{"id":20261,"date":"2020-02-09T13:23:49","date_gmt":"2020-02-09T21:23:49","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=20261"},"modified":"2020-02-23T10:37:32","modified_gmt":"2020-02-23T18:37:32","slug":"sb-2020-02-09","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/02\/sb-2020-02-09\/","title":{"rendered":"Security Bits \u2014 9 February 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>&#x1f9ef;Intel have released a fix for yet another named bug in performance-enhancing features of their CPUs. This one is named <em>CacheOut<\/em> because it involves cache evictions. The key takeaway is that like the other Spectre\/Meltdown-like bugs, this one can only be exploited in situations where processes belonging to different users share a CPU. This is a big deal for cloud hosting providers (who are busy patching it), but not for regular PC users \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/29\/intel-promises-fix-after-researchers-reveal-cacheout-cpu-flaws\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Social media companies continue in their on-going struggle to tackle the myriad problems on their services:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/27\/tinder-to-get-panic-button-catfish-fighting-facial-recognition\/\">Tinder to get panic button, catfish-fighting facial recognition \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/06\/twitter-bans-deepfakes-but-only-those-likely-to-cause-harm\/\">Twitter bans deepfakes, but only those \u2018likely to cause harm\u2019 \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Facebook have added a new interface for show users&#8217; &#8216;Off Facebook Activity&#8217;\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-view-and-edit-your-off-facebook-activity\/\">How to view and edit your Off-Facebook Activity \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li>A good explainer: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/30\/facebook-knows-a-lot-about-your-online-habits-heres-how-to-stop-it\/\">Facebook knows a lot about your online habits \u2013 here\u2019s how to stop it \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> &#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/31\/facebook-to-pay-550m-to-settle-face-tagging-suit\/\">Facebook to pay $550m to settle face-tagging suit \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/markets.businessinsider.com\/currencies\/news\/mastercard-ceo-ajay-bangea-quit-facebook-libra-red-flags-2020-2-1028871194\">&#8216;This doesn&#8217;t sound right&#8217;: Mastercard&#8217;s CEO ditched Facebook&#8217;s Libra after multiple red flags \u2014 markets.businessinsider.com\/\u2026<\/a><br \/>\n<blockquote><p>\n  &#8220;When you don&#8217;t understand how money gets made, it gets made in ways you don&#8217;t like&#8221;\n<\/p><\/blockquote>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Browsers continue to fight abuses in their browsers and plugin ecosystems:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/28\/mozilla-bans-firefox-extensions-for-executing-remote-code\/\">Mozilla bans Firefox extensions for executing remote code \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/29\/fraud-spike-prompts-chrome-developer-lock-out\/\">Fraud spike prompts Chrome developer lock-out \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/06\/googles-chrome-80-clamps-down-on-cookies-and-notification-spam\/\">Google\u2019s Chrome 80 clamps down on cookies and notification spam \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Google continue their fight to secure their app store: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/06\/android-pulls-24-dangerous-malware-filled-apps-from-play-store\/\">Android pulls 24 \u2018dangerous\u2019 malware-filled apps from Play Store \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Google have launched an open-source project for creating FIDO2\/WebAuthn security tokens \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/03\/google-launches-open-source-security-key-project-opensk\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; In a letter to congress the head of the FCC has revealed that more than one of the cell phone carriers being investigated for selling real-time data violated federal law. The FCC have not yet decided whether or not to prosecute the companies involved. The letter doesn&#8217;t name the companies being investigated, let alone which of them broke the law, but the reporting last year that triggered the investigation showed T-Mobile, Sprint, and AT&amp;T were selling real-time location data \u2014 <a href=\"https:\/\/www.imore.com\/fcc-concludes-one-or-more-carriers-violated-federal-law-selling-real-time-customer-location-data\">www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1ea;&#x1f1fa; The Irish Data Protection Commissioner has launched an investigation into Google to determine whether or not their processing of location data complies with the GDPR \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/google-facing-another-privacy-probe-in-europe\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 1 \u2014 Hardware &amp; Software Caught Spying on Users and Selling Their Data<\/h2>\n<p>Since our last instalment a whole bunch of hardware and software vendors has been caught with their fingers in the proverbial user data cookie jar.<\/p>\n<p>The first company to make the news was Ring (now owned by Amazon). The EFF published their research on the Ring app for Android which showed the app sends personally identifiable information (PII) to at least four trackers.<\/p>\n<p>This research only covered Ring&#8217;s Android app and did not test their iOS app, so I simply don&#8217;t know if Apple&#8217;s more strenuous rules were enough to prevent the same behaviour on iOS.<\/p>\n<p>The other hardware vendor to make the news for all the wrong reasons was Wacom \u2014 the driver for some of their drawing tablets was caught phoning home with a list of every app opened on machines with the driver installed. The reason this tracking came to light is interesting. A user was installing the driver and was about to just click by the privacy statement when they were struck by the obvious question \u2014 <em>&#8216;Why does a device that is essentially a mouse need a privacy policy?&#8217;<\/em><\/p>\n<p>After the story broke Wacom clarified that the data being collected is used purely to help them improve the app, is not sold, and does not contain any PII. Wacom also apologised for not being more up-front about this and pointed out that users can opt out at any time.<\/p>\n<p>Based on the data being collected, and the fact that the collection was discovered in the product&#8217;s actual privacy statement, I (Bart) don&#8217;t think there was any intention to deceive here \u2014 I think it was just a simple lack of awareness of the importance of data transparency on the modern world.<\/p>\n<p>Moving over to software, the first big story to break was a joint investigation by Motherboard and PCMag which revealed that AV firm Avast were collecting very detailed browsing data from their AV users (including browser plugin users) and selling it through a subsidiary named <em>Jumpshot<\/em>. Avast claim there was consent, but it seems it was not informed consent. After the article was published Avast announced it would wind down Jumpshot. It seems unlikely Avast is the only AV vendor doing this. This is a particular concern with any free or under-priced product that has privileged access to your computer \u2014 remember to follow the money to make sure stuff is not <a href=\"https:\/\/www.bartb.ie\/freepi\">FreePI<\/a>!<\/p>\n<p>Finally, While a photo editing app has a lot fewer privileges on your system so it can gather and sell a lot less than an AV can, it turns out even photo editors can get up to some creepy stuff \u2014 listener <code>@zkarj<\/code> highlighted an article from Peta Pixel on the <a href=\"https:\/\/podfeet.com\/slack\">Podfeet Slack<\/a> which shows that Limuinar 4 sends user data to Facebook among others.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>The original Ring article: <a href=\"https:\/\/www.eff.org\/deeplinks\/2020\/01\/ring-doorbell-app-packed-third-party-trackers\">Ring Doorbell App Packed with Third-Party Trackers \u2014 www.eff.org\/\u2026<\/a><\/li>\n<li>Wacom:\n<ul>\n<li>The original article: <a href=\"https:\/\/robertheaton.com\/2020\/02\/05\/wacom-drawing-tablets-track-name-of-every-application-you-open\/\">Wacom drawing tablets track the name of every application that you open | Robert Heaton \u2014 robertheaton.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/wacom-apologizes-confusion-regarding-data-collection\">Wacom apologizes for confusion regarding data collection \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/07\/wacom-driver-caught-monitoring-third-party-software-use\/\">Wacom driver caught monitoring third-party software use \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Avast:\n<ul>\n<li>The original article: <a href=\"https:\/\/www.vice.com\/en_us\/article\/qjdkq7\/avast-antivirus-sells-user-browsing-data-investigation\">Leaked Documents Expose the Secretive Market for Your Web Browsing Data \u2014 www.vice.com\/\u2026<\/a><\/li>\n<li>An interesting post from competitor Intego (including a screenshot of the install-time consent screen used by Avast): <a href=\"https:\/\/www.intego.com\/mac-security-blog\/when-free-means-collects-your-browser-history\/\">When free means \u201ccollects your browser history\u201d \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>The Luminar article: <a href=\"https:\/\/petapixel.com\/2020\/02\/07\/luminar-4-sends-data-to-facebook-in-the-background-by-default\/\">Luminar 4 Sends Data to Facebook in the Background \u2014 petapixel.com\/\u2026<\/a> (&#x1f3a9; @zkarj on <a href=\"https:\/\/podfeet.com\/slack\">Podfeet Slack<\/a>)<\/li>\n<\/ul>\n<h2>The Clearview AI Controversy<\/h2>\n<p>A US startup named <em>Clearview AI<\/em> has sparked a lot of controversy in recent weeks. The company has built an AI-powered search engine which allows photos to be matched to social media profiles. You give the search engine a photo of a random person, and if they are in the DB you&#8217;ll get back all their social media profiles.<\/p>\n<p>Clearview AI are not making this very powerful search tool available to the general public, but are instead selling access to it, including to law enforcement agencies. This has raised privacy concerns and gotten the attention of civil liberties groups.<\/p>\n<p>The database was built up by scraping social media sites, a direct violation of those sites&#8217; terms of service, and hence, of the US Computer Fraud &amp; Abuse Act. Unsurprisingly, the large social media companies are suing Clearview AI.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/28\/facial-recognition-firm-sued-for-scraping-3-billion-faceprints\/\">Facial recognition firm sued for scraping 3 billion faceprints \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/07\/facebook-google-youtube-order-clearview-to-stop-scraping-faceprints\/\">Facebook, Google, YouTube order Clearview to stop scraping faceprints \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<ul>\n<li>Apple have released patches for all their OSes including many critical security fixes \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/29\/apple-patches-critical-bugs-on-iphone-and-mac-update-now\/\">nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li>iOS &amp; iPad OS 13.3.1 include a fix for the bypass found in the new parental controls introduced in iOS 13.3.0 \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/product-news\/ios-13-3-1-update\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li>iOS &amp; iPad OS 13.3.1 include a new toggle switch to fully disable location services, even for controlling the U1 chip (with location services off the chip can&#8217;t function) \u2014 <a href=\"https:\/\/tidbits.com\/2020\/01\/28\/apple-releases-ios-13-3-1-ipados-13-3-1-macos-10-15-3-watchos-6-1-2-and-tvos-13-3-1\/\">tidbits.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/product-news\/macos-terminal-sudo-flaw\/\">\u2018Sudo\u2019 Flaw Found and Patched in macOS Terminal \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/05\/critical-android-flaws-patched-in-february-bulletin\/\">Critical Android flaws patched in February bulletin \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/06\/update-now-whatsapp-flaw-gave-attackers-access-to-local-files\/\">Update now \u2013 WhatsApp flaw gave attackers access to local files \u2014 nakedsecurity.sophos.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.imore.com\/whatsapp-mac-update-patches-security-flaw\">WhatsApp for Mac update patches security flaw \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>Make sure you Philips Hue bulbs are fully patched \u2014 <a href=\"https:\/\/9to5mac.com\/2020\/02\/05\/philips-hue-vulnerability\/\">Philips Hue vulnerability lets hacker control bulbs, could escalate to network \u2014 9to5mac.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<ul>\n<li>Twitter released details of abuses to their API which allowed third parties to map phone numbers to Twitter usernames. This puts users who added phone numbers to their Twitter accounts and left matching based on phone number enabled in their privacy in danger of phishing or even spear-phishing. Now would be a good time to check your privacy settings as described in the linked Naked Security Article, and if you were exposed, be on your guard!\n<ul>\n<li>Twitter&#8217;s announcement \u2014 <a href=\"https:\/\/privacy.twitter.com\/en\/blog\/2020\/an-incident-impacting-your-account-identity\">privacy.twitter.com\/\u2026<\/a><\/li>\n<li>Naked Security&#8217;s Explain with instructions for checking your settings: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/05\/twitter-admits-to-raid-on-users-phone-numbers\/\">Twitter admits to raid on users\u2019 phone numbers \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>A timely warning to be sure to properly configure your Trello boards so you don&#8217;t accidentally expose sensitive data to the world: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/30\/trello-exposed-search-turns-up-huge-trove-of-private-data\/\">Trello exposed! Search turns up huge trove of private data \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>If you use Google Photos be aware that your photos or videos may have been shared with others improperly: <a href=\"https:\/\/www.macobserver.com\/columns-opinions\/editorial\/google-photos-emailed-users-videos-to-strangers\/\">Google Photos Emailed Users\u2019 Videos to Strangers \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/05\/paypal-sms-scams-dont-fall-for-them\/\">PayPal SMS scams \u2013 don\u2019t fall for them! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Be extra vigilant when it comes to emails or other messages about Coronavirus, scammers are preying on people&#8217;s fears, e.g.: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/05\/coronavirus-safety-measures-email-is-a-phishing-scam\/\">Coronavirus \u201csafety measures\u201d email is a phishing scam \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/krebsonsecurity.com\/2020\/01\/sprint-exposed-customer-support-site-to-web\/\">Sprint Exposed Customer Support Site to Web \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/apple-engineers-have-proposal-standardize-two-factor-authentication-messages-and-google-board\">Apple engineers have a proposal to standardize two-factor authentication messages, and Google is on board \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/amazon-transparency-report-2019\/\">Amazon\u2019s 2019 Transparency Report Shows Slight Decline in Government Requests \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; The DHS has used a questionable legal interpretation\/loophole to bypass a court ruling against government use of location data and bought access to a commercial cellphone location tracking service \u2014 <a href=\"https:\/\/www.imore.com\/federal-agencies-reportedly-using-database-track-millions-smartphone-users\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.macobserver.com\/news\/homeland-security-location-data\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<ul>\n<li>January 28th was Data Privacy Day, so there were lots of good tips posted for keeping your data safe:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/01\/28\/5-ways-to-be-a-bit-safer-this-data-privacy-day\/\">5 ways to be a bit safer this Data Privacy Day \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/data-privacy-day-2020\">5 Things You Should Do on your Mac (and One Thing You Shouldn&#8217;t) To Keep Your Data Safe \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/privacy-now\">iPhone Privacy: How to lock down and delete threats to your online information \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/tidbits.com\/2020\/01\/31\/alternative-ways-to-protect-yourself-from-being-spearfished\/\">Alternative Ways to Protect Yourself from Being Spearfished \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<h2>Interesting Insights<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.wired.com\/story\/parents-should-monitor-teens-electronics\/\">I Monitor My Teens&#8217; Electronics, and You Should Too \u2014 www.wired.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-security-in-2019-year-in-review\/\">Apple security in 2019: year in review \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.vice.com\/en_us\/article\/dygy8k\/researchers-find-anonymized-data-is-even-less-anonymous-than-we-thought\">Researchers Find &#8216;Anonymized&#8217; Data Is Even Less Anonymous Than We Thought \u2014 www.vice.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/securing-icloud-why-its-time-end-end-encryption-option-our-backups\">Securing iCloud: Why it&#8217;s time for an end-to-end encryption option for our backups \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<ul>\n<li>&#x1f3a7; The Command Line Heroes podcast from RedHat is back with a new season. The first episode is out: <a href=\"https:\/\/overcast.fm\/+LGh6-OfYo\">Minicomputers: The Soul of an Old Machine \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p><em><strong>Note:<\/strong> When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/em><\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>pay-wall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. &#x1f9ef;Intel have released a fix for yet another named bug in performance-enhancing features of their CPUs. This one is named CacheOut because it involves cache evictions. The key takeaway is that like the other [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[88,114,50,569,2139],"class_list":["post-20261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-antivirus","tag-privacy","tag-security","tag-security-bits","tag-social-media"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=20261"}],"version-history":[{"count":5,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20261\/revisions"}],"predecessor-version":[{"id":20404,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20261\/revisions\/20404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=20261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=20261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=20261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}