{"id":25238,"date":"2022-02-05T17:45:34","date_gmt":"2022-02-06T01:45:34","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=25238"},"modified":"2022-02-05T17:49:02","modified_gmt":"2022-02-06T01:49:02","slug":"sb-2022-02-05","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2022\/02\/sb-2022-02-05\/","title":{"rendered":"Security Bits \u2014 5 Feb 2022"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; ID.me developments:\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/idme-one-to-many\/\">ID.me CEO Admits Company Uses \u20181:Many\u2019 Facial Recognition \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/money.usnews.com\/investing\/news\/articles\/2022-01-28\/u-s-treasury-weighs-alternatives-to-id-me-after-privacy-concerns-raised\">Treasury Considers ID.Me Alternatives Over Privacy Concerns \u2014 money.usnews.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/01\/25\/tax-scam-emails-are-alive-and-well-as-us-tax-season-starts\/\">Tax scam emails are alive and well as US tax season starts \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>More NSO Group\/Pegasus related developments:\n<ul>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/tidbits.com\/2022\/02\/01\/fbi-purchased-now-banned-nso-group-spyware\/\">FBI Purchased Now-Banned NSO Group Spyware \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/a-second-pegasus-by-a-different-company-disclosed\/\">A Second Pegasus By a Different Company Disclosed \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f6bf; A new and exclusive deep-dive into the NSO group: <a href=\"https:\/\/www.nytimes.com\/2022\/01\/28\/magazine\/nso-group-israel-spyware.html\">The Battle for the World\u2019s Most Powerful Cyberweapon \u2014 www.nytimes.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>AirTag Developments:\n<ul>\n<li>A new twist in the AirTags story: <a href=\"https:\/\/www.macobserver.com\/news\/silent-airtags-and-other-accessories-raise-privacy-concerns\/\">Silent AirTags and Other Accessories Raise Privacy Concerns \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>Apple have released a new <em>Personal Safety User Guide<\/em> covering all their technologies, including AirTags \u2014 <a href=\"https:\/\/tidbits.com\/2022\/01\/31\/new-apple-guide-offers-personal-safety-advice\/\">tidbits.com\/\u2026<\/a><br \/>\n> &#8220;Offering quick checklists and in-depth feature tasks, this resource is designed to help customers experiencing technology-enabled abuse, stalking, or harassment understand the options available across the Apple ecosystem that can help you protect your personal safety&#8221;<\/li>\n<\/ul>\n<\/li>\n<li>The App Tracking Transparency fallout continues:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/facebook-says-ios-privacy-changes-will-cost-10-billion-shares-plunge\">Facebook says iOS privacy changes will cost $10 billion, shares plunge \u2014 www.imore.com\/\u2026<\/a>\n<ul>\n<li><strong>Related Opinion:<\/strong> <a href=\"https:\/\/daringfireball.net\/linked\/2022\/02\/03\/facebook-apple-browser-carve-out\">Facebook Accuses Apple of &#8216;Browser Carve-Out&#8217; on Tracking Prompts, Hoping No One Will Remember That Safari Is Heavily Biased Toward Privacy \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/snapchat-shares-rocket-50-company-touts-ios-privacy-change-recovery\">Snapchat shares rocket 50% as company touts iOS privacy change recovery \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/twitter-expand-downvoting-test-global-audience-coming-soon-ios\">Twitter to expand downvoting test to global audience \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/news\/earn-it-act-back\/\">The EARN It Act is Back and Coming for Social Media Companies \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/diem-stablecoin-officially-over\/\">Facebook\u2019s Failed \u2018Diem\u2019 Stablecoin Now Officially Over \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 1 \u2014 Meet Topics, the new FLoC<\/h2>\n<p>Last March Google announced <em>Federated Learning of Cohorts<\/em> as their proposed replacement for tracking cookies. We dug into the detail in a <a href=\"https:\/\/www.podfeet.com\/blog\/2021\/03\/sb-2021-03-07\/\">Security Medium on the 7th of March 2021<\/a>, but the TL;DR is that it was problematic from a privacy point of view, and unlikely to succeed because it required all the browser vendors to get on board an implement the protocol too. That didn&#8217;t happen.<\/p>\n<p>The idea of FLoC was that your browser would watch where you surf, then group you into cohorts of other people who surfed to similar sites and give that group an ID that could be used for ad tracking. Instead of targeting individuals, advertisers would be targeting learned groups of similar people. The fact that the groupings were learned meant they could prove very sensitive indeed \u2014 collecting people by race, gender identity, sexuality, illness, addiction, anything.<\/p>\n<p>Topics turns the logic around, instead of trying to learn similar people and giving the people an ID, Google will define a taxonomy of safe topics of interest, and then assign people to those topics on a rolling basis. As your surf, your weekly browsing habits get boiled down into a handful of topics, and the previous three weeks&#8217; worth of topics will be used to present information about you to advertisers. Each website will be presented with a randomly chosen but sticky sub-set of your topics, and to add some noise and plausible deniability, 5% of the time a totally random topic will be added to the list. The algorithm is designed to ensure the topics API can&#8217;t be used to fingerprint users.<\/p>\n<p>So, <strong>from a privacy POV <em>Topics<\/em> is much better than FLoC<\/strong> (and astronomically better than tracking cookies!).<\/p>\n<p>But, this is still the browser tracking users to facilitate ads, so, <strong>Topics depends on other browsers adopting it<\/strong>. Will they? Personally, I doubt it.<\/p>\n<p>There&#8217;s another significant problem IMO \u2014 because of how the fingerprint-prevention is implemented, the bigger your ad network, the more data you get from the Topics API, so <strong>Topics gives a clear advantage to larger ad networks<\/strong> over smaller ones. As Gruber put it, <em>&#8220;this is a solution by Google for Google&#8221;<\/em>.<\/p>\n<h3>Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/google-topics-browsing-advertising\/\">Google Topics Will Categorize Your Browsing for Advertising \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/daringfireball.net\/linked\/2022\/02\/02\/berjon-google-topics\">Robin Berjon on &#8216;Topics&#8217;, Google&#8217;s Proposed Replacement for FLoC \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<li>&#x1f3a7; <a href=\"https:\/\/overcast.fm\/+LUuTBYy-k\/1:38:04\">SN 856: The \u201cTopics\u201d API &#8211; PwnKit Tech Details, DrawnApart, Zerodium Bug Bounties, Log4Shell Hits Ubiquiti \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 2 \u2014 Apple Makes SMS-based 2FA a Little Less Bad<\/h2>\n<p>Last year Apple released an open-source spec to add computer-readable context to 2FA text messages.<\/p>\n<p>For some time now, Apple have had an excellent feature where numbers in the most recent SMS message are automatically offered as an auto-complete suggestion when entering 2FA codes into apps or websites. This is spectacularly convenient, but, that convenience comes with a nasty security sting in the tail \u2014 Apple have no idea whether the user is entering the code into the app or site it was intended for, or if they are being phished! Real-time phishing is a thing these days \u2014 the bad guys set up a malicious clone of a real site that uses SMS 2FA, and when the user enters their username and password it forwards those on to the real site, triggering the real site to send an SMS message with the code. The fake site presents the user with a box to type in the code, and if they do, forwards it to the real site, letting the attackers in.<\/p>\n<p>The obvious defence here is to always check the domain name of the page you&#8217;re entering your credentials into, but not everyone does that, and the fact that Apple very conveniently offers the code as an auto-complete on the phishing site makes the whole process quicker, so there&#8217;s less time for the user to notice they&#8217;re not where they think they are.<\/p>\n<p>Apple figured it would be great if the SMS messages with the code could tell the OS what site or app they are from, so they could be offered to the user only when appropriate. For that to work there&#8217;d need to be an agreed standard structure for the SMS messages. That&#8217;s what Apple published last year, and it&#8217;s nice and simple.<\/p>\n<p>Each SMS message would have the following parts (I&#8217;ve copied these descriptions from the linked iMore article):<\/p>\n<ol>\n<li>A standard human-readable message, including the code, followed by a new line.<\/li>\n<li>The scoped domain as <code>@domain.tld<\/code>.<\/li>\n<li>The code repeated again as <code>#123456<\/code>.<\/li>\n<li>If the site uses an embedded HTML element, called an iframe, the source of the iframe is listed after <code>%<\/code>, such as <code>%ecommerce.example<\/code>.<\/li>\n<\/ol>\n<p>Sites are now starting to adopt this standard, and, Apple have added support for it to the most recent releases of iOS, iPadOS &amp; macOS, so, if you&#8217;re using a fully up-to-date Apple OS, and you use SMS-based 2FA on a site that supports the new format, you&#8217;ll only be presented with the auto-complete suggestion if you really are on the right page, or in the right app.<\/p>\n<p>This makes entering SMS-based 2FA codes a little safer, but it <strong>does nothing to address the underlying problem that SMS itself is not a secure or reliable protocol!<\/strong>.<\/p>\n<p>So, it still remains true that <strong>SMS 2FA is better than no 2FA, but just about any other 2FA is better than SMS-based 2FA<\/strong>!<\/p>\n<h3>Links<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/apple-changed-how-two-factor-authentication-sms-codes-look-better-security\">Apple changed how two-factor authentication SMS codes look for better security \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; Ken Ray gives a nice summary if you prefer to listen rather than read: <a href=\"https:\/\/overcast.fm\/+HLr5gMTKo\">Checklist 264: Updates and Sharing What You Know \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive 3 \u2014 US Federal Government Issues &#8220;Zero-Trust&#8221; Memo (by Allison)<\/h2>\n<p>The US Office and Management and Budget has released a memo advising the Federal Government on how to improve cybersecurity. The memo is very forward-leading which is honestly surprising for a government agency.<\/p>\n<p>Key points outlined by BastionZero include:<\/p>\n<ul>\n<li>Elimination of rotating passwords and passwords with special characters<\/li>\n<li>Dropping use of SMS and phone verification for 2FA, but also getting rid of authenticator app-based 2FA. Instead, it recommends authenticator devices like Yubikey.\n<ul>\n<li>This would require the agencies or companies to push device certs to authenticate, which evidently would require inventory of users&#8217; devices. This is problematic in the BYOD world<\/li>\n<\/ul>\n<\/li>\n<li>VPNs aren&#8217;t recommended either, rather authenticating people to specific services instead of the entire network<\/li>\n<li>The memo mandates encrypted HTTP, and also encrypted DNS.<\/li>\n<li>In perhaps the most surprising section, the memo recommends welcoming external partners and independent parties to test their vulnerabilities. This is in stark contrast with the Computer Fraud and Abuse Act which can criminalize those who exceed authorized access.<\/li>\n<\/ul>\n<h3>Links<\/h3>\n<ul>\n<li>Excellent article breaking down the document <a href=\"https:\/\/www.bastionzero.com\/blog\/i-read-the-federal-governments-zero-trust-memo-so-you-dont-have-to\">www.bastionzero.com\/&#8230;<\/a><\/li>\n<li>Original US Federal Government  Memo <a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2022\/01\/M-22-09.pdf\">www.whitehouse.gov\/&#8230;<\/a><\/li>\n<\/ul>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/01\/26\/pwnkit-security-bug-gets-you-root-on-most-linux-distros-what-to-do\/\">\u201cPwnKit\u201d security bug gets you root on most Linux distros \u2013 what to do \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/?p=1828540\">Apple fixes major bugs in iOS, iPadOS, macOS, and watchOS software updates \u2014 arstechnica.com<\/a>,  <a href=\"https:\/\/tidbits.com\/watchlist\/macos-big-sur-11-6-3-and-security-update-2022-001-catalina\/\">macOS Big Sur 11.6.3 and Security Update 2022-001 Catalina \u2014 tidbits.com\/\u2026<\/a> &amp; <a href=\"https:\/\/tidbits.com\/watchlist\/safari-15-3\/\">Safari 15.3 \u2014 tidbits.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/update-to-macos-monterey-fixes-safari-leak\/\">Update to macOS Monterey Fixes Safari Leak \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/monterey-12-2-patched-zero-day\/\">Successor to \u2018Shrootless\u2019 Bug Attacks Mac SIP Feature \u2014 www.macobserver.com\/\u2026<\/a> (also fixed in this update)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/accesspress-themes-contains-backdoor\/\">\u2018AccessPress\u2019 Themes and Plugins for WordPress Contains Backdoor \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/02\/02\/elementor-wordpress-plugin-has-a-gaping-security-hole-update-now\/\">Elementor WordPress plugin has a gaping security hole \u2013 update now \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.vice.com\/en\/article\/xgdvaz\/nft-steal-ip-address-opensea\">This NFT on OpenSea Will Steal Your IP Address \u2014 www.vice.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/civicom-leaks-customer-data\/\">Civicom Data Leak Affects Over 100,000 Files \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/dazzlespy-mac-malware-used-in-targeted-attacks\/\">DazzleSpy Mac Malware Used in Targeted Attacks &#8211; The Mac Security Blog \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/facebook-e2e-all-chat\/\">Facebook Rolls Out End-to-End Encrypted Chats for Everyone \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/mozilla-vpn-multi-account\/\">Mozilla VPN for Mobile, Desktop Adds Multi-Account Containers \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/google-one-vpn-iphone\/\">Google One VPN for iPhone Now Available to Use \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f4cc; &#x1f1ea;&#x1f1fa; <a href=\"https:\/\/www.imore.com\/whatsapp-told-eu-it-must-better-inform-customers-over-personal-data-use\">WhatsApp issued EU ultimatum over data use \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li>Some nice simple human-friendly tips you can share with friends and family: <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/01\/28\/happy-data-privacy-day-and-we-really-do-mean-happy\/\">Happy Data Privacy Day \u2013 and we really do mean \u201chappy\u201d \ud83d\ude42 \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/tips\/how-to\/blur-house-apple-maps\/\">Here\u2019s How to Blur Your House on Apple Maps and Google Maps \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>A timely reminder of why it&#8217;s important to always check the final resting URL you land on, not just the link you click\/enter \u2014 bad guys love finding ways to make trustworthy websites redirect to their evil sites to hijack trust and reputation: <a href=\"https:\/\/krebsonsecurity.com\/2022\/02\/how-phishers-are-slinking-their-links-into-linkedin\/\">How Phishers Are Slinking Their Links Into LinkedIn  \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/thread-everything-you-need-know\">Thread: Everything you need to know \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>&#x1f3a7; <a href=\"https:\/\/www.imore.com\/apple-privacy-chief-erik-neuenschwander-gives-data-privacy-day-interview\">Apple privacy chief Erik Neuenschwander gives Data Privacy Day interview \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f3a7; The story of how the EFF helped podcasters save podcasting from patent trolls: <a href=\"https:\/\/overcast.fm\/+1CUe4WXaY\">How to Fix the Internet: Saving Podcasts From A Patent Troll \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/moxie.org\/2022\/01\/07\/web3-first-impressions.html\">My first impressions of web3 \u2014 moxie.org\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>&#x1f3a7; An excellent interview with William Shatner: <a href=\"https:\/\/overcast.fm\/+zXlXSNzcU\">StarTalk Radio: Going to Space with William Shatner \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. &#x1f1fa;&#x1f1f8; ID.me developments: ID.me CEO Admits Company Uses \u20181:Many\u2019 Facial Recognition \u2014 www.macobserver.com\/\u2026 Treasury Considers ID.Me Alternatives Over Privacy Concerns \u2014 money.usnews.com\/\u2026 Related: Tax scam emails are alive and well as US tax season [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[568,5055,5054,1359,114,50,569,5056,567,5057],"class_list":["post-25238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-2fa","tag-federated-learning-of-cohorts","tag-floc","tag-google","tag-privacy","tag-security","tag-security-bits","tag-sms","tag-two-factor-authentication","tag-zero-trust"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25238","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=25238"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25238\/revisions"}],"predecessor-version":[{"id":25240,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25238\/revisions\/25240"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=25238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=25238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=25238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}