul>\n<li><strong>Highlight:<\/strong> <a href=\"https:\/\/www.macobserver.com\/link\/nyt-tracked-trump\/\">NYT Reporters Used a Leaked Location Database to Track the President \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><strong>Summary &amp; Analysis:<\/strong> <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/12\/23\/smartphone-location-data-can-be-used-to-identify-and-track-anyone\/\">Smartphone location data can be used to identify and track anyone \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><strong>Critique:<\/strong> <a href=\"https:\/\/daringfireball.net\/linked\/2019\/12\/27\/nyt-ad-tracking-hypocrisy\">The New York Times&#8217;s Hypocrisy on Ad Tracking and Privacy \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/freedom-to-tinker.com\/2019\/12\/21\/every-move-you-make-ill-be-watching-you-privacy-implications-of-the-apple-u1-chip-and-ultra-wideband\/\">Every move you make, I\u2019ll be watching you: Privacy implications of the Apple U1 chip and ultra-wideband \u2014 freedom-to-tinker.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/medium.com\/@rossformaine\/i-was-googles-head-of-international-relations-here-s-why-i-left-49313d23065\">I Was Google\u2019s Head of International Relations. Here\u2019s Why I Left. \u2014 medium.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; <a href=\"https:\/\/overcast.fm\/+B3JUyICmY\">Security Now Ep. 746: A Decade of Hacks \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Palate Cleansers<\/h3>\n<ul>\n<li>&#x1f3a7; I recommend this entire (sadly short) podcast series very highly. Linked is a security-related episode that I think makes the perfect introduction to the show for this audience: <a href=\"https:\/\/overcast.fm\/+U9ZFrFwj0\">Cautionary Tales: The Rogue Dressed as a Captain \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>&#x1f3a7; Another podcast recommendation. Hackable by McAfee is a podcast series that takes a first-hand look at what it&#8217;s like to be exploited by the attacks we hear about in this segment all the time. The host invites security researchers to demonstrate threats to the audience by hacking him or one of his colleagues at McAfee. I&#8217;ve listened to every episode and they&#8217;re all superb, but I think this specific episode will serve as a particularly good introduction to the series: <a href=\"https:\/\/overcast.fm\/+KipwZYz_w\">Hackable?: And We\u2019re In \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>&#x1f3a7; A great holiday special from the wonderful Darknet Diaries podcast \u2013 the true story of a penetration test told as a classic Noir detective story (think Dixon Hill on Star Trek TNG) \u2014 <a href=\"https:\/\/overcast.fm\/+PMNdKFh78\">Darknet Diaries 55: NoirNet \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<p><em><strong>Note:<\/strong> When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Commentary by Allison \u2014 Bart is testing out a new format which in theory will cut the time it takes him to do Security Bits in half. This week is 4 weeks worth of security news so it&#8217;s not the best test case, but the new format is here. We welcome feedback on it as [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[50,569],"class_list":["post-20021","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=20021"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20021\/revisions"}],"predecessor-version":[{"id":20023,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20021\/revisions\/20023"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=20021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=20021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=20021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}