{"id":24657,"date":"2021-10-29T16:52:40","date_gmt":"2021-10-29T23:52:40","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=24657"},"modified":"2021-10-29T16:52:40","modified_gmt":"2021-10-29T23:52:40","slug":"sb-2021-10-29","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2021\/10\/sb-2021-10-29\/","title":{"rendered":"Security Bits \u2014 29 October 2021"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>&#x1f3a6; As I suspected last time, there was much more to the UK Ring doorbell case than simply &#8220;Ring doorbells are illegal in the UK&#8221;. Thanks to listener John for sending on this excellent summary analysis of the judgment: <a href=\"https:\/\/youtube.com\/watch?v=1RVpQJJ_BHQ&#038;feature=share\">BlackBeltBarrister \u2014 Ring Camera Court Case: Must You Remove Yours? \u2014 youtube.com\/\u2026<\/a><\/li>\n<li>Apple&#8217;s ad changes have a markedly mixed impact on social media companies:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/snap-shares-plummet-25-it-reveals-apple-privacy-changes-crushed-ads\">Snap shares plummet 25% as it reveals Apple privacy changes crushed ads \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.marketwatch.com\/story\/apples-ad-mageddon-is-affecting-snap-facebook-google-and-twitter-differently-11635299549\">Apple&#8217;s &#8216;ad-mageddon&#8217; is affecting Snap, Facebook, Google, and Twitter differently \u2014 www.marketwatch.com\/\u2026<\/a> (Google revenue seemed mostly unaffected, and Twitter &amp; Facebook were only slightly affected, both less than their own estimates)<\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.imore.com\/customer-feedback-iphone-tracking-changes-overwhelmingly-positive\">Customer feedback on iPhone tracking changes &#8216;overwhelmingly positive&#8217; \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Social Media Developments:\n<ul>\n<li>Google have followed through on a feature they promised in August: <a href=\"https:\/\/www.macobserver.com\/news\/minors-photo-removal-google\/\">Minors Can Now Request Photo Removal From Google Search \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; The state of Texas have amended their complaint in their anti-trust case against Google, alleging the company colluded with Facebook to rig ad auctions and work-around privacy protections rolled out by Apple \u2014 <a href=\"https:\/\/www.theregister.com\/2021\/10\/22\/google_facebook_antitrust_complaint\/\">www.theregister.com\/\u2026<\/a> (The technical details are difficult to get your head around, but the email exchanges seem pretty damning.)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/many-eero-mesh-routers-will-support-matter\/\">Many Eero Mesh Routers Will Support Matter \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Apple have released security updates for just about everything \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-macos-12-ios-15-1-watchos-8-1-and-more\/\">www.intego.com\/\u2026<\/a> (macOS Monterey 12.0.1, macOS Big Sur 11.6.1, Security Update 2021-007 for macOS Catalina, iOS &amp; iPadOS 15.1, iOS &amp; iPadOS 14.8.1, watchOS 8.1, tvOS 15.1 &amp; Safari 15.1)\n<ul>\n<li>Notably missing is an update for macOS Mojave<\/li>\n<li>Now that the patches are out, MS have described the bug they found: <a href=\"https:\/\/arstechnica.com\/?p=1808830\">Microsoft reports SIP-bypassing \u201cShrootless\u201d vulnerability in macOS \u2014 arstechnica.com<\/a>\n<ul>\n<li>An excellent human-friendly deep-dive: <a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/10\/29\/microsoft-documents-shrootless-hack-patched-in-latest-apple-updates\/\">Microsoft documents \u201cSHROOTLESS\u201d hack patched in latest Apple updates \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/tidbits.com\/2021\/10\/20\/device-software-updates-now-appear-in-software-update-too\/\">Device Software Updates Now Appear in Software Update Too \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/krebsonsecurity.com\/2021\/10\/zales-com-leaked-customer-data-just-like-sister-firms-jared-kay-jewelers-did-in-2018\/\">Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018 \u2013 Krebs on Security \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2021\/10\/conti-ransom-gang-starts-selling-access-to-victims\/\">Conti Ransom Gang Starts Selling Access to Victims \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2021\/10\/22\/revil-ransomware-gang-allegedly-forced-offline-by-law-enforcement-counterattacks\/\">REvil ransomware gang allegedly forced offline by law enforcement counterattacks \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/news\/export-ban-hacking-tools\/\">US Bans Export of Hacking Tools to Authoritarian Regimes \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>&#x1f3a7; <a href=\"https:\/\/overcast.fm\/+b-m2hIDQ4\">Know a Little More: About Trusted Platform Modules \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>David Roth posted in the Podfeet Slack a video from TechMeOut all about hidden features of iOS 15. Allison started watching it and learned something from the very first tip <a href=\"https:\/\/www.youtube.com\/watch?app=desktop&#038;v=1XHaL-exK-g\">iPhone 13 Tips &amp; Tricks + Hidden Features of iOS 15! &#8211; YouTube<\/a><\/li>\n<li>GitHub Posted a hilarious video emulating old-timey product videos to explain DevOps <a href=\"https:\/\/twitter.com\/github\/status\/1453760137005518848\">@GitHub on Twitter \u2013 What is DevOps?<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. &#x1f3a6; As I suspected last time, there was much more to the UK Ring doorbell case than simply &#8220;Ring doorbells are illegal in the UK&#8221;. Thanks to listener John for sending on this excellent [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[50,569],"class_list":["post-24657","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/24657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=24657"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/24657\/revisions"}],"predecessor-version":[{"id":24660,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/24657\/revisions\/24660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=24657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=24657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=24657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}