{"id":22165,"date":"2020-10-25T16:11:48","date_gmt":"2020-10-25T23:11:48","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=22165"},"modified":"2020-10-25T16:11:48","modified_gmt":"2020-10-25T23:11:48","slug":"sb-2020-10-25","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/10\/sb-2020-10-25\/","title":{"rendered":"Security Bits \u2014 25 October 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>COVID 19 Apps Update\n<ul>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.imore.com\/apple-updates-covid-19-app-new-questions-and-recommendations\">Apple updates COVID-19 app with new questions and recommendations \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/link\/washington-d-c-rolls-out-app-free-covid-19-tracking-system\/\">Washington D.C. Rolls Out App-Free COVID-19 Tracking System \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/zoom-rolls-out-encryption\/\">Zoom Rolls Out End-to-End Encryption for Video Calls \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>Social Media companies continue to evolve their policies to battle abuses of their platforms:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/facebook-has-now-banned-holocaust-denial-its-platform\">Facebook has now banned Holocaust denial on its platform \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/twitter-will-make-it-harder-retweet-us-election\">Twitter will make it harder to retweet before the U.S. election \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/10\/21\/chrome-zero-day-in-the-wild-patch-now\/\">Chrome zero-day in the wild \u2013 patch now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>October&#8217;s Patch Tuesday fixed some critical bugs in Windows &amp; Flash \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2020\/10\/microsoft-patch-tuesday-october-2020-edition\/\">krebsonsecurity.com\/\u2026<\/a>\n<ul>\n<li>Of particular note is a patch for a dangerous <em>bad neighbour<\/em> bug in Windows 10 &amp; Windows Server 2019 that&#8217;s been nicknamed the new <em>Ping of Death<\/em>. ATM a single malicious IPv6 packet can crash (BSOD) a vulnerable Windows computer, but the expectation in the security community is that the vulnerability can easily be converted into a remote code execution flaw \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/10\/14\/windows-ping-of-death-bug-revealed-patch-now\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/barnes-noble-hack\/\">Barnes &amp; Noble Hack Revealed in Emails to Customers \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/10\/a-watch-designed-exclusively-for-kids-has-an-undocumented-spying-backdoor\/\">Undocumented backdoor that covertly takes snapshots found in kids\u2019 smartwatch \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/krebsonsecurity.com\/2020\/10\/breach-at-dickeys-bbq-smokes-3m-cards\/\">Breach at Dickey\u2019s BBQ Smokes 3M Cards \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/10\/12\/microsoft-on-the-counterattack-trickbot-malware-network-takes-a-hit\/\">Microsoft on the counter attack! Trickbot malware network takes a hit \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>The cat-and-mouse game between malware authors and Apple continues   \u2013 for the second time in 2 months Apple has been tricked into notarising malware, this time through the clever use of steganography. Apple have revoked the certificate used, so this specific piece of malware is no longer a problem, but it shows that attackers are very interested in getting by the Mac&#8217;s strong security perimeters, and, that they can succeed from time to time, so Mac users should not let their guard down \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-notarizes-new-mac-malware-again\/\">www.intego.com\/\u2026<\/a><\/li>\n<li>A timely reminder to use strong passwords: <a href=\"https:\/\/techcrunch.com\/2020\/10\/22\/dutch-hacker-trump-twitter-account-password\/\">President Trump\u2019s Twitter accessed by a security expert who guessed password \u2018maga2020!\u2019 \u2014 techcrunch.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.wired.com\/story\/amazon-drone-camera-go-palm-data-privacy\/\">Amazon&#8217;s Latest Gimmicks Are Pushing the Limits of Privacy \u2014 www.wired.com\/\u2026<\/a><\/li>\n<li>&#x1f1ea;&#x1f1fa; <a href=\"https:\/\/www.eff.org\/deeplinks\/2020\/10\/orders-top-eus-timetable-dismantling-end-end-encryption\">Orders from the Top: The EU\u2019s Timetable for Dismantling End-to-End Encryption | Electronic Frontier Foundation \u2014 www.eff.org\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>RedHat&#8217;s Command Line Heroes podcast is back for a 6th season \u2014 <a href=\"https:\/\/www.redhat.com\/en\/command-line-heroes\">www.redhat.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. COVID 19 Apps Update &#x1f1fa;&#x1f1f8; Apple updates COVID-19 app with new questions and recommendations \u2014 www.imore.com\/\u2026 &#x1f1fa;&#x1f1f8; Washington D.C. Rolls Out App-Free COVID-19 Tracking System \u2014 www.macobserver.com\/\u2026 Zoom Rolls Out End-to-End Encryption for Video [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[50,569],"class_list":["post-22165","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/22165","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=22165"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/22165\/revisions"}],"predecessor-version":[{"id":22168,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/22165\/revisions\/22168"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=22165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=22165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=22165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}