{"id":22445,"date":"2020-12-06T14:49:12","date_gmt":"2020-12-06T22:49:12","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=22445"},"modified":"2020-12-06T14:49:12","modified_gmt":"2020-12-06T22:49:12","slug":"sb-2020-12-06","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2020\/12\/sb-2020-12-06\/","title":{"rendered":"Security Bits \u2014 6 December 2020"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Social Media companies continue to work to curb abuses on their platforms: <a href=\"https:\/\/www.imore.com\/twitter-will-soon-show-warning-when-you-try-misleading-tweet\">Twitter will soon show a warning when you try to like a misleading tweet \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1f0;&#x1f1f7; Facebook continues to run afoul of regulators: <a href=\"https:\/\/uk.reuters.com\/article\/us-facebook-southkorea-fine\/south-korean-watchdog-fines-facebook-6-1-million-for-sharing-user-info-without-consent-idUKKBN2850YW\">South Korean watchdog fines Facebook $6.1 million for sharing user info without consent \u2014 uk.reuters.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Apple have released a security update for iCloud for Windows \u2014 <a href=\"https:\/\/support.apple.com\/en-us\/HT211935\">support.apple.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; The FTC are warning that there is an ongoing phishing campaign targeting Americans where the scammers pretend to be from Apple or Amazon support and claim to be calling about problems with users accounts, or with recent purchases \u2014 <a href=\"https:\/\/www.consumer.ftc.gov\/blog\/2020\/12\/fake-calls-apple-and-amazon-support-what-you-need-know\">www.consumer.ftc.gov\/\u2026<\/a><\/li>\n<li>Security researchers at vpnMentor found an exposed database of Spotify user accounts. The most likely source for this database was password re-use. The researchers worked with Spotify to help secure affected users, but the danger of targeted phishing remains. It&#8217;s a timely reminder not to re-use passwords, and to enable 2FA when you can \u2014 <a href=\"https:\/\/www.vpnmentor.com\/blog\/report-spotify-scam\/\">www.vpnmentor.com\/\u2026<\/a><\/li>\n<li>An investigation by CyberNews found that Walmart-exclusive <em>Jetstream<\/em> routers and cheap <em>Wavlink<\/em> routers sold on Amazon &amp; eBay contain backdoors that are being actively exploited and are unsafe to use. The Chinese manufacturers were told of the problems in February and have yet to respond \u2014 <a href=\"https:\/\/cybernews.com\/security\/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices\/\">cybernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Google&#8217;s <em>Project Zero<\/em> team have released details of a WiFi vulnerability in iOS that they responsibly disclosed to Apple, and which Apple patched earlier this year. The vulnerability allowed an attacker within WiFi range full access to an iOS device without any user interaction or visual sign of a problem. Make sure your iOS devices are all on iOS 13.5 or later! \u2014 <a href=\"https:\/\/www.imore.com\/ios-exploit-allows-hackers-gain-access-photos-messages-and-more\">www.imore.com\/\u2026<\/a>, <a href=\"https:\/\/arstechnica.com\/?p=1726959\">arstechnica.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/12\/02\/how-to-steal-photos-off-someones-iphone-from-across-the-street\/\">nakedsecurity.sophos.com\/\u2026<\/a> <\/li>\n<li><a href=\"https:\/\/techcrunch.com\/2020\/12\/02\/twitter-now-supports-hardware-security-keys-for-iphones-and-android\/\">Twitter now supports hardware security keys for iPhones and Android \u2014 techcrunch.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2020\/11\/30\/home-wi-fi-security-tips-5-things-to-check\/\">Home Wi-Fi security tips \u2013 5 things to check \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/foundation.mozilla.org\/en\/privacynotincluded\/\">Mozilla&#8217;s *privacy not included<\/a> to learn how creepy your devices might be\n<ul>\n<li>Learned about this from <a href=\"https:\/\/twitter.com\/tomsmith585\">Thomas Smith<\/a> from Debugger when he talked about his article: <a href=\"https:\/\/debugger.medium.com\/a-gift-guide-to-this-holiday-seasons-creepiest-surveillance-gadgets-d46a65fcd53e\">A Gift Guide to This Holiday Season\u2019s Creepiest Surveillance Gadgets<\/a> on <a href=\"Twit.tv\/tnw\">Tech News Weekly with Mikah Sargent and Jason Howell<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.nytimes.com\/2020\/12\/03\/us\/politics\/section-215-patriot-act.html\">U.S. Used Patriot Act to Gather Logs of Website Visitors \u2014 www.nytimes.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>From Allison: &#x1f3a7; The <em>Clear+Vivid<\/em> podcast with Alan Alda \u2014 <a href=\"https:\/\/omny.fm\/shows\/clear-vivid-with-alan-alda\">omny.fm\/\u2026<\/a>. So far Allison particularly liked:\n<ul>\n<li>Kip Thorn explaining gravity waves<\/li>\n<li>Marlo Thomas and Phil Donohue about the secrets to a happy marriage<\/li>\n<li>Clara Sousa-Silva on how the possible discovery of phosphine on Venus may be an indicator of life<\/li>\n<li>Alan Zweibel on how to make funny people funnier<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Social Media companies continue to work to curb abuses on their platforms: Twitter will soon show a warning when you try to like a misleading tweet \u2014 www.imore.com\/\u2026 &#x1f1f0;&#x1f1f7; Facebook continues to run afoul [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[4412,3308,532,81,114,1246,2003,780],"class_list":["post-22445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-alan-alda","tag-creepy","tag-iot","tag-mozilla","tag-privacy","tag-routers","tag-vulnerabilities","tag-wifi"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/22445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=22445"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/22445\/revisions"}],"predecessor-version":[{"id":22448,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/22445\/revisions\/22448"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=22445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=22445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=22445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}