{"id":23044,"date":"2021-02-21T13:41:15","date_gmt":"2021-02-21T21:41:15","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=23044"},"modified":"2021-02-21T13:41:15","modified_gmt":"2021-02-21T21:41:15","slug":"sb-2021-02-21","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2021\/02\/sb-2021-02-21\/","title":{"rendered":"Security Bits \u2014 21 February 2021"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>In the previous instalment we joined in the mockery of a Chinese railroad company that relied on Flash for their operations. Listener Tom Merit got in touch with a follow-up article which casts some doubt on the details of the Apple Daily report we linked to \u2014 it seems the problem did not stop them dispatching trains, and the fix was not a pirated version of Flash, but an older version without the self-deactivating code. They do still deserve quite a bit of mockery regardless IMO \u2014 <a href=\"https:\/\/arstechnica.com\/tech-policy\/2021\/01\/deactivation-of-flash-cripples-chinese-railroad-for-a-day\/\">arstechnica.com\/\u2026<\/a><\/li>\n<li>In the previous instalment we mentioned that based on Apple&#8217;s infamous FaceTime bug a security researcher had found similar bugs in other apps and got those responsibly fixed. We&#8217;ve since learned that the same research has also revealed how Apple responded in the long-term \u2013 they completely re-architected FaceTime to harden it dramatically with a new kind of extra secure sandboxing arrangement they&#8217;ve codenamed <em>BlastDoor<\/em> (<em><strong>Editorial by Bart<\/strong>: I&#8217;m really impressed with what Apple have done, very clever!<\/em>) \u2014 <a href=\"https:\/\/www.zdnet.com\/article\/google-researcher-discovers-new-ios-security-system\/\">www.zdnet.com\/\u2026<\/a> &amp; <a href=\"https:\/\/tidbits.com\/2021\/02\/04\/blastdoor-hardens-imessage-against-malware-assaults\/\">tidbits.com\/\u2026<\/a><\/li>\n<li>&#x1f3a6; Apple have released the video of Tim Cook&#8217;s speech to the CPDP21 EU data protection conference mentioned in the previous instalment \u2014 <a href=\"https:\/\/youtu.be\/OaLxTz1Yw7M\">youtu.be\/\u2026<\/a><\/li>\n<li>The fallout from Apple&#8217;s up-coming App Tracking Transparency feature continues:\n<ul>\n<li>A study by the Harvard Business Review has found that the numbers Facebook used in their recent anti-anti-tracking ads were false \u2014 <a href=\"https:\/\/www.imore.com\/facebook-used-false-evidence-ad-campaign-against-ios-anti-tracking\">www.imore.com\/\u2026<\/a>\n<ul>\n<li>The HBR Article \u2014 <a href=\"https:\/\/hbr.org\/2021\/02\/facebooks-misleading-campaign-against-apples-privacy-policy\">hbr.org\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Snapchat also warns investors that requiring informed consent could cost it money \u2014 <a href=\"https:\/\/www.imore.com\/snapchat-warns-ios-14-changes-could-impact-advertiser-demand\">www.imore.com\/\u2026<\/a><\/li>\n<li>Twitter seems more optimistic, warning its investors of only a &#8216;modest impact&#8217; \u2014 <a href=\"https:\/\/www.imore.com\/twitter-expects-ios-14-privacy-changes-have-modest-impact-revenue\">www.imore.com\/\u2026<\/a><\/li>\n<li>WhatsApp have launched a second attempt to roll out their controversial updated privacy policy \u2014 <a href=\"https:\/\/www.imore.com\/whatsapp-presses-controversial-privacy-changes\">www.imore.com\/\u2026<\/a><\/li>\n<li>New reporting suggests it wasn&#8217;t just the Russians making use of the SolarWinds vulnerability, Chinese government hackers may have done so too \u2014 <a href=\"https:\/\/www.msn.com\/en-us\/news\/technology\/exclusive-suspected-chinese-hackers-used-solarwinds-bug-to-spy-on-us-payroll-agency-e2-80-93-sources\/ar-BB1dkeTB\">www.msn.com\/\u2026<\/a> (via listener Lynda)<\/li>\n<li>&#x1f9a0; COVID App News (not done on of these in a while!)\n<ul>\n<li>Apple have released updated app store rules requiring <em>&#8216;Health pass&#8217;<\/em> apps (apps for tracking things like vaccination status and recent test results) to be submitted to the store in conjunction with an approved health authority \u2014 <a href=\"https:\/\/www.imore.com\/health-pass-apps-must-be-associated-public-health-authorities-says-apple\">www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; Data from the UK&#8217;s storied COVID-19 app shows how effective these apps can be when implemented properly \u2014 analysis of the notifications sent by the app show it instructed 1.7m people they should isolate, preventing an estimated 600k infections \u2014 <a href=\"https:\/\/www.imore.com\/nhs-covid-19-app-prevents-600000-infections\">www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; Utah re-Launches its COVID-19 Exposure Notification System, this time based on the Apple\/Google API \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/utah-exposure-notification\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Deep Dive \u2014 Bloomberg Follows up on its Sensationalistic &#8220;The Big Hack&#8221; Story from 2018 (Opinion)<\/h2>\n<p>This entire segment is opinion, but here&#8217;s the link to the piece if you&#8217;d like to read it yourself: <a href=\"https:\/\/www.bloomberg.com\/features\/2021-supermicro\/\">The Long Hack: How China Exploited a U.S. Tech Supplier \u2014 www.bloomberg.com\/\u2026<\/a><\/p>\n<p>What made the original story such big news is the report that there were spying chips inserted into an entire line of popular products used in data centres around the world by massive cloud providers like Amazon and Apple. The authors hadn&#8217;t been able to find any actual chips, so they illustrated their piece with an artist&#8217;s impression of what one might look like, and the entire US security apparatus and the companies involved all issued strenuous denials of the story.<\/p>\n<p>Back in 2018 when the authors were criticised for publishing such a big allegation without any actual evidence, they replied confidently that now the story was out it would just be a matter of time until the evidence flowed in as these chips started to be found all over the place. That never happened, and still hasn&#8217;t!<\/p>\n<p>This new article never admits the old one was wrong. It never retracts the unfounded chip allegations, but it also doesn&#8217;t provide any new evidence to support the original claim. Instead, in a bait-and-switch maneuver, the article instead describes highly targeted malicious firmware attacks by nation-states against each other&#8217;s interests. That&#8217;s neither surprising nor news, and it wouldn&#8217;t have been either in 2018 either.<\/p>\n<p>We know governments and their operatives are using highly targeted supply-chain attacks, and have known that for years. It&#8217;s nice to see an example of this described in detail, but it does not justify the original publication of the utterly unsupported and hyperbolic original piece back in 2018, nor does it justify Bloomberg&#8217;s continuing refusal to retract that sensationalistic nonsense.<\/p>\n<p>I&#8217;m in complete agreement with <a href=\"https:\/\/daringfireball.net\/linked\/2021\/02\/12\/bloomberg-big-con\">Jon Gruber&#8217;s scathing criticism<\/a>. This quote sums up my opinion nicely:<\/p>\n<blockquote><p>\n  &#8220;It\u2019s a 4,000-word exercise in journalistic sophistry. It creates the illusion of something being there, but there is nothing there. The only good purpose this report could serve is as source material for a class on critical thinking.&#8221;\n<\/p><\/blockquote>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/02\/05\/chrome-zero-day-browser-bug-found-patch-now\/\">Chrome zero-day browser bug found\u00a0\u2013 patch now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a> (rather old news at this stage, but if you&#8217;re the kind of person who almost never re-starts their browser, and you use Chrome, now would be a good time to do that so it can update itself!)<\/li>\n<li>Another <em>Patch Tuesday<\/em> has been and gone, with 56 bugs patched in Windows, including a zero-day being actively exploited in the wild \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2021\/02\/microsoft-patch-tuesday-february-2021-edition\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>Two sets of Mac patches:\n<ul>\n<li>Apple released patches for its Mac operating systems (macOS Big Sur 11.2, and  Security Update 2021-001 for Catalina &amp; Mojave) on February 1st, these did not fix the <em>Baron Samedit<\/em> Sudo bug we discussed last time \u2014 <a href=\"https:\/\/support.apple.com\/en-us\/HT212147\">support.apple.com\/\u2026<\/a><\/li>\n<li>About a week later Apple released macOS 11.2.1, macOS Catalina 10.15.7, and Security Update 2021-002 for Mojave, and these do patch the Sudo bug \u2014 <a href=\"https:\/\/tidbits.com\/2021\/02\/09\/macos-11-2-1-big-sur-fixes-macbook-pro-charging-bug-and-sudo-vulnerability\/\">tidbits.com\/\u2026<\/a> &amp; <a href=\"https:\/\/tidbits.com\/watchlist\/security-update-2021-002-catalina-and-mojave\/\">tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/01\/31\/gnupg-crypto-library-can-be-pwned-during-decryption-patch-now\/\">GnuPG crypto library can be pwned during decryption \u2013 patch now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Telegram have patched a bug in their Mac app that stopped self-destructing messages from being properly deleted \u2014 <a href=\"https:\/\/thehackernews.com\/2021\/02\/secret-chat-in-telegram-left-self.html\">thehackernews.com\/\u2026<\/a><\/li>\n<li>&#x1f4cc; New malware Silver Sparrow found on 30,000 Macs has security pros stumped <a href=\"https:\/\/arstechnica.com\/information-technology\/2021\/02\/new-malware-found-on-30000-macs-has-security-pros-stumped\/\">arstechnica.com\/&#8230;<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/02\/16\/romance-scams-at-all-time-high-heres-what-you-need-to-know\/\">Romance scams at all-time high: here\u2019s what you need to know \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/link\/washington-data-breach-accellion\/\">Washington State Suffers Data Breach due to Contractor \u2018Accellion\u2019 \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/02\/01\/emotet-takedown-europol-attacks-worlds-most-dangerous-malware\/\">Emotet takedown \u2013 Europol attacks \u201cworld\u2019s most dangerous malware\u201d \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/apple-launches-icloud-passwords-extension-chrome-windows\">Apple launches iCloud Passwords extension for Chrome on Windows \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>A security researcher made use of 35 large companies&#8217; bug bounty programs (including Apple, Microsoft, PayPal, Spotify &amp; Netflix) to legally demonstrate a new and dangerous kind of supply-chain hack. He looked for open-source code using package managers that referenced both public and private packages in their requirements, then created public malicious packages with the same names as the private packages \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack\/\">www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/02\/16\/how-one-man-silently-infiltrated-dozens-of-high-tech-networks\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>From Allison: <a href=\"https:\/\/www.engadget.com\/ford-and-lincoln-vehicles-will-run-on-android-starting-in-2023-163021225.html\">Ford vehicles will run on Android Auto starting in 2023 \u2014 www.engadget.com\/\u2026<\/a><\/li>\n<li>Apple have updated their security &amp; privacy explanation page: <a href=\"https:\/\/support.apple.com\/en-gb\/guide\/security\/welcome\/web\">Apple Platform Security \u2014 support.apple.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/apple-now-has-portal-removing-activation-lock\">Apple now has a portal for removing Activation Lock \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><strong>Related Analysis:<\/strong> <a href=\"https:\/\/tidbits.com\/2021\/02\/18\/apple-platform-security-guide-reveals-focus-on-vertical-integration\/\">Apple Platform Security Guide Reveals Focus on Vertical Integration \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/tidbits.com\/2021\/02\/15\/ring-security-cameras-adding-end-to-end-encryption\/\">Ring Security Cameras Adding End-to-End Encryption \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; An attack on the Oldsmar water treatment facility in Florida highlights the real-world dangers posed by cyber-attacks, and the vulnerability of so much critical infrastructure around the world \u2014 <a href=\"https:\/\/www.theverge.com\/2021\/2\/10\/22277300\/florida-water-treatment-chemical-tamper-teamviewer-shared-password\">www.theverge.com\/\u2026<\/a> &amp; <a href=\"https:\/\/krebsonsecurity.com\/2021\/02\/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>&#x1f1ee;&#x1f1f9; An Italian court has found that the parents of a young man killed in a traffic accident do have the right to get a copy of all recoverable data on his iCloud account \u2014 <a href=\"https:\/\/www.imore.com\/apple-ordered-hand-over-icloud-content-parents-deceased-son\">www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li><strong>Topic-Adjacent:<\/strong> <a href=\"https:\/\/www.intego.com\/mac-security-blog\/10-steps-to-improve-your-computer-ergonomics\/\">10 Steps to Improve Your Computer Ergonomics &#8211; The Mac Security Blog \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>A timely reminder that email tracking pixels have not gone away: <a href=\"https:\/\/www.bbc.com\/news\/technology-56071437\">Spy pixels in emails have become endemic \u2014 www.bbc.com\/\u2026<\/a><\/li>\n<li>One to bookmark and hope you never need to use or share with friends or family: <a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/02\/12\/fallen-victim-to-online-fraud-heres-what-to-do\/\">Fallen victim to online fraud? Here\u2019s what to do\u2026 \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>A security researcher has released a proof-of-concept <em>supercookie<\/em> (un-removable tracker) based on browser favicons (the icons websites can publish to include in browser tabs). The good news is that the researcher is working with the browsers to help then resolve this issue \u2014 <a href=\"https:\/\/www.vice.com\/en\/article\/n7v5y7\/browser-favicons-can-be-used-as-undeletable-supercookies-to-track-you-online\">www.vice.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; <a href=\"https:\/\/overcast.fm\/+YH-74txnk\">Recode Daily: How private is Clubhouse? \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>From Listener George (I think): <a href=\"https:\/\/www.nytimes.com\/2021\/02\/05\/opinion\/capitol-attack-cellphone-data.html\">They Stormed the Capitol. Their Apps Tracked Them. \u2014 www.nytimes.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; A nice explainer on why we should be excited about Quantum Computers: <a href=\"https:\/\/overcast.fm\/+Tecxkc\">TED Talks Daily \u2014 Matt Langione: The promise of quantum computers \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>XKCD use Star Wars to explain mRNA vaccines: <a href=\"https:\/\/xkcd.com\/2425\/\">xkcd.com\/\u2026<\/a><\/li>\n<li>NASA reminds us just how cool space engineering is, and just how good they are at \u2014 they&#8217;ve done it again, used another <em>sky crane<\/em> to land an even bigger rover on Mars, and this time, in a really hazardous terrain using AI to allow the craft pick its own landing site!\n<ul>\n<li>A really cool photo of the rover dangling from the sky crane over the martian surface \u2014 <a href=\"https:\/\/apod.nasa.gov\/apod\/ap210220.html\">apod.nasa.gov\/\u2026<\/a><\/li>\n<li>&#x1f3a6; A great video explaining how the sky crane plays its part in the <em>seven minutes of terror<\/em> between the top of the Martian atmosphere and a safe gentle touchdown on the red planet \u2014 <a href=\"https:\/\/apod.nasa.gov\/apod\/ap210216.html\">apod.nasa.gov\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<figure style=\"float: center; margin: 10px\"><img decoding=\"async\" src=\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2021\/02\/Steve-Allison-Michael-Johnston-Perserverance.jpeg\" alt=\"Steve Allison Michael Johnston Perserverance\" title=\"#title#\" width=\"600 \" height=\"375\"><figcaption style=\"text-align:center\">Steve, Allison, with Michael Johnston of JPL with Perseverance<\/figcaption><\/figure>\n<figure style=\"float: center; margin: 10px\"><img decoding=\"async\" src=\"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2021\/02\/Perserverence-at-JPL.jpeg\" alt=\"Perseverance at JPL\" title=\"#title#\" width=\"600 \" height=\"450\"><figcaption style=\"text-align:center\"> Perseverance at JPL&#8221; <\/figcaption><\/figure>\n<ul>\n<li>Northrup Grumman named a spaceship after Katherine Johnson, the black NASA mathematician whose handwritten calculations helped launch the first Americans into space (and highlighted in the movie Hidden Figures) <a href=\"https:\/\/www.npr.org\/2021\/02\/20\/969790056\/spacecraft-named-for-hidden-figures-mathematician-launches-from-virginia\">www.npr.org\/&#8230;<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. In the previous instalment we joined in the mockery of a Chinese railroad company that relied on Flash for their operations. Listener Tom Merit got in touch with a follow-up article which casts some [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[2810,4507,50,569,4506],"class_list":["post-23044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-bloomberg","tag-ford","tag-security","tag-security-bits","tag-silver-sparrow"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/23044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=23044"}],"version-history":[{"count":4,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/23044\/revisions"}],"predecessor-version":[{"id":23048,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/23044\/revisions\/23048"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=23044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=23044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=23044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}