{"id":21011,"date":"2020-05-17T13:25:09","date_gmt":"2020-05-17T20:25:09","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=21011"},"modified":"2020-05-17T13:54:15","modified_gmt":"2020-05-17T20:54:15","slug":"sb-2020-05-27","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/05\/sb-2020-05-27\/","title":{"rendered":"Security Bits \u2014 17 May 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Work continues on Apple &amp; Google&#8217;s Exposure Notification API:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/apple-releases-concepts-how-exposure-notification-will-look-ios\">Apple releases concepts for how exposure notification could look on iOS \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-and-google-ban-location-tracking-contact-tracing-apps\">Apple and Google to ban location tracking in contact tracing apps \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-will-let-you-delete-coronavirus-contact-tracing-data-ios-135\">Apple will let you delete coronavirus contact tracing data in iOS 13.5 \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related Opinion:<\/strong> <a href=\"https:\/\/tidbits.com\/2020\/05\/11\/former-apple-engineer-heres-why-i-trust-apples-covid-19-notification-proposal\/\">Former Apple Engineer: Here\u2019s Why I Trust Apple\u2019s COVID-19 Notification Proposal \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Governments around the world continue to work on exposure tracing apps, with varying degrees of success:\n<ul>\n<li>&#x1f1ea;&#x1f1fa; <a href=\"https:\/\/www.imore.com\/european-countries-rally-around-cross-border-contact-tracing-solution\">European countries rally around cross-border contact tracing solution \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; <a href=\"https:\/\/www.imore.com\/uk-now-looking-adopting-apple-and-googles-contact-tracing-tech\">UK now looking into adopting Apple and Google&#8217;s contact tracing tech \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1e6;&#x1f1fa; <a href=\"https:\/\/www.imore.com\/australian-government-admits-its-covidsafe-app-doesnt-work-ios\">Australian government admits its COVIDSafe app doesn&#8217;t work on iOS \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1f8;&#x1f1ec; <a href=\"https:\/\/www.imore.com\/spurred-low-adoption-its-app-singapore-introduces-highly-invasive-mandatory-covid-19-surveillance\">Spurred by low adoption of its app, Singapore introduces highly-invasive, mandatory COVID-19 surveillance \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.imore.com\/utah-rejects-apple-and-google-builds-its-own-contact-tracing-solution\">Utah rejects Apple and Google, builds its own contact tracing solution \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Excellent Related Opinion Piece:<\/strong> <a href=\"https:\/\/www.imore.com\/governments-ignore-apple-and-googles-contact-tracing-technology-their-own-peril\">Governments ignore Apple and Google&#8217;s contact tracing technology at their own peril \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Zoom continues its security &amp; privacy push: <a href=\"https:\/\/www.macobserver.com\/news\/zoom-purchases-end-to-end-encryption-specialist-keybase\/\">Zoom Purchases End-to-End Encryption Specialist Keybase \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>The controversial data-scraping AI facial recognition search engine Clearview has told a US court it will stop selling its product to private companies, and that it will stop selling to any organisation in Illinois, and take steps to stop scraping photos of Illinois residents. The court filings also revealed it is working on a tool to allow people to opt-out of their controversial database \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/11\/clearview-ai-wont-sell-vast-faceprint-collection-to-private-companies\/\">Clearview AI won\u2019t sell vast faceprint collection to private companies \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Social Media companies continue to try clean up their platforms:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/twitter-testing-new-feature-asks-you-rethink-hurtful-language\">Twitter is testing a new feature that asks you to rethink hurtful language \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/twitter-takes-covid-19-misinformation-new-labels\">Twitter takes on COVID-19 misinformation with new labelling system \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/instagrams-new-tools-will-let-you-mass-delete-comments-control-tags-and-mentions\">Instagram&#8217;s new account tools ramps up war against bullying \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Google are continuing to try to clean up their browser extension ecosystem: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/08\/more-crypto-stealing-chrome-extensions-swatted-by-google\/\">More crypto-stealing Chrome extensions swatted by Google \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>The roll-out of DoH continues: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/15\/microsoft-joins-encrypted-dns-club-with-windows-10-option\/\">Microsoft joins encrypted DNS club with Windows 10 option \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive \u2014 The <em>ThunderSpy<\/em> Thunderbolt Vulnerabilities<\/h2>\n<p><em><strong>TL;DR<\/strong> None of these exploits can be carried out remotely, all require physical access, but, they do let attackers extract the contents of your computer&#8217;s RAM, and that&#8217;s extremely dangerous. The only protection is to physically block the port, or, to always power your computer down rather than putting it to sleep while it&#8217;s out of your sight. PCs are much more badly affected than Macs unless you use Bootcamp, in which case you&#8217;re completely open to attack while booted into Windows or Linux on your Mac. These vulnerabilities leave important people exposed, but are unlikely to affect regular folks.<\/em><\/p>\n<p>Security researcher Bj\u00f6rn Ruytenberg from the Eindhoven University of Technology has released a paper detailing seven vulnerabilities in Thunderbolt, and to help make them easier to talk about (or to get more media attention), he&#8217;s given these bugs the catchy name <em>Thunderspy<\/em>.<\/p>\n<p>Thunderbolt&#8217;s big selling point is its speed, and it can achieve that because it has something called Direct Memory Access, or DMA. In effect, Thunderbolt connectors are low-level system busses projected off the motherboard and out into the big bad world. DMA allows Thunderbolt to access RAM without asking the CPU for help or permission! That is inherently dangerous, and the only way to provide any protection is to apply some kind of low-level fire-walling or filtering right on the Thunderbolt controller.<\/p>\n<p>The Thunderbolt spec allows OSes to enable some fire-walling of Thunderbolt DMA, but unfortunately for PC users, Apple are the only OS vendor to deploy support for these features, at least for now. This is why Macs are less susceptible to these bugs.<\/p>\n<p>Before we look at the bugs themselves, it&#8217;s important to underline the danger un-fettered DMA poses \u2014 <strong>an attacker can literally read all the RAM from your computer through your Thunderbolt port!<\/strong> That means every key and password in RAM can be read, <strong>including the keys for things like full disk encryption<\/strong>, and the private keys for any asymmetric encryption you&#8217;re using at the time of the attack.<\/p>\n<p><strong>The only protection is to have nothing in RAM, and the only way to achieve that is to shut the computer down rather than putting it to sleep.<\/strong><\/p>\n<p>All Thunderbolt controllers are made by Intel, and unfortunately, Intel have not done a great job implementing Thunderbolt. The problems fall into two categories:<\/p>\n<ol>\n<li>The specification does not provide any way cryptographic mechanism for digitally signing device metadata, so Thunderbolt devices can be trivially cloned. If your computer trusts a device, an attacker can make their evil hacking dongle appear to be your trusted device.<\/li>\n<li>While the specification does support digitally signed firmware, Intel&#8217;s implementation does a really bad job of checking the signatures, so, while it shouldn&#8217;t be possible to put malicious firmware on Thunderbolt connectors, it actually is.<\/li>\n<\/ol>\n<p>There is no way to fix the first problem without re-designing the specification, so the best we can hope for there is that Thunderbolt 4 addresses this problem.<\/p>\n<p>The second category if problems could be fixed with better Thunderbolt 2 &amp; 3 controllers.<\/p>\n<p>These two different categories of flaw can be exploited in two different ways:<\/p>\n<ol>\n<li><strong>Evil Maid Attacks<\/strong> \u2014 someone with physical knowledge but no technical access could exploit these vulnerabilities if they have access to <strong>both<\/strong> the target computer, and a Thunderbolt device trusted by that computer (like a monitor or a dock). The evil maid would also need to have been given some kind of hardware hacking tool by the mastermind behind the attack. The attack would have two steps:\n<ol>\n<li>Plug the trusted device into the hacking tool so it can clone the metadata<\/li>\n<li>Plug the hacking tool into the target computer while it is on or asleep.<\/li>\n<\/ol>\n<\/li>\n<li><strong>Evil Techie Attacks<\/strong> \u2014 someone with physical access, some tools, and a lot of expertise could open the computer, find the Thunderbolt controller, connect a hacking tool to it, and replace the firmware with malicious firmware.<\/li>\n<\/ol>\n<p>So, just to reiterate, the only reliable defence from both of these scenarios is to keep your computer powered down when it&#8217;s out of your physical control. For regular people that probably only comes into play when crossing borders into or out of countries with governments you don&#8217;t trust. For high-value targets, that&#8217;s something they&#8217;ll always need to bear in mind.<\/p>\n<h3>Macs are Less Affected than PCs?<\/h3>\n<p>According to the paper, all Mac and PC hardware with Thunderbolt 2 or Thunderbolt 3 are equally affected, there are no secure Thunderbolt chips available.<\/p>\n<p>When it comes to OSes though things are a little more complicated.<\/p>\n<p>For both Windows and Linux running on PC hardware, the picture is very simple \u2014 they are susceptible to all the vulnerabilities except the Bootcamp one.<\/p>\n<p>On Macs running macOS things are a lot better (quote from the research paper):<\/p>\n<blockquote><p>\n  Regarding Thunderbolt security, macOS employs (i) an Apple-curated whitelist in place of Security Levels, and (ii) IOMMU virtualization when hardware and driver support is available. Vulnerabilities 2\u20133 enable bypassing the first protection measure, and fully compromising authenticity of Thunderbolt device metadata in macOS System Information [app]. However, the second protection measure remains functioning and hence prevents any further impact on victim system security via DMA. <strong>The system becomes vulnerable to attacks similar to BadUSB. Therefore, MacOS is partially affected.<\/strong>\n<\/p><\/blockquote>\n<p>When you throw Bootcamp into the mix things become more complicated though. Rather than try to explain it I&#8217;ll just quote this table from the research paper:<\/p>\n<blockquote><p>\n  Vulnerabilities affecting Apple Mac systems when running macOS, as well as Windows and Linux when using Boot Camp:<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Vulnerability ID<\/th>\n<th align=\"center\">Affects MacOS<\/th>\n<th align=\"center\">Affects Windows<\/th>\n<th align=\"center\">Affects Linux<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">1<\/td>\n<td align=\"center\">No<\/td>\n<td align=\"center\">Yes<\/td>\n<td align=\"center\">Yes<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">2<\/td>\n<td align=\"center\">Partially<\/td>\n<td align=\"center\">Yes<\/td>\n<td align=\"center\">Yes<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">3<\/td>\n<td align=\"center\">Partially<\/td>\n<td align=\"center\">Yes<\/td>\n<td align=\"center\">Yes<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">4<\/td>\n<td align=\"center\">No<\/td>\n<td align=\"center\">Yes<\/td>\n<td align=\"center\">Yes<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">5<\/td>\n<td align=\"center\">No<\/td>\n<td align=\"center\">No<\/td>\n<td align=\"center\">No<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">6<\/td>\n<td align=\"center\">No<\/td>\n<td align=\"center\">No<\/td>\n<td align=\"center\">No<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">7<\/td>\n<td align=\"center\">No<\/td>\n<td align=\"center\">Yes<\/td>\n<td align=\"center\">Yes<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/blockquote>\n<h3>The Bottom Line<\/h3>\n<p>If your computer has Thunderbolt 2 or 3, and it&#8217;s going to be out of your control in an environment where you have reason to worry someone might try to extract data from it, power it down, don&#8217;t just put it to sleep.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>The vulnerability&#8217;s home page \u2014 <a href=\"https:\/\/thunderspy.io\/\">thunderspy.io\/\u2026<\/a><\/li>\n<li>The research paper (surprisingly readable but in PDF format) \u2014 <a href=\"https:\/\/thunderspy.io\/assets\/reports\/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf\">thunderspy.io\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/12\/thunderspy-why-turning-your-computer-off-is-a-cool-idea\/\">Thunderspy \u2013 why turning your computer off is a cool idea! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Last Tuesday was Patch Tuesday, there are critical fixes from Microsoft &amp; Adobe \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2020\/05\/microsoft-patch-tuesday-may-2020-edition\/\">krebsonsecurity.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/tidbits.com\/2020\/05\/15\/adobe-acrobat-reader-flaws-could-let-attacks-hijack-your-mac\/\">Adobe Acrobat Reader Flaws Could Let Attacks Hijack Your Mac \u2014 tidbits.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.imore.com\/theres-flaw-adobe-acrobat-reader-gives-people-root-access-your-mac\">There&#8217;s a flaw in Adobe Acrobat Reader that gives people root access to your Mac \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/14\/printdemon-patch-this-ancient-windows-printer-bug\/\">PrintDemon \u2013 patch this ancient Windows printer bug! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/14\/update-now-windows-gets-another-bumper-patch-update\/\">Update now! Windows gets another bumper patch update \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Firefox 76 patches a number of critical bugs, but, also ads improvements to its built-in password manager including <em>Vulnerable Password<\/em> warnings \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/06\/firefox-76-0-released-with-critical-security-patches-update-now\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>As expected, cybercriminals are adapting to the pandemic \u2014 be extra vigilant in these stressful times!:\n<ul>\n<li>A new variant of the common tech support scam is becoming popular \u2014 the attackers claim to be from <em>&#8216;Microsoft Support&#8217;<\/em> and threaten to suspend the victim&#8217;s Windows license because their IP address has been caught viewing child pornography \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2020\/05\/tech-support-scam-uses-child-porn-warning\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/04\/coronavirus-pandemic-coincides-with-spike-in-online-puppy-scams\/\">Coronavirus pandemic coincides with spike in online puppy scams \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/13\/beware-the-dhl-delivery-message-email-it-could-be-a-package-scam\/\">Beware the DHL delivery message email \u2013 it could be a package scam \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/krebsonsecurity.com\/2020\/05\/u-s-secret-service-massive-fraud-against-state-unemployment-insurance-programs\/\">U.S. Secret Service: \u201cMassive Fraud\u201d Against State Unemployment Insurance Programs \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; <a href=\"https:\/\/www.imore.com\/uk-users-targeted-malicious-fake-contact-tracing-text-messages\">UK users targeted by malicious, fake contact tracing text messages \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/05\/godaddy-unauthorized-individual-had-access-to-login-info\/\">GoDaddy \u2013 \u201cunauthorized individual\u201d had access to login info \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>User data from the dating app <em>Mobifriends<\/em> has been found on a hacking forum \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/12\/dating-app-user-logins-found-on-hacking-forum\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/06\/adult-live-streaming-site-cam4-leaks-millions-of-emails-private-chats\/\">Adult live-streaming site CAM4 leaks millions of emails, private chats \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/krebsonsecurity.com\/2020\/05\/meant-to-combat-id-theft-unemployment-benefits-letter-prompts-id-theft-worries\/\">Meant to Combat ID Theft, Unemployment Benefits Letter Prompts ID Theft Worries \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Facebook is buying Giphy, the world&#8217;s leading animated GIF provider, and that brings up all sorts of privacy concerns: <a href=\"https:\/\/www.wired.com\/story\/buying-giphy-gives-facebook-new-window\">Buying Giphy Gives Facebook a New Window Into Its Rivals \u2014 www.wired.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/lock-google-drive-face-id\/\">You Can Now Lock Google Drive on iOS With Face ID, Touch ID \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/nest-introducing-two-factor-authentication-for-all-users-this-month\/\">Nest Introducing Two-Factor Authentication For All Users This Month \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>Microsoft have launched a $100K bug bounty program for their <em>Azure Sphere<\/em> IoT security platform \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/11\/microsoft-opens-iot-bug-bounty-program\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Security researchers have found a new variant of the Remote Access Tool (RAT) used by the notorious <a href=\"https:\/\/www.macobserver.com\/link\/dacls-rat-macos\/\">Lazarus Group<\/a> cybercrime gang which targets the Mac \u2014 <a href=\"https:\/\/www.macobserver.com\/link\/dacls-rat-macos\/\">www.macobserver.com\/\u2026<\/a>\n<ul>\n<li><strong>Editorial by Bart:<\/strong> There&#8217;s no need to panic, regular users are not likely to be targeted by the Lazarus Group, this story is noteworthy because it illustrates that attackers are continuing to turn their attention towards Macs, so there remains absolutely no place for complacency!<\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/link\/senate-fbi-browsing-history\/\">Senate Vote Lets FBI View Your Browsing History Without Warrant \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.computerworld.com\/article\/3124640\/support-family-and-friends-with-windows-10-s-new-quick-assist-app.html\">How to use Windows 10\u2019s Quick Assist app for remote PC support \u2014 www.computerworld.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/10-things-you-shouldnt-do-on-your-work-computer-or-phone\/\">10 Things You Shouldn\u2019t Do on Your Work Computer (or Phone) \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.ifixit.com\/News\/41383\/ask-ifixit-i-spilled-liquid-on-my-laptop-now-what\">Ask iFixit: I Spilled Liquid on My Laptop\u2014Now What? \u2014 www.ifixit.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/12\/huge-toll-of-ransomware-attacks-revealed-in-sophos-report\/\">Huge toll of ransomware attacks revealed in Sophos report \u2014 nakedsecurity.sophos.com\/\u2026<\/a><br \/>\n> Overall, the research found that while a malicious file download or link was still the biggest danger (29% of successful attacks), other methods such as remote attacks on servers (21%), unsecured Remote Desktop Protocol (9%), external suppliers (9%), and infected USB drives (7%) were also popular.<br \/>\n><br \/>\n> \u2026<br \/>\n><br \/>\n> Research found that paying ransoms costs more than reinstating data using backups.<\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/key-moments-in-the-history-of-mac-malware-1982-to-the-present\/\">Key Moments in the History of Mac Malware \u2013 1982 to the Present \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/15\/top-10-most-exploited-vulnerabilities-list-released-by-fbi-dhs-cisa\/\">Top 10 most exploited vulnerabilities list released by FBI, DHS CISA \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>A great explanation of a technique spammers are now using to make their malicious links look like Google links: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/15\/how-scammers-abuse-google-searchs-open-redirect-feature\/\">How scammers abuse Google Search\u2019s open redirect feature \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Just Because it&#8217;s Cool &#x1f60e;<\/h2>\n<aside class=\"small-aside\">Stories that are not important, that don&#8217;t require you to do anything, and that you don&#8217;t even have to worry about.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/06\/air-gap-security-beaten-by-turning-pc-capacitors-into-speakers\/\">Air gap security beaten by turning PC capacitors into speakers \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>From Bart:\n<ul>\n<li><a href=\"https:\/\/xkcd.com\/2304\/\">Preprint \u2014 xkcd.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; Podcast Recommendation \u2014 <a href=\"https:\/\/www.iheart.com\/podcast\/1119-commencement-speeches-for-62117327\/\">Commencement<\/a>, speeches of the class of 2020 who are being deprived of regular commencement ceremonies as a podcast. Lots of great episodes, but my favourite so far is <a href=\"https:\/\/overcast.fm\/+axxr_X7UY\">the one by podcaster and story-teller Aaron Mahnke<\/a>.<\/li>\n<\/ul>\n<\/li>\n<li>From Allison:\n<ul>\n<li>&#x1f3a6; <a href=\"https:\/\/www.youtube.com\/watch?v=YKuRkGkf5HU&amp;feature=share\">&#8220;Voice Driven Development: Who needs a keyboard anyway?&#8221; by Emily Shea \u2014 www.youtube.com\/\u2026<\/a><\/li>\n<li>Note that she starts by saying she&#8217;s using Dragon from Nuance on Mac but does point out that&#8217;s been discontinued, unfortunately. But she does go on to explain that you can use the recognition engine built into <a href=\"https:\/\/talonvoice.com\" target=\"_blank\" rel=\"noopener noreferrer\">Talon<\/a> (the tool that allowed her to create her own language)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Work continues on Apple &amp; Google&#8217;s Exposure Notification API: Apple releases concepts for how exposure notification could look on iOS \u2014 www.imore.com\/\u2026 Apple and Google to ban location tracking in contact tracing apps \u2014 [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[50,569,1168,2003,3220],"class_list":["post-21011","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits","tag-thunderbolt","tag-vulnerabilities","tag-vulneratiblity"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21011","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=21011"}],"version-history":[{"count":7,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21011\/revisions"}],"predecessor-version":[{"id":21019,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21011\/revisions\/21019"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=21011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=21011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=21011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}