{"id":21325,"date":"2020-06-28T11:01:57","date_gmt":"2020-06-28T18:01:57","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=21325"},"modified":"2020-06-28T11:05:40","modified_gmt":"2020-06-28T18:05:40","slug":"sb-2020-06-27","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/06\/sb-2020-06-27\/","title":{"rendered":"Security Bits \u2014 26 June 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li><a href=\"https:\/\/thenextweb.com\/security\/2020\/06\/17\/zoom-says-itll-provide-end-to-end-encryption-even-for-free-users-now\/\">Zoom says it\u2019ll provide end-to-end encryption even for free users now \u2014 thenextweb.com\/\u2026<\/a><\/li>\n<li>COVID Exposure Notification\/Contact Tracing Apps continue to be developed around the world with continued varying levels of success:\n<ul>\n<li>Amnesty International warn that some Gulf states are abusing COVID19 apps for mass surveillance \u2014 <a href=\"https:\/\/www.theverge.com\/2020\/6\/16\/21293363\/covid-19-contact-tracing-bahrain-kuwait-mass-surveillance-tools-privacy-invasion\">www.theverge.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.imore.com\/ny-attorney-general-calls-stricter-rules-contact-tracing-apps\">NY Attorney General calls for stricter rules on contact tracing apps \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1e6;&#x1f1fa; <a href=\"https:\/\/www.imore.com\/critical-flaw-discovered-australias-ios-covidsafe-app\">Critical flaw discovered in Australia&#8217;s iOS COVIDSafe app \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; The UK seems to have finally given in to the inevitable, and are changing course to develop an app using Apple &amp; Google&#8217;s API in the hope of getting something that works out &#8216;before the winter&#8217;. They did not change their approach with good grace, and made claims that are difficult to interpret and have been rejected by Apple:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/uk-finally-switches-apple-and-google-framework-contact-tracing-u-turn\">UK finally switches to Apple and Google framework in contact tracing U-turn \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/analysis\/uk-covid-19-contact-tracing-app-failures-blamed-on-apple\/\">UK COVID-19 Contact Tracing App Failures Blamed on Apple \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-says-it-was-not-told-hybrid-contact-tracing-app-announced-uk\">Apple says it was not told of &#8216;hybrid&#8217; contact-tracing app announced by UK \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1e9;&#x1f1ea; <a href=\"https:\/\/www.imore.com\/germany-releases-apple-and-google-based-contact-tracing-app\">Germany releases Apple and Google-based contact tracing app \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1e8;&#x1f1e6; <a href=\"https:\/\/www.imore.com\/canada-launches-contact-tracing-app-built-applegoogle-technology\">Canada launches contact-tracing app built with Apple\/Google technology \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Social Media companies continue to adapt:\n<ul>\n<li><a href=\"https:\/\/popular.info\/p\/facebook-creates-fact-checking-exemption\">Facebook creates fact-checking exemption for climate deniers\u00a0 &#8211; Popular Information \u2014 popular.info\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8;  &#x1f4b5; <a href=\"https:\/\/daringfireball.net\/linked\/2020\/06\/18\/facebook-trump-nazis\">Facebook Removes Trump Campaign Ads With Symbol Once Used by Nazis to Designate Political Prisoners \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/facebook-will-warn-users-against-sharing-old-articles\">Facebook will warn users against sharing old news articles \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.imore.com\/facebook-announces-huge-changes-political-ads-its-platform\">Facebook announces huge changes to political ads on its platform \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Google continue to struggle to keep the Google Play Store clean: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/17\/more-ad-fraud-apps-found-hiding-on-google-play-store\/\">More ad fraud apps found hiding on Google Play Store \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; Thanks to Senator Wyden we now know a little but more about how the so-called <em>Vault7<\/em> leak of CIA documents and hacking tools happened (really shoddy security practices and lots of <em>shadow IT<\/em>) \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2020\/06\/when-security-takes-a-backseat-to-productivity\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Adobe released out-of-band patches for their creative tools \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/18\/adobe-drops-slew-of-critical-patches\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/25\/patch-time-nvidia-fixes-kernel-driver-holes-on-windows-and-linux\/\">Patch time! NVIDIA fixes kernel driver holes on Windows and Linux \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>This month&#8217;s Windows updates came with a sting in the tail for some users, a bug preventing printing, Microsoft have now issued a fix for hardware printers, but problems remain with printing to PDF for some users \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/18\/microsoft-promises-to-fix-windows-10-printer-problem\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2020\/06\/turn-on-mfa-before-crooks-do-it-for-you\/\">Turn on MFA Before Crooks Do It For You \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Security researchers have released preliminary details of a bug in a TCP\/IP library used by many network &amp; IoT devices that can be silently remotely exploited. They&#8217;ve given the bug the catchy name <em>Ripple20<\/em>. The original library has been patched, but getting patches out to the millions of affected devices will be difficult \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/19\/ripple20-bugs-set-off-wave-of-security-problems-in-millions-of-devices\/\">nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li>The researcher&#8217;s overview including a table of vendors broken into &#8220;Not Affected&#8221;, &#8220;Confirmed&#8221; (definitely affected), and &#8220;Pending&#8221; (work in progress) \u2014 <a href=\"https:\/\/www.jsof-tech.com\/ripple20\/\">www.jsof-tech.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/daringfireball.net\/linked\/2020\/06\/23\/senate-republicans-propose-outlawing-e2e-encryption\">Daring Fireball: Senate Republicans Propose Law to Outlaw End-to-End Encryption \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/23\/blueleaks-exposes-sensitive-files-from-hundreds-of-police-departments\/\">\u2018BlueLeaks\u2019 exposes sensitive files from hundreds of police departments \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; The US government have announced plans for require HTTPS on all .gov websites \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/23\/united-states-wants-https-for-all-government-sites-all-the-time\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Intel have released technical details of two new security features, a <em>shadow stack<\/em> and <em>indirect branch tracking<\/em>, that will be included in future chip designs. The pair of new features have been branded CET for <em>Control-flow Enforcement Technology<\/em> \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/16\/intel-announces-exploit-busting-features-in-its-next-processor-chips\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Apple&#8217;s WWDC revealed some interesting new security and privacy features to look forward to this autumn (or Fall if you must &#x1f609;):\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/macos-11-and-ios-14-new-security-and-privacy-features\/\">macOS Big Sur and iOS 14 \u2013 New security and privacy features \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li>iOS 14 &amp; macOS Big Sur both get both DoH &amp; DOT support: <a href=\"https:\/\/www.macobserver.com\/news\/product-news\/ios-14-encrypted-dns\/\">Apple Adds Encrypted DNS Support to iOS 14, macOS 11 \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/24\/ios-14-macos-big-sur-safari-to-give-us-no-thanks-option-for-ad-tracking\/\">iOS 14, macOS Big Sur, Safari to give us \u2018No, thanks!\u2019 option for ad tracking \u2014 nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/ios-14-wont-let-advertisers-track-users-unless-they-opt\">iOS 14 won&#8217;t let advertisers track users unless they opt-in \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/ios-14-youll-be-told-when-app-reads-your-clipboard\">With iOS 14, you&#8217;ll be told when an app reads your clipboard \u2014 www.imore.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/ios-14-reveals-clipboard-snooping-far-worse-we-thought\">iOS 14 reveals clipboard snooping is far worse than we thought \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/tiktok-end-clipboard-snooping-following-ios-14-revelations\">TikTok to end clipboard snooping following iOS 14 revelations \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/ios-14-new-privacy-tools-let-you-give-app-access-single-photo-rather-your-whole-library\">iOS 14: New privacy tool lets you give an app access to a single photo rather than your whole library \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-adds-encrypted-drive-support-files-ios-14-and-ipados-14\">Apple adds encrypted drive support to Files with iOS 14 and iPadOS 14 \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/craig-federighi-talks-apples-privacy-news-wwdc-new-interview\">Craig Federighi talks Apple&#8217;s privacy news at WWDC in new interview \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related Opinion:<\/strong> <a href=\"https:\/\/www.imore.com\/apple-privacy-2020-why-youll-want-these-feature-right-now\">Apple Privacy in 2020: Why you&#8217;ll want these features right now \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/should-you-sign-up-public-beta\">Should you sign up for the iOS, iPadOS, macOS, and tvOS public betas? \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li><a href=\"https:\/\/tidbits.com\/2020\/06\/17\/how-to-request-access-to-a-deceased-family-members-apple-accounts\/\">How to Request Access to a Deceased Family Member\u2019s Apple Accounts \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/22\/anatomy-of-a-survey-scam-how-innocent-questions-can-rip-you-off\/\">Anatomy of a survey scam \u2013 how innocent questions can rip you off \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; <a href=\"https:\/\/overcast.fm\/+Ys-0tyzMA\">Short Wave: Tech Companies Are Limiting Police Use of Facial Recognition. Here\u2019s Why \u2014 overcast.fm\/\u2026<\/a> (~15min)<\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>Cybercriminals are moving to a new technique for extracting money from businesses: <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/15\/youve-heard-of-sextortion-now-theres-breachstortion-too\/\">You\u2019ve heard of sextortion \u2013 now there\u2019s \u201cbreachstortion\u201d, too \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; <a href=\"https:\/\/overcast.fm\/+Ip8zTaIZA\">The Real Story: Is this the internet we always wanted? \u2014 overcast.fm\/\u2026<\/a> (~50min)<\/li>\n<\/ul>\n<h2>Just Because it&#8217;s Cool &#x1f60e;<\/h2>\n<aside class=\"small-aside\">Stories that are not important, that don&#8217;t require you to do anything, and that you don&#8217;t even have to worry about.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/16\/eavesdroppers-can-use-light-bulbs-to-listen-in-from-afar\/\">Eavesdroppers can use light bulbs to listen in from afar \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>&#x1f3a6; <a href=\"https:\/\/www.loopinsight.com\/2020\/06\/24\/the-history-of-typography\/\">The history of typography \u2014 www.loopinsight.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Zoom says it\u2019ll provide end-to-end encryption even for free users now \u2014 thenextweb.com\/\u2026 COVID Exposure Notification\/Contact Tracing Apps continue to be developed around the world with continued varying levels of success: Amnesty International warn [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[4220,776,156,2002,2609],"class_list":["post-21325","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-encrypted","tag-encryption","tag-facebook","tag-intel","tag-wwdc"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=21325"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21325\/revisions"}],"predecessor-version":[{"id":21328,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21325\/revisions\/21328"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=21325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=21325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=21325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}