{"id":20413,"date":"2020-02-23T15:48:58","date_gmt":"2020-02-23T23:48:58","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=20413"},"modified":"2020-02-25T04:56:43","modified_gmt":"2020-02-25T12:56:43","slug":"sb-2020-02-23","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/02\/sb-2020-02-23\/","title":{"rendered":"Security Bits \u2014 23 February 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Developments in the Avast Browser History Data Sales story:\n<ul>\n<li><a href=\"https:\/\/arstechnica.com\/tech-policy\/2020\/01\/avast-kills-off-jumpshot-the-subsidiary-that-sold-all-your-web-data\/\">Avast kills off Jumpshot, the subsidiary that sold all your Web data \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li>&#x1f1e8;&#x1f1ff; <a href=\"https:\/\/www.pcmag.com\/news\/czech-authorities-to-probe-avast-over-selling-users-browser-histories\">Czech Authorities to Investigate Avast Over Sale of Users&#8217; Browser Histories \u2014 www.pcmag.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/12\/us-charges-four-chinese-military-members-with-equifax-hack\/\">US charges four Chinese military members with Equifax hack \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/techcrunch.com\/2020\/02\/14\/class-action-suit-against-clearview-ai-cites-illinois-law-that-cost-facebook-550m\/\">Class action suit against Clearview AI cites Illinois law that cost Facebook $550M \u2014 techcrunch.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; Another twist in the net neutrality saga in the US: <a href=\"https:\/\/www.theregister.co.uk\/2020\/02\/21\/fcc_net_neutrality\/\">FCC forced by court to ask the public (again) if they think tearing up net neutrality was a really good idea or not \u2014 www.theregister.co.uk\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> &#x1f3a7; A very informative and fair interview with FCC chair Ajit Pai: <a href=\"https:\/\/overcast.fm\/+WaLEo-Yko\">Freakonomics Radio: Can You Hear Me Now? \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>The perennial internet regulation issue continues to develop:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/19\/facebook-asks-to-be-regulated-kinda-like-a-newspaper-kinda-like-telco\/\">Facebook asks to be regulated kinda like a newspaper, kinda like telco \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/17\/senator-calls-for-dedicated-us-data-protection-agency\/\">Senator calls for dedicated US data protection agency \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/9to5mac.com\/2020\/02\/21\/backdoor-to-encryption\/#more-633323\">Backdoor to encryption back on agenda in absurdly named bill \u2014 9to5mac.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Google continues to fight back against malicious apps and browser plugins on its various platforms:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/17\/google-pulls-500-malicious-chrome-extensions-after-researcher-tip-off\/\">Google pulls 500 malicious Chrome extensions after researcher tip-off \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/google-removes-hundreds-of-app-from-play-store-for-violating-ads-policy\/\">Google Removes Hundreds of App From Play Store For Violating Ads Policy \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>FIDO support continues to expand:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/19\/openssh-eases-admin-hassles-with-fido-u2f-token-support\/\">OpenSSH eases admin hassles with FIDO U2F token support \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Apple has joined the FIDO Alliance \u2014 <a href=\"https:\/\/www.imore.com\/apple-has-joined-fido-alliance-and-will-help-new-authentication-standards\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.forbes.com\/sites\/kateoflahertyuk\/2020\/02\/12\/apple-just-made-a-striking-new-security-move-that-could-impact-all-users\/#454c95931a7e\">www.forbes.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Deep Dives<\/h2>\n<h3>Deep Dive 1 \u2014 The <em>Sweyntooth<\/em> Bluetooth Bugs<\/h3>\n<p>Security researchers have released details on a whole family of loosely related BlueTooth bugs which they&#8217;ve named after Sweyn,  the son of the Danish king Harold Bluetooth, after whom the wireless standard is named (and who&#8217;s rune is used as the Bluetooth icon).<\/p>\n<p>These bugs exist in the firmware for countless Bluetooth devices, and their effects vary from locking up the devices or forcing them to reboot all the way to full security bypasses allowing unauthorised pairing and full control of the devices and access to all data stored on them. Thankfully all these bugs require attackers to be within Bluetooth range of vulnerable devices.<\/p>\n<p>At the root of the problem are a host of similar bugs in the Software Development Kits (or SDKs) provided by at least seven system-on-a-chip (SOC) vendors to allow Bluetooth device manufacturers build firmwares for their devices.<\/p>\n<p>Imagine you want to build a Bluetooth headset. You would source a Bluetooth SOC, then you would write the firmware for your device, and you would do that using an SDK provided to you by the company that makes the SOC you have chosen to use. If you used a vulnerable SDK you would need to update your copy of the SDK, re-build your firmware, then make it available to all your customers.<\/p>\n<p>The good news is that security researchers have been working with vendors since last summer to responsibly disclose the bug and get patches out, but that can only possibly help protect users of devices that actually get firmware updates, and even then, many devices have no mechanism for alerting users that an update exists, so many potential updates will never get applied. The inevitable end result will be millions of vulnerable Bluetooth devices out there for years to come &#x1f641;<\/p>\n<p>One important silver lining here is that the more high-end and advanced the device, the more likely it is to get patched. This won&#8217;t be a problem for things like high-end smartphones under active support, or high-end headphones like Air Pods. Instead, it&#8217;s going to be a bigger issue for cheaper less advanced devices, and they are less likely to be involved with very sensitive information.<\/p>\n<p>What can you do to protect yourself? You can&#8217;t practically protect yourself fully, but you can limit your exposure by:<\/p>\n<ul>\n<li>Only buying Bluetooth devices from reputable firms.<\/li>\n<li>Installing all firmware updates available.<\/li>\n<li>Being aware that anything you do over a Bluetooth you don&#8217;t know has been properly secure could well be insecure.<\/li>\n<\/ul>\n<h4>Link<\/h4>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/14\/bluetooth-bugs-researchers-find-10-sweyntooth-security-holes\/\">Bluetooth bugs \u2013 researchers find 10 \u201cSweyntooth\u201d security holes \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 2 \u2014 More Malware on Macs than Windows? Really?<\/h2>\n<p>AV vendor Malware bytes made a big splash when they released a report stating they had blocked more malware per-end-point on Macs than PCs in 2019.<\/p>\n<p>The problem with this approach is that it inherently assumes that all threats are equal \u2014 that plugin that injects ads into your browser is the same as ransomware that encrypts all your files and extorts you for millions!<\/p>\n<p>Unsurprisingly, what we find is that the problems affecting Mac users are generally self-inflicted, being trojans rather than viruses or worms and that Apple&#8217;s default settings and protections would protect users just as well as an AV product does!<\/p>\n<p>This story isn&#8217;t the paradigm-shifting change the headlines might have led you to believe. I&#8217;ve not changed my calculus on running AV on Macs \u2014 I don&#8217;t, and I don&#8217;t recommend others do either. AV runs at a very high privilege level and is very complex code \u2014 that&#8217;s a really dangerous mix for introducing security vulnerabilities. IMO the risks posted by running AV on Macs still out-weight the very small potential benefits. Much more important is to keep the default settings preventing the execution of unsigned apps and enabling automatic updating of XProtect settings from Apple daily.<\/p>\n<h4>Links<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/malwarebytes-malware-threats-endpoint-mac-double-windows\">Malwarebytes: Malware threats per endpoint on Mac double that of Windows \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.tomshardware.com\/news\/mac-malware-research-cybersecurity-windows-malwarebytes\">Research: Macs Saw Almost Twice as Much Malware as Windows PCs in 2019 \u2014 www.tomshardware.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.loopinsight.com\/2020\/02\/13\/malware-threats-on-macs-outpace-windows-for-first-time-ever\/\">Malware threats on Macs outpace Windows for first time ever \u2014 www.loopinsight.com\/\u2026<\/a><\/li>\n<li><strong>Related Opinion:<\/strong> <a href=\"https:\/\/daringfireball.net\/linked\/2020\/02\/21\/mac-scamware\">The State of Scamware on the Mac \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>This month&#8217;s Patch Tuesday saw security updates from Microsoft and Adobe, including a fix for a zero-day being actively exploited in IE. Be sure to apply these patches promptly! \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2020\/02\/microsoft-patch-tuesday-february-2020-edition\/\">krebsonsecurity.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/13\/ie-zero-day-and-heap-of-rdp-flaws-fixed-in-february-patch-tuesday\/\">IE zero-day and a heap of RDP flaws fixed in February Patch Tuesday \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Adobe released further out-of-band patches a week after Patch Tuesday: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/21\/adobe-fixes-critical-flaws-in-media-encoder-and-after-effects\/\">Adobe fixes critical flaws in Media Encoder and After Effects \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Dell has patched a critical bug in a support app it ships with most of its Windows computers. If you own a Dell you should be sure it has all the latest updates from Dell \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/13\/dell-fixes-privilege-elevation-bug-in-support-software\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Critical bugs have been found in two very popular WordPress plugins:\n<ul>\n<li>A critical bug has been patched in the very popular <em>GDPR Cookie Consent plugin<\/em> WordPress plugin \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/14\/cookie-nabbing-app-could-have-served-users-side-helping-of-xss\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>A critical bug has been patched in the popular <em>Demo Importer<\/em> plugin from ThemeGrill \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/19\/wordpress-plugin-hole-could-have-allowed-attackers-to-wipe-websites\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>Be careful where you (and your friends\/family\/acquaintances) post WhatsApp private group chat invite links \u2014 if they appear on the public web, they will be indexed by search engines, and can the found with easy searches. Security researchers have found that Google has indexed almost half a million such invite links: <a href=\"https:\/\/www.vice.com\/en_us\/article\/k7enqn\/google-is-letting-people-find-invites-to-some-private-whatsapp-groups\">Google Is Letting People Find Invites to Some Private WhatsApp Groups \u2014 www.vice.com\/\u2026<\/a><\/li>\n<li>Notable Data Breaches:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/19\/private-photos-leaked-by-photosquareds-unsecured-cloud-storage\/\">Private photos leaked by PhotoSquared\u2019s unsecured cloud storage \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.zdnet.com\/article\/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum\/\">Details of 10.6 million MGM hotel guests posted on a hacking forum \u2014 www.zdnet.com\/\u2026<\/a> (No financial data, so the biggest danger would be well targeted believable phishing attacks)<\/li>\n<li><\/li>\n<\/ul>\n<\/li>\n<li>PSA: <a href=\"https:\/\/tidbits.com\/2020\/02\/18\/double-check-your-iphones-medical-id-emergency-contacts\/\">Double-Check Your iPhone\u2019s Medical ID Emergency Contacts \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Two major IoT vendors move to force 2FA for all users:\n<ul>\n<li>Google made use of Safer Internet Day to announce plans to force app Nest users to enable 2FA on their accounts \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/13\/google-to-force-nest-users-to-turn-on-2fa\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/20\/ring-makes-2fa-mandatory-to-keep-hackers-out-of-your-doorbell-account\/\">Ring makes 2FA mandatory to keep hackers out of your doorbell account \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Western government agencies warn of nation-state-sponsored attacks on western IT infrastructure:\n<ul>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/10\/fbi-director-warns-of-sustained-russian-disinformation-threat\/\">FBI director warns of sustained Russian disinformation threat \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/11\/officials-raise-alarm-about-chinese-hacking\/\">Officials raise alarm about Chinese hacking \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.zdnet.com\/article\/us-cyber-command-dhs-and-fbi-expose-new-north-korean-malware\/\">US Cyber Command, DHS, and FBI expose new North Korean malware \u2014 www.zdnet.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; &#x1f1ec;&#x1f1e7; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/21\/us-and-uk-call-out-russian-hackers-for-georgia-attacks\/\">US and UK call out Russian hackers for Georgia attacks \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Governments abusing private corporations to get spy tools into foreign countries appear to be both real and nothing new:\n<ul>\n<li><a href=\"https:\/\/arstechnica.com\/tech-policy\/2020\/02\/us-gave-allies-evidence-that-huawei-can-snoop-on-phone-networks-wsj-says\/\">US says it can prove Huawei has backdoor access to mobile-phone networks \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.stuff.co.nz\/world\/americas\/119462712\/germanus-spies-owned-encryption-company-used-by-allies-and-adversaries\">German\/US spies owned encryption company used by allies and adversaries \u2014 www.stuff.co.nz\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> I get why the US are so sure China uses private companies to spy on their adversaries now \u2014 they&#8217;re doing it, so of course everyone else must be too!)<\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; The FBI have released their 2019 annual cybercrime report. There were about 1,300 cybercrimes per day in the US, costing victims about $3.5Bn. The age group to suffer most was the over 60s, being defrauded for over $835K \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/13\/fbi-cybercrime-tore-a-3-5b-hole-in-victims-pockets-last-year\/\">nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li>Download the full report in PDF format \u2014 <a href=\"https:\/\/pdf.ic3.gov\/2019_IC3Report.pdf\">pdf.ic3.gov\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Microsoft have released a preview version of their enterprise <em>Advanced Threat Protection<\/em> end-point for Linux, and let it be known that there is a version of Defender ATP on the way for iOS &amp; Android. At the moment there are no details of who this product is even targeted at, let alone what it can do, but there will be more details released at the RSA Conference in SF next week. (<strong>Editorial by Bart:<\/strong> to date everything branded with ATP has been aimed at corporate IT, not home users, my expectation is the same will be true of these new products) \u2014 <a href=\"https:\/\/www.macrumors.com\/2020\/02\/20\/microsoft-defender-atp-ios-android\/\">www.macrumors.com\/\u2026<\/a><\/li>\n<li>Don&#8217;t feel too bad if you make a security boo boo, it happens to the big-boys too: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/11\/facebooks-twitter-and-instagram-accounts-hijacked\/\">Facebook\u2019s Twitter and Instagram accounts hijacked \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li>The 11th of February was <em>Safer Internet Day<\/em>, resulting in some nice pithy advice articles, ideal for sharing with less tech-savvy friends and family:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/11\/5-tips-for-you-and-your-family-on-safer-internet-day\/\">5 tips for you and your family on Safer Internet Day \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/02\/11\/5-tips-for-businesses-on-safer-internet-day\/\">5 tips for businesses on Safer Internet Day \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Looking for a new Backup drive? Check to see which ones are living longest in the real world: <a href=\"https:\/\/www.backblaze.com\/blog\/hard-drive-stats-for-2019\/\">Backblaze Hard Drive Stats for 2019 \u2014 www.backblaze.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2020\/02\/11\/how-apple-intercepts-and-reads-emails-when-it-finds-child-abuse\/#7cdde3f631c2\">How Apple \u2018Intercepts\u2019 And Reads Emails When It Finds Child Abuse \u2014 www.forbes.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality investigative, opinion, and editorial security and privacy related content recommended by Bart.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bbc.co.uk\/news\/extra\/CLQYZENMBI\/amazon-data\">Why Amazon knows so much about you \u2014 www.bbc.co.uk\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.vice.com\/en_us\/article\/pkekmb\/free-email-apps-spying-on-you-edison-slice-cleanfox\">How Big Companies Spy on Your Emails \u2014 www.vice.com\/\u2026<\/a> (Particularly relevant to users of the popular Edison email app)<\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.vice.com\/en_us\/article\/jged4x\/envestnet-yodlee-credit-card-bank-data-not-anonymous\">Leaked Document Shows How Big Companies Buy Credit Card Data on Millions of Americans \u2014 www.vice.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.upguard.com\/breaches\/tetrad-breach-120-million-households\">Household Names: How Tetrad Exposed Data on 120 Million Consumers \u2014 www.upguard.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>&#x1f3a7; The first half-hour-ish of this episode excellently explains the important difference between Machine Learning (ML) and true Artificial Intelligence (AI): <a href=\"https:\/\/overcast.fm\/+IsN7a8x0\">Apple Context Machine Ep. 525: AI vs. Machine Learning, Our New Macs, Oak Island \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>&#x1f3a7; World Wise Web is a new BBC World podcast series where youngsters interview important people from the history of tech about their life&#8217;s work. The episodes are short (~10mins), and so far I can recommend them all. This is a great taster episode, interviewing <em>the mother of the internet<\/em> Radia Perlman, the inventor of the Spanning Tree routing protocol that keeps so many of our IP networks functioning day-in-day-out: <a href=\"https:\/\/overcast.fm\/+WgRjKG9Sg\">World Wise Web: Internet networks \u2014 overcast.fm\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/amzn.to\/32lYQ7Q\" target=\"_blank\" rel=\"noopener noreferrer\">Broad Band: The Untold Story of the Women Who Made the Internet by Claire L Evans <\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>pay-wall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Developments in the Avast Browser History Data Sales story: Avast kills off Jumpshot, the subsidiary that sold all your Web data \u2014 arstechnica.com\/\u2026 &#x1f1e8;&#x1f1ff; Czech Authorities to Investigate Avast Over Sale of Users&#8217; Browser [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[102,2060,114,50,569,3965],"class_list":["post-20413","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-bluetooth","tag-malware","tag-privacy","tag-security","tag-security-bits","tag-sweyntooth"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=20413"}],"version-history":[{"count":6,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20413\/revisions"}],"predecessor-version":[{"id":20439,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/20413\/revisions\/20439"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=20413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=20413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=20413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}