{"id":21100,"date":"2020-05-31T13:14:06","date_gmt":"2020-05-31T20:14:06","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=21100"},"modified":"2020-05-31T13:14:06","modified_gmt":"2020-05-31T20:14:06","slug":"sb-2020-05-31","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/05\/sb-2020-05-31\/","title":{"rendered":"Security Bits \u2014 31 May 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Remain vigilant for pandemic-related scams:\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/29\/covid-19-tests-ppe-and-antivirual-drugs-find-a-home-on-the-dark-web\/\">COVID-19 tests, PPE and antiviral drugs find a home on the dark web \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/20\/beware-of-emails-with-horrible-charts-about-covid-19\/\">Beware of emails with \u201chorrible charts\u201d about Covid-19 \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/21\/scammers-target-covid-19-cares-act-relief-scheme\/\">Scammers target COVID-19 CARES Act relief scheme \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/krebsonsecurity.com\/2020\/05\/riding-the-state-unemployment-fraud-wave\/\">Riding the State Unemployment Fraud \u2018Wave\u2019 \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Exposure Notification\/Contact Tracing App developments\n<ul>\n<li>With the release of iOS 13.5 Apple &amp; Google&#8217;s exposure notification API is out! There are very few apps available just now, but they are expected to start rolling out over the coming weeks.\n<ul>\n<li><a href=\"https:\/\/uk.reuters.com\/article\/us-health-coronavirus-apps-tracing\/apple-google-contact-tracing-tech-launches-with-23-countries-seeking-access-idUKKBN22W2NW\">Apple-Google contact tracing tech draws interest in 23 countries, some hedge bets \u2014 uk.reuters.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/exposure-notification-api\">Apple-Google Exposure Notification API: Everything you need to know \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/tips\/how-to\/turn-on-covid-19-exposure-logging-on-iphone\/\">How to Turn on COVID-19 Exposure Logging on Your iPhone \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-responds-false-facebook-claims-about-contact-tracing-update-ios-135\">Apple responds to false Facebook claims about contact tracing update in iOS 13.5 \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1ea;&#x1f1fa; <a href=\"https:\/\/www.imore.com\/five-eu-states-criticise-apple-and-google-imposing-technical-standards-over-contact-tracing\">Five EU states criticize Apple and Google &#8216;imposing technical standards&#8217; over contact tracing \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1e8;&#x1f1ed;Switzerland were first to launch an app using the API \u2014 <a href=\"https:\/\/www.imore.com\/first-contact-tracing-app-powered-apple-and-google-has-been-launched\">www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1f1;&#x1f1fb; <a href=\"https:\/\/www.reuters.com\/article\/us-health-coronavirus-tech-latvia\/latvia-to-launch-google-apple-friendly-coronavirus-contact-tracing-app-idUSKBN23118I\">Latvia to launch Google-Apple friendly coronavirus contact tracing app \u2014 www.reuters.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1ec;&#x1f1e7; <a href=\"https:\/\/www.imore.com\/uk-contact-tracing-app-delayed-until-june\">UK contact tracing app delayed until June \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.imore.com\/north-dakotas-contact-tracing-app-shares-location-foursquare-google\">North Dakota&#8217;s contact tracing app shares location with Foursquare, Google \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Video Conferencing Updates\n<ul>\n<li>Zoom have switched to their new and improved encryption scheme, and are not providing fallback to the old scheme, so you need to update your apps or use the web version to keep using Zoom \u2014 <a href=\"https:\/\/www.imore.com\/zoom-users-must-update-app-continue-joining-meetings-after-may-30\">www.imore.com\/\u2026<\/a><\/li>\n<li>Apple have updated Group FaceTime so you can disable the auto-zoom on the current speaker: <a href=\"https:\/\/www.macobserver.com\/tips\/how-to\/how-to-turn-off-group-facetime-moving-photos\/\">How to Turn Off Group FaceTime Moving Photos \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/instagram-adds-video-chat-supports-50-people-heres-how-use-it\">Instagram adds video chat that supports up to 50 people, here&#8217;s how to use it \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/skype-gains-3x3-grid-view-and-reaction-customization-latest-update\">Skype gains 3&#215;3 grid view and reaction customization in latest update \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/facebook-testing-new-audio-calling-app-catchup\">Facebook testing new audio calling app CatchUp \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/22\/signal-secure-messaging-can-now-identify-you-without-a-phone-number\/\">Signal secure messaging can now identify you without a phone number \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-improve-your-zoom-skype-or-facetime-call-experience\/\">How to Improve your Zoom, Skype, or FaceTime call experience \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; The campaign to stop the renewal of parts of the Patriot Act has moved from the Senate to the House, and large tech companies have joined the fight to protect citizens&#8217; browsing histories from warrantless searches \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/26\/internet-giants-unite-to-stop-warrantless-snooping-on-web-histories\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/29\/clearview-ai-facial-recogition-sued-again-this-time-by-aclu\/\">Clearview AI facial recognition sued again \u2013 this time by ACLU \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x1f1fa;&#x1f1f8; Deep Dive 1 \u2014 The US Government Revive Their Attacks on Apple<\/h2>\n<p>The FBI revealed that it had succeeded in cracking the iPhones belonging to the shooter in the Pensacola Naval Base attack. From reporting it appears the devices were broken into using a hardware passcode brute-forcing device as sold by some grey-hat security companies.<\/p>\n<p>The FBI director and the US Attorney General attacked Apple for not assisting in cracking the devices. The implication was that Apple could have simply opened the phones for them, but that they refused to in order to protect their customer&#8217;s privacy. The phrasing was misleading at best. The government describe hardware encryption as being about &#8216;privacy&#8217;, but it&#8217;s not, it&#8217;s about <strong>security<\/strong>, and it&#8217;s not about hiding things from the government, but from <strong>criminals<\/strong>. A truly secure lock keeps everyone out, any lock that doesn&#8217;t isn&#8217;t secure. The government being kept out is a side-effect, not the <em>problem to be solved<\/em> \u2014 keeping criminals out is what hardware encryption is all about.<\/p>\n<p>Think of it like a safe in a wild west movie \u2014 the safe is designed to keep stuff inside safe from anyone who doesn&#8217;t have the key. The reason is to protect the money from the bandits, but as a side-effect, the sheriff can&#8217;t get in either.<\/p>\n<p>You can have secure encryption, or you can have a back door, you can&#8217;t have both!<\/p>\n<p>Apple responded by pointing out (again), that they handed over lots of data to law enforcement <em>&#8216;within hours&#8217;<\/em> of the shooting. Everything they had in iCloud and any other logs or metadata they had was promptly handed over. To describe complete and prompt cooperation like that as Apple refusing to help the government is factually incorrect.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/20\/fbi-finally-unlock-shooters-iphones-berate-apple-for-not-helping\/\">FBI finally unlock shooter\u2019s iPhones, Apple berated for not helping \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-denies-false-claims-justice-department-over-pensacola-attack\">Apple denies &#8220;false claims&#8221; by Justice Department over Pensacola attack \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/daringfireball.net\/linked\/2020\/05\/19\/fbi-passcode-guesser\">How the FBI Cracked Pensacola Shooter\u2019s iPhone: An Automated Passcode Guesser \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 2 \u2014 The BIAS Bluetooth Attack<\/h2>\n<p>Security researchers have found a flaw in recent versions of the Bluetooth spec that breaks the security of pairing, allowing attackers to impersonate any previously paired Bluetooth device and access all information that device has access to.<\/p>\n<p>Because this is a problem with the specification, all Bluetooth devices implementing affected versions of the spec are vulnerable.<\/p>\n<p>Affected Apple devices include:<\/p>\n<ul>\n<li>iPhone 8 and later<\/li>\n<li>2017 MacBook Pro and later<\/li>\n<li>2018 iPad and later<\/li>\n<\/ul>\n<p>The group responsible for maintaining the Bluetooth spec (Bluetooth SIG) have promised to release an update to the spec to address the problem. Hardware vendors will then need to produce updated firmware that obeys this new spec and push that out to all devices. That&#8217;s going to take time.<\/p>\n<p>For now, the only defence is to disable Bluetooth if you don&#8217;t need it. One silver lining is that attackers need to be within Bluetooth range to exploit this vulnerability.<\/p>\n<p>Realistically, many of us will have no choice but to keep Bluetooth enabled, so we just need to be aware that if we&#8217;re in a crowded place, or a place we know to be hostile, it might be wise to turn off Bluetooth on our phones!<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>The research paper describing the flaws \u2014 <a href=\"https:\/\/francozappa.github.io\/about-bias\/publication\/antonioli-20-bias\/antonioli-20-bias.pdf\">francozappa.github.io\/\u2026<\/a><\/li>\n<li>The statement on the flaw from Bluetooth SIG (Special Interest Group) \u2014 <a href=\"https:\/\/www.bluetooth.com\/learn-about-bluetooth\/bluetooth-technology\/bluetooth-security\/bias-vulnerability\/\">www.bluetooth.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/bluetooth-bias-attack\/\">Bluetooth \u2018BIAS\u2019 Attack Affects Some Apple Devices \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 3 \u2014 The <em>unc0ver<\/em> iOS Jailbreak<\/h2>\n<p>Just days after the release of iOS 13.5 a new Jailbreak has been released that can be run on any iOS device that can run a currently supported version of iOS.<\/p>\n<p>The jailbreak depends on a bug in the iOS kernel, and requires a USB connection to a computer to trigger. The jailbreak does not survive reboots, so you need to have the phone tethered each time you reboot to retain the jailbreak.<\/p>\n<p>Like all jailbreaks, this one depends on an iOS security vulnerability, so it will just be a matter of time until Apple reverse-engineer the jailbreak to find the bug, and then fix it.<\/p>\n<p>Because the jailbreak requires a USB connection it can&#8217;t be triggered remotely, so it&#8217;s only a security risk in places where you lose physical control of your iOS device, like when crossing borders. Since a reboot removes the jailbreak, it might be wise to power-down your phone when crossing certain borders.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li>The jailbreak&#8217;s official site \u2014 <a href=\"https:\/\/unc0ver.dev\/\">unc0ver.dev\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/05\/for-a-limited-time-a-new-jailbreak-gives-full-root-access-to-any-iphone\/\">Meet unc0ver, the new jailbreak that pops shell\u2014and much more\u2014on any iPhone \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/26\/new-iphone-jailbreak-released\/\">New iPhone jailbreak released \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Apple Security Updates\n<ul>\n<li>iOS 13.5, including Exposure Notification API &amp; face mask detection to speed up password entry \u2014 <a href=\"https:\/\/9to5mac.com\/2020\/05\/20\/ios-13-5-released-features-exposure\/\">9to5mac.com\/\u2026<\/a><\/li>\n<li>Mac, Safari &amp; iCloud for Windows \u2014 <a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2020\/05\/27\/apple-releases-security-updates\">www.us-cert.gov\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/macos-10-15-5-apfs-bug\/\">macOS 10.15.5 APFS Bug Affects Bootable Backup Drives \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/21\/adobe-out-of-band-critical-patch-get-your-update-now\/\">Adobe \u201cout of band\u201d critical patch \u2013 get your update now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/26\/docker-desktop-danger-discovered-patch-now\/\">Docker Desktop danger discovered, patch now \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/daringfireball.net\/linked\/2020\/05\/17\/edison-mail-whoops\">Edison Mail Bug Allowed Access to Email Accounts of Other Users \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/18\/shiny-new-azure-login-attracts-shiny-new-phishing-attacks\/\">Shiny new Azure login attracts shiny new phishing attacks \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Security researchers have announced <em>Strandhogg 2.0<\/em>, an Android vulnerability affecting Android 8 &amp; 9 that allows malicious apps to masquerade as legitimate apps on a phone. The flaw does not exist in Android 10, and has been patched in Google&#8217;s May update, but that&#8217;s only available on Google-branded phones ATM. Patches for other phones will start to come out, so patch as quickly as you can! \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/28\/android-strandhogg-2-0-flaw-lets-malware-assume-identity-of-any-app\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>It&#8217;s just been revealed that grey-hat security company GreyKey have been offering law enforcement a secret passcode-stealing tool named <em>HideUI<\/em> for a year, keeping it secret under NDA. Details are sparse, but the process seems to be that law enforcement take the device, plug it into a GreyKey, that booby-traps the device with a keylogger, law enforcement then trick the suspect into unlocking their phone, then it is re-connected to the GreyKey device, and the passcode is downloaded, giving law enforcement full access to the device \u2014 <a href=\"https:\/\/www.imore.com\/law-enforcement-using-covert-software-trick-suspects-handing-over-passcode\">www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/21\/chrome-83-adds-dns-over-https-support-and-privacy-tweaks\/\">Chrome 83 adds DNS-over-HTTPS support and privacy tweaks \u2014 nakedsecurity.sophos.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.wired.co.uk\/article\/google-chrome-privacy-settings-redesign\">Google Chrome has just added a bunch of big privacy features \u2014 www.wired.co.uk\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/facebook-messenger-adds-safety-alerts-it-moves-towards-end-end-encryption\">Facebook Messenger adds safety alerts as it moves towards end-to-end encryption \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.imore.com\/fbi-looking-your-phones-lock-screen-without-warrant-unconstitutional-says-judge\">FBI looking at your phone&#8217;s lock screen without a warrant unconstitutional, says Judge \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; A huge fight has erupted between the White House and Twitter because Twitter accurately flagged some of the President&#8217;s Tweets as misleading. Things escalated when Twitter flagged a further Tweet as inciting violence. The President has responded with an executive order that does not stand up to legal scrutiny:\n<ul>\n<li><a href=\"https:\/\/www.eff.org\/deeplinks\/2020\/05\/trump-executive-order-misreads-key-law-promoting-free-expression-online-and\">Trump Executive Order Misreads Key Law Promoting Free Expression Online and Violates the First Amendment | Electronic Frontier Foundation \u2014 www.eff.org\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.theverge.com\/2020\/5\/29\/21273191\/trump-twitter-social-media-censorship-executive-order-analysis-bias\">Let\u2019s go through Trump\u2019s terrible internet censorship order, line by line \u2014 www.theverge.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; A good (and quite short) explainer: <a href=\"https:\/\/overcast.fm\/+YH-7vIiZo\">RESET: Trump vs. Twitter \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>FYI: <a href=\"https:\/\/www.macobserver.com\/link\/twitter-give-data-advertisers\/\">In Update to Privacy Policy, Twitter Gives More Data to Advertisers \u2014 www.macobserver.com\/\u2026<\/a><\/p>\n<\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/google-scam-spotter\/\">How to Spot Online Scams Using Google\u2019s New Tool \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/25\/what-is-the-dark-web-your-questions-answered-in-plain-english\/\">What is the dark web? Your questions answered, in plain English \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/05\/28\/inside-a-ransomware-gangs-attack-toolbox\/\">Inside a ransomware gang\u2019s attack toolbox \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>You can get accurate times to see the Crew Dragon pass overhead for anywhere in the world at Heavens-Above (remember to set your location!) \u2014 <a href=\"https:\/\/heavens-above.com\/\">heavens-above.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/stanford-make-its-developing-apps-ios-course-available-online\">Stanford to make its &#8216;Developing Apps for iOS&#8217; course available online \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Remain vigilant for pandemic-related scams: COVID-19 tests, PPE and antiviral drugs find a home on the dark web \u2014 nakedsecurity.sophos.com\/\u2026 Beware of emails with \u201chorrible charts\u201d about Covid-19 \u2014 nakedsecurity.sophos.com\/\u2026 &#x1f1fa;&#x1f1f8; Scammers target COVID-19 [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[50,569],"class_list":["post-21100","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=21100"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21100\/revisions"}],"predecessor-version":[{"id":21103,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21100\/revisions\/21103"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=21100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=21100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=21100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}