{"id":21398,"date":"2020-07-12T11:38:14","date_gmt":"2020-07-12T18:38:14","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=21398"},"modified":"2020-07-12T11:41:56","modified_gmt":"2020-07-12T18:41:56","slug":"sb-2020-07-12","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/07\/sb-2020-07-12\/","title":{"rendered":"Security Bits \u2014 12 July 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>&#x1f1ee;&#x1f1ea; COVID Exposure Notification Apps Continue to Roll Out: <a href=\"https:\/\/www.imore.com\/ireland-launches-covid-19-app-using-apple-and-googles-technology\">Ireland launches COVID-19 app using Apple and Google&#8217;s technology \u2014 www.imore.com\/\u2026<\/a>\n<ul>\n<li><strong>Aside:<\/strong> I&#8217;m really impressed with how the Irish health authorities explain the privacy protections offered by the Irish app, many of which are relevant to every app based on Google &amp; Apple&#8217;s API: <a href=\"https:\/\/covidtracker.gov.ie\/privacy-and-data\/\">Privacy and how we use your data \u2014 covidtracker.gov.ie\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> Ireland&#8217;s app rollout was very successful, reaching 25% of the country&#8217;s adult population is just a few days, and out-performing other successful launches like the one in Germany \u2014 <a href=\"https:\/\/www.thejournal.ie\/covid-19-app-ireland-success-5146093-Jul2020\/\">www.thejournal.ie\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>As expected, the rest of the industry has followed the lead Apple set earlier this year, and from September, the maximum acceptable life-time for HTTPS certs will be 1 year \u2014 <a href=\"https:\/\/www.zdnet.com\/article\/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans\/\">www.zdnet.com\/\u2026<\/a><\/li>\n<li>Moves to address the dangers posed by facial recognition continue:\n<ul>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/07\/06\/boston-bans-government-use-of-facial-recognition\/\">Boston bans government use of facial recognition \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>The fallout from the iOS 14 Beta adding clipboard access notifications continues:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/reddit-fixes-ios-clipboard-reading\">Reddit fixes iOS clipboard reading \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/linkedin-sued-over-ios-clipboard-snooping\">LinkedIn sued over iOS clipboard snooping \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related Explainer:<\/strong> <a href=\"https:\/\/www.imore.com\/what-clipboard-snooping-and-should-i-be-worried-about-it\">What is clipboard snooping, and should I be worried about it? \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; The Senate Judiciary Committee has passed a slightly tweaked version of the controversial EARN IT act, the bill now goes to the full Senate for consideration \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/07\/08\/kinda-sorta-weakened-version-of-earn-it-act-creeps-closer\/\">nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> &#x1f3a7; <a href=\"https:\/\/overcast.fm\/+b-m3nzHRg\">Know a Little More: About Safe Harbor \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Social media&#8217;s evolution continues:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/facebook-audit-says-it-fell-short-response-trump-posts-and-fact-checking\">Facebook auditor issues damning report on response to Trump posts and fact-checking \u2014 www.imore.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> &#x1f3a7; <a href=\"https:\/\/overcast.fm\/+YH-4yTFVo\">Reset: Facebook\u2019s fact-check \u2018loophole\u2019 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/facebook-announces-changes-news-feed-ranking-prioritizing-original-reporting-and-transparency\">Facebook announces changes to News Feed rankings, prioritizing original reporting and transparency \u2014 www.imore.com\/\u2026<\/a><\/p>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/facebook-and-instagram-are-reminding-users-wear-face-mask\">Facebook and Instagram are now reminding everyone to wear a face mask \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/google-to-auto-delete-user-history-after-18-months\/\">Google to auto-delete user history after 18 months \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Microsoft have released two emergency patches for Windows 10 &amp; Windows Server 2019, but you get them through the Windows Store, not the standard Microsoft Update system. For home users the process should be automatic, but well-meaning AD Group Policies could block the updates in the corporate world \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/07\/01\/microsoft-issues-critical-fixes-for-booby-trapped-images-update-now\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>A remote code execution vulnerability has been found in many Netgear routers. Netgear have issued firmware releases for many of the affected models, so patch if you can, and get a new router if you can&#8217;t \u2014 <a href=\"https:\/\/www.kb.cert.org\/vuls\/id\/576779\">www.kb.cert.org\/\u2026<\/a>\n<ul>\n<li>The long list of affected devices \u2014 <a href=\"https:\/\/kb.netgear.com\/000061982\/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders\">kb.netgear.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/06\/29\/beware-secure-dns-scam-targeting-website-owners-and-bloggers\/\">Beware \u201csecure DNS\u201d scam targeting website owners and bloggers \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/07\/02\/133m-records-for-sale-as-fruits-of-data-breach-spree-keep-raining-down\/\">133m records for sale as fruits of data breach spree keep raining down \u2014 nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li><strong>Related Editorial by Bart:<\/strong> If you don&#8217;t use a password manager that integrates with a service like Have I Been Pwned (e.g. 1Password &amp; LastPass), now might be a good time to pro-actively check your email addresses at <a href=\"https:\/\/haveibeenpwned.com\/\">haveibeenpwned.com<\/a>.<\/li>\n<\/ul>\n<\/li>\n<li>Intego are reporting a new Mac Trojan, EvilQuest, spreading via pirated software \u2014 It&#8217;s a timely reminder not don&#8217;t download software from untrusted sources, and definitely don&#8217;t steal software, it deprives coders of the ability to put food in their tables! \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/new-mac-ransomware-spyware-thiefquest-in-the-wild\/\">www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>&#x1f9ef; A bug has been found in macOS Mojave &amp; later that allows malicious apps to bypass some of the OS&#8217;s privacy-protecting popups. This is obviously not good, but it&#8217;s not a catastrophic vulnerability since it just returns things to how they were before Mojave:\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/product-news\/mac-privacy-protections-bypass\/\">Researcher Finds Mac Flaw That Lets Apps Read Protected Files \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>The original research: <a href=\"https:\/\/lapcatsoftware.com\/articles\/disclosure2.html\">Disclosure: Another macOS privacy protections bypass \u2014 lapcatsoftware.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Intel have released the first details of the up-coming Thunderbolt 4 standard, including a requirement that devices implement DMA (Direct Memory Access) protections in order to get certified \u2014 <a href=\"https:\/\/www.imore.com\/intel-thunderbolt-4-official-8k-display\">www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/gizmodo.com\/court-rules-facebook-widgets-can-be-considered-wiretaps-1844245159\">Court Rules Facebook Widgets Can Be Considered Wiretaps \u2014 gizmodo.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/news\/ussc-upholds-robocall-ban\/\">Supreme Court Supports Federal Ban on Robocalls \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li>How to embed YouTube videos in your site without the tracker that usually accompanies them \u2014 <a href=\"https:\/\/dri.es\/how-to-remove-youtube-tracking\">dri.es\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/how-set-two-step-authentication-google-and-gmail\">How to set up 2-step verification for Google and Gmail on your iPhone, iPad, and Mac \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/how-set-two-factor-authentication-your-amazon-account\">How to set up two-factor authentication for your Amazon account \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>A nice overview and review of the AV options for Mac users: <a href=\"https:\/\/www.imore.com\/best-antivirus-software-mac\">Best Antivirus Software for Mac in 2020 \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Just Because it&#8217;s Cool &#x1f60e;<\/h2>\n<aside class=\"small-aside\">Stories that are not important, that don&#8217;t require you to do anything, and that you don&#8217;t even have to worry about.<\/aside>\n<ul>\n<li><a href=\"https:\/\/tidbits.com\/2020\/07\/08\/how-to-decode-apple-version-and-build-numbers\/\">How to Decode Apple Version and Build Numbers \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>Never ruin your cloths accidentally again with this great app for recognising and explaining the cryptic symbols on cloths labels: <a href=\"https:\/\/apps.apple.com\/us\/app\/laundry-lens\/id1513767864\">Laundry Lens \u2014 apps.apple.com\/\u2026<\/a><\/li>\n<li>&#x1f3a6; A fascinating hour-long conversation with Sir Tim Berners Lee (inventor of the WWW), Vint Cerf (one of the inventors of TCP\/IP), and Al Gore (a politician responsible rolling out internet access in the US) hosted by tech journalist David Pogue \u2014 <a href=\"https:\/\/www.youtube.com\/watch?v=NM7ZFlToZgY&amp;feature=share\">www.youtube-nocookie.com\/\u2026<\/a> (from Allison, and heartily endorsed by Bart)<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. &#x1f1ee;&#x1f1ea; COVID Exposure Notification Apps Continue to Roll Out: Ireland launches COVID-19 app using Apple and Google&#8217;s technology \u2014 www.imore.com\/\u2026 Aside: I&#8217;m really impressed with how the Irish health authorities explain the privacy protections [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147,214],"tags":[50,569],"class_list":["post-21398","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21398","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=21398"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21398\/revisions"}],"predecessor-version":[{"id":21399,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/21398\/revisions\/21399"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=21398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=21398"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=21398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}